public static Certificate getCertificate(ASN1Encodable object) throws BadAsn1ObjectException { try { return Certificate.getInstance(object); } catch (IllegalArgumentException ex) { throw new BadAsn1ObjectException("invalid object Certificate: " + ex.getMessage(), ex); } }
public byte[] getCertificateBytes() { if (cert != null) { try { return cert.getEncoded(); } catch (IOException e) { throw new IllegalStateException("can't decode certificate: " + e); } } if (publicKeyCert != null) { return publicKeyCert; } return attributeCert; }
public static boolean issues(org.bouncycastle.asn1.x509.Certificate issuerCert, org.bouncycastle.asn1.x509.Certificate cert) throws CertificateEncodingException { Args.notNull(issuerCert, "issuerCert"); Args.notNull(cert, "cert"); boolean issues = issuerCert.getSubject().equals(cert.getIssuer()); if (issues) { byte[] ski = extractSki(issuerCert); byte[] aki = extractAki(cert); if (ski != null) { issues = Arrays.equals(ski, aki); } } if (issues) { long issuerNotBefore = issuerCert.getStartDate().getDate().getTime(); long issuerNotAfter = issuerCert.getEndDate().getDate().getTime(); long notBefore = cert.getStartDate().getDate().getTime(); issues = notBefore <= issuerNotAfter && notBefore >= issuerNotBefore; } return issues; }
public IssuerAndSerialNumber( Certificate certificate) { this.name = certificate.getIssuer(); this.serialNumber = certificate.getSerialNumber(); }
public EjbcaCaInfo(final int caId, final byte[] certBytes, final String caDirname) { ParamUtil.requireNonNull("certBytes", certBytes); this.caId = caId; this.hexSha1 = HashAlgoType.SHA1.hexHash(certBytes).toLowerCase(); this.subject = Certificate.getInstance(certBytes).getSubject(); this.caDirname = ParamUtil.requireNonNull("caDirname", caDirname); }
public CaEmulator(PrivateKey caKey, Certificate caCert, boolean generateCrl) throws CertificateEncodingException { this.caKey = ScepUtil.requireNonNull("caKey", caKey); this.caCert = ScepUtil.requireNonNull("caCert", caCert); this.caSubject = caCert.getSubject(); this.generateCrl = generateCrl; try { this.caCertBytes = caCert.getEncoded(); } catch (IOException ex) { throw new CertificateEncodingException(ex.getMessage(), ex); } }
@Override protected Object execute0() throws Exception { Certificate cert = X509Util.parseBcCert(IoUtil.read(inFile)); if (serial != null && serial) { return getNumber(cert.getSerialNumber().getPositiveValue()); } else if (subject != null && subject) { return cert.getSubject().toString(); } else if (issuer != null && issuer) { return cert.getIssuer().toString(); } else if (notBefore != null && notBefore) { return toUtcTimeyyyyMMddhhmmssZ(cert.getStartDate().getDate()); } else if (notAfter != null && notAfter) { return toUtcTimeyyyyMMddhhmmssZ(cert.getEndDate().getDate()); } else if (fingerprint != null && fingerprint) { byte[] encoded = cert.getEncoded(); return HashAlgo.getInstance(hashAlgo).hexHash(encoded); } return null; }
private void importIssuer0(CaCertstore.Ca issuer, String sql, PreparedStatement ps, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException { try { byte[] encodedCert = readContent(issuer.getCert()); relatedCaIds.add(issuer.getId()); Certificate cert; try { cert = Certificate.getInstance(encodedCert); } catch (RuntimeException ex) { String msg = "could not parse certificate of issuer " + issuer.getId(); LogUtil.error(LOG, ex, msg); throw new CertificateException(ex.getMessage(), ex); } int idx = 1; ps.setInt(idx++, issuer.getId()); ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen)); ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000); ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000); ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert)); ps.setString(idx++, issuer.getRevInfo()); ps.setString(idx++, Base64.encodeToString(encodedCert)); ps.execute(); } catch (SQLException ex) { System.err.println("could not import issuer with id=" + issuer.getId()); throw translate(sql, ex); } catch (CertificateException ex) { System.err.println("could not import issuer with id=" + issuer.getId()); throw ex; } } // method importIssuer0
Certificate cert = Certificate.getInstance(Base64.decode(b64Cert)); for (EjbcaCaInfo entry : caInfos.values()) { if (entry.subject().equals(cert.getIssuer())) { caInfo = entry; break;
public byte[] getTBSCertificate() throws CertificateEncodingException { try { return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new CertificateEncodingException(e.toString()); } }
Certificate c = ...; RDN cn = c.getSubject().getRDNs(BCStyle.CN)[0]; return ((ASN1String)cn.getFirst().getValue()).getString();
public PublicKey getPublicKey() { try { return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); } catch (IOException e) { return null; // should never happen... } }
public IssuerHash(HashAlgo hashAlgo, Certificate issuerCert) throws IOException { this.hashAlgo = Args.notNull(hashAlgo, "hashAlgo"); Args.notNull(issuerCert, "issuerCert"); byte[] encodedName = issuerCert.getSubject().getEncoded(); byte[] encodedKey = issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); this.issuerNameHash = HashCalculator.hash(hashAlgo, encodedName); this.issuerKeyHash = HashCalculator.hash(hashAlgo, encodedKey); }
X509Certificate x509Cert = X509Certificate.getInstance(cert.getCertificateAt(0).getEncoded()); PublicKey key = x509Cert.getPublicKey(); if (key instanceof RSAPublicKey || key instanceof ECPublicKey || key instanceof DSAPublicKey) { ASN1InputStream stream = new ASN1InputStream(cert.getCertificateAt(0).getSubjectPublicKeyInfo() .toASN1Primitive().getEncoded()); DLSequence sequence = (DLSequence) stream.readObject();
private void checkSignature( PublicKey key, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) { throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); } ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); // TODO This should go after the initVerify? X509SignatureUtil.setSignatureParameters(signature, params); signature.initVerify(key); signature.update(this.getTBSCertificate()); if (!signature.verify(this.getSignature())) { throw new SignatureException("certificate does not verify with supplied key"); } }
public X500Principal getIssuerX500Principal() { try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); aOut.writeObject(c.getIssuer()); return new X500Principal(bOut.toByteArray()); } catch (IOException e) { throw new IllegalStateException("can't encode issuer DN"); } }
Certificate cert = Certificate.getInstance(Base64.decode(b64Cert)); for (EjbcaCaInfo entry : fpCaInfoMap.values()) { if (entry.subject().equals(cert.getIssuer())) { caInfo = entry; break;
public byte[] getTBSCertificate() throws CertificateEncodingException { try { return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new CertificateEncodingException(e.toString()); } }
public void init() throws Exception { TlsInit.init(); if (caCert != null) { return; } Certificate tcert = cmpCaCerts()[0]; this.caSubject = tcert.getSubject(); this.caCert = SdkUtil.parseCert(tcert.getEncoded()); this.caSubjectKeyIdentifier = SdkUtil.extractSki(this.caCert); }
public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate) throws IOException { Certificate[] chain = clientCertificate.getCertificateList(); LOGGER.info(String.format("Received client certificate chain of length %d", chain.length)); for (int i = 0; i != chain.length; i++) { Certificate entry = chain[i]; LOGGER.info(String.format("WebRTC Client certificate fingerprint:%s (%s)", TlsUtils.fingerprint(this.hashFunction, entry), entry.getSubject())); } }