Example usage for org.bouncycastle.asn1 DERIA5String getString

List of usage examples for org.bouncycastle.asn1 DERIA5String getString

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.*
  5. DERIA5String
  6. getString

Introduction

In this page you can find the example usage for org.bouncycastle.asn1 DERIA5String getString.

Prototype

public String getString()

Source Link

Usage

From source file:org.demoiselle.signer.policy.engine.asn1.icpb.v2.PolicyInfo.java

License:Open Source License

@Override
public void parse(ASN1Primitive primitive) {
    ASN1Sequence sequence1 = ASN1Object.getDERSequence(primitive);
    this.signingPeriod = new SigningPeriod();
    this.signingPeriod.parse(sequence1.getObjectAt(0).toASN1Primitive());
    int indice = 2;

    ASN1Primitive secondObject = sequence1.getObjectAt(1).toASN1Primitive();
    if (secondObject instanceof ASN1ObjectIdentifier) {
        indice = 1;/*from  www  .  j ava  2 s . c o  m*/
    }
    if (indice == 2) {
        this.revocationDate = new GeneralizedTime();
        this.revocationDate.parse(secondObject);
    }
    this.policyOID = new ObjectIdentifier();
    this.policyOID.parse(sequence1.getObjectAt(indice).toASN1Primitive());
    DERIA5String policyURI = (DERIA5String) sequence1.getObjectAt(indice + 1);
    this.policyURI = policyURI.getString();

    ASN1Primitive policyDigest = sequence1.getObjectAt(indice + 2).toASN1Primitive();
    ASN1Sequence sequence2 = ASN1Sequence.getInstance(policyDigest);

    DEROctetString derOctetString = (DEROctetString) sequence2.getObjectAt(1).toASN1Primitive();
    ASN1Sequence sequence3 = ASN1Object.getDERSequence(sequence2.getObjectAt(0).toASN1Primitive());
    ASN1ObjectIdentifier objectIdentifier = (ASN1ObjectIdentifier) sequence3.getObjectAt(0).toASN1Primitive();
    AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(objectIdentifier);
    this.policyDigest = new OtherHashAlgAndValue(algorithmIdentifier, derOctetString);
}

From source file:org.ejbca.core.protocol.ocsp.extension.unid.FnrFromUnidExtension.java

License:Open Source License

public FnrFromUnidExtension(DERIA5String nr) {
    this.fnr = nr.getString();

}

From source file:org.ejbca.util.CertTools.java

License:Open Source License

/** Returns OCSP URL that is inside AuthorithInformationAccess extension, or null.
 * /*w  w  w. j a  va  2  s.c o  m*/
 * @param cert is the certificate to parse
 * @throws CertificateParsingException
 */
public static String getAuthorityInformationAccessOcspUrl(Certificate cert) throws CertificateParsingException {
    String ret = null;
    if (cert instanceof X509Certificate) {
        X509Certificate x509cert = (X509Certificate) cert;
        try {
            DERObject obj = getExtensionValue(x509cert, X509Extensions.AuthorityInfoAccess.getId());
            if (obj == null) {
                return null;
            }
            AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(obj);
            AccessDescription[] ad = aia.getAccessDescriptions();
            if ((ad != null) && (ad.length > 0)) {
                for (int i = 0; i < ad.length; i++) {
                    if (ad[i].getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod)) {
                        GeneralName gn = ad[i].getAccessLocation();
                        if (gn.getTagNo() == 6) {
                            DERIA5String str = DERIA5String.getInstance(gn.getDERObject());
                            ret = str.getString();
                            break; // no need to go on any further, we got a value
                        }
                    }
                }
            }
        } catch (Exception e) {
            log.error("Error parsing AuthorityInformationAccess", e);
            throw new CertificateParsingException(e.toString());
        }
    }
    return ret;
}

From source file:org.glite.security.util.proxy.ProxyTracingExtension.java

License:Apache License

/**
 * Returns the URL inside the proxy tracing data structure.
 * // w w w  .j a va2  s.  c  om
 * @return The URL in String format.
 */
public String getURL() {
    if (m_name.getTagNo() != GeneralName.uniformResourceIdentifier) {
        return null;
    }

    // unwrap the DERIA5String wrapping
    DERIA5String ia5String = (DERIA5String) m_name.getName();

    return ia5String.getString();
}

From source file:org.keycloak.common.util.OCSPUtils.java

License:Apache License

/**
 * Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be
 * multiple responder URIs encoded in the certificate.
 * @param cert//from w  ww . java2s  .com
 * @return a list of available responder URIs.
 * @throws CertificateEncodingException
 */
private static List<String> getResponderURIs(X509Certificate cert) throws CertificateEncodingException {

    LinkedList<String> responderURIs = new LinkedList<>();
    JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert);
    Extension aia = holder.getExtension(Extension.authorityInfoAccess);
    if (aia != null) {
        try {
            ASN1InputStream in = new ASN1InputStream(aia.getExtnValue().getOctetStream());
            ASN1Sequence seq = (ASN1Sequence) in.readObject();
            AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(seq);
            for (AccessDescription ad : authorityInfoAccess.getAccessDescriptions()) {
                if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    // See https://www.ietf.org/rfc/rfc2560.txt, 3.1 Certificate Content
                    if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
                        DERIA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
                        responderURIs.add(value.getString());
                    }
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    return responderURIs;
}

From source file:org.opensc.pkcs15.asn1.ref.URLWithDigest.java

License:Apache License

/**
 * @param obj The ASN.1 object to decode.
 * @return An URLWithDigest instance.//from  www .  j  a  v a  2 s .co  m
 */
public static URLWithDigest getInstance(Object obj) {
    if (obj instanceof URLWithDigest)
        return (URLWithDigest) obj;

    if (obj instanceof ASN1TaggedObject) {
        ASN1TaggedObject to = (ASN1TaggedObject) obj;

        if (to.getTagNo() != 3)
            throw new IllegalArgumentException("Invalid tag [" + to.getTagNo() + "] in URL.");

        ASN1Sequence seq = ASN1Sequence.getInstance(to.getObject());

        Enumeration<Object> objs = seq.getObjects();

        if (!objs.hasMoreElements())
            throw new IllegalArgumentException("Missing url member in URLWithDigest SEQUENCE.");

        DERIA5String url = DERIA5String.getInstance(objs.nextElement());

        if (!objs.hasMoreElements())
            throw new IllegalArgumentException("Missing digest member in URLWithDigest SEQUENCE.");

        DigestInfo digest = DigestInfo.getInstance(objs.nextElement());

        return new URLWithDigest(url.getString(), digest);
    }

    throw new IllegalArgumentException("AccessControlRule must be encoded as an ASN.1 tagged object.");
}

From source file:org.wso2.carbon.identity.authenticator.pki.cert.validation.ocsp.OCSPVerifier.java

License:Apache License

/**
 * Authority Information Access (AIA) is a non-critical extension in an X509
 * Certificate. This contains the/*from   w ww. j a  v  a  2s  .  com*/
 * URL of the OCSP endpoint if one is available.
 * TODO: This might contain non OCSP urls as well. Handle this.
 * 
 * @param cert
 *            is the certificate
 * @return a lit of URLs in AIA extension of the certificate which will
 *         hopefully contain an OCSP endpoint.
 * @throws CertificateVerificationException
 * 
 */
private List<String> getAIALocations(X509Certificate cert) throws CertificateVerificationException {

    // Gets the DER-encoded OCTET string for the extension value for
    // Authority information access Points
    byte[] aiaExtensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId());
    if (aiaExtensionValue == null)
        throw new CertificateVerificationException(
                "Certificate Doesnt have Authority Information Access points");
    // might have to pass an ByteArrayInputStream(aiaExtensionValue)
    ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue);
    AuthorityInformationAccess authorityInformationAccess;

    try {
        DEROctetString aiaDEROctetString = (DEROctetString) (asn1In.readObject());
        ASN1InputStream asn1Inoctets = new ASN1InputStream(aiaDEROctetString.getOctets());
        ASN1Sequence aiaASN1Sequence = (ASN1Sequence) asn1Inoctets.readObject();
        authorityInformationAccess = new AuthorityInformationAccess(aiaASN1Sequence);
    } catch (IOException e) {
        throw new CertificateVerificationException("Cannot read certificate to get OSCP urls", e);
    }

    List<String> ocspUrlList = new ArrayList<String>();
    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {

        GeneralName gn = accessDescription.getAccessLocation();
        if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) {
            DERIA5String str = DERIA5String.getInstance(gn.getName());
            String accessLocation = str.getString();
            ocspUrlList.add(accessLocation);
        }
    }
    if (ocspUrlList.isEmpty())
        throw new CertificateVerificationException("Cant get OCSP urls from certificate");

    return ocspUrlList;
}

From source file:org.xdi.oxauth.cert.validation.CRLCertificateVerifier.java

License:MIT License

public String getCrlUri(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;/* w ww.  j a v  a  2  s .c  om*/
    try {
        obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
    } catch (IOException ex) {
        log.error("Failed to get CRL URL", ex);
        return null;
    }

    if (obj == null) {
        return null;
    }

    CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);

    DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
        if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
            continue;
        }

        GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
        GeneralName[] names = generalNames.getNames();
        for (GeneralName name : names) {
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                continue;
            }

            DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
            return derStr.getString();
        }
    }

    return null;
}

From source file:org.xdi.oxauth.cert.validation.OCSPCertificateVerifier.java

License:MIT License

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;/*from  w w  w  .  j  a va  2  s.c  om*/
    try {
        obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
    } catch (IOException ex) {
        log.error("Failed to get OCSP URL", ex);
        return null;
    }

    if (obj == null) {
        return null;
    }

    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);

    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        boolean correctAccessMethod = accessDescription.getAccessMethod()
                .equals(X509ObjectIdentifiers.ocspAccessMethod);
        if (!correctAccessMethod) {
            continue;
        }

        GeneralName name = accessDescription.getAccessLocation();
        if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
            continue;
        }

        DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
        return derStr.getString();
    }

    return null;

}

From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java

License:Open Source License

private void checkExtensionBiometricInfo(final StringBuilder failureMsg, final byte[] extensionValue,
        final Extensions requestedExtensions, final ExtensionControl extControl) {
    BiometricInfoOption conf = certProfile.getBiometricInfo();

    if (conf == null) {
        failureMsg.append("extension is present but not expected; ");
        return;//w  w w.j a  va  2  s .c o  m
    }

    ASN1Encodable extInRequest = null;
    if (requestedExtensions != null) {
        extInRequest = requestedExtensions.getExtensionParsedValue(Extension.biometricInfo);
    }

    if (extInRequest == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }

    ASN1Sequence extValueInReq = ASN1Sequence.getInstance(extInRequest);
    final int expSize = extValueInReq.size();

    ASN1Sequence extValue = ASN1Sequence.getInstance(extensionValue);
    final int isSize = extValue.size();
    if (isSize != expSize) {
        addViolation(failureMsg, "number of biometricData", isSize, expSize);
        return;
    }

    for (int i = 0; i < expSize; i++) {
        BiometricData isData = BiometricData.getInstance(extValue.getObjectAt(i));
        BiometricData expData = BiometricData.getInstance(extValueInReq.getObjectAt(i));

        TypeOfBiometricData isType = isData.getTypeOfBiometricData();
        TypeOfBiometricData expType = expData.getTypeOfBiometricData();
        if (!isType.equals(expType)) {
            String isStr = isType.isPredefined() ? Integer.toString(isType.getPredefinedBiometricType())
                    : isType.getBiometricDataOid().getId();
            String expStr = expType.isPredefined() ? Integer.toString(expType.getPredefinedBiometricType())
                    : expType.getBiometricDataOid().getId();

            addViolation(failureMsg, "biometricData[" + i + "].typeOfBiometricData", isStr, expStr);
        }

        ASN1ObjectIdentifier is = isData.getHashAlgorithm().getAlgorithm();
        ASN1ObjectIdentifier exp = expData.getHashAlgorithm().getAlgorithm();
        if (!is.equals(exp)) {
            addViolation(failureMsg, "biometricData[" + i + "].hashAlgorithm", is.getId(), exp.getId());
        }

        ASN1Encodable isHashAlgoParam = isData.getHashAlgorithm().getParameters();
        if (isHashAlgoParam == null) {
            failureMsg.append("biometricData[").append(i).append("].hashAlgorithm.parameters is 'present'");
            failureMsg.append(" but expected 'absent'; ");
        } else {
            try {
                byte[] isBytes = isHashAlgoParam.toASN1Primitive().getEncoded();
                if (!Arrays.equals(isBytes, DER_NULL)) {
                    addViolation(failureMsg, "biometricData[" + i + "].biometricDataHash.parameters",
                            hex(isBytes), hex(DER_NULL));
                }
            } catch (IOException ex) {
                failureMsg.append("biometricData[").append(i)
                        .append("].biometricDataHash.parameters has incorrect syntax; ");
            }
        }

        byte[] isBytes = isData.getBiometricDataHash().getOctets();
        byte[] expBytes = expData.getBiometricDataHash().getOctets();
        if (!Arrays.equals(isBytes, expBytes)) {
            addViolation(failureMsg, "biometricData[" + i + "].biometricDataHash", hex(isBytes), hex(expBytes));
        }

        DERIA5String str = isData.getSourceDataUri();
        String isSourceDataUri = (str == null) ? null : str.getString();

        String expSourceDataUri = null;
        if (conf.getSourceDataUriOccurrence() != TripleState.FORBIDDEN) {
            str = expData.getSourceDataUri();
            expSourceDataUri = (str == null) ? null : str.getString();
        }

        if (expSourceDataUri == null) {
            if (isSourceDataUri != null) {
                addViolation(failureMsg, "biometricData[" + i + "].sourceDataUri", "present", "absent");
            }
        } else {
            if (isSourceDataUri == null) {
                failureMsg.append("biometricData[").append(i).append("].sourceDataUri is 'absent'");
                failureMsg.append(" but expected 'present'; ");
            } else if (!isSourceDataUri.equals(expSourceDataUri)) {
                addViolation(failureMsg, "biometricData[" + i + "].sourceDataUri", isSourceDataUri,
                        expSourceDataUri);
            }
        }
    }
}