List of usage examples for org.bouncycastle.asn1.x509 AuthorityInformationAccess getInstance
public static AuthorityInformationAccess getInstance(Object obj)
From source file:be.fedict.trust.ocsp.OcspTrustLinker.java
License:Open Source License
private URI getAccessLocation(X509Certificate certificate, ASN1ObjectIdentifier accessMethod) throws IOException, URISyntaxException { byte[] authInfoAccessExtensionValue = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }/* w w w .j a va 2 s .c o m*/ AuthorityInformationAccess authorityInformationAccess; DEROctetString oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)).readObject()); authorityInformationAccess = AuthorityInformationAccess .getInstance(new ASN1InputStream(oct.getOctets()).readObject()); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { LOG.debug("access method: " + accessDescription.getAccessMethod()); boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); LOG.debug("access location: " + accessLocation); URI uri = toURI(accessLocation); LOG.debug("access location URI: " + uri); return uri; } return null; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, ASN1Primitive aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier("1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); DERObjectIdentifier acessMethod = accessDescription.getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName);//from w w w . j a v a 2 s. co m } } }
From source file:com.viettel.hqmc.DAO.FilesDAO.java
private static List<String> getAIALocations(X509Certificate cert) throws Exception { //Gets the DER-encoded OCTET string for the extension value for Authority information access Points byte[] aiaExtensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (aiaExtensionValue == null) { throw new Exception("Certificate doesn't have authority " + "information access points"); }/*w w w . java 2s. c o m*/ //might have to pass an ByteArrayInputStream(aiaExtensionValue) ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue); AuthorityInformationAccess authorityInformationAccess; try { DEROctetString aiaDEROctetString = (DEROctetString) (asn1In.readObject()); ASN1InputStream asn1InOctets = new ASN1InputStream(aiaDEROctetString.getOctets()); ASN1Sequence aiaASN1Sequence = (ASN1Sequence) asn1InOctets.readObject(); authorityInformationAccess = AuthorityInformationAccess.getInstance(aiaASN1Sequence); } catch (IOException ex) { LogUtil.addLog(ex);//binhnt sonar a160901 throw new Exception("Cannot read certificate to get OCSP URLs", ex); } List<String> ocspUrlList = new ArrayList<String>(); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); ocspUrlList.add(accessLocation); } } if (ocspUrlList.isEmpty()) { throw new Exception("Cant get OCSP urls from certificate"); } return ocspUrlList; }
From source file:dk.itst.oiosaml.sp.metadata.CRLChecker.java
License:Mozilla Public License
/** * Gets an URL to use when performing an OCSP validation of a certificate. * //from www . j ava 2 s.co m * @param conf * @param entityId * @param certificate * @return the URL to use. * @see <a href="http://oid-info.com/get/1.3.6.1.5.5.7.48.1">http://oid-info.com/get/1.3.6.1.5.5.7.48.1</a> */ private String getOCSPUrl(Configuration conf, String entityId, X509Certificate certificate) { String url = conf.getString(Constants.PROP_OCSP_RESPONDER); if (url != null) { return url; } log.debug("No OCSP configured for " + entityId + " attempting to extract OCSP location from certificate " + certificate.getSubjectDN()); AuthorityInformationAccess authInfoAcc = null; ASN1InputStream aIn = null; try { byte[] bytes = certificate.getExtensionValue(AUTH_INFO_ACCESS); aIn = new ASN1InputStream(bytes); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(octs.getOctets()); ASN1Primitive auth_info_acc = aIn.readObject(); if (auth_info_acc != null) { authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc); } } catch (Exception e) { log.debug("Cannot extract access location of OCSP responder.", e); return null; } finally { if (aIn != null) { try { aIn.close(); } catch (IOException e) { } } } List<String> ocspUrls = getOCSPUrls(authInfoAcc); Iterator<String> urlIt = ocspUrls.iterator(); while (urlIt.hasNext()) { // Just return the first URL Object ocspUrl = new UntrustedUrlInput(urlIt.next()); url = ocspUrl.toString(); } return url; }
From source file:ec.rubrica.util.CertificateUtils.java
License:Open Source License
public static String ocspURLFromCert(X509Certificate cert) { /*/* www .j a va 2 s . com*/ * Return the OCSP Responder address contained in the certificate More * precisely the it is contained in the authorityInfoAccess extension */ try { return AuthorityInformationAccess .getInstance(X509ExtensionUtil .fromExtensionValue(cert.getExtensionValue(X509Extension.authorityInfoAccess.getId()))) .getAccessDescriptions()[0].getAccessLocation().getName().toASN1Primitive().toString() .split("://")[1]; } catch (Exception e) { return null; } }
From source file:ee.ria.xroad.common.util.CertUtils.java
License:Open Source License
/** * @param subject certificate from which to get the OCSP responder URI * @return OCSP responder URI from given certificate. * @throws IOException if an I/O error occurred *//* w ww . j ava 2 s . c o m*/ public static String getOcspResponderUriFromCert(X509Certificate subject) throws IOException { final byte[] extensionValue = subject.getExtensionValue(Extension.authorityInfoAccess.toString()); if (extensionValue != null) { ASN1Primitive derObject = toDERObject(extensionValue); if (derObject instanceof DEROctetString) { DEROctetString derOctetString = (DEROctetString) derObject; derObject = toDERObject(derOctetString.getOctets()); AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(derObject); AccessDescription[] descriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription desc : descriptions) { if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { GeneralName generalName = desc.getAccessLocation(); return generalName.getName().toString(); } } } } return null; }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
private static String getAccessLocation(final X509Certificate certificate, final ASN1ObjectIdentifier accessMethod) { try {/* www. j a v a2 s . c om*/ final byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } /* Parse the extension */ final ASN1InputStream asn1InputStream = new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)); final DEROctetString oct = (DEROctetString) (asn1InputStream.readObject()); asn1InputStream.close(); final ASN1InputStream asn1InputStream2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(asn1InputStream2.readObject()); asn1InputStream2.close(); String accessLocation = null; final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (final AccessDescription accessDescription : accessDescriptions) { // LOG.debug("access method: " + accessDescription.getAccessMethod()); final boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { // LOG.debug("not a uniform resource identifier"); continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); accessLocation = str.getString(); // The HTTP protocol is preferred. if (Protocol.isHttpUrl(accessLocation)) { // LOG.debug("access location: " + accessLocation); break; } } return accessLocation; } catch (final IOException e) { // we do nothing // LOG.("IO error: " + e.getMessage(), e); } return null; }
From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OnlineOCSPSource.java
License:Open Source License
/** * Gives back the OCSP URI meta-data found within the given X509 cert. * * @param certificate the X509 cert.// w ww .j ava 2 s .c o m * @return the OCSP URI, or <code>null</code> if the extension is not present. * @throws DSSException */ public String getAccessLocation(final X509Certificate certificate) throws DSSException { final ASN1ObjectIdentifier ocspAccessMethod = X509ObjectIdentifiers.ocspAccessMethod; final byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(X509Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { final ByteArrayInputStream bais = new ByteArrayInputStream(authInfoAccessExtensionValue); ais1 = new ASN1InputStream(bais); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(ais2.readObject()); final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (LOG.isDebugEnabled()) { LOG.debug("Access method: " + accessDescription.getAccessMethod()); } final boolean correctAccessMethod = accessDescription.getAccessMethod().equals(ocspAccessMethod); if (!correctAccessMethod) { continue; } final GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { if (LOG.isDebugEnabled()) { LOG.debug("Not a uniform resource identifier"); } continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); final String accessLocation = str.getString(); if (LOG.isDebugEnabled()) { LOG.debug("Access location: " + accessLocation); } return accessLocation; } return null; } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(ais1); DSSUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java
License:Open Source License
/** * Gives back the OCSP URI meta-data found within the given X509 cert. * * @param certificate/*www.j a v a 2s .c o m*/ * the cert token. * @return the OCSP URI, or <code>null</code> if the extension is not present. * @throws DSSException */ public String getAccessLocation(final CertificateToken certificate) throws DSSException { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (ArrayUtils.isEmpty(authInfoAccessExtensionValue)) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { ais1 = new ASN1InputStream(authInfoAccessExtensionValue); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(ais2.readObject()); final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (logger.isDebugEnabled()) { logger.debug("Access method OID : " + accessDescription.getAccessMethod()); } final boolean correctAccessMethod = X509ObjectIdentifiers.ocspAccessMethod .equals(accessDescription.getAccessMethod()); if (!correctAccessMethod) { continue; } final GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { if (logger.isDebugEnabled()) { logger.debug("Not a uniform resource identifier"); } continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); final String accessLocation = str.getString(); if (logger.isDebugEnabled()) { logger.debug("Access location: " + accessLocation); } return accessLocation; } return null; } catch (IOException e) { throw new DSSException(e); } finally { IOUtils.closeQuietly(ais1); IOUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static List<String> getAccessLocations(final CertificateToken certificate) { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }//from w ww. j a v a2 s .co m // Parse the extension ASN1Sequence asn1Sequence = null; try { asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue); } catch (DSSException e) { return null; } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(asn1Sequence); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); List<String> locationsUrls = new ArrayList<String>(); for (AccessDescription accessDescription : accessDescriptions) { if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessDescription.getAccessMethod())) { GeneralName gn = accessDescription.getAccessLocation(); if (GeneralName.uniformResourceIdentifier == gn.getTagNo()) { DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); locationsUrls.add(str.getString()); } } } return locationsUrls; }