List of usage examples for org.bouncycastle.asn1 DEROctetString getOctets
public byte[] getOctets()
From source file:eu.europa.ec.markt.dss.validation.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * // w w w .j a v a 2 s.c o m * @param certificate the X509 certificate. * @return the CRL URI, or <code>null</code> if the extension is not present. * @throws MalformedURLException */ @SuppressWarnings("deprecation") public String getCrlUri(X509Certificate certificate) throws MalformedURLException { byte[] crlDistributionPointsValue = certificate .getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (null == crlDistributionPointsValue) { return null; } ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue)) .readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.fine("not a uniform resource identifier"); continue; } String str = null; if (name.getDERObject() instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) name.getDERObject(); DERIA5String derStr = DERIA5String.getInstance(taggedObject.getObject()); str = derStr.getString(); } else { DERIA5String derStr = DERIA5String.getInstance(name.getDERObject()); str = derStr.getString(); } if (str != null && (str.startsWith("http://") || str.startsWith("https://"))) { return str; } else { LOG.info("Supports only http:// and https:// protocol for CRL"); } } } return null; }
From source file:eu.europa.ec.markt.dss.validation.ocsp.OnlineOCSPSource.java
License:Open Source License
@SuppressWarnings("deprecation") private String getAccessLocation(X509Certificate certificate, DERObjectIdentifier accessMethod) throws IOException { byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }/*from w w w . java2s . co m*/ AuthorityInformationAccess authorityInformationAccess; DEROctetString oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)).readObject()); authorityInformationAccess = new AuthorityInformationAccess( (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject()); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { LOG.fine("access method: " + accessDescription.getAccessMethod()); boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.fine("not a uniform resource identifier"); continue; } DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.getDERObject()).getObject(); String accessLocation = str.getString(); LOG.fine("access location: " + accessLocation); return accessLocation; } return null; }
From source file:eu.europa.ec.markt.dss.validation.tsl.PolicyIdCondition.java
License:Open Source License
@SuppressWarnings("deprecation") @Override//w w w.j a va2 s . c o m public boolean check(CertificateAndContext cert) { byte[] certificatePolicies = cert.getCertificate() .getExtensionValue(X509Extensions.CertificatePolicies.getId()); if (certificatePolicies != null) { try { ASN1InputStream input = new ASN1InputStream(certificatePolicies); DEROctetString s = (DEROctetString) input.readObject(); byte[] content = s.getOctets(); input = new ASN1InputStream(content); DERSequence seq = (DERSequence) input.readObject(); for (int i = 0; i < seq.size(); i++) { PolicyInformation policyInfo = PolicyInformation.getInstance(seq.getObjectAt(i)); if (policyInfo.getPolicyIdentifier().getId().equals(policyOid)) { return true; } } } catch (IOException e) { throw new RuntimeException(e); } } return false; }
From source file:eu.europa.ec.markt.dss.validation.tsl.QcStatementCondition.java
License:Open Source License
@SuppressWarnings("deprecation") @Override/*from www . ja v a2 s . c o m*/ public boolean check(CertificateAndContext cert) { byte[] qcStatement = cert.getCertificate().getExtensionValue(X509Extensions.QCStatements.getId()); if (qcStatement != null) { try { ASN1InputStream input = new ASN1InputStream(qcStatement); DEROctetString s = (DEROctetString) input.readObject(); byte[] content = s.getOctets(); input = new ASN1InputStream(content); DERSequence seq = (DERSequence) input.readObject(); /* Sequence of QCStatment */ for (int i = 0; i < seq.size(); i++) { QCStatement statement = QCStatement.getInstance(seq.getObjectAt(i)); if (statement.getStatementId().getId().equals(qcStatementId)) { return true; } } return false; } catch (IOException e) { throw new RuntimeException(e); } } return false; }
From source file:eu.europa.ec.markt.dss.validation102853.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * * @param certificateToken the X509 certificate. * @return the CRL URI, or {@code null} if the extension is not present. * @throws DSSException/*from ww w . jav a 2 s . com*/ */ public String getCrlUrl(final CertificateToken certificateToken) throws DSSException { final byte[] crlDistributionPointsValue = certificateToken.getCRLDistributionPoints(); if (null == crlDistributionPointsValue) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { List<String> urls = new ArrayList<String>(); final ByteArrayInputStream bais = new ByteArrayInputStream(crlDistributionPointsValue); ais1 = new ASN1InputStream(bais); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final ASN1Sequence seq = (ASN1Sequence) ais2.readObject(); final CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("Not a uniform resource identifier"); continue; } final String urlStr; if (name.toASN1Primitive() instanceof DERTaggedObject) { final DERTaggedObject taggedObject = (DERTaggedObject) name.toASN1Primitive(); final DERIA5String derStr = DERIA5String.getInstance(taggedObject.getObject()); urlStr = derStr.getString(); } else { final DERIA5String derStr = DERIA5String.getInstance(name.toASN1Primitive()); urlStr = derStr.getString(); } urls.add(urlStr); } } if (preferredProtocol != null) { for (final String url : urls) { if (preferredProtocol.isTheSame(url)) { return url; } } } if (urls.size() > 0) { final String url = urls.get(0); return url; } return null; } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(ais1); DSSUtils.closeQuietly(ais2); } }
From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OnlineOCSPSource.java
License:Open Source License
/** * Gives back the OCSP URI meta-data found within the given X509 cert. * * @param certificate the X509 cert.// w ww . ja v a 2 s. c om * @return the OCSP URI, or <code>null</code> if the extension is not present. * @throws DSSException */ public String getAccessLocation(final X509Certificate certificate) throws DSSException { final ASN1ObjectIdentifier ocspAccessMethod = X509ObjectIdentifiers.ocspAccessMethod; final byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(X509Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { final ByteArrayInputStream bais = new ByteArrayInputStream(authInfoAccessExtensionValue); ais1 = new ASN1InputStream(bais); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(ais2.readObject()); final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (LOG.isDebugEnabled()) { LOG.debug("Access method: " + accessDescription.getAccessMethod()); } final boolean correctAccessMethod = accessDescription.getAccessMethod().equals(ocspAccessMethod); if (!correctAccessMethod) { continue; } final GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { if (LOG.isDebugEnabled()) { LOG.debug("Not a uniform resource identifier"); } continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); final String accessLocation = str.getString(); if (LOG.isDebugEnabled()) { LOG.debug("Access location: " + accessLocation); } return accessLocation; } return null; } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(ais1); DSSUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
private void handleRevocationEncoded(List<DEROctetString> crlHashesList, byte[] ocspHolderEncoded) { final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, ocspHolderEncoded); final DEROctetString derOctetStringDigest = new DEROctetString(digest); if (crlHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp if (LOG.isDebugEnabled()) { LOG.debug("CRL/OCSP present in timestamp {}", DSSUtils.toHex(derOctetStringDigest.getOctets())); }//w ww. j av a2 s. co m } else { if (LOG.isDebugEnabled()) { LOG.debug("CRL/OCSP not present in timestamp {}", DSSUtils.toHex(derOctetStringDigest.getOctets())); } } }
From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java
License:Open Source License
private boolean isNonceMatch(final BasicOCSPResp basicOCSPResp) { Extension extension = basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); DEROctetString derReceivedNonce = (DEROctetString) extension.getExtnValue(); BigInteger receivedNonce = new BigInteger(derReceivedNonce.getOctets()); return receivedNonce.equals(nonceSource.getNonce()); }
From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java
License:Open Source License
/** * Gives back the OCSP URI meta-data found within the given X509 cert. * * @param certificate/*w w w. j a v a 2 s.c o m*/ * the cert token. * @return the OCSP URI, or <code>null</code> if the extension is not present. * @throws DSSException */ public String getAccessLocation(final CertificateToken certificate) throws DSSException { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (ArrayUtils.isEmpty(authInfoAccessExtensionValue)) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { ais1 = new ASN1InputStream(authInfoAccessExtensionValue); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(ais2.readObject()); final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (logger.isDebugEnabled()) { logger.debug("Access method OID : " + accessDescription.getAccessMethod()); } final boolean correctAccessMethod = X509ObjectIdentifiers.ocspAccessMethod .equals(accessDescription.getAccessMethod()); if (!correctAccessMethod) { continue; } final GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { if (logger.isDebugEnabled()) { logger.debug("Not a uniform resource identifier"); } continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); final String accessLocation = str.getString(); if (logger.isDebugEnabled()) { logger.debug("Access location: " + accessLocation); } return accessLocation; } return null; } catch (IOException e) { throw new DSSException(e); } finally { IOUtils.closeQuietly(ais1); IOUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
/** * This method checks if a given {@code DEROctetString} is null. * * @param derOctetString/* ww w . ja va 2s. com*/ * @return */ private static boolean isDEROctetStringNull(final DEROctetString derOctetString) { final byte[] derOctetStringBytes = derOctetString.getOctets(); final ASN1Primitive asn1Null = toASN1Primitive(derOctetStringBytes); return DERNull.INSTANCE.equals(asn1Null); }