List of usage examples for org.bouncycastle.asn1 DERIA5String getString
public String getString()
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeComment.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { DERIA5String netscapeComment = DERIA5String.getInstance(value); jtaNetscapeComment.setText(netscapeComment.getString()); jtaNetscapeComment.setCaretPosition(0); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeRevocationUrl.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { DERIA5String netscapeRevocationUrl = DERIA5String.getInstance(value); jtfNetscapeRevocationUrl.setText(netscapeRevocationUrl.getString()); jtfNetscapeRevocationUrl.setCaretPosition(0); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeSslServerName.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { DERIA5String netscapeSslServerName = DERIA5String.getInstance(value); jtfNetscapeSslServerName.setText(netscapeSslServerName.getString()); jtfNetscapeSslServerName.setCaretPosition(0); }
From source file:org.apache.synapse.transport.certificatevalidation.ocsp.OCSPVerifier.java
License:Apache License
/** * Authority Information Access (AIA) is a non-critical extension in an X509 Certificate. This contains the * URL of the OCSP endpoint if one is available. * TODO: This might contain non OCSP urls as well. Handle this. * * @param cert is the certificate/*from www. j av a 2 s .co m*/ * @return a lit of URLs in AIA extension of the certificate which will hopefully contain an OCSP endpoint. * @throws CertificateVerificationException * */ private List<String> getAIALocations(X509Certificate cert) throws CertificateVerificationException { //Gets the DER-encoded OCTET string for the extension value for Authority information access Points byte[] aiaExtensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (aiaExtensionValue == null) throw new CertificateVerificationException( "Certificate Doesnt have Authority Information Access points"); //might have to pass an ByteArrayInputStream(aiaExtensionValue) ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue); AuthorityInformationAccess authorityInformationAccess; try { DEROctetString aiaDEROctetString = (DEROctetString) (asn1In.readObject()); ASN1InputStream asn1Inoctets = new ASN1InputStream(aiaDEROctetString.getOctets()); ASN1Sequence aiaASN1Sequence = (ASN1Sequence) asn1Inoctets.readObject(); authorityInformationAccess = new AuthorityInformationAccess(aiaASN1Sequence); } catch (IOException e) { throw new CertificateVerificationException("Cannot read certificate to get OSCP urls", e); } List<String> ocspUrlList = new ArrayList<String>(); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); ocspUrlList.add(accessLocation); } } if (ocspUrlList.isEmpty()) throw new CertificateVerificationException("Cant get OCSP urls from certificate"); return ocspUrlList; }
From source file:org.apache.synapse.transport.utils.sslcert.ocsp.OCSPVerifier.java
License:Apache License
/** * Authority Information Access (AIA) is a non-critical extension in an X509 Certificate. This contains the * URL of the OCSP endpoint if one is available. * TODO: This might contain non OCSP urls as well. Handle this. * * @param cert is the certificate// w ww. j a va 2 s . c o m * @return a lit of URLs in AIA extension of the certificate which will hopefully contain an OCSP endpoint. * @throws CertificateVerificationException * */ private List<String> getAIALocations(X509Certificate cert) throws CertificateVerificationException { //Gets the DER-encoded OCTET string for the extension value for Authority information access Points byte[] aiaExtensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (aiaExtensionValue == null) { throw new CertificateVerificationException( "Certificate doesn't have authority " + "information access points"); } //might have to pass an ByteArrayInputStream(aiaExtensionValue) ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue); AuthorityInformationAccess authorityInformationAccess; try { DEROctetString aiaDEROctetString = (DEROctetString) (asn1In.readObject()); ASN1InputStream asn1InOctets = new ASN1InputStream(aiaDEROctetString.getOctets()); ASN1Sequence aiaASN1Sequence = (ASN1Sequence) asn1InOctets.readObject(); authorityInformationAccess = AuthorityInformationAccess.getInstance(aiaASN1Sequence); } catch (IOException e) { throw new CertificateVerificationException("Cannot read certificate to get OCSP URLs", e); } List<String> ocspUrlList = new ArrayList<String>(); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); ocspUrlList.add(accessLocation); } } if (ocspUrlList.isEmpty()) { throw new CertificateVerificationException("Cant get OCSP urls from certificate"); } return ocspUrlList; }
From source file:org.cesecore.certificates.ca.X509CATest.java
License:Open Source License
/** * Test that the CA can issue certificates with custom certificate extensions. *//*from w w w . j ava 2 s. c o m*/ @Test public void testCustomCertificateExtension() throws Exception { final CryptoToken cryptoToken = getNewCryptoToken(); X509CA testCa = createTestCA(cryptoToken, "CN=foo"); Collection<RevokedCertInfo> revcerts = new ArrayList<RevokedCertInfo>(); X509CRLHolder testCrl = testCa.generateCRL(cryptoToken, revcerts, 0); assertNotNull(testCrl); X509CRL xcrl = CertTools.getCRLfromByteArray(testCrl.getEncoded()); Collection<String> result = CertTools.getAuthorityInformationAccess(xcrl); assertEquals("A list was returned without any values present.", 0, result.size()); // Issue a certificate with two different basic certificate extensions EndEntityInformation user = new EndEntityInformation("username", "CN=User", 666, "rfc822Name=user@user.com", "user@user.com", new EndEntityType(EndEntityTypes.ENDUSER), 0, 0, EndEntityConstants.TOKEN_USERGEN, 0, null); CertificateProfile cp = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); // Configure some custom basic certificate extension // one with a good IA5String encoding Properties prop = new Properties(); prop.put("id1.oid", "2.16.840.1.113730.1.13"); prop.put("id1.classpath", "org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension"); prop.put("id1.displayname", "NetscapeComment"); prop.put("id1.used", "true"); prop.put("id1.translatable", "false"); prop.put("id1.critical", "false"); prop.put("id1.property.encoding", "DERIA5STRING"); prop.put("id1.property.dynamin", "false"); prop.put("id1.property.value", "Hello World"); // one RAW with proper DER encoding prop.put("id2.oid", "1.2.3.4"); prop.put("id2.classpath", "org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension"); prop.put("id2.displayname", "RawProper"); prop.put("id2.used", "true"); prop.put("id2.translatable", "false"); prop.put("id2.critical", "false"); prop.put("id2.property.encoding", "RAW"); prop.put("id2.property.dynamin", "false"); prop.put("id2.property.value", "301a300c060a2b060104018237140202300a06082b06010505070302"); // one RAW with no DER encoding (actually invalid according to RFC5280) prop.put("id3.oid", "1.2.3.5"); prop.put("id3.classpath", "org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension"); prop.put("id3.displayname", "RawNoDer"); prop.put("id3.used", "true"); prop.put("id3.translatable", "false"); prop.put("id3.critical", "false"); prop.put("id3.property.encoding", "RAW"); prop.put("id3.property.dynamin", "false"); prop.put("id3.property.value", "aabbccddeeff00"); // Load the Custom extensions Field certificateExtensionFactoryInstance = CertificateExtensionFactory.class.getDeclaredField("instance"); certificateExtensionFactoryInstance.setAccessible(true); Method parseConfiguration = CertificateExtensionFactory.class.getDeclaredMethod("parseConfiguration", Properties.class); parseConfiguration.setAccessible(true); CertificateExtensionFactory instance = (CertificateExtensionFactory) parseConfiguration.invoke(null, prop); certificateExtensionFactoryInstance.set(null, instance); CertificateExtensionFactory fact = CertificateExtensionFactory.getInstance(); assertEquals(fact.getCertificateExtensions(1).getOID(), "2.16.840.1.113730.1.13"); assertEquals(fact.getCertificateExtensions(2).getOID(), "1.2.3.4"); assertEquals(fact.getCertificateExtensions(3).getOID(), "1.2.3.5"); // Configure to use the custom extensions in the certificate profile List<Integer> list = new ArrayList<Integer>(); list.add(1); list.add(2); list.add(3); cp.setUsedCertificateExtensions(list); final KeyPair keypair = KeyTools.genKeys("512", "RSA"); X509Certificate cert = (X509Certificate) testCa.generateCertificate(cryptoToken, user, keypair.getPublic(), 0, null, 10L, cp, "00000"); assertNotNull("A certificate should have been issued", cert); byte[] ext1 = cert.getExtensionValue("2.16.840.1.113730.1.13"); // The Extension value is an Octet String, containing my value ASN1InputStream is = new ASN1InputStream(ext1); ASN1OctetString oct = (ASN1OctetString) (is.readObject()); is.close(); ASN1InputStream is2 = new ASN1InputStream(oct.getOctets()); DERIA5String str = (DERIA5String) is2.readObject(); is2.close(); assertEquals("Hello World", str.getString()); byte[] ext2 = cert.getExtensionValue("1.2.3.4"); is = new ASN1InputStream(ext2); oct = (ASN1OctetString) (is.readObject()); is.close(); is2 = new ASN1InputStream(oct.getOctets()); ASN1Sequence seq = (ASN1Sequence) is2.readObject(); System.out.println(ASN1Dump.dumpAsString(seq)); is2.close(); ASN1Encodable enc = seq.getObjectAt(0); ASN1Sequence seq2 = ASN1Sequence.getInstance(enc); ASN1Encodable enc2 = seq2.getObjectAt(0); ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(enc2); assertEquals("1.3.6.1.4.1.311.20.2.2", id.getId()); enc = seq.getObjectAt(1); seq2 = ASN1Sequence.getInstance(enc); enc2 = seq2.getObjectAt(0); id = ASN1ObjectIdentifier.getInstance(enc2); assertEquals("1.3.6.1.5.5.7.3.2", id.getId()); byte[] ext3 = cert.getExtensionValue("1.2.3.5"); is = new ASN1InputStream(ext3); oct = (ASN1OctetString) (is.readObject()); is.close(); // This value can not be parsed as ASN.1 byte[] bytes = oct.getOctets(); assertEquals("aabbccddeeff00", Hex.toHexString(bytes)); }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
@Test public void test20CertExtensionEncoding() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERIA5STRING"); props.put("id1.property.value", "This is a printable string"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); byte[] value = baseExt.getValueEncoded(null, null, null, null, null, null); ExtensionsGenerator extgen = new ExtensionsGenerator(); extgen.addExtension(new ASN1ObjectIdentifier(baseExt.getOID()), baseExt.isCriticalFlag(), value); Extensions exts = extgen.generate(); ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(baseExt.getOID()); Extension ext = exts.getExtension(oid); assertNotNull(ext);/*from w w w . ja v a 2 s. com*/ // Read the extension value, it's a DERIA5String wrapped in an ASN1OctetString ASN1OctetString str = ext.getExtnValue(); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(str.getOctets())); DERIA5String ia5str = (DERIA5String) aIn.readObject(); aIn.close(); assertEquals("This is a printable string", ia5str.getString()); }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * This utility method extracts the Authority Information Access Extention's URLs * /* ww w . j a v a2s .c om*/ * @param crl a CRL to parse * @return the Authority Information Access Extention's URLs, or an empty Collection if none were found */ public static Collection<String> getAuthorityInformationAccess(CRL crl) { Collection<String> result = new ArrayList<String>(); if (crl instanceof X509CRL) { X509CRL x509crl = (X509CRL) crl; ASN1Primitive derObject = getExtensionValue(x509crl, Extension.authorityInfoAccess.getId()); if (derObject != null) { AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(derObject); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); if ((accessDescriptions != null) && (accessDescriptions.length > 0)) { for (AccessDescription accessDescription : accessDescriptions) { if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)) { GeneralName generalName = accessDescription.getAccessLocation(); if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) { // Due to bug in java getting some ASN.1 objects, it can be tagged an extra time... ASN1Primitive obj = generalName.toASN1Primitive(); if (obj instanceof ASN1TaggedObject) { obj = ASN1TaggedObject.getInstance(obj).getObject(); } final DERIA5String deria5String = DERIA5String.getInstance(obj); result.add(deria5String.getString()); } } } } } } return result; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Returns OCSP URL that is inside AuthorityInformationAccess extension, or null. * //from w w w .j a v a 2 s . com * @param cert is the certificate to parse * @throws CertificateParsingException */ public static String getAuthorityInformationAccessOcspUrl(Certificate cert) throws CertificateParsingException { String ret = null; if (cert instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) cert; try { ASN1Primitive obj = getExtensionValue(x509cert, Extension.authorityInfoAccess.getId()); if (obj == null) { return null; } AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(obj); AccessDescription[] ad = aia.getAccessDescriptions(); if ((ad != null) && (ad.length > 0)) { for (int i = 0; i < ad.length; i++) { if (ad[i].getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod)) { GeneralName gn = ad[i].getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { // After encoding in a cert, it is tagged an extra time... ASN1Primitive gnobj = gn.toASN1Primitive(); if (gnobj instanceof ASN1TaggedObject) { gnobj = ASN1TaggedObject.getInstance(gnobj).getObject(); } final DERIA5String str = DERIA5String.getInstance(gnobj); ret = str.getString(); break; // no need to go on any further, we got a value } } } } } catch (Exception e) { log.error("Error parsing AuthorityInformationAccess", e); throw new CertificateParsingException(e.toString()); } } return ret; }
From source file:org.demoiselle.signer.core.oid.OIDGeneric.java
License:Open Source License
/** * Instance for OIDGeneric./* w w w. jav a 2 s . com*/ * * @param data * Set of bytes with the contents of the certificate. * @return Object GenericOID * @throws IOException exception of input/output * @throws Exception general exception */ public static OIDGeneric getInstance(byte[] data) throws IOException, Exception { is = new ASN1InputStream(data); DLSequence sequence = (DLSequence) is.readObject(); ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) sequence.getObjectAt(0); DERTaggedObject taggedObject = (DERTaggedObject) sequence.getObjectAt(1); DERTaggedObject taggedObject2 = (DERTaggedObject) taggedObject.getObject(); DEROctetString octet = null; DERPrintableString print = null; DERUTF8String utf8 = null; DERIA5String ia5 = null; try { octet = (DEROctetString) taggedObject2.getObject(); } catch (Exception e) { try { print = (DERPrintableString) taggedObject2.getObject(); } catch (Exception e1) { try { utf8 = (DERUTF8String) taggedObject2.getObject(); } catch (Exception e2) { ia5 = (DERIA5String) taggedObject2.getObject(); } } } String className = getPackageName() + oid.getId().replaceAll("[.]", "_"); OIDGeneric oidGenerico; try { oidGenerico = (OIDGeneric) Class.forName(className).newInstance(); } catch (InstantiationException e) { throw new Exception(coreMessagesBundle.getString("error.class.instance", className), e); } catch (IllegalAccessException e) { throw new Exception(coreMessagesBundle.getString("error.class.illegal.access", className), e); } catch (ClassNotFoundException e) { oidGenerico = new OIDGeneric(); } oidGenerico.oid = oid.getId(); if (octet != null) { oidGenerico.data = new String(octet.getOctets()); } else { if (print != null) { oidGenerico.data = print.getString(); } else { if (utf8 != null) { oidGenerico.data = utf8.getString(); } else { oidGenerico.data = ia5.getString(); } } } oidGenerico.initialize(); return oidGenerico; }