List of usage examples for org.bouncycastle.asn1 DERIA5String getInstance
public static DERIA5String getInstance(Object obj)
From source file:eu.europa.ec.markt.dss.validation.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * //w w w .ja va 2 s.c o m * @param certificate the X509 certificate. * @return the CRL URI, or <code>null</code> if the extension is not present. * @throws MalformedURLException */ @SuppressWarnings("deprecation") public String getCrlUri(X509Certificate certificate) throws MalformedURLException { byte[] crlDistributionPointsValue = certificate .getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (null == crlDistributionPointsValue) { return null; } ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue)) .readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.fine("not a uniform resource identifier"); continue; } String str = null; if (name.getDERObject() instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) name.getDERObject(); DERIA5String derStr = DERIA5String.getInstance(taggedObject.getObject()); str = derStr.getString(); } else { DERIA5String derStr = DERIA5String.getInstance(name.getDERObject()); str = derStr.getString(); } if (str != null && (str.startsWith("http://") || str.startsWith("https://"))) { return str; } else { LOG.info("Supports only http:// and https:// protocol for CRL"); } } } return null; }
From source file:eu.europa.ec.markt.dss.validation102853.crl.CommonCRLSource.java
License:Open Source License
/** * Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate. * * @param certificateToken the X509 certificate * @param preferredProtocol/*from ww w.jav a 2 s .c om*/ * @param preferredProtocol indicates the preferred protocol to use to retrieve the revocation data * @return the {@code List} of CRL URI, or {@code null} if the extension is not present * @throws DSSException in the case of any {@code Exception} */ public List<String> getCrlUrl(final CertificateToken certificateToken, final Protocol preferredProtocol) throws DSSException { final byte[] crlDistributionPointsBytes = certificateToken.getCRLDistributionPoints(); if (null == crlDistributionPointsBytes) { if (LOG.isTraceEnabled()) { LOG.trace("CRL's URL(s) for {} : there is no distribution point(s) extension!", certificateToken.getAbbreviation()); } return null; } try { final List<String> urls = new ArrayList<String>(); final ASN1Sequence asn1Sequence = DSSASN1Utils .getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes); final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (FULL_NAME != distributionPointName.getType()) { LOG.warn("'nameRelativeToCRLIssuer': not supported!"); continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { if (uniformResourceIdentifier != name.getTagNo()) { LOG.warn("Not a uniform resource identifier!"); continue; } ASN1Primitive asn1Primitive = name.toASN1Primitive(); if (asn1Primitive instanceof DERTaggedObject) { final DERTaggedObject taggedObject = (DERTaggedObject) asn1Primitive; asn1Primitive = taggedObject.getObject(); } final DERIA5String derStr = DERIA5String.getInstance(asn1Primitive); final String urlStr = derStr.getString(); urls.add(urlStr); } } prioritize(urls, preferredProtocol); if (LOG.isTraceEnabled()) { LOG.trace("CRL's URL for {} : {}", certificateToken.getAbbreviation(), urls); } return urls; } catch (Exception e) { if (e instanceof DSSException) { throw (DSSException) e; } throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.validation102853.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * * @param certificateToken the X509 certificate. * @return the CRL URI, or {@code null} if the extension is not present. * @throws DSSException//from ww w. jav a 2s.c om */ public String getCrlUrl(final CertificateToken certificateToken) throws DSSException { final byte[] crlDistributionPointsValue = certificateToken.getCRLDistributionPoints(); if (null == crlDistributionPointsValue) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { List<String> urls = new ArrayList<String>(); final ByteArrayInputStream bais = new ByteArrayInputStream(crlDistributionPointsValue); ais1 = new ASN1InputStream(bais); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final ASN1Sequence seq = (ASN1Sequence) ais2.readObject(); final CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("Not a uniform resource identifier"); continue; } final String urlStr; if (name.toASN1Primitive() instanceof DERTaggedObject) { final DERTaggedObject taggedObject = (DERTaggedObject) name.toASN1Primitive(); final DERIA5String derStr = DERIA5String.getInstance(taggedObject.getObject()); urlStr = derStr.getString(); } else { final DERIA5String derStr = DERIA5String.getInstance(name.toASN1Primitive()); urlStr = derStr.getString(); } urls.add(urlStr); } } if (preferredProtocol != null) { for (final String url : urls) { if (preferredProtocol.isTheSame(url)) { return url; } } } if (urls.size() > 0) { final String url = urls.get(0); return url; } return null; } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(ais1); DSSUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.client.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate. * * @param certificateToken//from w ww . j a v a 2s . co m * the X509 certificate * @return the {@code List} of CRL URI, or {@code null} if the extension is not present * @throws DSSException */ public List<String> getCrlUrl(final CertificateToken certificateToken) throws DSSException { final String id = Extension.cRLDistributionPoints.getId(); final byte[] crlDistributionPointsBytes = certificateToken.getCertificate().getExtensionValue(id); if (null == crlDistributionPointsBytes) { return null; } try { final List<String> urls = new ArrayList<String>(); final ASN1Sequence asn1Sequence = DSSASN1Utils .getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes); final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("Not a uniform resource identifier"); continue; } ASN1Primitive asn1Primitive = name.toASN1Primitive(); if (asn1Primitive instanceof DERTaggedObject) { final DERTaggedObject taggedObject = (DERTaggedObject) asn1Primitive; asn1Primitive = taggedObject.getObject(); } final DERIA5String derStr = DERIA5String.getInstance(asn1Primitive); final String urlStr = derStr.getString(); urls.add(urlStr); } } prioritize(urls); return urls; } catch (Exception e) { if (e instanceof DSSException) { throw (DSSException) e; } throw new DSSException(e); } }
From source file:mitm.common.security.certificate.AltNamesInspector.java
License:Open Source License
/** * Use this constructor for ASN1Utils.getExtensionValue(X509Extension, String) * @param altName//from ww w . j ava 2 s. c o m */ public AltNamesInspector(ASN1Sequence altName) { if (altName != null) { Collection<List<?>> altNames = new LinkedList<List<?>>(); for (int i = 0; i < altName.size(); i++) { GeneralName generalName = GeneralName.getInstance(altName.getObjectAt(i)); ASN1Encodable obj = generalName.getName(); String value; switch (generalName.getTagNo()) { case rfc822NameTag: case dnsNameTag: case uniformResourceIdentifierTag: value = DERIA5String.getInstance(obj).getString(); break; default: value = obj.toString(); } List<Object> list = new LinkedList<Object>(); list.add(generalName.getTagNo()); list.add(value); altNames.add(list); } parseAltNames(altNames); } }
From source file:mitm.common.security.crl.CRLDistributionPointsInspector.java
License:Open Source License
public static Set<String> getURIDistributionPointNames(CRLDistPoint crlDistPoint) throws CRLException { try {/*from w ww. j a v a2 s .c o m*/ Set<String> uris = new HashSet<String>(); if (crlDistPoint == null) { return uris; } DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints(); if (distributionPoints != null) { for (DistributionPoint distributionPoint : distributionPoints) { if (distributionPoint == null) { logger.debug("Distributionpoint is null."); continue; } DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); /* We will only return full names containing URIs */ if (distributionPointName != null && distributionPointName.getType() == DistributionPointName.FULL_NAME) { ASN1Encodable name = distributionPointName.getName(); if (name != null) { GeneralName[] names = GeneralNames.getInstance(name).getNames(); for (GeneralName generalName : names) { if (generalName != null && generalName.getTagNo() == GeneralName.uniformResourceIdentifier && generalName.getName() != null) { String uri = DERIA5String.getInstance(generalName.getName()).getString(); uris.add(uri); } } } } } } return uris; } catch (IllegalArgumentException e) { /* * Can be thrown when the CRL dist. point contains illegal ASN1. */ throw new CRLException("Error getting the CRL distribution point names.", e); } }
From source file:net.maritimecloud.pki.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. *//*from www.ja v a 2 s . c om*/ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(crldpExt); DEROctetString dosCrlDP = (DEROctetString) oAsnInStream.readObject(); byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(oAsnInStream2.readObject()); oAsnInStream.close(); oAsnInStream2.close(); List<String> crlUrls = new ArrayList<>(); for (DistributionPoint dp : crlDistPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
/** * Get extension value as a string.//from w w w . j a va2s .co m * * @return X509Extension value as a string * @throws IOException If an ASN.1 coding problem occurs * @throws IOException If an I/O problem occurs */ public String getStringValue() throws IOException { // Convert value from DER encoded octet string value to binary DER encoding ASN1OctetString octetString = ASN1OctetString.getInstance(ASN1Primitive.fromByteArray(value)); byte[] octets = octetString.getOctets(); X509ExtensionType type = X509ExtensionType.resolveOid(oid.getId()); if (type == ENTRUST_VERSION_INFORMATION) { return getEntrustVersionInformationStringValue(octets); } else if (type == AUTHORITY_INFORMATION_ACCESS) { return getAuthorityInformationAccessStringValue(octets); } else if (type == SUBJECT_INFORMATION_ACCESS) { return getSubjectInformationAccessStringValue(octets); } else if (type == SUBJECT_DIRECTORY_ATTRIBUTES) { return getSubjectDirectoryAttributesStringValue(octets); } else if (type == SUBJECT_KEY_IDENTIFIER) { return getSubjectKeyIndentifierStringValue(octets); } else if (type == KEY_USAGE) { return getKeyUsageStringValue(octets); } else if (type == PRIVATE_KEY_USAGE_PERIOD) { return getPrivateKeyUsagePeriodStringValue(octets); } else if (type == SUBJECT_ALTERNATIVE_NAME) { return getSubjectAlternativeNameStringValue(octets); } else if (type == ISSUER_ALTERNATIVE_NAME) { return getIssuerAlternativeNameStringValue(octets); } else if (type == BASIC_CONSTRAINTS) { return getBasicConstraintsStringValue(octets); } else if (type == CRL_NUMBER) { return getCrlNumberStringValue(octets); } else if (type == REASON_CODE) { return getReasonCodeStringValue(octets); } else if (type == HOLD_INSTRUCTION_CODE) { return getHoldInstructionCodeStringValue(octets); } else if (type == INVALIDITY_DATE) { return getInvalidityDateStringValue(octets); } else if (type == DELTA_CRL_INDICATOR) { return getDeltaCrlIndicatorStringValue(octets); } else if (type == ISSUING_DISTRIBUTION_POINT) { return getIssuingDistributionPointStringValue(octets); } else if (type == CERTIFICATE_ISSUER) { return getCertificateIssuerStringValue(octets); } else if (type == NAME_CONSTRAINTS) { return getNameConstraintsStringValue(octets); } else if (type == CRL_DISTRIBUTION_POINTS) { return getCrlDistributionPointsStringValue(octets); } else if (type == CERTIFICATE_POLICIES) { return getCertificatePoliciesStringValue(octets); } else if (type == POLICY_MAPPINGS) { return getPolicyMappingsStringValue(octets); } else if (type == AUTHORITY_KEY_IDENTIFIER) { return getAuthorityKeyIdentifierStringValue(octets); } else if (type == POLICY_CONSTRAINTS) { return getPolicyConstraintsStringValue(octets); } else if (type == EXTENDED_KEY_USAGE) { return getExtendedKeyUsageStringValue(octets); } else if (type == FRESHEST_CRL) { return getFreshestCrlStringValue(octets); } else if (type == INHIBIT_ANY_POLICY) { return getInhibitAnyPolicyStringValue(octets); } else if (type == NETSCAPE_CERTIFICATE_TYPE) { return getNetscapeCertificateTypeStringValue(octets); } else if (type == NETSCAPE_BASE_URL) { return getNetscapeBaseUrlStringValue(octets); } else if (type == NETSCAPE_REVOCATION_URL) { return getNetscapeRevocationUrlStringValue(octets); } else if (type == NETSCAPE_CA_REVOCATION_URL) { return getNetscapeCaRevocationUrlStringValue(octets); } else if (type == NETSCAPE_CERTIFICATE_RENEWAL_URL) { return getNetscapeCertificateRenewalStringValue(octets); } else if (type == NETSCAPE_CA_POLICY_URL) { return getNetscapeCaPolicyUrlStringValue(octets); } else if (type == NETSCAPE_SSL_SERVER_NAME) { return getNetscapeSslServerNameStringValue(octets); } else if (type == NETSCAPE_COMMENT) { return getNetscapeCommentStringValue(octets); } else if (type == BIOMETRIC_INFO) { return getBiometricInfoStringValue(octets); } else if (type == QC_STATEMENTS) { return getQcStatementsStringValue(octets); } else if (type == OCSP_NO_CHECK) { return getOcspNoCheckStringValue(octets); } else if (type == LIABILITY_LIMITATION_FLAG) { return getLiabilityLimitationFlagStringValue(octets); } else if (type == DATE_OF_CERT_GEN) { return getDateOfCertGenStringValue(octets); } else if (type == PROCURATION) { return getProcurationStringValue(octets); } else if (type == ADMISSION) { return getAdmissionStringValue(octets); } else if (type == MONETARY_LIMIT) { return getMonetaryLimitStringValue(octets); } else if (type == DECLARATION_OF_MAJORITY) { return getDeclarationOfMajorityStringValue(octets); } else if (type == ICCSN) { return getICCSNStringValue(octets); } else if (type == RESTRICTION) { return getRestrictionStringValue(octets); } else if (type == ADDITIONAL_INFORMATION) { return getAdditionalInformationStringValue(octets); } else if (type == VALIDITY_MODEL) { return getValidityModelStringValue(octets); } else if (type == MS_ENROLL_CERT_TYPE_EXTENSION) { return getMsCertTypeStringValue(octets); } else if (type == MS_CA_VERSION) { return getMsCaVersionStringValue(octets); } else if (type == MS_CRL_NEXT_PUBLISH) { return getMsCrlNextPublishStringValue(octets); } else if (type == MS_CERTIFICATE_TEMPLATE) { return getMsCertificateTemplateStringValue(octets); } else if (type == MS_APPLICATION_POLICIES) { return HexUtil.getHexClearDump(octets); } else if (type == SMIME_CAPABILITIES) { return getSMIMECapabilitiesStringValue(octets); } else if (type == VS_CZAG || type == VS_FIDELITY_TOKEN || type == VS_IN_BOX_V1 || type == VS_IN_BOX_V2 || type == VS_SERIAL_NUMBER_ROLLOVER || type == VS_ON_SITE_JURISDICTION_HASH) { // most VeriSign extensions contain just an IA5STRING return DERIA5String.getInstance(octets).getString(); } else if (type == VS_TOKEN_TYPE || type == VS_UNKNOWN) { return getBitString(octets); } else if (type == VS_NON_VERIFIED) { return getVeriSignNonVerified(octets); } else { // X509Extension not recognised or means to output it not defined - just dump out hex and clear text return HexUtil.getHexClearDump(octets); } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getNetscapeBaseUrlStringValue(byte[] value) throws IOException { // @formatter:off /* NetscapeBaseUrl ::= DERIA5String */ // @formatter:on StringBuilder sb = new StringBuilder(); DERIA5String netscapeBaseUrl = DERIA5String.getInstance(value); sb.append(netscapeBaseUrl.getString()); sb.append(NEWLINE);/* w w w .j ava2 s . co m*/ return sb.toString(); }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getNetscapeRevocationUrlStringValue(byte[] value) throws IOException { // @formatter:off /* NetscapeRevocationUrl ::= DERIA5String */ // @formatter:on StringBuilder sb = new StringBuilder(); DERIA5String netscapeRevocationUrl = DERIA5String.getInstance(value); sb.append(netscapeRevocationUrl.getString()); sb.append(NEWLINE);/*from ww w . j a v a 2s.c o m*/ return sb.toString(); }