List of usage examples for org.bouncycastle.asn1 DERIA5String getInstance
public static DERIA5String getInstance(Object obj)
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Returns OCSP URL that is inside AuthorityInformationAccess extension, or null. * /*from ww w. ja va 2 s . co m*/ * @param cert is the certificate to parse * @throws CertificateParsingException */ public static String getAuthorityInformationAccessOcspUrl(Certificate cert) throws CertificateParsingException { String ret = null; if (cert instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) cert; try { ASN1Primitive obj = getExtensionValue(x509cert, Extension.authorityInfoAccess.getId()); if (obj == null) { return null; } AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(obj); AccessDescription[] ad = aia.getAccessDescriptions(); if ((ad != null) && (ad.length > 0)) { for (int i = 0; i < ad.length; i++) { if (ad[i].getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod)) { GeneralName gn = ad[i].getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { // After encoding in a cert, it is tagged an extra time... ASN1Primitive gnobj = gn.toASN1Primitive(); if (gnobj instanceof ASN1TaggedObject) { gnobj = ASN1TaggedObject.getInstance(gnobj).getObject(); } final DERIA5String str = DERIA5String.getInstance(gnobj); ret = str.getString(); break; // no need to go on any further, we got a value } } } } } catch (Exception e) { log.error("Error parsing AuthorityInformationAccess", e); throw new CertificateParsingException(e.toString()); } } return ret; }
From source file:org.demoiselle.signer.core.extension.BasicCertificate.java
License:Open Source License
/** * /*from w ww . j a v a2s . c o m*/ * @return A list of ulrs that inform the location of the certificate revocation lists * @throws IOException exception */ public List<String> getCRLDistributionPoint() throws IOException { List<String> crlUrls = new ArrayList<>(); ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId()); if (primitive == null) { return null; } CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive); DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName dpn = distributionPoint.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url); logger.info("Adicionando a url {}", url); } } } } } return crlUrls; }
From source file:org.dihedron.crypto.crl.CRL.java
License:Open Source License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list.//from ww w . j a va 2 s .c om */ public static List<String> getCrlDistributionPoints(X509Certificate certificate) throws CertificateParsingException, IOException { List<String> urls = new ArrayList<>(); byte[] extension = certificate.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (extension == null) { // return an empty list return urls; } try (ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(extension))) { byte[] crldpExtOctets = ((DEROctetString) oAsnInStream.readObject()).getOctets(); try (ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets))) { for (DistributionPoint dp : CRLDistPoint.getInstance(oAsnInStream2.readObject()) .getDistributionPoints()) { DistributionPointName name = dp.getDistributionPoint(); // look for URIs in fullName if (name != null && name.getType() == DistributionPointName.FULL_NAME) { GeneralName[] generalNames = GeneralNames.getInstance(name.getName()).getNames(); // look for an URI for (GeneralName generalName : generalNames) { if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(generalName.getName()).getString(); urls.add(url); } } } } return urls; } } }
From source file:org.ejbca.util.CertTools.java
License:Open Source License
/** * GeneralName ::= CHOICE {//from www.jav a 2 s .co m * otherName [0] OtherName, * rfc822Name [1] IA5String, * dNSName [2] IA5String, * x400Address [3] ORAddress, * directoryName [4] Name, * ediPartyName [5] EDIPartyName, * uniformResourceIdentifier [6] IA5String, * iPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER} * * @param tag the no tag 0-8 * @param value the DEREncodable value as returned by GeneralName.getName() * @return String in form rfc822Name=<email> or uri=<uri> etc * @throws IOException * @see #getSubjectAlternativeName */ public static String getGeneralNameString(int tag, DEREncodable value) throws IOException { String ret = null; switch (tag) { case 0: ASN1Sequence seq = getAltnameSequence(value.getDERObject().getEncoded()); String upn = getUPNStringFromSequence(seq); // OtherName can be something else besides UPN if (upn != null) { ret = CertTools.UPN + "=" + upn; } else { String krb5Principal = getKrb5PrincipalNameFromSequence(seq); if (krb5Principal != null) { ret = CertTools.KRB5PRINCIPAL + "=" + krb5Principal; } } break; case 1: ret = CertTools.EMAIL + "=" + DERIA5String.getInstance(value).getString(); break; case 2: ret = CertTools.DNS + "=" + DERIA5String.getInstance(value).getString(); break; case 3: // SubjectAltName of type x400Address not supported break; case 4: // SubjectAltName of type directoryName not supported break; case 5: // SubjectAltName of type ediPartyName not supported break; case 6: ret = CertTools.URI + "=" + DERIA5String.getInstance(value).getString(); break; case 7: ASN1OctetString oct = ASN1OctetString.getInstance(value); ret = CertTools.IPADDR + "=" + StringTools.ipOctetsToString(oct.getOctets()); break; default: // SubjectAltName of unknown type break; } return ret; }
From source file:org.ejbca.util.CertTools.java
License:Open Source License
/** Returns OCSP URL that is inside AuthorithInformationAccess extension, or null. * //from w w w.j a v a 2s . com * @param cert is the certificate to parse * @throws CertificateParsingException */ public static String getAuthorityInformationAccessOcspUrl(Certificate cert) throws CertificateParsingException { String ret = null; if (cert instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) cert; try { DERObject obj = getExtensionValue(x509cert, X509Extensions.AuthorityInfoAccess.getId()); if (obj == null) { return null; } AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(obj); AccessDescription[] ad = aia.getAccessDescriptions(); if ((ad != null) && (ad.length > 0)) { for (int i = 0; i < ad.length; i++) { if (ad[i].getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod)) { GeneralName gn = ad[i].getAccessLocation(); if (gn.getTagNo() == 6) { DERIA5String str = DERIA5String.getInstance(gn.getDERObject()); ret = str.getString(); break; // no need to go on any further, we got a value } } } } } catch (Exception e) { log.error("Error parsing AuthorityInformationAccess", e); throw new CertificateParsingException(e.toString()); } } return ret; }
From source file:org.glite.voms.ac.AttributeHolder.java
License:Open Source License
/** * Gets the Grantor of these attributes. * * @return the grantor./* w ww .ja va 2s . co m*/ */ public String getGrantor() { ASN1Sequence seq = ASN1Sequence.getInstance(grantor.toASN1Primitive()); GeneralName name = GeneralName.getInstance(seq.getObjectAt(0)); return DERIA5String.getInstance(name.getName()).getString(); }
From source file:org.icepdf.core.pobjects.acroform.signature.certificates.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list.// w w w .j a va 2 s.c om */ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url); } } } } } return crlUrls; }
From source file:org.jasig.cas.adaptors.x509.authentication.handler.support.CRLDistributionPointRevocationChecker.java
License:Apache License
/** * Gets the distribution points.//from ww w .j ava 2 s .c o m * * @param cert the cert * @return the url distribution points */ private URI[] getDistributionPoints(final X509Certificate cert) { final List<DistributionPoint> points; try { points = new ExtensionReader(cert).readCRLDistributionPoints(); } catch (final RuntimeException e) { logger.error("Error reading CRLDistributionPoints extension field on {}", CertUtils.toString(cert), e); return new URI[0]; } final List<URI> urls = new ArrayList<>(); if (points != null) { for (final DistributionPoint point : points) { final DistributionPointName pointName = point.getDistributionPoint(); if (pointName != null) { final ASN1Sequence nameSequence = ASN1Sequence.getInstance(pointName.getName()); for (int i = 0; i < nameSequence.size(); i++) { final GeneralName name = GeneralName.getInstance(nameSequence.getObjectAt(i)); logger.debug("Found CRL distribution point {}.", name); try { addURL(urls, DERIA5String.getInstance(name.getName()).getString()); } catch (final RuntimeException e) { logger.warn("{} not supported. String or GeneralNameList expected.", pointName); } } } } } return urls.toArray(new URI[urls.size()]); }
From source file:org.jnotary.crypto.CRLLoader.java
License:Open Source License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list. /*w w w . j a v a2 s .com*/ */ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return Collections.emptyList(); } ASN1InputStream oAsnInStream = null; ASN1InputStream oAsnInStream2 = null; List<String> crlUrls = new ArrayList<String>(); try { oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } } } finally { if (oAsnInStream != null) oAsnInStream.close(); if (oAsnInStream2 != null) oAsnInStream2.close(); } return crlUrls; }
From source file:org.jruby.ext.openssl.X509Extension.java
License:LGPL
@SuppressWarnings("unchecked") private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) { final ASN1Encodable obj = name.getName(); String val; boolean tagged = false; switch (name.getTagNo()) { case GeneralName.rfc822Name: if (!tagged) out.append('e').append('m').append('a').append('i').append('l').append(':'); tagged = true;//from w w w .j a v a 2s. co m case GeneralName.dNSName: if (!tagged) out.append('D').append('N').append('S').append(':'); tagged = true; case GeneralName.uniformResourceIdentifier: if (!tagged) out.append('U').append('R').append('I').append(':'); val = DERIA5String.getInstance(obj).getString(); out.append(ByteList.plain(val)); break; case GeneralName.directoryName: out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':'); final X500Name dirName = X500Name.getInstance(obj); if (slashed) { final RDN[] rdns = dirName.getRDNs(); final Hashtable defaultSymbols = getDefaultSymbols(); for (int i = 0; i < rdns.length; i++) { appendRDN(out.append('/'), rdns[i], defaultSymbols); } } else { out.append(ByteList.plain(dirName.toString())); } break; case GeneralName.iPAddress: out.append('I').append('P').append(':'); final byte[] ip = ((ASN1OctetString) name.getName()).getOctets(); int len = ip.length; boolean ip4 = len == 4; for (int i = 0; i < ip.length; i++) { out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff)); if (i != len - 1) { if (ip4) out.append('.'); else out.append(':').append(':'); } } break; case GeneralName.otherName: out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m') .append('e').append(':'); out.append(ByteList.plain(obj.toString())); return true; //tagged = true; case GeneralName.registeredID: out.append('R').append('I').append('D').append(':'); //tagged = true; default: out.append(ByteList.plain(obj.toString())); } return false; }