List of usage examples for org.bouncycastle.asn1.x509 Extension subjectInfoAccess
ASN1ObjectIdentifier subjectInfoAccess
To view the source code for org.bouncycastle.asn1.x509 Extension subjectInfoAccess.
Click Source Link
From source file:net.ripe.rpki.commons.provisioning.x509.pkcs10.RpkiCaCertificateRequestBuilder.java
License:BSD License
private Extensions createExtensions() throws IOException { // Make extension for SIA in request. See here: // http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation List<Extension> extensions = new ArrayList<Extension>(); X509CertificateInformationAccessDescriptor[] descriptors = new X509CertificateInformationAccessDescriptor[] { new X509CertificateInformationAccessDescriptor( X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, caRepositoryUri), new X509CertificateInformationAccessDescriptor( X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST, manifestUri), }; AccessDescription[] subjectInformationAccess = X509CertificateInformationAccessDescriptor .convertAccessDescriptors(descriptors); DERSequence derSequence = new DERSequence(subjectInformationAccess); extensions.add(/*from ww w .j av a 2s . co m*/ new Extension(Extension.subjectInfoAccess, false, new DEROctetString(derSequence.getEncoded()))); KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign); extensions.add(new Extension(Extension.keyUsage, true, new DEROctetString(keyUsage))); extensions.add( new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(true)))); return new Extensions(extensions.toArray(new Extension[extensions.size()])); }
From source file:net.sf.portecle.crypto.X509Ext.java
License:Open Source License
/** * Get extension value as a string./*from ww w . j a va 2s.c o m*/ * * @return Extension value as a string * @throws IOException If an I/O problem occurs * @throws ParseException If a date formatting problem occurs */ public String getStringValue() throws IOException, ParseException { // Get octet string from extension byte[] bOctets = ((ASN1OctetString) ASN1Primitive.fromByteArray(m_bValue)).getOctets(); // Octet string processed differently depending on extension type if (m_Oid.equals(X509ObjectIdentifiers.commonName)) { return getCommonNameStringValue(bOctets); } else if (m_Oid.equals(Extension.subjectKeyIdentifier)) { return getSubjectKeyIdentifierStringValue(bOctets); } else if (m_Oid.equals(Extension.keyUsage)) { return getKeyUsageStringValue(bOctets); } else if (m_Oid.equals(Extension.privateKeyUsagePeriod)) { return getPrivateKeyUsagePeriod(bOctets); } else if (m_Oid.equals(Extension.issuerAlternativeName) || m_Oid.equals(Extension.subjectAlternativeName)) { return getAlternativeName(bOctets); } else if (m_Oid.equals(Extension.basicConstraints)) { return getBasicConstraintsStringValue(bOctets); } else if (m_Oid.equals(Extension.cRLNumber)) { return getCrlNumberStringValue(bOctets); } else if (m_Oid.equals(Extension.reasonCode)) { return getReasonCodeStringValue(bOctets); } else if (m_Oid.equals(Extension.instructionCode)) { return getHoldInstructionCodeStringValue(bOctets); } else if (m_Oid.equals(Extension.invalidityDate)) { return getInvalidityDateStringValue(bOctets); } else if (m_Oid.equals(Extension.deltaCRLIndicator)) { return getDeltaCrlIndicatorStringValue(bOctets); } else if (m_Oid.equals(Extension.certificateIssuer)) { return getCertificateIssuerStringValue(bOctets); } else if (m_Oid.equals(Extension.policyMappings)) { return getPolicyMappingsStringValue(bOctets); } else if (m_Oid.equals(Extension.authorityKeyIdentifier)) { return getAuthorityKeyIdentifierStringValue(bOctets); } else if (m_Oid.equals(Extension.policyConstraints)) { return getPolicyConstraintsStringValue(bOctets); } else if (m_Oid.equals(Extension.extendedKeyUsage)) { return getExtendedKeyUsageStringValue(bOctets); } else if (m_Oid.equals(Extension.inhibitAnyPolicy)) { return getInhibitAnyPolicyStringValue(bOctets); } else if (m_Oid.equals(MiscObjectIdentifiers.entrustVersionExtension)) { return getEntrustVersionExtensionStringValue(bOctets); } else if (m_Oid.equals(PKCSObjectIdentifiers.pkcs_9_at_smimeCapabilities)) { return getSmimeCapabilitiesStringValue(bOctets); } else if (m_Oid.equals(MicrosoftObjectIdentifiers.microsoftCaVersion)) { return getMicrosoftCAVersionStringValue(bOctets); } else if (m_Oid.equals(MicrosoftObjectIdentifiers.microsoftPrevCaCertHash)) { return getMicrosoftPreviousCACertificateHashStringValue(bOctets); } else if (m_Oid.equals(MicrosoftObjectIdentifiers.microsoftCertTemplateV2)) { return getMicrosoftCertificateTemplateV2StringValue(bOctets); } else if (m_Oid.equals(MicrosoftObjectIdentifiers.microsoftAppPolicies)) { return getUnknownOidStringValue(bOctets); // TODO } // TODO: https://github.com/bcgit/bc-java/pull/92 else if (m_Oid.toString().equals("1.3.6.1.4.1.311.21.4")) { return getMicrosoftCrlNextPublish(bOctets); } else if (m_Oid.equals(Extension.authorityInfoAccess) || m_Oid.equals(Extension.subjectInfoAccess)) { return getInformationAccessStringValue(bOctets); } else if (m_Oid.equals(Extension.logoType)) { return getLogotypeStringValue(bOctets); } else if (m_Oid.equals(MiscObjectIdentifiers.novellSecurityAttribs)) { return getNovellSecurityAttributesStringValue(bOctets); } else if (m_Oid.equals(MiscObjectIdentifiers.netscapeCertType)) { return getNetscapeCertificateTypeStringValue(bOctets); } else if (m_Oid.equals(MiscObjectIdentifiers.netscapeSSLServerName) || m_Oid.equals(MiscObjectIdentifiers.netscapeCertComment) || m_Oid.equals(MiscObjectIdentifiers.verisignDnbDunsNumber) || m_Oid.equals(MicrosoftObjectIdentifiers.microsoftCertTemplateV1)) { return getASN1ObjectString(bOctets); } else if (m_Oid.equals(MiscObjectIdentifiers.netscapeCApolicyURL)) { return getNetscapeExtensionURLValue(bOctets, LinkClass.BROWSER); } else if (m_Oid.equals(MiscObjectIdentifiers.netscapeBaseURL) || m_Oid.equals(MiscObjectIdentifiers.netscapeRenewalURL) || m_Oid.equals(MiscObjectIdentifiers.netscapeRevocationURL) || m_Oid.equals(MiscObjectIdentifiers.netscapeCARevocationURL)) { return getNetscapeExtensionURLValue(bOctets, LinkClass.CRL); } else if (m_Oid.equals(Extension.cRLDistributionPoints)) { return getCrlDistributionPointsStringValue(bOctets); } else if (m_Oid.equals(Extension.certificatePolicies)) { return getCertificatePoliciesStringValue(bOctets); } // TODO: // - CERTIFICATE_POLICIES_OLD_OID // - AUTHORITY_KEY_IDENTIFIER_OLD_OID // - BASIC_CONSTRAINTS_OLD_0_OID // Don't know how to process the extension // and clear text else { return getUnknownOidStringValue(bOctets); } }
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_SubCA_Complex() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile SubCA with most extensions", true, "8y", false, new String[] { "SHA256", "SHA1" }); // Subject/*from www .j a v a 2 s . c om*/ Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX")); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = createBasicConstraints(1); list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.C_RL_SIGN }); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Certificate Policies extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1")); list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue)); // Policy Mappings PolicyMappings policyMappings = new PolicyMappings(); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1"))); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2"))); extensionValue = createExtensionValueType(policyMappings); list.add(createExtension(Extension.policyMappings, true, true, extensionValue)); // Policy Constraints PolicyConstraints policyConstraints = createPolicyConstraints(2, 2); extensionValue = createExtensionValueType(policyConstraints); list.add(createExtension(Extension.policyConstraints, true, true, extensionValue)); // Name Constrains NameConstraints nameConstraints = createNameConstraints(); extensionValue = createExtensionValueType(nameConstraints); list.add(createExtension(Extension.nameConstraints, true, true, extensionValue)); // Inhibit anyPolicy InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1); extensionValue = createExtensionValueType(inhibitAnyPolicy); list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue)); // SubjectAltName SubjectAltName subjectAltNameMode = new SubjectAltName(); OtherName otherName = new OtherName(); otherName.getType().add(createOidType(ObjectIdentifiers.DN_O)); subjectAltNameMode.setOtherName(otherName); subjectAltNameMode.setRfc822Name(""); subjectAltNameMode.setDNSName(""); subjectAltNameMode.setDirectoryName(""); subjectAltNameMode.setEdiPartyName(""); subjectAltNameMode.setUniformResourceIdentifier(""); subjectAltNameMode.setIPAddress(""); subjectAltNameMode.setRegisteredID(""); extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // SubjectInfoAccess SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess(); SubjectInfoAccess.Access access = new SubjectInfoAccess.Access(); access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository)); GeneralNameType accessLocation = new GeneralNameType(); access.setAccessLocation(accessLocation); accessLocation.setDirectoryName(""); accessLocation.setUniformResourceIdentifier(""); subjectInfoAccessMode.getAccess().add(access); extensionValue = createExtensionValueType(subjectInfoAccessMode); list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue)); // Custom Extension ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4"); extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded()); list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1")); return profile; }
From source file:org.xipki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private void doInitialize(final String data) throws CertprofileException { byte[] bytes; try {//from ww w. j a va2s . com bytes = data.getBytes("UTF-8"); } catch (UnsupportedEncodingException e) { bytes = data.getBytes(); } X509ProfileType conf = XmlX509CertprofileUtil.parse(new ByteArrayInputStream(bytes)); if (conf.getVersion() != null) { int intVersion = conf.getVersion().intValue(); this.version = X509CertVersion.getInstance(intVersion); if (this.version == null) { throw new CertprofileException("invalid version " + intVersion); } } else { this.version = X509CertVersion.V3; } if (conf.getSignatureAlgorithms() != null) { List<String> algoNames = conf.getSignatureAlgorithms().getAlgorithm(); this.signatureAlgorithms = new ArrayList<>(algoNames.size()); for (String algoName : algoNames) { try { this.signatureAlgorithms.add(AlgorithmUtil.canonicalizeSignatureAlgo(algoName)); } catch (NoSuchAlgorithmException e) { throw new CertprofileException(e.getMessage(), e); } } } this.raOnly = conf.isRaOnly(); this.qaOnly = conf.isQaOnly(); this.validity = CertValidity.getInstance(conf.getValidity()); this.ca = conf.isCa(); this.notBeforeMidnight = "midnight".equalsIgnoreCase(conf.getNotBeforeTime()); String specialBehavior = conf.getSpecialBehavior(); if (specialBehavior != null) { this.specialBehavior = SpecialX509CertprofileBehavior.getInstance(specialBehavior); } if (conf.isDuplicateKey() != null) { duplicateKeyPermitted = conf.isDuplicateKey().booleanValue(); } if (conf.isDuplicateSubject() != null) { duplicateSubjectPermitted = conf.isDuplicateSubject().booleanValue(); } if (conf.isSerialNumberInReq() != null) { serialNumberInReqPermitted = conf.isSerialNumberInReq().booleanValue(); } // KeyAlgorithms KeyAlgorithms keyAlgos = conf.getKeyAlgorithms(); if (keyAlgos != null) { this.keyAlgorithms = XmlX509CertprofileUtil.buildKeyAlgorithms(keyAlgos); } // parameters Parameters confParams = conf.getParameters(); if (confParams == null) { parameters = null; } else { Map<String, String> tMap = new HashMap<>(); for (NameValueType nv : confParams.getParameter()) { tMap.put(nv.getName(), nv.getValue()); } parameters = Collections.unmodifiableMap(tMap); } // Subject Subject subject = conf.getSubject(); if (subject != null) { this.backwardsSubject = subject.isDnBackwards(); this.incSerialNoIfSubjectExists = subject.isIncSerialNumber(); this.subjectDNControls = new HashSet<RDNControl>(); this.subjectDNOptions = new HashMap<>(); for (RdnType t : subject.getRdn()) { DirectoryStringType directoryStringEnum = XmlX509CertprofileUtil .convertDirectoryStringType(t.getDirectoryStringType()); ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(t.getType().getValue()); RDNControl occ = new RDNControl(type, t.getMinOccurs(), t.getMaxOccurs(), directoryStringEnum); this.subjectDNControls.add(occ); List<Pattern> patterns = null; if (CollectionUtil.isNotEmpty(t.getRegex())) { patterns = new LinkedList<>(); for (String regex : t.getRegex()) { Pattern pattern = Pattern.compile(regex); patterns.add(pattern); } } SubjectDNOption option = new SubjectDNOption(t.getPrefix(), t.getSuffix(), patterns, t.getMinLen(), t.getMaxLen()); this.subjectDNOptions.put(type, option); } } // Extensions ExtensionsType extensionsType = conf.getExtensions(); // Extension controls this.extensionControls = XmlX509CertprofileUtil.buildExtensionControls(extensionsType); // BasicConstrains ASN1ObjectIdentifier type = Extension.basicConstraints; if (extensionControls.containsKey(type)) { BasicConstraints extConf = (BasicConstraints) getExtensionValue(type, extensionsType, BasicConstraints.class); if (extConf != null) { this.pathLen = extConf.getPathLen(); } } // AuthorityInfoAccess type = Extension.authorityInfoAccess; if (extensionControls.containsKey(type)) { AuthorityInfoAccess extConf = (AuthorityInfoAccess) getExtensionValue(type, extensionsType, AuthorityInfoAccess.class); if (extConf != null) { Boolean b = extConf.isIncludeCaIssuers(); boolean includesCaIssuers = b == null ? true : b.booleanValue(); b = extConf.isIncludeOcsp(); boolean includesOcsp = b == null ? true : b.booleanValue(); this.aIAControl = new AuthorityInfoAccessControl(includesCaIssuers, includesOcsp); } } // Extension KeyUsage type = Extension.keyUsage; if (extensionControls.containsKey(type)) { KeyUsage extConf = (KeyUsage) getExtensionValue(type, extensionsType, KeyUsage.class); if (extConf != null) { this.keyusages = XmlX509CertprofileUtil.buildKeyUsageOptions(extConf); } } // ExtendedKeyUsage type = Extension.extendedKeyUsage; if (extensionControls.containsKey(type)) { ExtendedKeyUsage extConf = (ExtendedKeyUsage) getExtensionValue(type, extensionsType, ExtendedKeyUsage.class); if (extConf != null) { this.extendedKeyusages = XmlX509CertprofileUtil.buildExtKeyUsageOptions(extConf); } } // AuthorityKeyIdentifier type = Extension.authorityKeyIdentifier; if (extensionControls.containsKey(type)) { AuthorityKeyIdentifier extConf = (AuthorityKeyIdentifier) getExtensionValue(type, extensionsType, AuthorityKeyIdentifier.class); if (extConf != null) { this.includeIssuerAndSerialInAKI = extConf.isIncludeIssuerAndSerial(); } } // Certificate Policies type = Extension.certificatePolicies; if (extensionControls.containsKey(type)) { CertificatePolicies extConf = (CertificatePolicies) getExtensionValue(type, extensionsType, CertificatePolicies.class); if (extConf != null) { List<CertificatePolicyInformation> policyInfos = XmlX509CertprofileUtil .buildCertificatePolicies(extConf); org.bouncycastle.asn1.x509.CertificatePolicies value = X509CertUtil .createCertificatePolicies(policyInfos); this.certificatePolicies = new ExtensionValue(extensionControls.get(type).isCritical(), value); } } // Policy Mappings type = Extension.policyMappings; if (extensionControls.containsKey(type)) { PolicyMappings extConf = (PolicyMappings) getExtensionValue(type, extensionsType, PolicyMappings.class); if (extConf != null) { org.bouncycastle.asn1.x509.PolicyMappings value = XmlX509CertprofileUtil .buildPolicyMappings(extConf); this.policyMappings = new ExtensionValue(extensionControls.get(type).isCritical(), value); } } // Name Constrains type = Extension.nameConstraints; if (extensionControls.containsKey(type)) { NameConstraints extConf = (NameConstraints) getExtensionValue(type, extensionsType, NameConstraints.class); if (extConf != null) { org.bouncycastle.asn1.x509.NameConstraints value = XmlX509CertprofileUtil .buildNameConstrains(extConf); this.nameConstraints = new ExtensionValue(extensionControls.get(type).isCritical(), value); } } // Policy Constraints type = Extension.policyConstraints; if (extensionControls.containsKey(type)) { PolicyConstraints extConf = (PolicyConstraints) getExtensionValue(type, extensionsType, PolicyConstraints.class); if (extConf != null) { ASN1Sequence value = XmlX509CertprofileUtil.buildPolicyConstrains(extConf); this.policyConstraints = new ExtensionValue(extensionControls.get(type).isCritical(), value); } } // Inhibit anyPolicy type = Extension.inhibitAnyPolicy; if (extensionControls.containsKey(type)) { InhibitAnyPolicy extConf = (InhibitAnyPolicy) getExtensionValue(type, extensionsType, InhibitAnyPolicy.class); if (extConf != null) { int skipCerts = extConf.getSkipCerts(); if (skipCerts < 0) { throw new CertprofileException( "negative inhibitAnyPolicy.skipCerts is not allowed: " + skipCerts); } ASN1Integer value = new ASN1Integer(BigInteger.valueOf(skipCerts)); this.inhibitAnyPolicy = new ExtensionValue(extensionControls.get(type).isCritical(), value); } } // admission type = ObjectIdentifiers.id_extension_admission; if (extensionControls.containsKey(type)) { Admission extConf = (Admission) getExtensionValue(type, extensionsType, Admission.class); if (extConf != null) { List<ASN1ObjectIdentifier> professionOIDs; List<String> professionItems; List<String> items = type == null ? null : extConf.getProfessionItem(); professionItems = CollectionUtil.unmodifiableList(items, true, true); List<OidWithDescType> oidWithDescs = (type == null) ? null : extConf.getProfessionOid(); professionOIDs = XmlX509CertprofileUtil.toOIDList(oidWithDescs); this.admission = createAdmission(extensionControls.get(type).isCritical(), professionOIDs, professionItems, extConf.getRegistrationNumber(), extConf.getAddProfessionInfo()); } } // SubjectAltNameMode type = Extension.subjectAlternativeName; if (extensionControls.containsKey(type)) { SubjectAltName extConf = (SubjectAltName) getExtensionValue(type, extensionsType, SubjectAltName.class); if (extConf != null) { this.allowedSubjectAltNameModes = XmlX509CertprofileUtil.buildGeneralNameMode(extConf); } } // SubjectInfoAccess type = Extension.subjectInfoAccess; if (extensionControls.containsKey(type)) { SubjectInfoAccess extConf = (SubjectInfoAccess) getExtensionValue(type, extensionsType, SubjectInfoAccess.class); if (extConf != null) { List<Access> list = extConf.getAccess(); this.allowedSubjectInfoAccessModes = new HashMap<>(); for (Access entry : list) { this.allowedSubjectInfoAccessModes.put( new ASN1ObjectIdentifier(entry.getAccessMethod().getValue()), XmlX509CertprofileUtil.buildGeneralNameMode(entry.getAccessLocation())); } } } // constant extensions this.constantExtensions = XmlX509CertprofileUtil.buildConstantExtesions(extensionsType); }
From source file:org.xipki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
@Override public SubjectInfo getSubject(final X500Name requestedSubject) throws CertprofileException, BadCertTemplateException { verifySubjectDNOccurence(requestedSubject); checkSubjectContent(requestedSubject); RDN[] requstedRDNs = requestedSubject.getRDNs(); Set<RDNControl> occurences = getSubjectDNControls(); List<RDN> rdns = new LinkedList<>(); List<ASN1ObjectIdentifier> types = backwardsSubject() ? ObjectIdentifiers.getBackwardDNs() : ObjectIdentifiers.getForwardDNs(); for (ASN1ObjectIdentifier type : types) { if (Extension.subjectAlternativeName.equals(type) || Extension.subjectInfoAccess.equals(type)) { continue; }//from w w w .j av a 2 s . c o m RDNControl control = null; if (occurences != null) { control = getRDNControl(occurences, type); if (control == null || control.getMaxOccurs() < 1) { continue; } } RDN[] thisRDNs = getRDNs(requstedRDNs, type); int n = thisRDNs == null ? 0 : thisRDNs.length; if (n == 0) { continue; } if (n == 1) { String value = X509Util.rdnValueToString(thisRDNs[0].getFirst().getValue()); rdns.add(createSubjectRDN(value, type, control, 0)); } else { String[] values = new String[n]; for (int i = 0; i < n; i++) { values[i] = X509Util.rdnValueToString(thisRDNs[i].getFirst().getValue()); } values = sortRDNs(type, values); int i = 0; for (String value : values) { rdns.add(createSubjectRDN(value, type, control, i++)); } } } X500Name grantedSubject = new X500Name(rdns.toArray(new RDN[0])); return new SubjectInfo(grantedSubject, null); }
From source file:org.xipki.ca.client.shell.EnrollCertCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { EnrollCertRequestType request = new EnrollCertRequestType(EnrollCertRequestType.Type.CERT_REQ); CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder(); ConcurrentContentSigner signer = getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain)); X509CertificateHolder ssCert = signer.getCertificateAsBCObject(); X500Name x500Subject = subject == null ? ssCert.getSubject() : new X500Name(subject); certTemplateBuilder.setSubject(x500Subject); certTemplateBuilder.setPublicKey(ssCert.getSubjectPublicKeyInfo()); if (needExtensionTypes == null) { needExtensionTypes = new LinkedList<>(); }//from ww w. ja va 2 s . co m // SubjectAltNames List<Extension> extensions = new LinkedList<>(); if (isNotEmpty(subjectAltNames)) { extensions.add(P10RequestGenerator.createExtensionSubjectAltName(subjectAltNames, false)); needExtensionTypes.add(Extension.subjectAlternativeName.getId()); } // SubjectInfoAccess if (isNotEmpty(subjectInfoAccesses)) { extensions.add(P10RequestGenerator.createExtensionSubjectInfoAccess(subjectInfoAccesses, false)); needExtensionTypes.add(Extension.subjectInfoAccess.getId()); } // Keyusage if (isNotEmpty(keyusages)) { Set<KeyUsage> usages = new HashSet<>(); for (String usage : keyusages) { usages.add(KeyUsage.getKeyUsage(usage)); } org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages); ASN1ObjectIdentifier extType = Extension.keyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // ExtendedKeyusage if (isNotEmpty(extkeyusages)) { Set<ASN1ObjectIdentifier> oids = new HashSet<>(SecurityUtil.textToASN1ObjectIdentifers(extkeyusages)); ExtendedKeyUsage extValue = X509Util.createExtendedUsage(oids); ASN1ObjectIdentifier extType = Extension.extendedKeyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) { ExtensionExistence ee = new ExtensionExistence( SecurityUtil.textToASN1ObjectIdentifers(needExtensionTypes), SecurityUtil.textToASN1ObjectIdentifers(wantExtensionTypes)); extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded())); } if (isNotEmpty(extensions)) { Extensions asn1Extensions = new Extensions(extensions.toArray(new Extension[0])); certTemplateBuilder.setExtensions(asn1Extensions); } CertRequest certReq = new CertRequest(1, certTemplateBuilder.build(), null); ProofOfPossessionSigningKeyBuilder popoBuilder = new ProofOfPossessionSigningKeyBuilder(certReq); ContentSigner contentSigner = signer.borrowContentSigner(); POPOSigningKey popoSk; try { popoSk = popoBuilder.build(contentSigner); } finally { signer.returnContentSigner(contentSigner); } ProofOfPossession popo = new ProofOfPossession(popoSk); EnrollCertRequestEntryType reqEntry = new EnrollCertRequestEntryType("id-1", profile, certReq, popo); request.addRequestEntry(reqEntry); RequestResponseDebug debug = getRequestResponseDebug(); EnrollCertResult result; try { result = caClient.requestCerts(request, caName, user, debug); } finally { saveRequestResponse(debug); } X509Certificate cert = null; if (result != null) { String id = result.getAllIds().iterator().next(); CertOrError certOrError = result.getCertificateOrError(id); cert = (X509Certificate) certOrError.getCertificate(); } if (cert == null) { throw new CmdFailure("no certificate received from the server"); } File certFile = new File(outputFile); saveVerbose("saved certificate to file", certFile, cert.getEncoded()); return null; }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
public X509CertprofileQAImpl(final byte[] dataBytes) throws CertprofileException { try {/*from w w w.ja va2 s .co m*/ X509ProfileType conf = XmlX509CertprofileUtil.parse(new ByteArrayInputStream(dataBytes)); this.version = X509CertVersion.getInstance(conf.getVersion()); if (this.version == null) { throw new CertprofileException("invalid version " + conf.getVersion()); } if (conf.getSignatureAlgorithms() != null) { this.signatureAlgorithms = new HashSet<>(); for (String algo : conf.getSignatureAlgorithms().getAlgorithm()) { String c14nAlgo; try { c14nAlgo = AlgorithmUtil.canonicalizeSignatureAlgo(algo); } catch (NoSuchAlgorithmException e) { throw new CertprofileException(e.getMessage(), e); } this.signatureAlgorithms.add(c14nAlgo); } } this.validity = CertValidity.getInstance(conf.getValidity()); this.ca = conf.isCa(); this.notBeforeMidnight = "midnight".equalsIgnoreCase(conf.getNotBeforeTime()); this.specialBehavior = conf.getSpecialBehavior(); if (this.specialBehavior != null && "gematik_gSMC_K".equalsIgnoreCase(this.specialBehavior) == false) { throw new CertprofileException("unknown special bahavior " + this.specialBehavior); } // KeyAlgorithms if (conf.getKeyAlgorithms() != null) { this.keyAlgorithms = XmlX509CertprofileUtil.buildKeyAlgorithms(conf.getKeyAlgorithms()); } // Subject if (conf.getSubject() != null) { Subject subject = conf.getSubject(); this.subjectDNControls = new HashSet<RDNControl>(); this.subjectDNOptions = new HashMap<>(); for (RdnType t : subject.getRdn()) { DirectoryStringType directoryStringEnum = XmlX509CertprofileUtil .convertDirectoryStringType(t.getDirectoryStringType()); ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(t.getType().getValue()); RDNControl occ = new RDNControl(type, getInt(t.getMinOccurs(), 1), getInt(t.getMaxOccurs(), 1), directoryStringEnum); this.subjectDNControls.add(occ); List<Pattern> patterns = null; if (CollectionUtil.isNotEmpty(t.getRegex())) { patterns = new LinkedList<>(); for (String regex : t.getRegex()) { Pattern pattern = Pattern.compile(regex); patterns.add(pattern); } } SubjectDNOption option = new SubjectDNOption(t.getPrefix(), t.getSuffix(), patterns, t.getMinLen(), t.getMaxLen()); this.subjectDNOptions.put(type, option); } } // Extensions ExtensionsType extensionsType = conf.getExtensions(); // Extension controls this.extensionControls = XmlX509CertprofileUtil.buildExtensionControls(extensionsType); // BasicConstrains ASN1ObjectIdentifier type = Extension.basicConstraints; if (extensionControls.containsKey(type)) { org.xipki.ca.certprofile.x509.jaxb.BasicConstraints extConf = (org.xipki.ca.certprofile.x509.jaxb.BasicConstraints) getExtensionValue( type, extensionsType); if (extConf != null) { this.pathLen = extConf.getPathLen(); } } // Extension KeyUsage type = Extension.keyUsage; if (extensionControls.containsKey(type)) { org.xipki.ca.certprofile.x509.jaxb.KeyUsage extConf = (org.xipki.ca.certprofile.x509.jaxb.KeyUsage) getExtensionValue( type, extensionsType); if (extConf != null) { this.keyusages = XmlX509CertprofileUtil.buildKeyUsageOptions(extConf); } } // ExtendedKeyUsage type = Extension.extendedKeyUsage; if (extensionControls.containsKey(type)) { ExtendedKeyUsage extConf = (ExtendedKeyUsage) getExtensionValue(type, extensionsType); if (extConf != null) { this.extendedKeyusages = XmlX509CertprofileUtil.buildExtKeyUsageOptions(extConf); } } // AuthorityKeyIdentifier type = Extension.authorityKeyIdentifier; if (extensionControls.containsKey(type)) { org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier extConf = (org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier) getExtensionValue( type, extensionsType); if (extConf != null) { this.includeIssuerAndSerialInAKI = extConf.isIncludeIssuerAndSerial(); } } // Certificate Policies type = Extension.certificatePolicies; if (extensionControls.containsKey(type)) { org.xipki.ca.certprofile.x509.jaxb.CertificatePolicies extConf = (org.xipki.ca.certprofile.x509.jaxb.CertificatePolicies) getExtensionValue( type, extensionsType); if (extConf != null) { this.certificatePolicies = new QaCertificatePolicies(extConf); } } // Policy Mappings type = Extension.policyMappings; if (extensionControls.containsKey(type)) { PolicyMappings extConf = (PolicyMappings) getExtensionValue(type, extensionsType); if (extConf != null) { this.policyMappings = new QaPolicyMappingsOption(extConf); } } // Name Constrains // Name Constrains type = Extension.nameConstraints; if (extensionControls.containsKey(type)) { org.xipki.ca.certprofile.x509.jaxb.NameConstraints extConf = (org.xipki.ca.certprofile.x509.jaxb.NameConstraints) getExtensionValue( type, extensionsType); if (extConf != null) { this.nameConstraints = new QaNameConstraints(extConf); } } // Policy Constraints type = Extension.policyConstraints; if (extensionControls.containsKey(type)) { PolicyConstraints extConf = (PolicyConstraints) getExtensionValue(type, extensionsType); if (extConf != null) { this.policyConstraints = new QaPolicyConstraints(extConf); } } // Inhibit anyPolicy type = Extension.inhibitAnyPolicy; if (extensionControls.containsKey(type)) { InhibitAnyPolicy extConf = (InhibitAnyPolicy) getExtensionValue(type, extensionsType); if (extConf != null) { this.inhibitAnyPolicy = new QaInhibitAnyPolicy(extConf); } } // admission type = ObjectIdentifiers.id_extension_admission; if (extensionControls.containsKey(type)) { Admission extConf = (Admission) getExtensionValue(type, extensionsType); if (extConf != null) { this.admission = new QaAdmission(extConf); } } // SubjectAltNameMode type = Extension.subjectAlternativeName; if (extensionControls.containsKey(type)) { SubjectAltName extConf = (SubjectAltName) getExtensionValue(type, extensionsType); if (extConf != null) { this.allowedSubjectAltNameModes = XmlX509CertprofileUtil.buildGeneralNameMode(extConf); } } // SubjectInfoAccess type = Extension.subjectInfoAccess; if (extensionControls.containsKey(type)) { SubjectInfoAccess extConf = (SubjectInfoAccess) getExtensionValue(type, extensionsType); if (extConf != null) { List<Access> list = extConf.getAccess(); this.allowedSubjectInfoAccessModes = new HashMap<>(); for (Access entry : list) { this.allowedSubjectInfoAccessModes.put( new ASN1ObjectIdentifier(entry.getAccessMethod().getValue()), XmlX509CertprofileUtil.buildGeneralNameMode(entry.getAccessLocation())); } } } // constant extensions this.constantExtensions = buildConstantExtesions(extensionsType); } catch (RuntimeException e) { final String message = "RuntimeException"; if (LOG.isErrorEnabled()) { LOG.error(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage()); } LOG.debug(message, e); throw new CertprofileException( "RuntimeException thrown while initializing certprofile: " + e.getMessage()); } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private List<ValidationIssue> checkExtensions(final Certificate bcCert, final X509Certificate cert, final X509IssuerInfo issuerInfo, final Extensions requestExtensions) { List<ValidationIssue> result = new LinkedList<>(); // detect the list of extension types in certificate Set<ASN1ObjectIdentifier> presentExtenionTypes = getExensionTypes(bcCert, issuerInfo, requestExtensions); Extensions extensions = bcCert.getTBSCertificate().getExtensions(); ASN1ObjectIdentifier[] oids = extensions.getExtensionOIDs(); if (oids == null) { ValidationIssue issue = new ValidationIssue("X509.EXT.GEN", "extension general"); result.add(issue);//from ww w. j av a 2 s.co m issue.setFailureMessage("no extension is present"); return result; } List<ASN1ObjectIdentifier> certExtTypes = Arrays.asList(oids); for (ASN1ObjectIdentifier extType : presentExtenionTypes) { if (certExtTypes.contains(extType) == false) { ValidationIssue issue = createExtensionIssue(extType); result.add(issue); issue.setFailureMessage("extension is absent but is required"); } } for (ASN1ObjectIdentifier oid : certExtTypes) { ValidationIssue issue = createExtensionIssue(oid); result.add(issue); if (presentExtenionTypes.contains(oid) == false) { issue.setFailureMessage("extension is present but is not permitted"); continue; } Extension ext = extensions.getExtension(oid); StringBuilder failureMsg = new StringBuilder(); ExtensionControl extControl = extensionControls.get(oid); if (extControl.isCritical() != ext.isCritical()) { failureMsg.append( "critical is '" + ext.isCritical() + "' but expected '" + extControl.isCritical() + "'"); failureMsg.append("; "); } byte[] extensionValue = ext.getExtnValue().getOctets(); try { if (Extension.authorityKeyIdentifier.equals(oid)) { // AuthorityKeyIdentifier checkExtensionIssuerKeyIdentifier(failureMsg, extensionValue, issuerInfo); } else if (Extension.subjectKeyIdentifier.equals(oid)) { // SubjectKeyIdentifier checkExtensionSubjectKeyIdentifier(failureMsg, extensionValue, bcCert.getSubjectPublicKeyInfo()); } else if (Extension.keyUsage.equals(oid)) { // KeyUsage checkExtensionKeyUsage(failureMsg, extensionValue, cert.getKeyUsage(), requestExtensions, extControl); } else if (Extension.certificatePolicies.equals(oid)) { // CertificatePolicies checkExtensionCertificatePolicies(failureMsg, extensionValue, requestExtensions, extControl); } else if (Extension.policyMappings.equals(oid)) { // Policy Mappings checkExtensionPolicyMappings(failureMsg, extensionValue, requestExtensions, extControl); } else if (Extension.subjectAlternativeName.equals(oid)) { // SubjectAltName checkExtensionSubjectAltName(failureMsg, extensionValue, requestExtensions, extControl); } else if (Extension.issuerAlternativeName.equals(oid)) { // IssuerAltName checkExtensionIssuerAltNames(failureMsg, extensionValue, issuerInfo); } else if (Extension.basicConstraints.equals(oid)) { // Basic Constraints checkExtensionBasicConstraints(failureMsg, extensionValue); } else if (Extension.nameConstraints.equals(oid)) { // Name Constraints checkExtensionNameConstraints(failureMsg, extensionValue, extensions, extControl); } else if (Extension.policyConstraints.equals(oid)) { // PolicyConstrains checkExtensionPolicyConstraints(failureMsg, extensionValue, requestExtensions, extControl); } else if (Extension.extendedKeyUsage.equals(oid)) { // ExtendedKeyUsage checkExtensionExtendedKeyUsage(failureMsg, extensionValue, requestExtensions, extControl); } else if (Extension.cRLDistributionPoints.equals(oid)) { // CRL Distribution Points checkExtensionCrlDistributionPoints(failureMsg, extensionValue, issuerInfo); continue; } else if (Extension.inhibitAnyPolicy.equals(oid)) { // Inhibit anyPolicy checkExtensionInhibitAnyPolicy(failureMsg, extensionValue, extensions, extControl); } else if (Extension.freshestCRL.equals(oid)) { // Freshest CRL checkExtensionDeltaCrlDistributionPoints(failureMsg, extensionValue, issuerInfo); } else if (Extension.authorityInfoAccess.equals(oid)) { // Authority Information Access checkExtensionAuthorityInfoAccess(failureMsg, extensionValue, issuerInfo); } else if (Extension.subjectInfoAccess.equals(oid)) { // SubjectInfoAccess checkExtensionSubjectInfoAccess(failureMsg, extensionValue, requestExtensions, extControl); } else if (ObjectIdentifiers.id_extension_admission.equals(oid)) { // Admission checkExtensionAdmission(failureMsg, extensionValue, requestExtensions, extControl); } else if (ObjectIdentifiers.id_extension_pkix_ocsp_nocheck.equals(oid)) { // ocsp-nocheck checkExtensionOcspNocheck(failureMsg, extensionValue); } else { byte[] expected = getExpectedExtValue(oid, requestExtensions, extControl); if (Arrays.equals(expected, extensionValue) == false) { failureMsg.append("extension valus is '" + hex(extensionValue) + "' but expected '" + (expected == null ? "not present" : hex(expected)) + "'"); failureMsg.append("; "); } } if (failureMsg.length() > 0) { issue.setFailureMessage(failureMsg.toString()); } } catch (IllegalArgumentException | ClassCastException | ArrayIndexOutOfBoundsException e) { LOG.debug("extension value does not have correct syntax", e); issue.setFailureMessage("extension value does not have correct syntax"); } } return result; }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private Set<ASN1ObjectIdentifier> getExensionTypes(final Certificate cert, final X509IssuerInfo issuerInfo, final Extensions requestedExtensions) { Set<ASN1ObjectIdentifier> types = new HashSet<>(); // profile required extension types for (ASN1ObjectIdentifier oid : extensionControls.keySet()) { if (extensionControls.get(oid).isRequired()) { types.add(oid);//ww w.ja v a2 s . com } } Set<ASN1ObjectIdentifier> wantedExtensionTypes = new HashSet<>(); if (requestedExtensions != null) { Extension reqExtension = requestedExtensions .getExtension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions); if (reqExtension != null) { ExtensionExistence ee = ExtensionExistence.getInstance(reqExtension.getParsedValue()); types.addAll(ee.getNeedExtensions()); wantedExtensionTypes.addAll(ee.getWantExtensions()); } } if (CollectionUtil.isEmpty(wantedExtensionTypes)) { return types; } // wanted extension types // Authority key identifier ASN1ObjectIdentifier type = Extension.authorityKeyIdentifier; if (wantedExtensionTypes.contains(type)) { types.add(type); } // Subject key identifier type = Extension.subjectKeyIdentifier; if (wantedExtensionTypes.contains(type)) { types.add(type); } // KeyUsage type = Extension.keyUsage; if (wantedExtensionTypes.contains(type)) { boolean required = false; if (requestedExtensions.getExtension(type) != null) { required = true; } if (required == false) { Set<KeyUsageControl> requiredKeyusage = getKeyusage(true); if (CollectionUtil.isNotEmpty(requiredKeyusage)) { required = true; } } if (required) { types.add(type); } } // CertificatePolicies type = Extension.certificatePolicies; if (wantedExtensionTypes.contains(type)) { if (certificatePolicies != null) { types.add(type); } } // Policy Mappings type = Extension.policyMappings; if (wantedExtensionTypes.contains(type)) { if (policyMappings != null) { types.add(type); } } // SubjectAltNames type = Extension.subjectAlternativeName; if (wantedExtensionTypes.contains(type)) { if (requestedExtensions.getExtension(type) != null) { types.add(type); } } // IssuerAltName type = Extension.issuerAlternativeName; if (wantedExtensionTypes.contains(type)) { if (cert.getTBSCertificate().getExtensions().getExtension(Extension.subjectAlternativeName) != null) { types.add(type); } } // BasicConstraints type = Extension.basicConstraints; if (wantedExtensionTypes.contains(type)) { types.add(type); } // Name Constraints type = Extension.nameConstraints; if (wantedExtensionTypes.contains(type)) { if (nameConstraints != null) { types.add(type); } } // PolicyConstrains type = Extension.policyConstraints; if (wantedExtensionTypes.contains(type)) { if (policyConstraints != null) { types.add(type); } } // ExtendedKeyUsage type = Extension.extendedKeyUsage; if (wantedExtensionTypes.contains(type)) { boolean required = false; if (requestedExtensions.getExtension(type) != null) { required = true; } if (required == false) { Set<ExtKeyUsageControl> requiredExtKeyusage = getExtKeyusage(true); if (CollectionUtil.isNotEmpty(requiredExtKeyusage)) { required = true; } } if (required) { types.add(type); } } // CRLDistributionPoints type = Extension.cRLDistributionPoints; if (wantedExtensionTypes.contains(type)) { if (issuerInfo.getCrlURLs() != null) { types.add(type); } } // Inhibit anyPolicy type = Extension.inhibitAnyPolicy; if (wantedExtensionTypes.contains(type)) { if (inhibitAnyPolicy != null) { types.add(type); } } // FreshestCRL type = Extension.freshestCRL; if (wantedExtensionTypes.contains(type)) { if (issuerInfo.getDeltaCrlURLs() != null) { types.add(type); } } // AuthorityInfoAccess type = Extension.authorityInfoAccess; if (wantedExtensionTypes.contains(type)) { if (issuerInfo.getOcspURLs() != null) { types.add(type); } } // SubjectInfoAccess type = Extension.subjectInfoAccess; if (wantedExtensionTypes.contains(type)) { if (requestedExtensions.getExtension(type) != null) { types.add(type); } } // Admission type = ObjectIdentifiers.id_extension_admission; if (wantedExtensionTypes.contains(type)) { if (admission != null) { types.add(type); } } // ocsp-nocheck type = ObjectIdentifiers.id_extension_pkix_ocsp_nocheck; if (wantedExtensionTypes.contains(type)) { types.add(type); } wantedExtensionTypes.removeAll(types); for (ASN1ObjectIdentifier oid : wantedExtensionTypes) { if (requestedExtensions.getExtension(oid) != null) { if (constantExtensions.containsKey(oid)) { types.add(oid); } } } return types; }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionSubjectInfoAccess(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestExtensions, final ExtensionControl extControl) { if (allowedSubjectInfoAccessModes == null) { byte[] expected = getExpectedExtValue(Extension.subjectAlternativeName, requestExtensions, extControl); if (Arrays.equals(expected, extensionValue) == false) { failureMsg.append("extension valus is '").append(hex(extensionValue)); failureMsg.append("' but expected '").append(expected == null ? "not present" : hex(expected)) .append("'"); failureMsg.append("; "); }//from ww w .ja v a2 s .c om return; } ASN1Encodable requestExtValue = null; if (requestExtensions != null) { requestExtValue = requestExtensions.getExtensionParsedValue(Extension.subjectInfoAccess); } if (requestExtValue == null) { failureMsg.append("extension is present but not expected"); failureMsg.append("; "); return; } ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue); ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue); int n = requestSeq.size(); if (certSeq.size() != n) { failureMsg.append("size of GeneralNames is '").append(certSeq.size()); failureMsg.append("' but expected '").append(n).append("'"); failureMsg.append("; "); return; } for (int i = 0; i < n; i++) { AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); Set<GeneralNameMode> generalNameModes; if (accessMethod == null) { generalNameModes = allowedSubjectInfoAccessModes.get(X509Certprofile.OID_ZERO); } else { generalNameModes = allowedSubjectInfoAccessModes.get(accessMethod); } if (generalNameModes == null) { failureMsg.append("accessMethod in requestExtension "); failureMsg.append(accessMethod == null ? "NULL" : accessMethod.getId()); failureMsg.append(" is not allowed"); failureMsg.append("; "); continue; } AccessDescription certAccessDesc = AccessDescription.getInstance(certSeq.getObjectAt(i)); ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod(); boolean b; if (accessMethod == null) { b = certAccessDesc == null; } else { b = accessMethod.equals(certAccessMethod); } if (b == false) { failureMsg.append("accessMethod is '") .append(certAccessMethod == null ? "null" : certAccessMethod.getId()); failureMsg.append("' but expected '").append(accessMethod == null ? "null" : accessMethod.getId()); failureMsg.append("; "); continue; } GeneralName accessLocation; try { accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes); } catch (BadCertTemplateException e) { failureMsg.append("invalid requestExtension: " + e.getMessage()); failureMsg.append("; "); continue; } GeneralName certAccessLocation = certAccessDesc.getAccessLocation(); if (certAccessLocation.equals(accessLocation) == false) { failureMsg.append("accessLocation does not match the requested one"); failureMsg.append("; "); } } }