List of usage examples for org.bouncycastle.asn1 DERIA5String getInstance
public static DERIA5String getInstance(Object obj)
From source file:be.fedict.trust.crl.CrlTrustLinker.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * /*from w w w.j a va2 s .co m*/ * @param certificate * the X509 certificate. * @return the CRL URI, or <code>null</code> if the extension is not * present. */ public static URI getCrlUri(X509Certificate certificate) { byte[] crlDistributionPointsValue = certificate.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (null == crlDistributionPointsValue) { return null; } ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue)) .readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String derStr = DERIA5String.getInstance(name.getName()); String str = derStr.getString(); if (false == str.startsWith("http")) { /* * skip ldap:// protocols */ LOG.debug("not HTTP/HTTPS: " + str); continue; } URI uri = toURI(str); return uri; } } return null; }
From source file:be.fedict.trust.ocsp.OcspTrustLinker.java
License:Open Source License
private URI getAccessLocation(X509Certificate certificate, ASN1ObjectIdentifier accessMethod) throws IOException, URISyntaxException { byte[] authInfoAccessExtensionValue = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }/* ww w .java 2 s.co m*/ AuthorityInformationAccess authorityInformationAccess; DEROctetString oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)).readObject()); authorityInformationAccess = AuthorityInformationAccess .getInstance(new ASN1InputStream(oct.getOctets()).readObject()); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { LOG.debug("access method: " + accessDescription.getAccessMethod()); boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); LOG.debug("access location: " + accessLocation); URI uri = toURI(accessLocation); LOG.debug("access location URI: " + uri); return uri; } return null; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static List<String> getCrlDistributionPoints(byte[] crldpExt) throws CertificateParsingException, IOException { if (crldpExt == null) { return new ArrayList<String>(); }//from ww w .ja v a 2s.c o m ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
From source file:br.gov.frameworkdemoiselle.certificate.oid.OIDGeneric.java
License:Open Source License
/** * Instance for object.//from w w w . j a va 2 s . co m * * @param data -> byte array with certificate content. * @return Object GenericOID * @throws IOException * @throws Exception */ public static OIDGeneric getInstance(byte[] data) throws IOException, Exception { ASN1InputStream is = new ASN1InputStream(data); DERSequence sequence = (DERSequence) is.readObject(); DERObjectIdentifier objectIdentifier = (DERObjectIdentifier) sequence.getObjectAt(0); DERTaggedObject tag = (DERTaggedObject) sequence.getObjectAt(1); DEROctetString octetString = null; DERPrintableString printableString = null; DERUTF8String utf8String = null; DERIA5String ia5String = null; try { octetString = (DEROctetString) DEROctetString.getInstance(tag); } catch (Exception ex) { try { printableString = DERPrintableString.getInstance(tag); } catch (Exception e1) { try { utf8String = DERUTF8String.getInstance(tag); } catch (Exception e2) { ia5String = DERIA5String.getInstance(tag); } } } String className = "br.gov.frameworkdemoiselle.certificate.oid.OID_" + objectIdentifier.getId().replaceAll("[.]", "_"); OIDGeneric oidGenerico; try { oidGenerico = (OIDGeneric) Class.forName(className).newInstance(); } catch (InstantiationException e) { throw new Exception("Can not instace class '" + className + "'.", e); } catch (IllegalAccessException e) { throw new Exception("Was not possible instace class '" + className + "'.", e); } catch (ClassNotFoundException e) { oidGenerico = new OIDGeneric(); } oidGenerico.setOid(objectIdentifier.getId()); if (octetString != null) { oidGenerico.setData(new String(octetString.getOctets())); } else if (printableString != null) { oidGenerico.setData(printableString.getString()); } else if (utf8String != null) { oidGenerico.setData(utf8String.getString()); } else { oidGenerico.setData(ia5String.getString()); } oidGenerico.initialize(); return oidGenerico; }
From source file:com.infinities.keystone4j.ssl.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. *//* ww w.jav a 2 s .c om*/ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = null; ASN1InputStream oAsnInStream2 = null; try { oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; } finally { if (oAsnInStream != null) { oAsnInStream.close(); } if (oAsnInStream2 != null) { oAsnInStream2.close(); } } }
From source file:com.viettel.hqmc.DAO.FilesDAO.java
private static List<String> getAIALocations(X509Certificate cert) throws Exception { //Gets the DER-encoded OCTET string for the extension value for Authority information access Points byte[] aiaExtensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (aiaExtensionValue == null) { throw new Exception("Certificate doesn't have authority " + "information access points"); }//from w ww. ja va 2 s .c o m //might have to pass an ByteArrayInputStream(aiaExtensionValue) ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue); AuthorityInformationAccess authorityInformationAccess; try { DEROctetString aiaDEROctetString = (DEROctetString) (asn1In.readObject()); ASN1InputStream asn1InOctets = new ASN1InputStream(aiaDEROctetString.getOctets()); ASN1Sequence aiaASN1Sequence = (ASN1Sequence) asn1InOctets.readObject(); authorityInformationAccess = AuthorityInformationAccess.getInstance(aiaASN1Sequence); } catch (IOException ex) { LogUtil.addLog(ex);//binhnt sonar a160901 throw new Exception("Cannot read certificate to get OCSP URLs", ex); } List<String> ocspUrlList = new ArrayList<String>(); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); ocspUrlList.add(accessLocation); } } if (ocspUrlList.isEmpty()) { throw new Exception("Cant get OCSP urls from certificate"); } return ocspUrlList; }
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
private String getSubjectAttr(String needAttrName, String needAttrOid) { String subjectDN = getSubjectDN(); try {/* w w w. ja va 2 s. c o m*/ LdapName dn = new LdapName(subjectDN); List<Rdn> rdns = dn.getRdns(); for (Rdn rdn : rdns) { String type = rdn.getType(); boolean isOid = type.contains("."); boolean matched = (isOid ? type.equals(needAttrOid) : type.equals(needAttrName)); if (matched) { Object value = rdn.getValue(); if (value == null) { continue; } if (isOid) { byte[] bytes = (byte[]) value; ASN1InputStream decoder = null; try { decoder = new ASN1InputStream(bytes); DEREncodable encoded = decoder.readObject(); DERIA5String str = DERIA5String.getInstance(encoded); return str.getString(); } catch (IOException e) { ZimbraLog.account.warn(LOG_PREFIX + "unable to decode " + type, e); } finally { ByteUtil.closeStream(decoder); } } else { return value.toString(); } } } } catch (InvalidNameException e) { ZimbraLog.account.warn(LOG_PREFIX + "Invalid subject dn value" + subjectDN, e); } return null; }
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
private void printCRLDistributionPoints(PrintStream outStream) throws Exception { outStream.format("X509v3 CRL Distribution Points: \n"); String extOid = X509Extension.cRLDistributionPoints.getId(); // 2.5.29.31 byte[] extVal = cert.getExtensionValue(extOid); if (extVal == null) { return;/*from w ww. jav a 2 s .co m*/ } /* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String) * The ASN.1 definition for this is: Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension Extension ::= SEQUENCE { extnId OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains a DER encoding of a value -- of the type registered for use with -- the extnId object identifier value } */ byte[] extnValue = DEROctetString.getInstance(ASN1Object.fromByteArray(extVal)).getOctets(); CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Object.fromByteArray(extnValue)); DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints(); for (DistributionPoint distPoint : distPoints) { DistributionPointName distPointName = distPoint.getDistributionPoint(); int type = distPointName.getType(); if (DistributionPointName.FULL_NAME == type) { outStream.format("Full Name: \n"); GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName()); GeneralName[] names = generalNames.getNames(); for (GeneralName generalname : names) { int tag = generalname.getTagNo(); if (GeneralName.uniformResourceIdentifier == tag) { DEREncodable name = generalname.getName(); DERIA5String str = DERIA5String.getInstance(name); String value = str.getString(); outStream.format(" %s\n", value); } else { outStream.format("tag %d not yet implemented", tag); } } } else { outStream.format("type %d not yet implemented", type); } } }
From source file:demo.sts.provider.cert.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. */// w ww . j av a 2 s. c om public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
From source file:edu.nps.moves.mmowgli.CACManager.java
License:Open Source License
private static void parseCert(String cert, CACData data) { cert = cert.replace(' ', '\r'); cert = cert.replace("BEGIN\rCERTIFICATE", "BEGIN CERTIFICATE"); cert = cert.replace("END\rCERTIFICATE", "END CERTIFICATE"); PEMParser pr = new PEMParser(new StringReader(cert)); try {// w w w .ja v a2 s. co m Object o = pr.readObject(); pr.close(); if (o instanceof X509CertificateHolder) { X509CertificateHolder x509 = (X509CertificateHolder) o; X500Name x500name = x509.getSubject(); RDN cnRdns[] = x500name.getRDNs(BCStyle.CN); String cn = IETFUtils.valueToString(cnRdns[0].getFirst().getValue()); parseCN(cn, data); GeneralNames gns = GeneralNames.fromExtensions(x509.getExtensions(), Extension.subjectAlternativeName); if (gns != null) { GeneralName[] subjectAltNames = gns.getNames(); for (GeneralName gn : subjectAltNames) { if (gn.getTagNo() == GeneralName.rfc822Name) { // check for email String s = DERIA5String.getInstance(gn.getName()).getString(); if (s.contains("@")) { data.userEmail = s; break; } } } } // Create the unique card identifier (issuer+serial) which when hashed goes into the database for quick login String uniqueCertId = x509.getIssuer().toString() + " " + x509.getSerialNumber().toString(); MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(uniqueCertId.getBytes("UTF-8")); // or UTF-16 byte[] digest = md.digest(); data.cacId = Hex.encodeHexString(digest); /* Alternatively, this will do a salted hash, but the output is not the same for the same input; better security * but the login performance would be bad since the user list has to be polled instead of indexed try { data.cacId = PasswordHash.createHash(uniqueCertId); } catch(Exception ex) { MSysOut.println(MmowgliConstants.SYSTEM_LOGS,"Program error, could not create CAC hash; auto-login disabled"); data.cacId = null; } System.out.println("data cacId: "+data.cacId); */ } } catch (IOException | NoSuchAlgorithmException ex) { MSysOut.println(MmowgliConstants.SYSTEM_LOGS, ex.getClass().getSimpleName() + ": Program error, could not parse CAC"); data.cacId = null; data.isCACPresent = false; } // Some informational stuff /* this gives same info as the x509 methods below RDN rdns[] = x500name.getRDNs(); for(RDN rdn : rdns) { AttributeTypeAndValue[] tandV = rdn.getTypesAndValues(); for(AttributeTypeAndValue tv : tandV) { System.out.println(tv.getType()); System.out.println(IETFUtils.valueToString(tv.getType())); System.out.println(tv.getValue()); System.out.println(IETFUtils.valueToString(tv.getValue())); } } */ /* System.out.println("X509 version: "+x509.getVersionNumber()); System.out.println("X509 Serial num: "+x509.getSerialNumber()); System.out.println("X509 Sig algo: "+x509.getSignatureAlgorithm().getAlgorithm().toASN1Primitive()); System.out.println("X509 Issuer: "+x509.getIssuer()); System.out.println("X509 Not before: "+x509.getNotBefore()); System.out.println("X509 Not after: "+x509.getNotAfter()); System.out.println("X509 Subject: "+x509.getSubject()); System.out.println("X509 Subject Public Key Info: "+x509.getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm()); */ /* System.out.println("CriticalExtensionOIDs: "); Set<?> set = x509.getCriticalExtensionOIDs(); Iterator<?> itr = set.iterator(); while(itr.hasNext()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)itr.next(); System.out.println(oid.toString()+" : "+x509.getExtension(oid).getParsedValue()); } System.out.println("NonCriticalExtensionOIDs: "); set = x509.getNonCriticalExtensionOIDs(); itr = set.iterator(); while(itr.hasNext()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)itr.next(); System.out.println(oid.toString()+" : "+x509.getExtension(oid).getParsedValue()); } System.out.println("Other api: getExtensionOIDs"); List<?> lis = x509.getExtensionOIDs(); itr = lis.iterator(); while(itr.hasNext()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)itr.next(); System.out.println(oid.toString()+" : "+x509.getExtension(oid).getParsedValue()); } System.out.println("From the extensions \"block\""); Extensions exts = x509.getExtensions(); ASN1ObjectIdentifier[] ids = exts.getExtensionOIDs(); for(ASN1ObjectIdentifier oid : ids) { org.bouncycastle.asn1.x509.Extension ext = exts.getExtension(oid); System.out.println(oid.toString()+": "+IETFUtils.valueToString(ext.getParsedValue())); } // */ }