List of usage examples for org.bouncycastle.asn1.x509 GeneralName getName
public ASN1Encodable getName()
From source file:be.fedict.eid.pkira.crypto.certificate.CertificateInfo.java
License:Open Source License
public List<String> getAlternativeNames() throws CryptoException { try {/*from w w w . ja v a 2s. co m*/ List<String> result = new ArrayList<String>(); byte[] extensionBytes = certificate.getExtensionValue(X509Extension.subjectAlternativeName.getId()); ASN1OctetString octs = (ASN1OctetString) ASN1Object.fromByteArray(extensionBytes); DERSequence extension = (DERSequence) ASN1Object.fromByteArray(octs.getOctets()); for (int i = 0; i < extension.size(); i++) { GeneralName name = GeneralName.getInstance(extension.getObjectAt(i)); if (name.getTagNo() == GeneralName.dNSName) { result.add(name.getName().toString()); } } return result; } catch (IOException e) { throw new CryptoException("Could not extract SAN value.", e); } }
From source file:be.fedict.eid.pkira.crypto.csr.CSRInfo.java
License:Open Source License
public List<String> getSubjectAlternativeNames() throws CryptoException { List<String> result = new ArrayList<String>(); ASN1Set attributes = certificationRequest.getCertificationRequestInfo().getAttributes(); for (DERSet extension : getElementsFromASN1Set(attributes, CSR_EXTENSION_ATTRIBUTE_ID, DERSet.class)) { for (DEROctetString extensionValue : getElementsFromASN1Set(extension, X509Extension.subjectAlternativeName, DEROctetString.class)) { try { ASN1Object bytes = ASN1Object.fromByteArray(extensionValue.getOctets()); GeneralNames names = GeneralNames.getInstance(bytes); for (GeneralName name : names.getNames()) { if (name.getTagNo() == GeneralName.dNSName) { String theName = name.getName().toString(); if (theName.indexOf('*') != -1) { throw new CryptoException( "Subject Alternative Names are not allowed to contain wildcards."); }/*www. j av a 2 s . c o m*/ result.add(theName); } else { throw new CryptoException( "Only Subject Alternative Name of type DNS is allowed in the CSR."); } } } catch (IOException e) { throw new CryptoException("Could not extract SAN value.", e); } } } return result; }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * //from w w w. ja va2 s .c om * @param certificate * the X509 certificate. * @return the CRL URI, or <code>null</code> if the extension is not * present. */ public static URI getCrlUri(X509Certificate certificate) { byte[] crlDistributionPointsValue = certificate.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (null == crlDistributionPointsValue) { return null; } ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue)) .readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String derStr = DERIA5String.getInstance(name.getName()); String str = derStr.getString(); if (false == str.startsWith("http")) { /* * skip ldap:// protocols */ LOG.debug("not HTTP/HTTPS: " + str); continue; } URI uri = toURI(str); return uri; } } return null; }
From source file:be.fedict.trust.ocsp.OcspTrustLinker.java
License:Open Source License
private URI getAccessLocation(X509Certificate certificate, ASN1ObjectIdentifier accessMethod) throws IOException, URISyntaxException { byte[] authInfoAccessExtensionValue = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }/*from www .j a v a 2 s. c o m*/ AuthorityInformationAccess authorityInformationAccess; DEROctetString oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)).readObject()); authorityInformationAccess = AuthorityInformationAccess .getInstance(new ASN1InputStream(oct.getOctets()).readObject()); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { LOG.debug("access method: " + accessDescription.getAccessMethod()); boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); LOG.debug("access location: " + accessLocation); URI uri = toURI(accessLocation); LOG.debug("access location URI: " + uri); return uri; } return null; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, ASN1Primitive aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier("1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); DERObjectIdentifier acessMethod = accessDescription.getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName);//from w ww . ja v a 2 s.c o m } } }
From source file:com.gsma.iariauth.validator.dsig.jre.BCCertificateInfo.java
License:Apache License
private void getSANData(X509Certificate x509Cert) throws IOException { byte[] bytes = x509Cert.getExtensionValue(SAN_OID); if (bytes != null) { ArrayList<String> cUriIdentities = new ArrayList<String>(); Enumeration<?> it = DERSequence.getInstance(fromExtensionValue(bytes)).getObjects(); while (it.hasMoreElements()) { GeneralName genName = GeneralName.getInstance(it.nextElement()); if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { cUriIdentities.add(((ASN1String) genName.getName()).getString()); }// ww w . ja v a2s . com } if (cUriIdentities.size() > 0) { uriIdentities = cUriIdentities.toArray(new String[cUriIdentities.size()]); } } }
From source file:com.viettel.hqmc.DAO.FilesDAO.java
private static List<String> getAIALocations(X509Certificate cert) throws Exception { //Gets the DER-encoded OCTET string for the extension value for Authority information access Points byte[] aiaExtensionValue = cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (aiaExtensionValue == null) { throw new Exception("Certificate doesn't have authority " + "information access points"); }/*from w w w . j a v a2 s.com*/ //might have to pass an ByteArrayInputStream(aiaExtensionValue) ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue); AuthorityInformationAccess authorityInformationAccess; try { DEROctetString aiaDEROctetString = (DEROctetString) (asn1In.readObject()); ASN1InputStream asn1InOctets = new ASN1InputStream(aiaDEROctetString.getOctets()); ASN1Sequence aiaASN1Sequence = (ASN1Sequence) asn1InOctets.readObject(); authorityInformationAccess = AuthorityInformationAccess.getInstance(aiaASN1Sequence); } catch (IOException ex) { LogUtil.addLog(ex);//binhnt sonar a160901 throw new Exception("Cannot read certificate to get OCSP URLs", ex); } List<String> ocspUrlList = new ArrayList<String>(); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); ocspUrlList.add(accessLocation); } } if (ocspUrlList.isEmpty()) { throw new Exception("Cant get OCSP urls from certificate"); } return ocspUrlList; }
From source file:com.yacme.ext.oxsit.cust_it.security.crl.X509CertRL.java
License:Open Source License
private static String decodeAGeneralName(GeneralName genName) throws IOException { switch (genName.getTagNo()) { //only URI are used here, the other protocols are ignored case GeneralName.uniformResourceIdentifier: return ((DERString) genName.getName()).getString(); case GeneralName.ediPartyName: case GeneralName.x400Address: case GeneralName.otherName: case GeneralName.directoryName: case GeneralName.dNSName: case GeneralName.rfc822Name: case GeneralName.registeredID: case GeneralName.iPAddress: break;/*from www .ja v a 2s . c o m*/ default: throw new IOException("Bad tag number: " + genName.getTagNo()); } return null; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static String extractX509CSREmail(PKCS10CertificationRequest certReq) { String rfc822 = null;/*from w ww.j a va2s. c o m*/ Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.rfc822Name) { rfc822 = (((DERIA5String) name.getName()).getString()); break; } } } } return rfc822; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) { List<String> dnsNames = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.dNSName) { dnsNames.add(((DERIA5String) name.getName()).getString()); }/*from w w w . j ava 2 s .co m*/ } } } return dnsNames; }