Example usage for org.bouncycastle.asn1.x509 AccessDescription id_ad_ocsp

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 AccessDescription id_ad_ocsp.

Prototype

ASN1ObjectIdentifier id_ad_ocsp

To view the source code for org.bouncycastle.asn1.x509 AccessDescription id_ad_ocsp.

Click Source Link

Usage

From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java

License:Open Source License

private void addAuthorityInfoAccess(X509v3CertificateBuilder certBuilder) throws CertIOException {
    ASN1EncodableVector aia_ASN = new ASN1EncodableVector();
    GeneralName crlName = new GeneralName(GeneralName.uniformResourceIdentifier,
            new DERIA5String(CertConstant.MAD_CA_URL));
    AccessDescription caIssuers = new AccessDescription(AccessDescription.id_ad_caIssuers, crlName);
    GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier,
            new DERIA5String(CertConstant.MAD_OCSP_URL));
    AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, ocspName);
    aia_ASN.add(caIssuers);//from w ww.jav a2  s .c  om
    aia_ASN.add(ocsp);
    certBuilder.addExtension(Extension.authorityInfoAccess, false, new DERSequence(aia_ASN));
}

---

From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java

License:Open Source License

private static void addAuthorityInfoAccess(X509v3CertificateBuilder certBuilder) throws CertIOException {
    ASN1EncodableVector aia_ASN = new ASN1EncodableVector();
    GeneralName crlName = new GeneralName(GeneralName.uniformResourceIdentifier,
            new DERIA5String(CertConstant.MAD_CA_URL));
    AccessDescription caIssuers = new AccessDescription(AccessDescription.id_ad_caIssuers, crlName);
    GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier,
            new DERIA5String(CertConstant.MAD_OCSP_URL));
    AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, ocspName);
    aia_ASN.add(caIssuers);//  w  w w. ja va  2  s  . co m
    aia_ASN.add(ocsp);
    certBuilder.addExtension(Extension.authorityInfoAccess, false, new DERSequence(aia_ASN));
}

---

From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java

License:Apache License

/**
 * Set Authority Information Access (RFC5280 4.2.2)
 *//*from w  w w. j  a  v a  2  s  . c  o  m*/
protected void setAuthorityInfoAccess() {
    if (!ocspLocations.isEmpty() || !caIssuersLocations.isEmpty()) {
        ASN1Encodable[] values = new ASN1Encodable[ocspLocations.size() + caIssuersLocations.size()];

        // add OCSP locations
        for (int i = 0; i < ocspLocations.size(); i++) {
            values[i] = new AccessDescription(AccessDescription.id_ad_ocsp, ocspLocations.get(i));
        }

        // add CA Issuers locations
        int offset = ocspLocations.size();
        for (int i = 0; i < caIssuersLocations.size(); i++) {
            values[i + offset] = new AccessDescription(AccessDescription.id_ad_caIssuers,
                    caIssuersLocations.get(i));
        }
        DERSequence seq = new DERSequence(values);
        generator.addExtension(X509Extensions.AuthorityInfoAccess, false, seq);
    }
}

---

From source file:dk.itst.oiosaml.sp.metadata.CRLChecker.java

License:Mozilla Public License

private List<String> getOCSPUrls(AuthorityInformationAccess authInfoAccess) {
    List<String> urls = new ArrayList<String>();

    if (authInfoAccess != null) {
        AccessDescription[] ads = authInfoAccess.getAccessDescriptions();
        for (int i = 0; i < ads.length; i++) {
            if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                GeneralName name = ads[i].getAccessLocation();
                if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    String url = ((DERIA5String) name.getName()).getString();
                    urls.add(url);//from   w w  w  .jav  a 2 s  .c  o m
                }
            }
        }
    }

    return urls;
}

---

From source file:ee.ria.xroad.common.util.CertUtils.java

License:Open Source License

/**
 * @param subject certificate from which to get the OCSP responder URI
 * @return OCSP responder URI from given certificate.
 * @throws IOException if an I/O error occurred
 *///from   w  ww  . jav  a2 s  .  c  o  m
public static String getOcspResponderUriFromCert(X509Certificate subject) throws IOException {
    final byte[] extensionValue = subject.getExtensionValue(Extension.authorityInfoAccess.toString());

    if (extensionValue != null) {
        ASN1Primitive derObject = toDERObject(extensionValue);

        if (derObject instanceof DEROctetString) {
            DEROctetString derOctetString = (DEROctetString) derObject;
            derObject = toDERObject(derOctetString.getOctets());

            AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess
                    .getInstance(derObject);
            AccessDescription[] descriptions = authorityInformationAccess.getAccessDescriptions();

            for (AccessDescription desc : descriptions) {
                if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    GeneralName generalName = desc.getAccessLocation();

                    return generalName.getName().toString();
                }
            }
        }
    }

    return null;
}

---

From source file:net.maritimecloud.pki.ocsp.OCSPClient.java

License:Open Source License

public static URL getOcspUrlFromCertificate(X509Certificate certificate) {
    byte[] octetBytes = certificate
            .getExtensionValue(org.bouncycastle.asn1.x509.Extension.authorityInfoAccess.getId());
    URL url = null;/*from w ww. ja v  a2s.com*/
    if (null != octetBytes) {
        try {
            byte[] encoded = X509ExtensionUtil.fromExtensionValue(octetBytes).getEncoded();
            ASN1Sequence seq = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(encoded));
            AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(seq);
            for (AccessDescription accessDescription : access.getAccessDescriptions()) {
                if (accessDescription.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    url = new URL(accessDescription.getAccessLocation().getName().toString());
                    break;
                }
            }
        } catch (IOException ignore) {
        }
    }
    return url;
}

---

From source file:net.sf.dsig.verify.OCSPHelper.java

License:Apache License

/**
 * Retrieve the OCSP URI distribution point from an X.509 certificate, using
 * the 1.3.6.1.5.5.7.1.1 extension value
 * /*from   w  ww .j  a va2  s .  c o m*/
 * @param certificate the {@link X509Certificate} object
 * @return a String containing the URI of the OCSP authority info access,
 * or null if none can be found
 */
public static String getOCSPAccessLocationUri(X509Certificate certificate) {
    try {
        byte[] derAiaBytes = certificate.getExtensionValue(OID_AUTHORITYINFOACCESS);
        if (derAiaBytes == null) {
            return null;
        }

        ASN1InputStream ais = new ASN1InputStream(derAiaBytes);
        DEROctetString dos = (DEROctetString) ais.readObject();
        ais.close();

        ais = new ASN1InputStream(dos.getOctets());
        DERSequence seq = (DERSequence) ais.readObject();
        ais.close();

        AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(seq);

        for (int i = 0; i < aia.getAccessDescriptions().length; i++) {
            AccessDescription ad = aia.getAccessDescriptions()[i];
            if (!ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                continue;
            }

            GeneralName gn = ad.getAccessLocation();
            if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) {
                return ((DERString) gn.getName()).getString();
            }
        }
    } catch (IOException e) {
        logger.warn("ASN.1 decoding failed; will fall back to default OCSP AccessLocation, if set");
    }

    return null;
}

---

From source file:net.sf.portecle.crypto.X509Ext.java

License:Open Source License

/**
 * Get Authority Information Access (1.3.6.1.5.5.7.1.1) or Subject Information Access (1.3.6.1.5.5.7.1.11)
 * extension value as a string./*from  w  w  w.  j a  v a  2 s  . co  m*/
 * 
 * @param bValue The octet string value
 * @return Extension value as a string
 * @throws IOException If an I/O problem occurs
 */
private String getInformationAccessStringValue(byte[] bValue) throws IOException {
    AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(bValue);

    StringBuilder sb = new StringBuilder();

    AccessDescription[] accDescs = access.getAccessDescriptions();
    for (AccessDescription accDesc : accDescs) {
        if (sb.length() != 0) {
            sb.append("<br>");
        }

        String accOid = accDesc.getAccessMethod().toString();
        String accMeth = getRes(accOid, "UnrecognisedAccessMethod");

        LinkClass linkClass = LinkClass.BROWSER;
        if (accOid.equals(AccessDescription.id_ad_ocsp.getId())) {
            linkClass = LinkClass.OCSP;
        } else if (accOid.equals(AccessDescription.id_ad_caIssuers.getId())) {
            linkClass = LinkClass.CERTIFICATE;
        }

        sb.append("<ul><li>");
        sb.append(MessageFormat.format(accMeth, accOid));
        sb.append(": <ul><li>");
        sb.append(getGeneralNameString(accDesc.getAccessLocation(), linkClass));
        sb.append("</li></ul></li></ul>");
    }

    return sb.toString();
}

---

From source file:org.cesecore.certificates.certificate.certextensions.standard.AuthorityInformationAccess.java

License:Open Source License

@Override
public ASN1Encodable getValue(final EndEntityInformation subject, final CA ca,
        final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey,
        CertificateValidity val) throws CertificateExtensionException {
    final ASN1EncodableVector accessList = new ASN1EncodableVector();
    GeneralName accessLocation;// ww  w  . ja va2 s.c  o m
    String url;

    // caIssuers
    final List<String> caIssuers = certProfile.getCaIssuers();
    if (caIssuers != null) {
        for (final Iterator<String> it = caIssuers.iterator(); it.hasNext();) {
            url = it.next();
            if (StringUtils.isNotEmpty(url)) {
                accessLocation = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(url));
                accessList.add(new AccessDescription(AccessDescription.id_ad_caIssuers, accessLocation));
            }
        }
    }

    // ocsp url
    final X509CA x509ca = (X509CA) ca;
    url = certProfile.getOCSPServiceLocatorURI();
    if (certProfile.getUseDefaultOCSPServiceLocator()) {
        url = x509ca.getDefaultOCSPServiceLocator();
    }
    if (StringUtils.isNotEmpty(url)) {
        accessLocation = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(url));
        accessList.add(new AccessDescription(AccessDescription.id_ad_ocsp, accessLocation));
    }
    org.bouncycastle.asn1.x509.AuthorityInformationAccess ret = null;
    if (accessList.size() > 0) {
        ret = org.bouncycastle.asn1.x509.AuthorityInformationAccess.getInstance(new DERSequence(accessList));
    }
    if (ret == null) {
        log.error("AuthorityInformationAccess is used, but nor caIssuers not Ocsp url are defined!");
    }
    return ret;
}

---

From source file:org.cryptacular.x509.ExtensionReaderTest.java

License:Open Source License

@DataProvider(name = "authority-information-access")
public Object[][] getAuthorityInformationAccess() {
    return new Object[][] { new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
            new AccessDescription[] {
                    new AccessDescription(AccessDescription.id_ad_ocsp,
                            uri("http://EVSecure-ocsp.verisign.com")),
                    new AccessDescription(AccessDescription.id_ad_caIssuers,
                            uri("http://EVSecure-aia.verisign.com/EVSecure2006.cer")), }, }, };
}

---

• «
• 1
• 2
• »