Java源码示例:org.bouncycastle.asn1.x509.CertificateList
示例1
@Override
protected List<Identifier> getEncapsulatedCRLIdentifiers(CAdESAttribute unsignedAttribute) {
List<Identifier> crlBinaryIdentifiers = new ArrayList<>();
ASN1Encodable asn1Object = unsignedAttribute.getASN1Object();
RevocationValues revocationValues = DSSASN1Utils.getRevocationValues(asn1Object);
if (revocationValues != null) {
for (final CertificateList revValue : revocationValues.getCrlVals()) {
try {
crlBinaryIdentifiers.add(CRLUtils.buildCRLBinary(revValue.getEncoded()));
} catch (Exception e) {
String errorMessage = "Unable to parse CRL binaries : {}";
if (LOG.isDebugEnabled()) {
LOG.warn(errorMessage, e.getMessage(), e);
} else {
LOG.warn(errorMessage, e.getMessage());
}
}
}
}
return crlBinaryIdentifiers;
}
示例2
@Override
protected Object execute0() throws Exception {
CertificateList crl = CertificateList.getInstance(
X509Util.toDerEncoded(IoUtil.read(inFile)));
if (crlNumber != null && crlNumber) {
ASN1Encodable asn1 = crl.getTBSCertList().getExtensions().getExtensionParsedValue(
Extension.cRLNumber);
if (asn1 == null) {
return "null";
}
return getNumber(ASN1Integer.getInstance(asn1).getPositiveValue());
} else if (issuer != null && issuer) {
return crl.getIssuer().toString();
} else if (thisUpdate != null && thisUpdate) {
return toUtcTimeyyyyMMddhhmmssZ(crl.getThisUpdate().getDate());
} else if (nextUpdate != null && nextUpdate) {
return crl.getNextUpdate() == null ? "null" :
toUtcTimeyyyyMMddhhmmssZ(crl.getNextUpdate().getDate());
}
return null;
}
示例3
private SignedData getCrl(X509Ca ca, BigInteger serialNumber)
throws FailInfoException, OperationException {
if (!control.isSupportGetCrl()) {
throw FailInfoException.BAD_REQUEST;
}
CertificateList crl = ca.getBcCurrentCrl();
if (crl == null) {
LOG.error("found no CRL");
throw FailInfoException.BAD_REQUEST;
}
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
CMSSignedData signedData;
try {
signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
} catch (CMSException ex) {
LogUtil.error(LOG, ex, "could not generate CMSSignedData");
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
return SignedData.getInstance(signedData.toASN1Structure().getContent());
}
示例4
@Override
public Attribute getValue() throws SignerException {
List<X509CRL> crlList = new ArrayList<X509CRL>();
ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
try {
int chainSize = certificates.length -1;
for (int ix = 0; ix < chainSize; ix++ ){
X509Certificate cert = (X509Certificate) certificates[ix];
Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
for (ICPBR_CRL icpCrl : icpCrls) {
crlList.add(icpCrl.getCRL());
}
}
if (crlList.isEmpty()){
throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
}else{
for(X509CRL varCrl : crlList){
crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
}
}
CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
// OtherRevVals otherRevVals = new OtherRevVals(null);
//return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(null));
//org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), ocspVals.toArray(ocspValuesArray), null);
//org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
return new Attribute(new ASN1ObjectIdentifier(identifier),new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
} catch (Exception e) {
throw new SignerException(e.getMessage());
}
}
示例5
private void collectRevocationValues(AttributeTable attributes, ASN1ObjectIdentifier revocationValuesAttribute, RevocationOrigin origin) {
final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, revocationValuesAttribute);
RevocationValues revValues = DSSASN1Utils.getRevocationValues(attValue);
if (revValues != null) {
for (final CertificateList revValue : revValues.getCrlVals()) {
addX509CRLHolder(new X509CRLHolder(revValue), origin);
}
}
}
示例6
private void collectCRLArchivalValues(AttributeTable attributes) {
final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, OID.adbe_revocationInfoArchival);
RevocationInfoArchival revValues = PAdESUtils.getRevocationInfoArchivals(attValue);
if (revValues != null) {
for (final CertificateList revValue : revValues.getCrlVals()) {
try {
addBinary(CRLUtils.buildCRLBinary(revValue.getEncoded()), RevocationOrigin.ADBE_REVOCATION_INFO_ARCHIVAL);
} catch (IOException e) {
LOG.warn("Could not convert CertificateList to CRLBinary : {}", e.getMessage());
}
}
}
}
示例7
private RevocationInfoArchival(ASN1Sequence seq)
{
if (seq.size() > 3)
{
throw new IllegalArgumentException("Bad sequence size: "
+ seq.size());
}
Enumeration e = seq.getObjects();
while (e.hasMoreElements())
{
ASN1TaggedObject o = (ASN1TaggedObject)e.nextElement();
switch (o.getTagNo())
{
case 0:
ASN1Sequence crlValsSeq = (ASN1Sequence)o.getObject();
Enumeration crlValsEnum = crlValsSeq.getObjects();
while (crlValsEnum.hasMoreElements())
{
CertificateList.getInstance(crlValsEnum.nextElement());
}
this.crlVals = crlValsSeq;
break;
case 1:
ASN1Sequence ocspValsSeq = (ASN1Sequence)o.getObject();
Enumeration ocspValsEnum = ocspValsSeq.getObjects();
while (ocspValsEnum.hasMoreElements())
{
OCSPResponse.getInstance(ocspValsEnum.nextElement());
}
this.ocspVals = ocspValsSeq;
break;
case 2:
this.otherRevVals = OtherRevVals.getInstance(o.getObject());
break;
default:
throw new IllegalArgumentException("invalid tag: "
+ o.getTagNo());
}
}
}
示例8
public RevocationInfoArchival(CertificateList[] crlVals, OCSPResponse[] ocspVals, OtherRevVals otherRevVals)
{
if (null != crlVals)
{
this.crlVals = new DERSequence(crlVals);
}
if (null != ocspVals)
{
this.ocspVals = new DERSequence(ocspVals);
}
this.otherRevVals = otherRevVals;
}
示例9
public CertificateList[] getCrlVals()
{
if (null == this.crlVals)
{
return new CertificateList[0];
}
CertificateList[] result = new CertificateList[this.crlVals.size()];
for (int idx = 0; idx < result.length; idx++)
{
result[idx] = CertificateList.getInstance(this.crlVals
.getObjectAt(idx));
}
return result;
}
示例10
public static X509CRLHolder getCrlFromPkiMessage(SignedData signedData) throws CRLException {
Args.notNull(signedData, "signedData");
ASN1Set set = signedData.getCRLs();
if (set == null || set.size() == 0) {
return null;
}
try {
CertificateList cl = CertificateList.getInstance(set.getObjectAt(0));
return new X509CRLHolder(cl);
} catch (IllegalArgumentException ex) {
throw new CRLException(ex);
}
}
示例11
private ContentInfo createSignedData(CertificateList crl) throws CaException {
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
CMSSignedData cmsSigneddata;
try {
cmsSigneddata = cmsSignedDataGen.generate(new CMSAbsentContent());
} catch (CMSException ex) {
throw new CaException(ex.getMessage(), ex);
}
return cmsSigneddata.toASN1Structure();
}
示例12
public CertificateList getBcCrl(BigInteger crlNumber) throws OperationException {
LOG.info(" START getCrl: ca={}, crlNumber={}", caIdent.getName(), crlNumber);
boolean successful = false;
try {
byte[] encodedCrl = certstore.getEncodedCrl(caIdent, crlNumber);
if (encodedCrl == null) {
return null;
}
try {
CertificateList crl = CertificateList.getInstance(encodedCrl);
successful = true;
if (LOG.isInfoEnabled()) {
LOG.info("SUCCESSFUL getCrl: ca={}, thisUpdate={}", caIdent.getName(),
crl.getThisUpdate().getTime());
}
return crl;
} catch (RuntimeException ex) {
throw new OperationException(SYSTEM_FAILURE, ex);
}
} finally {
if (!successful) {
LOG.info(" FAILED getCrl: ca={}", caIdent.getName());
}
}
}
示例13
public CertificateList getCrl(CmpRequestorInfo requestor, BigInteger crlNumber)
throws OperationException {
Args.notNull(requestor, "requestor");
try {
checkPermission(requestor, PermissionConstants.GET_CRL);
} catch (InsuffientPermissionException ex) {
throw new OperationException(ErrorCode.NOT_PERMITTED, ex.getMessage());
}
X509Ca ca = getCa();
return (crlNumber == null) ? ca.getBcCurrentCrl() : ca.getBcCrl(crlNumber);
}
示例14
public CertificateList[] getCertRevokList() {
return certRevokList;
}
示例15
public void setCertRevokList(CertificateList[] certRevokList) {
this.certRevokList = certRevokList;
}
示例16
public CertificateList getBcCurrentCrl() throws OperationException {
return getBcCrl(null);
}
示例17
private X509CRLHolder evaluateCrlResponse(VerifiedPkiMessage response, Integer xipkiAction)
throws CmpClientException, PkiErrorException {
checkProtection(Args.notNull(response, "response"));
PKIBody respBody = response.getPkiMessage().getBody();
int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (PKIBody.TYPE_GEN_REP != bodyType) {
throw new CmpClientException(String.format(
"unknown PKI body type %s instead the expected [%s, %s]",
bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
}
ASN1ObjectIdentifier expectedType = (xipkiAction == null)
? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.Xipki.id_xipki_cmp_cmpGenmsg;
GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
InfoTypeAndValue itv = null;
if (itvs != null && itvs.length > 0) {
for (InfoTypeAndValue m : itvs) {
if (expectedType.equals(m.getInfoType())) {
itv = m;
break;
}
}
}
if (itv == null) {
throw new CmpClientException("the response does not contain InfoTypeAndValue "
+ expectedType);
}
ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue()
: extractXiActionContent(itv.getInfoValue(), xipkiAction);
CertificateList certList = CertificateList.getInstance(certListAsn1Object);
return new X509CRLHolder(certList);
}
