List of usage examples for org.bouncycastle.asn1.x509 DistributionPoint getReasons
public ReasonFlags getReasons()
From source file:com.jlocksmith.util.ExtensionUtil.java
License:Open Source License
/** * Get Crl Distribution Points String Value * //from www .j a v a 2 s. c om * @param bytes * @return * @throws IOException */ private String getCrlDistributionPointsStringValue(byte[] bytes) throws IOException { CRLDistPoint dps = CRLDistPoint.getInstance(toDERObject(bytes)); DistributionPoint[] points = dps.getDistributionPoints(); StringBuffer sb = new StringBuffer(); for (int i = 0, len = points.length; i < len; i++) { DistributionPoint point = points[i]; DistributionPointName dpn; if ((dpn = point.getDistributionPoint()) != null) { ASN1TaggedObject tagObj = (ASN1TaggedObject) dpn.toASN1Object(); switch (tagObj.getTagNo()) { case DistributionPointName.FULL_NAME: sb.append(localeUtil.getString("CrlDistributionPoint.0.0")); sb.append('\n'); ASN1Sequence seq = (ASN1Sequence) tagObj.getObject(); for (int j = 0, nLen = seq.size(); j < nLen; j++) { sb.append('\t'); sb.append(getGeneralNameString((DERTaggedObject) seq.getObjectAt(j))); sb.append('\n'); } break; case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER: sb.append(localeUtil.getString("CrlDistributionPoint.0.1")); sb.append('\t'); sb.append(tagObj.getObject()); sb.append('\n'); break; default: break; } } ReasonFlags flags; if ((flags = point.getReasons()) != null) { sb.append(localeUtil.getString("CrlDistributionPoint.1")); sb.append('\t'); sb.append(flags); sb.append('\n'); } GeneralNames issuer; if ((issuer = point.getCRLIssuer()) != null) { sb.append(localeUtil.getString("CrlDistributionPoint.2")); sb.append('\n'); ASN1Sequence seq = (ASN1Sequence) issuer.getDERObject(); for (int j = 0, iLen = seq.size(); j < iLen; j++) { sb.append('\t'); sb.append(getGeneralNameString((DERTaggedObject) seq.getObjectAt(j))); sb.append('\n'); } } } return sb.toString(); }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static ReasonsMask processCRLD2(X509CRL crl, DistributionPoint dp) throws SimpleValidationErrorException { IssuingDistributionPoint idp = null; try {/*from www . j a v a 2s . c o m*/ idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)); } catch (Exception e) { throw new SimpleValidationErrorException(ValidationErrorCode.distrPtExtError, e); } // (d) (1) if (idp != null && idp.getOnlySomeReasons() != null && dp.getReasons() != null) { return new ReasonsMask(dp.getReasons().intValue()) .intersect(new ReasonsMask(idp.getOnlySomeReasons().intValue())); } // (d) (4) if ((idp == null || idp.getOnlySomeReasons() == null) && dp.getReasons() == null) { return ReasonsMask.allReasons; } // (d) (2) and (d)(3) return (dp.getReasons() == null ? ReasonsMask.allReasons : new ReasonsMask(dp.getReasons().intValue())) .intersect(idp == null ? ReasonsMask.allReasons : new ReasonsMask(idp.getOnlySomeReasons().intValue())); }
From source file:mitm.common.security.crl.PKIXRevocationChecker.java
License:Open Source License
private int getInterimReasonsMask(X509Certificate targetCertificate, X509CRL crl) throws IOException { IssuingDistributionPoint idp = X509CRLInspector.getIssuingDistributionPoint(crl); CRLDistPoint crlDistPoint = X509CertificateInspector.getCRLDistibutionPoints(targetCertificate); DistributionPoint[] dps = null;// w ww.ja v a 2 s . c o m if (crlDistPoint != null) { dps = crlDistPoint.getDistributionPoints(); } int interimMask = 0; if (idp != null && idp.getOnlySomeReasons() != null) { ReasonFlags irf = idp.getOnlySomeReasons(); if (dps != null) { for (DistributionPoint dp : dps) { if (dp == null) { logger.debug("Distributionpoint is null."); continue; } /* 6.3.3 (d)(1) */ if (dp.getReasons() != null) { ReasonFlags drf = dp.getReasons(); int intersection = irf.intValue() & drf.intValue(); interimMask = interimMask | intersection; } /* 6.3.3 (d)(2) */ else { interimMask = interimMask | irf.intValue(); } } } else { /* 6.3.3 (d)(2) */ interimMask = interimMask | irf.intValue(); } } /* 6.3.3 (d)(3) */ else { if (dps != null) { for (DistributionPoint dp : dps) { if (dp == null) { logger.debug("Distributionpoint is null."); continue; } if (dp.getReasons() != null) { ReasonFlags drf = dp.getReasons(); interimMask = interimMask | drf.intValue(); } else { interimMask = interimMask | allReasons; } } } else { interimMask = interimMask | allReasons; } } return interimMask; }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateParser.java
License:BSD License
private void testCrlDistributionPointsToUrisConversion(CRLDistPoint crldp) { for (DistributionPoint dp : crldp.getDistributionPoints()) { result.rejectIfNotNull(dp.getCRLIssuer(), CRLDP_ISSUER_OMITTED); result.rejectIfNotNull(dp.getReasons(), CRLDP_REASONS_OMITTED); if (!result.rejectIfNull(dp.getDistributionPoint(), CRLDP_PRESENT)) { return; }/*from ww w . j a v a 2 s .c o m*/ if (!result.rejectIfFalse(dp.getDistributionPoint().getType() == DistributionPointName.FULL_NAME, CRLDP_TYPE_FULL_NAME)) { return; } GeneralNames names = (GeneralNames) dp.getDistributionPoint().getName(); for (GeneralName name : names.getNames()) { if (!result.rejectIfFalse(name.getTagNo() == GeneralName.uniformResourceIdentifier, CRLDP_NAME_IS_A_URI)) { return; } DERIA5String uri = (DERIA5String) name.getName(); try { URI.create(uri.getString()); } catch (IllegalArgumentException e) { result.error(CRLDP_URI_SYNTAX); return; } } } }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getDistributionPointString(DistributionPoint distributionPoint, String baseIndent) throws IOException { // @formatter:off /*// w ww .j a va 2s. co m * DistributionPoint ::= ASN1Sequence { distributionPoint [0] * DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL } * * GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName */ // @formatter:on StringBuilder sb = new StringBuilder(); DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); ReasonFlags reasons = distributionPoint.getReasons(); GeneralNames crlIssuer = distributionPoint.getCRLIssuer(); if (distributionPointName != null) // Optional { sb.append(getDistributionPointNameString(distributionPointName, baseIndent)); } if (reasons != null) // Optional { sb.append(baseIndent); sb.append(res.getString("DistributionPointReasons")); sb.append(NEWLINE); String[] reasonFlags = getReasonFlagsStrings(reasons); for (String reasonFlag : reasonFlags) { sb.append(baseIndent); sb.append(INDENT); sb.append(reasonFlag); sb.append(NEWLINE); } } if (crlIssuer != null) // Optional { sb.append(baseIndent); sb.append(res.getString("DistributionPointCrlIssuer")); sb.append(NEWLINE); for (GeneralName generalName : crlIssuer.getNames()) { sb.append(baseIndent); sb.append(INDENT); sb.append(GeneralNameUtil.toString(generalName)); sb.append(NEWLINE); } } return sb.toString(); }
From source file:net.sf.portecle.crypto.X509Ext.java
License:Open Source License
/** * Get extension value for CRL Distribution Points as a string. * //from w w w.j ava 2 s. c om * @param bValue The octet string value * @return Extension value as a string * @throws IOException If an I/O problem occurs */ private String getCrlDistributionPointsStringValue(byte[] bValue) throws IOException { CRLDistPoint dps = CRLDistPoint.getInstance(bValue); DistributionPoint[] points = dps.getDistributionPoints(); StringBuilder sb = new StringBuilder(); sb.append("<ul>"); for (DistributionPoint point : points) { DistributionPointName dpn; if ((dpn = point.getDistributionPoint()) != null) { sb.append("<li>"); switch (dpn.getType()) { case DistributionPointName.FULL_NAME: sb.append(RB.getString("CrlDistributionPoint.0.0")); sb.append(": "); sb.append(getGeneralNamesString((GeneralNames) dpn.getName(), LinkClass.CRL)); break; case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER: sb.append(RB.getString("CrlDistributionPoint.0.1")); sb.append(": "); // TODO: need better decode? sb.append(stringify(dpn.getName())); break; default: sb.append(RB.getString("UnknownCrlDistributionPointName")); sb.append(": "); sb.append(stringify(dpn.getName())); break; } sb.append("</li>"); } ReasonFlags flags; if ((flags = point.getReasons()) != null) { sb.append("<li>"); sb.append(RB.getString("CrlDistributionPoint.1")); sb.append(": "); // TODO: decode sb.append(stringify(flags)); sb.append("</li>"); } GeneralNames issuer; if ((issuer = point.getCRLIssuer()) != null) { sb.append("<li>"); sb.append(RB.getString("CrlDistributionPoint.2")); sb.append(": "); sb.append(getGeneralNamesString(issuer, LinkClass.CRL)); sb.append("</li>"); } } sb.append("</ul>"); return sb.toString(); }
From source file:support.revocation.RevocationInfo.java
License:Apache License
/** * Creates a new <code>RevocationInfo</code> instance based on the given * certificate/*from w w w. java 2s . co m*/ * @param certificate */ public RevocationInfo(Certificate certificate) { if (certificate instanceof X509Certificate) try { X509Certificate x509cert = (X509Certificate) certificate; // process Authority Information Access extension // to determine OCSP services AuthorityInformationAccess info = AuthorityInformationAccess .getInstance(certificateExtension(x509cert, Extension.authorityInfoAccess.getId())); if (info != null) for (AccessDescription desc : info.getAccessDescriptions()) if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { String url = urlFromGeneralName(desc.getAccessLocation()); if (url != null) ocsp.add(url); } ocsp = Collections.unmodifiableList(ocsp); // process CRL Distribution Points extension // to determine CRL services CRLDistPoint points = CRLDistPoint .getInstance(certificateExtension(x509cert, Extension.cRLDistributionPoints.getId())); if (points != null) for (DistributionPoint point : points.getDistributionPoints()) { // no support for CRLs issued from another CA GeneralNames crlIssuer = point.getCRLIssuer(); if (crlIssuer != null && !crlIssuer.equals(DERNull.INSTANCE)) continue; // no support for partial CRLs ReasonFlags reasons = point.getReasons(); if (reasons != null && !reasons.equals(DERNull.INSTANCE)) continue; // use all distribution points ASN1Encodable names = point.getDistributionPoint().getName(); if (names instanceof GeneralNames) for (GeneralName name : ((GeneralNames) names).getNames()) { String url = urlFromGeneralName(name); if (url != null) crl.add(url); } } crl = Collections.unmodifiableList(crl); // Authority Key Identifier AuthorityKeyIdentifier authorityKeyId = AuthorityKeyIdentifier .getInstance(certificateExtension(x509cert, Extension.authorityKeyIdentifier.getId())); if (authorityKeyId != null) { byte[] keyidentifier = authorityKeyId.getKeyIdentifier(); if (keyidentifier != null) { authorityKeyIdentifier = new ArrayList<>(keyidentifier.length); for (byte value : keyidentifier) authorityKeyIdentifier.add(value); authorityKeyIdentifier = Collections.unmodifiableList(authorityKeyIdentifier); } BigInteger serial = authorityKeyId.getAuthorityCertSerialNumber(); if (serial != null) authoritySerial = serial.toString(); } // Subject Key Identifier SubjectKeyIdentifier subjectKeyId = SubjectKeyIdentifier .getInstance(certificateExtension(x509cert, Extension.subjectKeyIdentifier.getId())); if (subjectKeyId != null) { byte[] keyidentifier = subjectKeyId.getKeyIdentifier(); if (keyidentifier != null) { subjectKeyIdentifier = new ArrayList<>(keyidentifier.length); for (byte value : keyidentifier) subjectKeyIdentifier.add(value); subjectKeyIdentifier = Collections.unmodifiableList(subjectKeyIdentifier); } } } catch (ClassCastException | IllegalArgumentException e) { e.printStackTrace(); } }