List of usage examples for org.bouncycastle.asn1.x509 Extension authorityInfoAccess
ASN1ObjectIdentifier authorityInfoAccess
To view the source code for org.bouncycastle.asn1.x509 Extension authorityInfoAccess.
Click Source Link
From source file:be.fedict.trust.ocsp.OcspTrustLinker.java
License:Open Source License
private URI getAccessLocation(X509Certificate certificate, ASN1ObjectIdentifier accessMethod) throws IOException, URISyntaxException { byte[] authInfoAccessExtensionValue = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }//from ww w.j av a2 s . co m AuthorityInformationAccess authorityInformationAccess; DEROctetString oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)).readObject()); authorityInformationAccess = AuthorityInformationAccess .getInstance(new ASN1InputStream(oct.getOctets()).readObject()); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { LOG.debug("access method: " + accessDescription.getAccessMethod()); boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); LOG.debug("access location: " + accessLocation); URI uri = toURI(accessLocation); LOG.debug("access location URI: " + uri); return uri; } return null; }
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, DateTime notBefore, DateTime notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage, String signatureAlgorithm, boolean tsa, boolean includeSKID, boolean includeAKID, PublicKey akidPublicKey, String certificatePolicy, Boolean qcCompliance, boolean ocspResponder, boolean qcSSCD) throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException { X500Name issuerName;/*from w w w.j a v a2 s.c o m*/ if (null != issuerCertificate) { issuerName = new X500Name(issuerCertificate.getSubjectX500Principal().toString()); } else { issuerName = new X500Name(subjectDn); } X500Name subjectName = new X500Name(subjectDn); BigInteger serial = new BigInteger(128, new SecureRandom()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuerName, serial, notBefore.toDate(), notAfter.toDate(), subjectName, publicKeyInfo); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); if (includeSKID) { x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(subjectPublicKey)); } if (includeAKID) { PublicKey authorityPublicKey; if (null != akidPublicKey) { authorityPublicKey = akidPublicKey; } else if (null != issuerCertificate) { authorityPublicKey = issuerCertificate.getPublicKey(); } else { authorityPublicKey = subjectPublicKey; } x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(authorityPublicKey)); } if (caFlag) { if (-1 == pathLength) { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(2147483647)); } else { x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(pathLength)); } } if (null != crlUri) { GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(crlUri)); GeneralNames generalNames = new GeneralNames(generalName); DistributionPointName distPointName = new DistributionPointName(generalNames); DistributionPoint distPoint = new DistributionPoint(distPointName, null, null); DistributionPoint[] crlDistPoints = new DistributionPoint[] { distPoint }; CRLDistPoint crlDistPoint = new CRLDistPoint(crlDistPoints); x509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, false, crlDistPoint); } if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); x509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess); } if (null != keyUsage) { x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, keyUsage); } if (null != certificatePolicy) { ASN1ObjectIdentifier policyObjectIdentifier = new ASN1ObjectIdentifier(certificatePolicy); PolicyInformation policyInformation = new PolicyInformation(policyObjectIdentifier); x509v3CertificateBuilder.addExtension(Extension.certificatePolicies, false, new DERSequence(policyInformation)); } if (null != qcCompliance) { ASN1EncodableVector vec = new ASN1EncodableVector(); if (qcCompliance) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcCompliance)); } else { vec.add(new QCStatement(QCStatement.id_etsi_qcs_RetentionPeriod)); } if (qcSSCD) { vec.add(new QCStatement(QCStatement.id_etsi_qcs_QcSSCD)); } x509v3CertificateBuilder.addExtension(Extension.qCStatements, true, new DERSequence(vec)); } if (tsa) { x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); } if (ocspResponder) { x509v3CertificateBuilder.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, DERNull.INSTANCE); x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning)); } AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(issuerPrivateKey.getEncoded()); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(asymmetricKeyParameter); X509CertificateHolder x509CertificateHolder = x509v3CertificateBuilder.build(contentSigner); byte[] encodedCertificate = x509CertificateHolder.getEncoded(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); return certificate; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
License:Open Source License
private void addAuthorityInfoAccess(X509v3CertificateBuilder certBuilder) throws CertIOException { ASN1EncodableVector aia_ASN = new ASN1EncodableVector(); GeneralName crlName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_CA_URL)); AccessDescription caIssuers = new AccessDescription(AccessDescription.id_ad_caIssuers, crlName); GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_OCSP_URL)); AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, ocspName); aia_ASN.add(caIssuers);/*w ww .jav a 2 s.c o m*/ aia_ASN.add(ocsp); certBuilder.addExtension(Extension.authorityInfoAccess, false, new DERSequence(aia_ASN)); }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
License:Open Source License
private static void addAuthorityInfoAccess(X509v3CertificateBuilder certBuilder) throws CertIOException { ASN1EncodableVector aia_ASN = new ASN1EncodableVector(); GeneralName crlName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_CA_URL)); AccessDescription caIssuers = new AccessDescription(AccessDescription.id_ad_caIssuers, crlName); GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(CertConstant.MAD_OCSP_URL)); AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, ocspName); aia_ASN.add(caIssuers);//from w w w. j av a2 s . c o m aia_ASN.add(ocsp); certBuilder.addExtension(Extension.authorityInfoAccess, false, new DERSequence(aia_ASN)); }
From source file:com.itextpdf.signatures.CertificateUtil.java
License:Open Source License
/** * Retrieves the OCSP URL from the given certificate. * @param certificate the certificate//from www . j av a 2 s . c o m * @return the URL or null * @throws IOException */ public static String getOCSPURL(X509Certificate certificate) { ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId()); if (obj == null) { return null; } ASN1Sequence AccessDescriptions = (ASN1Sequence) obj; for (int i = 0; i < AccessDescriptions.size(); i++) { ASN1Sequence AccessDescription = (ASN1Sequence) AccessDescriptions.getObjectAt(i); if (AccessDescription.size() != 2) { continue; } else if (AccessDescription.getObjectAt(0) instanceof ASN1ObjectIdentifier) { ASN1ObjectIdentifier id = (ASN1ObjectIdentifier) AccessDescription.getObjectAt(0); if (SecurityIDs.ID_OCSP.equals(id.getId())) { ASN1Primitive description = (ASN1Primitive) AccessDescription.getObjectAt(1); String AccessLocation = getStringFromGeneralName(description); if (AccessLocation == null) { return ""; } else { return AccessLocation; } } } } } catch (IOException e) { return null; } return null; }
From source file:ee.ria.xroad.common.util.CertUtils.java
License:Open Source License
/** * @param subject certificate from which to get the OCSP responder URI * @return OCSP responder URI from given certificate. * @throws IOException if an I/O error occurred *//*from w ww . ja va 2 s . c o m*/ public static String getOcspResponderUriFromCert(X509Certificate subject) throws IOException { final byte[] extensionValue = subject.getExtensionValue(Extension.authorityInfoAccess.toString()); if (extensionValue != null) { ASN1Primitive derObject = toDERObject(extensionValue); if (derObject instanceof DEROctetString) { DEROctetString derOctetString = (DEROctetString) derObject; derObject = toDERObject(derOctetString.getOctets()); AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(derObject); AccessDescription[] descriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription desc : descriptions) { if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { GeneralName generalName = desc.getAccessLocation(); return generalName.getName().toString(); } } } } return null; }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
private static String getAccessLocation(final X509Certificate certificate, final ASN1ObjectIdentifier accessMethod) { try {/*from w w w . j a va2s .c om*/ final byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } /* Parse the extension */ final ASN1InputStream asn1InputStream = new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)); final DEROctetString oct = (DEROctetString) (asn1InputStream.readObject()); asn1InputStream.close(); final ASN1InputStream asn1InputStream2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(asn1InputStream2.readObject()); asn1InputStream2.close(); String accessLocation = null; final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (final AccessDescription accessDescription : accessDescriptions) { // LOG.debug("access method: " + accessDescription.getAccessMethod()); final boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { // LOG.debug("not a uniform resource identifier"); continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); accessLocation = str.getString(); // The HTTP protocol is preferred. if (Protocol.isHttpUrl(accessLocation)) { // LOG.debug("access location: " + accessLocation); break; } } return accessLocation; } catch (final IOException e) { // we do nothing // LOG.("IO error: " + e.getMessage(), e); } return null; }
From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java
License:Open Source License
/** * Gives back the OCSP URI meta-data found within the given X509 cert. * * @param certificate//w ww . j a v a 2s . c o m * the cert token. * @return the OCSP URI, or <code>null</code> if the extension is not present. * @throws DSSException */ public String getAccessLocation(final CertificateToken certificate) throws DSSException { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (ArrayUtils.isEmpty(authInfoAccessExtensionValue)) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { ais1 = new ASN1InputStream(authInfoAccessExtensionValue); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(ais2.readObject()); final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (logger.isDebugEnabled()) { logger.debug("Access method OID : " + accessDescription.getAccessMethod()); } final boolean correctAccessMethod = X509ObjectIdentifiers.ocspAccessMethod .equals(accessDescription.getAccessMethod()); if (!correctAccessMethod) { continue; } final GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { if (logger.isDebugEnabled()) { logger.debug("Not a uniform resource identifier"); } continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); final String accessLocation = str.getString(); if (logger.isDebugEnabled()) { logger.debug("Access location: " + accessLocation); } return accessLocation; } return null; } catch (IOException e) { throw new DSSException(e); } finally { IOUtils.closeQuietly(ais1); IOUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static List<String> getAccessLocations(final CertificateToken certificate) { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }// w w w.ja v a2s. c o m // Parse the extension ASN1Sequence asn1Sequence = null; try { asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue); } catch (DSSException e) { return null; } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(asn1Sequence); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); List<String> locationsUrls = new ArrayList<String>(); for (AccessDescription accessDescription : accessDescriptions) { if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessDescription.getAccessMethod())) { GeneralName gn = accessDescription.getAccessLocation(); if (GeneralName.uniformResourceIdentifier == gn.getTagNo()) { DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); locationsUrls.add(str.getString()); } } } return locationsUrls; }
From source file:io.netty.example.ocsp.OcspUtils.java
License:Apache License
/** * Returns the OCSP responder {@link URI} or {@code null} if it doesn't have one. *///from w ww.j a v a2 s. c o m public static URI ocspUri(X509Certificate certificate) throws IOException { byte[] value = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (value == null) { return null; } ASN1Primitive authorityInfoAccess = X509ExtensionUtil.fromExtensionValue(value); if (!(authorityInfoAccess instanceof DLSequence)) { return null; } DLSequence aiaSequence = (DLSequence) authorityInfoAccess; DERTaggedObject taggedObject = findObject(aiaSequence, OCSP_RESPONDER_OID, DERTaggedObject.class); if (taggedObject == null) { return null; } if (taggedObject.getTagNo() != BERTags.OBJECT_IDENTIFIER) { return null; } byte[] encoded = taggedObject.getEncoded(); int length = (int) encoded[1] & 0xFF; String uri = new String(encoded, 2, length, CharsetUtil.UTF_8); return URI.create(uri); }