public static Date getDate(ASN1Encodable encodable) { try { return Time.getInstance(encodable).getDate(); } catch (Exception e) { LOG.warn("Unable to retrieve the date : " + encodable, e); return null; } }
public Date getNotBefore() { return c.getStartDate().getDate(); }
public Date getThisUpdate() { return c.getThisUpdate().getDate(); }
public Date getThisUpdate() { return c.getThisUpdate().getDate(); }
public Date getNotBefore() { return c.getStartDate().getDate(); }
public Date getNotAfter() { return c.getEndDate().getDate(); }
public Date getRevocationDate() { return c.getRevocationDate().getDate(); }
public Date getNotAfter() { return c.getEndDate().getDate(); }
public Date getRevocationDate() { return c.getRevocationDate().getDate(); }
public Date getNextUpdate() { if (c.getNextUpdate() != null) { return c.getNextUpdate().getDate(); } return null; }
public Date getNextUpdate() { if (c.getNextUpdate() != null) { return c.getNextUpdate().getDate(); } return null; }
private static void checkTime(Time time, ValidationIssue issue) { ASN1Primitive asn1Time = time.toASN1Primitive(); if (time.getDate().getTime() / 1000 < EPOCHTIME_2050010100) { if (!(asn1Time instanceof ASN1UTCTime)) { issue.setFailureMessage("not encoded as UTCTime"); } } else { if (!(asn1Time instanceof ASN1GeneralizedTime)) { issue.setFailureMessage("not encoded as GeneralizedTime"); } } }
public static boolean issues(org.bouncycastle.asn1.x509.Certificate issuerCert, org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException { Args.notNull(issuerCert, "issuerCert"); Args.notNull(cert, "cert"); boolean issues = issuerCert.getSubject().equals(cert.getIssuer()); if (issues) { byte[] ski = extractSki(issuerCert); byte[] aki = extractAki(cert); if (ski != null) { issues = Arrays.equals(ski, aki); } } if (issues) { long issuerNotBefore = issuerCert.getStartDate().getDate().getTime(); long issuerNotAfter = issuerCert.getEndDate().getDate().getTime(); long notBefore = cert.getStartDate().getDate().getTime(); issues = notBefore <= issuerNotAfter && notBefore >= issuerNotBefore; } return issues; }
public static boolean issues(final org.bouncycastle.asn1.x509.Certificate issuerCert, final org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException { ParamUtil.requireNonNull("issuerCert", issuerCert); ParamUtil.requireNonNull("cert", cert); boolean issues = issuerCert.getSubject().equals(cert.getIssuer()); if (issues) { byte[] ski = extractSki(issuerCert); byte[] aki = extractAki(cert); if (ski != null) { issues = Arrays.equals(ski, aki); } } if (issues) { long issuerNotBefore = issuerCert.getStartDate().getDate().getTime(); long issuerNotAfter = issuerCert.getEndDate().getDate().getTime(); long notBefore = cert.getStartDate().getDate().getTime(); issues = notBefore <= issuerNotAfter && notBefore >= issuerNotBefore; } return issues; }
protected void extractExpiredCertsOnCRL(CRLValidity validity, byte[] expiredCertsOnCRLBinaries) { if (expiredCertsOnCRLBinaries != null) { try { ASN1OctetString octetString = (ASN1OctetString) ASN1Primitive.fromByteArray(expiredCertsOnCRLBinaries); Time time = Time.getInstance(ASN1Primitive.fromByteArray(octetString.getOctets())); if (time != null && time.toASN1Primitive() instanceof ASN1GeneralizedTime) { validity.setExpiredCertsOnCRL(time.getDate()); } else { LOG.warn("Attribute 'expiredCertsOnCRL' found but ignored (should be encoded as ASN.1 GeneralizedTime)"); } } catch (Exception e) { LOG.error("Unable to parse expiredCertsOnCRL on CRL : " + e.getMessage(), e); } } }
public synchronized CertificateList getCrl(X500Name issuer, BigInteger serialNumber) throws Exception { if (crl != null) { return crl; } Date thisUpdate = new Date(); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(caSubject, thisUpdate); Date nextUpdate = new Date(thisUpdate.getTime() + 30 * DAY_IN_MS); crlBuilder.setNextUpdate(nextUpdate); Date caStartTime = caCert.getTBSCertificate().getStartDate().getDate(); Date revocationTime = new Date(caStartTime.getTime() + 1); if (revocationTime.after(thisUpdate)) { revocationTime = caStartTime; } crlBuilder.addCRLEntry(BigInteger.valueOf(2), revocationTime, CRLReason.keyCompromise); crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber.getAndAdd(1))); String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgo.SHA256); ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey); X509CRLHolder crl = crlBuilder.build(contentSigner); return crl.toASN1Structure(); }
private void importIssuer0(CaCertstore.Ca issuer, String sql, PreparedStatement ps, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException { try { byte[] encodedCert = readContent(issuer.getCert()); relatedCaIds.add(issuer.getId()); Certificate cert; try { cert = Certificate.getInstance(encodedCert); } catch (RuntimeException ex) { String msg = "could not parse certificate of issuer " + issuer.getId(); LogUtil.error(LOG, ex, msg); throw new CertificateException(ex.getMessage(), ex); } int idx = 1; ps.setInt(idx++, issuer.getId()); ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen)); ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000); ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000); ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert)); ps.setString(idx++, issuer.getRevInfo()); ps.setString(idx++, Base64.encodeToString(encodedCert)); ps.execute(); } catch (SQLException ex) { System.err.println("could not import issuer with id=" + issuer.getId()); throw translate(sql, ex); } catch (CertificateException ex) { System.err.println("could not import issuer with id=" + issuer.getId()); throw ex; } } // method importIssuer0
@Override protected Object execute0() throws Exception { Certificate cert = X509Util.parseBcCert(IoUtil.read(inFile)); if (serial != null && serial) { return getNumber(cert.getSerialNumber().getPositiveValue()); } else if (subject != null && subject) { return cert.getSubject().toString(); } else if (issuer != null && issuer) { return cert.getIssuer().toString(); } else if (notBefore != null && notBefore) { return toUtcTimeyyyyMMddhhmmssZ(cert.getStartDate().getDate()); } else if (notAfter != null && notAfter) { return toUtcTimeyyyyMMddhhmmssZ(cert.getEndDate().getDate()); } else if (fingerprint != null && fingerprint) { byte[] encoded = cert.getEncoded(); return HashAlgo.getInstance(hashAlgo).hexHash(encoded); } return null; }
@Override protected Object execute0() throws Exception { CertificateList crl = CertificateList.getInstance( X509Util.toDerEncoded(IoUtil.read(inFile))); if (crlNumber != null && crlNumber) { ASN1Encodable asn1 = crl.getTBSCertList().getExtensions().getExtensionParsedValue( Extension.cRLNumber); if (asn1 == null) { return "null"; } return getNumber(ASN1Integer.getInstance(asn1).getPositiveValue()); } else if (issuer != null && issuer) { return crl.getIssuer().toString(); } else if (thisUpdate != null && thisUpdate) { return toUtcTimeyyyyMMddhhmmssZ(crl.getThisUpdate().getDate()); } else if (nextUpdate != null && nextUpdate) { return crl.getNextUpdate() == null ? "null" : toUtcTimeyyyyMMddhhmmssZ(crl.getNextUpdate().getDate()); } return null; }