List of usage examples for org.bouncycastle.asn1.x509 DistributionPoint getCRLIssuer
public GeneralNames getCRLIssuer()
From source file:com.jlocksmith.util.ExtensionUtil.java
License:Open Source License
/** * Get Crl Distribution Points String Value * /*www. j ava 2s . c o m*/ * @param bytes * @return * @throws IOException */ private String getCrlDistributionPointsStringValue(byte[] bytes) throws IOException { CRLDistPoint dps = CRLDistPoint.getInstance(toDERObject(bytes)); DistributionPoint[] points = dps.getDistributionPoints(); StringBuffer sb = new StringBuffer(); for (int i = 0, len = points.length; i < len; i++) { DistributionPoint point = points[i]; DistributionPointName dpn; if ((dpn = point.getDistributionPoint()) != null) { ASN1TaggedObject tagObj = (ASN1TaggedObject) dpn.toASN1Object(); switch (tagObj.getTagNo()) { case DistributionPointName.FULL_NAME: sb.append(localeUtil.getString("CrlDistributionPoint.0.0")); sb.append('\n'); ASN1Sequence seq = (ASN1Sequence) tagObj.getObject(); for (int j = 0, nLen = seq.size(); j < nLen; j++) { sb.append('\t'); sb.append(getGeneralNameString((DERTaggedObject) seq.getObjectAt(j))); sb.append('\n'); } break; case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER: sb.append(localeUtil.getString("CrlDistributionPoint.0.1")); sb.append('\t'); sb.append(tagObj.getObject()); sb.append('\n'); break; default: break; } } ReasonFlags flags; if ((flags = point.getReasons()) != null) { sb.append(localeUtil.getString("CrlDistributionPoint.1")); sb.append('\t'); sb.append(flags); sb.append('\n'); } GeneralNames issuer; if ((issuer = point.getCRLIssuer()) != null) { sb.append(localeUtil.getString("CrlDistributionPoint.2")); sb.append('\n'); ASN1Sequence seq = (ASN1Sequence) issuer.getDERObject(); for (int j = 0, iLen = seq.size(); j < iLen; j++) { sb.append('\t'); sb.append(getGeneralNameString((DERTaggedObject) seq.getObjectAt(j))); sb.append('\n'); } } } return sb.toString(); }
From source file:mitm.common.security.crl.PKIXRevocationChecker.java
License:Open Source License
private boolean acceptCRL_6_3_3_b(X509Certificate targetCertificate, X509CRL crl) throws IOException { boolean match = false; if (X509CRLInspector.isDeltaCRL(crl)) { /* CRL is not complete because it's a delta CRL */ return false; }/*from w ww . j a v a 2 s .c o m*/ if (!crl.getIssuerX500Principal().equals(targetCertificate.getIssuerX500Principal())) { logger.debug("CRL issuer and certificate issuer do not match."); return false; } IssuingDistributionPoint idp = X509CRLInspector.getIssuingDistributionPoint(crl); /* if there is no IssuingDistributionPoint there is always a match */ if (idp == null) { return true; } DistributionPointName idpn = idp.getDistributionPoint(); CRLDistPoint crlDistPoint = X509CertificateInspector.getCRLDistibutionPoints(targetCertificate); DistributionPoint[] dps = null; if (crlDistPoint != null) { dps = crlDistPoint.getDistributionPoints(); } if (dps != null) { for (DistributionPoint dp : dps) { if (dp == null) { logger.debug("Distributionpoint is null."); continue; } if (dp.getCRLIssuer() != null) { /* we do not support indirect CRLs */ logger.debug("CRL issuer should only be used for indirect CRLs."); continue; } DistributionPointName dpn = dp.getDistributionPoint(); if (idp != null) { if (idpn != null && dpn != null) { X500Principal issuer = targetCertificate.getIssuerX500Principal(); if (hasMatchingName(idpn, dpn, issuer)) { match = true; break; } } } } if (!match) { logger.debug("The CRL did not contain matching DistributionPoint names."); } } else { match = (idpn == null); } BasicConstraints basicConstraints = X509CertificateInspector.getBasicConstraints(targetCertificate); if (idp != null) { /* if basicConstraints is null assume it's a user certificate */ if (idp.onlyContainsCACerts() && ((basicConstraints != null && !basicConstraints.isCA()) | basicConstraints == null)) { logger.debug("Certificate is a user certificate but CRL only contains CA certificate."); match = false; } if (idp.onlyContainsUserCerts() && basicConstraints != null && basicConstraints.isCA()) { logger.debug("Certificate is a CA but CRL only contains user certificates."); match = false; } if (idp.onlyContainsAttributeCerts()) { logger.debug("Certificate only contains attribute certs."); match = false; } } return match; }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateParser.java
License:BSD License
private void testCrlDistributionPointsToUrisConversion(CRLDistPoint crldp) { for (DistributionPoint dp : crldp.getDistributionPoints()) { result.rejectIfNotNull(dp.getCRLIssuer(), CRLDP_ISSUER_OMITTED); result.rejectIfNotNull(dp.getReasons(), CRLDP_REASONS_OMITTED); if (!result.rejectIfNull(dp.getDistributionPoint(), CRLDP_PRESENT)) { return; }//from ww w.ja v a 2 s. c o m if (!result.rejectIfFalse(dp.getDistributionPoint().getType() == DistributionPointName.FULL_NAME, CRLDP_TYPE_FULL_NAME)) { return; } GeneralNames names = (GeneralNames) dp.getDistributionPoint().getName(); for (GeneralName name : names.getNames()) { if (!result.rejectIfFalse(name.getTagNo() == GeneralName.uniformResourceIdentifier, CRLDP_NAME_IS_A_URI)) { return; } DERIA5String uri = (DERIA5String) name.getName(); try { URI.create(uri.getString()); } catch (IllegalArgumentException e) { result.error(CRLDP_URI_SYNTAX); return; } } } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getDistributionPointString(DistributionPoint distributionPoint, String baseIndent) throws IOException { // @formatter:off /*//from w w w. j a va2 s .c o m * DistributionPoint ::= ASN1Sequence { distributionPoint [0] * DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL } * * GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName */ // @formatter:on StringBuilder sb = new StringBuilder(); DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); ReasonFlags reasons = distributionPoint.getReasons(); GeneralNames crlIssuer = distributionPoint.getCRLIssuer(); if (distributionPointName != null) // Optional { sb.append(getDistributionPointNameString(distributionPointName, baseIndent)); } if (reasons != null) // Optional { sb.append(baseIndent); sb.append(res.getString("DistributionPointReasons")); sb.append(NEWLINE); String[] reasonFlags = getReasonFlagsStrings(reasons); for (String reasonFlag : reasonFlags) { sb.append(baseIndent); sb.append(INDENT); sb.append(reasonFlag); sb.append(NEWLINE); } } if (crlIssuer != null) // Optional { sb.append(baseIndent); sb.append(res.getString("DistributionPointCrlIssuer")); sb.append(NEWLINE); for (GeneralName generalName : crlIssuer.getNames()) { sb.append(baseIndent); sb.append(INDENT); sb.append(GeneralNameUtil.toString(generalName)); sb.append(NEWLINE); } } return sb.toString(); }
From source file:net.sf.portecle.crypto.X509Ext.java
License:Open Source License
/** * Get extension value for CRL Distribution Points as a string. * //from ww w . j av a 2 s.co m * @param bValue The octet string value * @return Extension value as a string * @throws IOException If an I/O problem occurs */ private String getCrlDistributionPointsStringValue(byte[] bValue) throws IOException { CRLDistPoint dps = CRLDistPoint.getInstance(bValue); DistributionPoint[] points = dps.getDistributionPoints(); StringBuilder sb = new StringBuilder(); sb.append("<ul>"); for (DistributionPoint point : points) { DistributionPointName dpn; if ((dpn = point.getDistributionPoint()) != null) { sb.append("<li>"); switch (dpn.getType()) { case DistributionPointName.FULL_NAME: sb.append(RB.getString("CrlDistributionPoint.0.0")); sb.append(": "); sb.append(getGeneralNamesString((GeneralNames) dpn.getName(), LinkClass.CRL)); break; case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER: sb.append(RB.getString("CrlDistributionPoint.0.1")); sb.append(": "); // TODO: need better decode? sb.append(stringify(dpn.getName())); break; default: sb.append(RB.getString("UnknownCrlDistributionPointName")); sb.append(": "); sb.append(stringify(dpn.getName())); break; } sb.append("</li>"); } ReasonFlags flags; if ((flags = point.getReasons()) != null) { sb.append("<li>"); sb.append(RB.getString("CrlDistributionPoint.1")); sb.append(": "); // TODO: decode sb.append(stringify(flags)); sb.append("</li>"); } GeneralNames issuer; if ((issuer = point.getCRLIssuer()) != null) { sb.append("<li>"); sb.append(RB.getString("CrlDistributionPoint.2")); sb.append(": "); sb.append(getGeneralNamesString(issuer, LinkClass.CRL)); sb.append("</li>"); } } sb.append("</ul>"); return sb.toString(); }
From source file:support.revocation.RevocationInfo.java
License:Apache License
/** * Creates a new <code>RevocationInfo</code> instance based on the given * certificate/* ww w . j a v a 2 s .c o m*/ * @param certificate */ public RevocationInfo(Certificate certificate) { if (certificate instanceof X509Certificate) try { X509Certificate x509cert = (X509Certificate) certificate; // process Authority Information Access extension // to determine OCSP services AuthorityInformationAccess info = AuthorityInformationAccess .getInstance(certificateExtension(x509cert, Extension.authorityInfoAccess.getId())); if (info != null) for (AccessDescription desc : info.getAccessDescriptions()) if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { String url = urlFromGeneralName(desc.getAccessLocation()); if (url != null) ocsp.add(url); } ocsp = Collections.unmodifiableList(ocsp); // process CRL Distribution Points extension // to determine CRL services CRLDistPoint points = CRLDistPoint .getInstance(certificateExtension(x509cert, Extension.cRLDistributionPoints.getId())); if (points != null) for (DistributionPoint point : points.getDistributionPoints()) { // no support for CRLs issued from another CA GeneralNames crlIssuer = point.getCRLIssuer(); if (crlIssuer != null && !crlIssuer.equals(DERNull.INSTANCE)) continue; // no support for partial CRLs ReasonFlags reasons = point.getReasons(); if (reasons != null && !reasons.equals(DERNull.INSTANCE)) continue; // use all distribution points ASN1Encodable names = point.getDistributionPoint().getName(); if (names instanceof GeneralNames) for (GeneralName name : ((GeneralNames) names).getNames()) { String url = urlFromGeneralName(name); if (url != null) crl.add(url); } } crl = Collections.unmodifiableList(crl); // Authority Key Identifier AuthorityKeyIdentifier authorityKeyId = AuthorityKeyIdentifier .getInstance(certificateExtension(x509cert, Extension.authorityKeyIdentifier.getId())); if (authorityKeyId != null) { byte[] keyidentifier = authorityKeyId.getKeyIdentifier(); if (keyidentifier != null) { authorityKeyIdentifier = new ArrayList<>(keyidentifier.length); for (byte value : keyidentifier) authorityKeyIdentifier.add(value); authorityKeyIdentifier = Collections.unmodifiableList(authorityKeyIdentifier); } BigInteger serial = authorityKeyId.getAuthorityCertSerialNumber(); if (serial != null) authoritySerial = serial.toString(); } // Subject Key Identifier SubjectKeyIdentifier subjectKeyId = SubjectKeyIdentifier .getInstance(certificateExtension(x509cert, Extension.subjectKeyIdentifier.getId())); if (subjectKeyId != null) { byte[] keyidentifier = subjectKeyId.getKeyIdentifier(); if (keyidentifier != null) { subjectKeyIdentifier = new ArrayList<>(keyidentifier.length); for (byte value : keyidentifier) subjectKeyIdentifier.add(value); subjectKeyIdentifier = Collections.unmodifiableList(subjectKeyIdentifier); } } } catch (ClassCastException | IllegalArgumentException e) { e.printStackTrace(); } }