private boolean verifySignature(X509Certificate cert) { Args.notNull(cert, "cert"); PublicKey caPublicKey = caCert.getCert().getPublicKey(); try { cert.verify(caPublicKey); return true; } catch (SignatureException | InvalidKeyException | CertificateException | NoSuchAlgorithmException | NoSuchProviderException ex) { LOG.debug("{} while verifying signature: {}", ex.getClass().getName(), ex.getMessage()); return false; } } // method verifySignature
if (caSpkiAlgId.equals(PKCSObjectIdentifiers.rsaEncryption)) { java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) caCert.getCert().getPublicKey(); this.keypairGenControlByImplictCA = new KeypairGenControl.RSAKeypairGenControl( pubKey.getModulus().bitLength(), pubKey.getPublicExponent(), caSpkiAlgId); } else { crlSignerCert = caCert.getCert();
public void setCrlSignerCert(X509Certificate crlSignerCert) { this.crlSignerCert = caCert.getCert().equals(crlSignerCert) ? null : crlSignerCert; }
private X509Certificate getIssuerForCert(X509Certificate cert) { try { if (X509Util.isSelfSigned(cert)) { return null; } for (X509Cert cert2 : certificates.values()) { if (cert2.getCert() == cert) { continue; } if (X509Util.issues(cert2.getCert(), cert)) { return cert2.getCert(); } } } catch (CertificateEncodingException ex) { LOG.warn("invalid encoding of certificate {}", ex.getMessage()); } return null; }
private X509Certificate getIssuerForCert(X509Certificate cert) { try { if (X509Util.isSelfSigned(cert)) { return null; } for (X509Cert cert2 : certificates.values()) { if (cert2.getCert() == cert) { continue; } if (X509Util.issues(cert2.getCert(), cert)) { return cert2.getCert(); } } } catch (CertificateEncodingException ex) { LOG.warn("invalid encoding of certificate {}", ex.getMessage()); } return null; }
public X509Certificate getCert(P11SlotIdentifier slotId, P11ObjectIdentifier certId) throws P11TokenException { P11Slot slot = module.getSlot(slotId); if (slot == null) { return null; } X509Cert cert = slot.getCert(certId); return (cert == null) ? null : cert.getCert(); }
public X509Certificate getCert(P11SlotIdentifier slotId, P11ObjectIdentifier certId) throws P11TokenException { P11Slot slot = module.getSlot(slotId); if (slot == null) { return null; } X509Cert cert = slot.getCert(certId); return (cert == null) ? null : cert.getCert(); }
@Override public boolean caUnrevoked(X509Cert caCert) { try { queryExecutor.unrevokeCa(caCert); return true; } catch (Exception ex) { String issuerText = X509Util.getRfc4519Name(caCert.getCert().getIssuerX500Principal()); logAndAudit(issuerText, caCert, ex, "could not publish unrevocation of CA"); return false; } }
@Override public boolean certificateRemoved(X509Cert issuerCert, CertWithDbId cert) { try { queryExecutor.removeCert(issuerCert, cert); return true; } catch (Exception ex) { String issuerText = X509Util.getRfc4519Name(issuerCert.getCert().getIssuerX500Principal()); logAndAudit(issuerText, issuerCert, ex, "could not publish removal of certificate"); return false; } }
@Override public boolean caRevoked(X509Cert caCert, CertRevocationInfo revInfo) { try { queryExecutor.revokeCa(caCert, revInfo); return true; } catch (Exception ex) { String issuerText = X509Util.getRfc4519Name(caCert.getCert().getIssuerX500Principal()); logAndAudit(issuerText, caCert, ex, "could not publish revocation of CA"); return false; } }
sb.append(" (").append("id: ").append(objectId.getIdHex()) .append(", label: ").append(objectId.getLabel()).append(")\n"); formatString(null, verbose, sb, certificates.get(objectId).getCert());
sb.append(" (").append("id: ").append(objectId.getIdHex()) .append(", label: ").append(objectId.getLabel()).append(")\n"); formatString(null, verbose, sb, certificates.get(objectId).getCert());
/** * Exports the certificate of the given identifier {@code objectId}. * * @param objectId * Object identifier. Must not be {@code null}. * @return the exported certificate * @throws CertificateException * if process with certificate fails. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public X509Certificate exportCert(P11ObjectIdentifier objectId) throws P11TokenException { Args.notNull(objectId, "objectId"); try { return getIdentity(objectId).getCertificate(); } catch (P11UnknownEntityException ex) { // CHECKSTYLE:SKIP } X509Cert cert = certificates.get(objectId); if (cert == null) { throw new P11UnknownEntityException(slotId, objectId); } return cert.getCert(); }
/** * Exports the certificate of the given identifier {@code objectId}. * * @param objectId * Object identifier. Must not be {@code null}. * @return the exported certificate * @throws CertificateException * if process with certificate fails. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public X509Certificate exportCert(P11ObjectIdentifier objectId) throws P11TokenException { ParamUtil.requireNonNull("objectId", objectId); try { return getIdentity(objectId).getCertificate(); } catch (P11UnknownEntityException ex) { // CHECKSTYLE:SKIP } X509Cert cert = certificates.get(objectId); if (cert == null) { throw new P11UnknownEntityException(slotId, objectId); } return cert.getCert(); }
private void refreshCa() throws OperationException { try { X509Ca ca = caManager.getX509Ca(caIdent); X509Cert currentCaCert = ca.getCaInfo().getCert(); if (currentCaCert.equals(caCert)) { return; } caCert = currentCaCert; caCertRespBytes = new ScepCaCertRespBytes(currentCaCert.getCert(), responderCert); } catch (CaMgmtException | CertificateException | CMSException ex) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage()); } }
if (setCertAttributes.contains(PKCS11Constants.CKA_SUBJECT)) { newCertTemp.getSubject().setByteArrayValue( cert.getCert().getSubjectX500Principal().getEncoded()); cert.getCert().getIssuerX500Principal().getEncoded()); cert.getCert().getSerialNumber().toByteArray()); newCertTemp.getStartDate().setDateValue(cert.getCert().getNotBefore()); newCertTemp.getStartDate().setDateValue(cert.getCert().getNotAfter());
private void logAndAudit(String issuer, X509Cert cert, Exception ex, String messagePrefix) { String subjectText = cert.getSubject(); String serialText = LogUtil.formatCsn(cert.getCert().getSerialNumber()); LOG.error("{} (issuser='{}': subject='{}', serialNumber={}). Message: {}", messagePrefix, issuer, subjectText, serialText, ex.getMessage()); LOG.debug("error", ex); AuditEvent event = new AuditEvent(new Date()); event.setApplicationName("CAPublisher"); event.setName("SYSTEM"); event.setLevel(AuditLevel.ERROR); event.setStatus(AuditStatus.FAILED); if (cert instanceof CertWithDbId) { Long certId = ((CertWithDbId) cert).getCertId(); if (certId != null) { event.addEventData("id", certId); } } event.addEventData("issuer", issuer); event.addEventData("subject", subjectText); event.addEventData("serial", serialText); event.addEventData("message", messagePrefix); Audits.getAuditService().logEvent(event); } // method logAndAudit
private void analyseSingleKey(Session session, PrivateKey privKey, P11SlotRefreshResult refreshResult) throws P11TokenException, XiSecurityException { byte[] id = privKey.getId().getByteArrayValue(); char[] label = privKey.getLabel().getCharArrayValue(); if (id == null || label == null) { return; } String pubKeyLabel = null; PublicKey p11PublicKey = getPublicKeyObject(session, id, null); if (p11PublicKey != null) { pubKeyLabel = new String(p11PublicKey.getLabel().getCharArrayValue()); } String certLabel = null; java.security.PublicKey pubKey = null; X509Cert cert = refreshResult.getCertForId(id); if (cert != null) { certLabel = refreshResult.getCertLabelForId(id); pubKey = cert.getCert().getPublicKey(); } else if (p11PublicKey != null) { pubKey = generatePublicKey(p11PublicKey); } else { LOG.info("neither certificate nor public key for the key (" + hex(id) + " is available"); return; } P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, new String(label)); X509Certificate[] certs = (cert == null) ? null : new X509Certificate[]{cert.getCert()}; IaikP11Identity identity = new IaikP11Identity(this, new P11IdentityId(slotId, objectId, pubKeyLabel, certLabel), privKey, pubKey, certs); refreshResult.addIdentity(identity); }
X509Cert cert = refreshResult.getCertForId(id); if (cert != null) { pubKey = cert.getCert().getPublicKey(); } else { pubKey = getPublicKey(keyId); identity = new ProxyP11Identity(this, entityId); } else { X509Certificate[] certs = (cert == null) ? null : new X509Certificate[]{cert.getCert()}; identity = new ProxyP11Identity(this, entityId, pubKey, certs);