List of usage examples for org.bouncycastle.asn1.x509 AccessDescription getInstance
public static AccessDescription getInstance(Object obj)
From source file:net.ripe.rpki.commons.provisioning.x509.pkcs10.RpkiCaCertificateRequestParser.java
License:BSD License
private void extractSiaUris() throws RpkiCaCertificateRequestParserException { try {/*from w ww . j a va 2 s . c o m*/ Extensions extensions = getPkcs9Extensions(); Extension extension = extensions.getExtension(X509Extension.subjectInfoAccess); ASN1Sequence accessDescriptorSequence = (ASN1Sequence) ASN1Sequence .fromByteArray(extension.getExtnValue().getOctets()); @SuppressWarnings("unchecked") Enumeration<DERSequence> objects = accessDescriptorSequence.getObjects(); while (objects.hasMoreElements()) { AccessDescription accessDescription = AccessDescription.getInstance(objects.nextElement()); X509CertificateInformationAccessDescriptor accessDescriptor = new X509CertificateInformationAccessDescriptor( accessDescription); ASN1ObjectIdentifier oid = accessDescriptor.getMethod(); if (oid.equals(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY)) { caRepositoryUri = accessDescriptor.getLocation(); } else if (oid.equals(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST)) { manifestUri = accessDescriptor.getLocation(); } else { throw new RpkiCaCertificateRequestParserException( "Don't understand access descriptor using method: " + oid); } } } catch (IOException e) { throw new RpkiCaCertificateRequestParserException(e); } }
From source file:net.sf.keystore_explorer.crypto.x509.SubjectInfoAccess.java
License:Open Source License
private SubjectInfoAccess(ASN1Sequence seq) { accessDescriptions = new Vector<AccessDescription>(); for (int i = 0; i != seq.size(); i++) { accessDescriptions.add(AccessDescription.getInstance(seq.getObjectAt(i))); }/*from w w w .j a va 2 s .c om*/ }
From source file:org.cryptacular.x509.ExtensionReader.java
License:Open Source License
/** * Reads the value of the <code>AuthorityInformationAccess</code> extension * field of the certificate.// w ww.j av a 2 s. c o m * * @return List of access descriptions or null if extension is not defined. */ public List<AccessDescription> readAuthorityInformationAccess() { final ASN1Encodable data = read(ExtensionType.AuthorityInformationAccess); if (data == null) { return null; } final ASN1Sequence sequence = ASN1Sequence.getInstance(data); final List<AccessDescription> list = new ArrayList<>(sequence.size()); for (int i = 0; i < sequence.size(); i++) { list.add(AccessDescription.getInstance(sequence.getObjectAt(i))); } return list; }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionSubjectInfoAccess(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestExtensions, final ExtensionControl extControl) { if (allowedSubjectInfoAccessModes == null) { byte[] expected = getExpectedExtValue(Extension.subjectAlternativeName, requestExtensions, extControl); if (Arrays.equals(expected, extensionValue) == false) { failureMsg.append("extension valus is '").append(hex(extensionValue)); failureMsg.append("' but expected '").append(expected == null ? "not present" : hex(expected)) .append("'"); failureMsg.append("; "); }/*from w w w . j a v a 2 s . com*/ return; } ASN1Encodable requestExtValue = null; if (requestExtensions != null) { requestExtValue = requestExtensions.getExtensionParsedValue(Extension.subjectInfoAccess); } if (requestExtValue == null) { failureMsg.append("extension is present but not expected"); failureMsg.append("; "); return; } ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue); ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue); int n = requestSeq.size(); if (certSeq.size() != n) { failureMsg.append("size of GeneralNames is '").append(certSeq.size()); failureMsg.append("' but expected '").append(n).append("'"); failureMsg.append("; "); return; } for (int i = 0; i < n; i++) { AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); Set<GeneralNameMode> generalNameModes; if (accessMethod == null) { generalNameModes = allowedSubjectInfoAccessModes.get(X509Certprofile.OID_ZERO); } else { generalNameModes = allowedSubjectInfoAccessModes.get(accessMethod); } if (generalNameModes == null) { failureMsg.append("accessMethod in requestExtension "); failureMsg.append(accessMethod == null ? "NULL" : accessMethod.getId()); failureMsg.append(" is not allowed"); failureMsg.append("; "); continue; } AccessDescription certAccessDesc = AccessDescription.getInstance(certSeq.getObjectAt(i)); ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod(); boolean b; if (accessMethod == null) { b = certAccessDesc == null; } else { b = accessMethod.equals(certAccessMethod); } if (b == false) { failureMsg.append("accessMethod is '") .append(certAccessMethod == null ? "null" : certAccessMethod.getId()); failureMsg.append("' but expected '").append(accessMethod == null ? "null" : accessMethod.getId()); failureMsg.append("; "); continue; } GeneralName accessLocation; try { accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes); } catch (BadCertTemplateException e) { failureMsg.append("invalid requestExtension: " + e.getMessage()); failureMsg.append("; "); continue; } GeneralName certAccessLocation = certAccessDesc.getAccessLocation(); if (certAccessLocation.equals(accessLocation) == false) { failureMsg.append("accessLocation does not match the requested one"); failureMsg.append("; "); } } }
From source file:org.xipki.ca.server.impl.IdentifiedX509Certprofile.java
License:Open Source License
private static ASN1Sequence createSubjectInfoAccess(final Extensions requestExtensions, final Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException { ASN1Encodable extValue = requestExtensions.getExtensionParsedValue(Extension.subjectInfoAccess); if (extValue == null) { return null; }//from w w w . j a v a 2s. c om ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue); int size = reqSeq.size(); if (modes == null) { return reqSeq; } ASN1EncodableVector v = new ASN1EncodableVector(); for (int i = 0; i < size; i++) { AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); if (accessMethod == null) { accessMethod = X509Certprofile.OID_ZERO; } Set<GeneralNameMode> generalNameModes = modes.get(accessMethod); if (generalNameModes == null) { throw new BadCertTemplateException( "subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed"); } GeneralName accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes); v.add(new AccessDescription(accessMethod, accessLocation)); } // end for return v.size() > 0 ? new DERSequence(v) : null; }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionSubjectInfoAccess(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestedExtensions, final ExtensionControl extControl) { Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> conf = certProfile.getSubjectInfoAccessModes(); if (conf == null) { failureMsg.append("extension is present but not expected; "); return;// w w w. j a v a2 s .c o m } ASN1Encodable requestExtValue = null; if (requestedExtensions != null) { requestExtValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess); } if (requestExtValue == null) { failureMsg.append("extension is present but not expected; "); return; } ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue); ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue); int size = requestSeq.size(); if (certSeq.size() != size) { addViolation(failureMsg, "size of GeneralNames", certSeq.size(), size); return; } for (int i = 0; i < size; i++) { AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); Set<GeneralNameMode> generalNameModes = conf.get(accessMethod); if (generalNameModes == null) { failureMsg.append("accessMethod in requestedExtension "); failureMsg.append(accessMethod.getId()).append(" is not allowed; "); continue; } AccessDescription certAccessDesc = AccessDescription.getInstance(certSeq.getObjectAt(i)); ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod(); boolean bo = (accessMethod == null) ? (certAccessMethod == null) : accessMethod.equals(certAccessMethod); if (!bo) { addViolation(failureMsg, "accessMethod", (certAccessMethod == null) ? "null" : certAccessMethod.getId(), (accessMethod == null) ? "null" : accessMethod.getId()); continue; } GeneralName accessLocation; try { accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes); } catch (BadCertTemplateException ex) { failureMsg.append("invalid requestedExtension: ").append(ex.getMessage()); failureMsg.append("; "); continue; } GeneralName certAccessLocation = certAccessDesc.getAccessLocation(); if (!certAccessLocation.equals(accessLocation)) { failureMsg.append("accessLocation does not match the requested one; "); } } }
From source file:org.xipki.pki.ca.server.impl.IdentifiedX509Certprofile.java
License:Open Source License
private static ASN1Sequence createSubjectInfoAccess(final Extensions requestedExtensions, final Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException { if (modes == null) { return null; }/*w ww . jav a2s . c o m*/ ASN1Encodable extValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess); if (extValue == null) { return null; } ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue); int size = reqSeq.size(); ASN1EncodableVector vec = new ASN1EncodableVector(); for (int i = 0; i < size; i++) { AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); Set<GeneralNameMode> generalNameModes = modes.get(accessMethod); if (generalNameModes == null) { throw new BadCertTemplateException( "subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed"); } GeneralName accessLocation = X509CertprofileUtil.createGeneralName(ad.getAccessLocation(), generalNameModes); vec.add(new AccessDescription(accessMethod, accessLocation)); } // end for return vec.size() > 0 ? new DERSequence(vec) : null; }