private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { TBSCertificate certificate; try (ASN1InputStream input = new ASN1InputStream(x509certificate.getTBSCertificate())) { certificate = TBSCertificate.getInstance(input.readObject()); } AlgorithmIdentifier algorithmId = certificate.getSubjectPublicKeyInfo().getAlgorithm(); IssuerAndSerialNumber serial = new IssuerAndSerialNumber( certificate.getIssuer(), certificate.getSerialNumber().getValue()); Cipher cipher; try { cipher = Cipher.getInstance(algorithmId.getAlgorithm().getId(), SecurityProvider.getProvider()); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { // should never happen, if this happens throw IOException instead throw new RuntimeException("Could not find a suitable javax.crypto provider", e); } cipher.init(1, x509certificate.getPublicKey()); DEROctetString octets = new DEROctetString(cipher.doFinal(abyte0)); RecipientIdentifier recipientId = new RecipientIdentifier(serial); return new KeyTransRecipientInfo(recipientId, algorithmId, octets); }
public Time getStartDate() { return tbsCert.getStartDate(); }
public X500Name getSubject() { return tbsCert.getSubject(); }
byte[] encodedKey = tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); String subjectText = X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen); stmt.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16)); long fpSubject = X509Util.fpCanonicalizedName(tbsCert.getSubject()); stmt.setLong(idx++, fpSubject); stmt.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000); stmt.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000); setInt(stmt, idx++, cert.getRev()); setInt(stmt, idx++, cert.getRr()); setInt(stmt, idx++, cert.getUid()); stmt.setLong(idx++, FpIdCalculator.hash(encodedKey)); Extension extension = tbsCert.getExtensions().getExtension(Extension.basicConstraints); boolean ee = true; if (extension != null) {
psCert.setInt(idx++, cert.iid()); psCert.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16)); psCert.setLong(idx++, cert.update()); psCert.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000); psCert.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000); setBoolean(psCert, idx++, cert.rev().booleanValue()); setInt(psCert, idx++, cert.rr()); psRawcert.setLong(idx++, cert.id()); psRawcert.setString(idx++, X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen)); psRawcert.setString(idx++, Base64.encodeToString(encodedCert)); psRawcert.addBatch();
int versionNumber = tbsCert.getVersionNumber(); BigInteger serialNumber = tbsCert.getSerialNumber().getValue(); if (serialNumber.signum() != 1) { issue.setFailureMessage("not positive"); AlgorithmIdentifier tbsSigAlgId = tbsCert.getSignature(); if (!tbsSigAlgId.equals(sigAlgId)) { issue.setFailureMessage( checkTime(tbsCert.getStartDate(), issue); checkTime(tbsCert.getStartDate(), issue); if (tbsCert.getIssuerUniqueId() != null) { issue.setFailureMessage("is present but not permitted"); if (tbsCert.getSubjectUniqueId() != null) { issue.setFailureMessage("is present but not permitted");
Extensions extensions = c.getTBSCertificate().getExtensions();
ps.setInt(idx++, issuer.getId()); ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen)); ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000); ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000); ps.setString(idx++, sha1(encodedCert)); ps.setString(idx++, issuer.getRevInfo());
public static TBSCertificate getInstance( ASN1TaggedObject obj, boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); }
tbsCert = TBSCertificate.getInstance(caCert.getTBSCertificate()); } catch (CertificateEncodingException ex) { throw new OcspRequestorException(ex); tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
public SubjectPublicKeyInfo getSubjectPublicKeyInfo() { return tbsCert.getSubjectPublicKeyInfo(); }
public ASN1Integer getSerialNumber() { return tbsCert.getSerialNumber(); }
private void checkSignature( PublicKey key, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) { throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); } ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); // TODO This should go after the initVerify? X509SignatureUtil.setSignatureParameters(signature, params); signature.initVerify(key); signature.update(this.getTBSCertificate()); if (!signature.verify(this.getSignature())) { throw new SignatureException("certificate does not verify with supplied key"); } }
public Time getEndDate() { return tbsCert.getEndDate(); }
public X500Name getIssuer() { return tbsCert.getIssuer(); }
byte[] encodedKey = tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); String subjectText = X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen); stmt.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16)); long fpSubject = X509Util.fpCanonicalizedName(tbsCert.getSubject()); stmt.setLong(idx++, fpSubject); stmt.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000); stmt.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000); setBoolean(stmt, idx++, cert.getRev()); setInt(stmt, idx++, cert.getRr()); setInt(stmt, idx++, cert.getUid()); stmt.setLong(idx++, FpIdCalculator.hash(encodedKey)); Extension extension = tbsCert.getExtensions().getExtension(Extension.basicConstraints); boolean ee = true; if (extension != null) {
String subject = X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen); psCert.setLong(idx++, id); psCert.setInt(idx++, caId); psCert.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16)); psCert.setLong(idx++, cert.getUpdate()); psCert.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000); psCert.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000); setInt(psCert, idx++, cert.getRev()); setInt(psCert, idx++, cert.getRr());
public static byte[] extractAki(final org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException { ParamUtil.requireNonNull("cert", cert); try { AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.fromExtensions( cert.getTBSCertificate().getExtensions()); return (aki == null) ? null : aki.getKeyIdentifier(); } catch (IllegalArgumentException ex) { throw new CertificateEncodingException("invalid extension AuthorityKeyIdentifier: " + ex.getMessage()); } }
private void importIssuer0(CaCertstore.Ca issuer, String sql, PreparedStatement ps, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException { try { byte[] encodedCert = readContent(issuer.getCert()); relatedCaIds.add(issuer.getId()); Certificate cert; try { cert = Certificate.getInstance(encodedCert); } catch (RuntimeException ex) { String msg = "could not parse certificate of issuer " + issuer.getId(); LogUtil.error(LOG, ex, msg); throw new CertificateException(ex.getMessage(), ex); } int idx = 1; ps.setInt(idx++, issuer.getId()); ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen)); ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000); ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000); ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert)); ps.setString(idx++, issuer.getRevInfo()); ps.setString(idx++, Base64.encodeToString(encodedCert)); ps.execute(); } catch (SQLException ex) { System.err.println("could not import issuer with id=" + issuer.getId()); throw translate(sql, ex); } catch (CertificateException ex) { System.err.println("could not import issuer with id=" + issuer.getId()); throw ex; } } // method importIssuer0
public static TBSCertificate getInstance( ASN1TaggedObject obj, boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); }