Example usage for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier

List of usage examples for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. GeneralName
  6. uniformResourceIdentifier

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier.

Prototype

int uniformResourceIdentifier

To view the source code for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier.

Click Source Link

Usage

From source file:org.wso2.carbon.identity.certificateauthority.CAAdminService.java

License:Open Source License

protected X509Certificate signCSR(String serialNo, PKCS10CertificationRequest request, int validity,
        PrivateKey privateKey, X509Certificate caCert) throws CaException {
    try {//from  w w  w . ja v a 2  s. c o  m

        Date issuedDate = new Date();
        Date expiryDate = new Date(System.currentTimeMillis() + validity * MILLIS_PER_DAY);
        JcaPKCS10CertificationRequest jcaRequest = new JcaPKCS10CertificationRequest(request);
        X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(caCert,
                new BigInteger(serialNo), issuedDate, expiryDate, jcaRequest.getSubject(),
                jcaRequest.getPublicKey());
        JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
        certificateBuilder
                .addExtension(Extension.authorityKeyIdentifier, false,
                        extUtils.createAuthorityKeyIdentifier(caCert))
                .addExtension(Extension.subjectKeyIdentifier, false,
                        extUtils.createSubjectKeyIdentifier(jcaRequest.getPublicKey()))
                .addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
                .addExtension(Extension.keyUsage, true,
                        new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment))
                .addExtension(Extension.extendedKeyUsage, true,
                        new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
        ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
        //todo add ocsp extension
        int tenantID = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        DistributionPointName crlEp = new DistributionPointName(new GeneralNames(new GeneralName(
                GeneralName.uniformResourceIdentifier, CAUtils.getServerURL() + "/ca/crl/" + tenantID)));
        DistributionPoint disPoint = new DistributionPoint(crlEp, null, null);
        certificateBuilder.addExtension(Extension.cRLDistributionPoints, false,
                new CRLDistPoint(new DistributionPoint[] { disPoint }));
        AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(
                GeneralName.uniformResourceIdentifier, CAUtils.getServerURL() + "/ca/ocsp/" + tenantID));
        ASN1EncodableVector authInfoAccessASN = new ASN1EncodableVector();
        authInfoAccessASN.add(ocsp);
        certificateBuilder.addExtension(Extension.authorityInfoAccess, false,
                new DERSequence(authInfoAccessASN));
        return new JcaX509CertificateConverter().setProvider("BC")
                .getCertificate(certificateBuilder.build(signer));

        //            AccessDescription ocsp = new AccessDescription(ID_AD_OCSP,
        //                    new GeneralName(GeneralName.uniformResourceIdentifier,
        //                            new DERIA5String(CAUtils.getServerURL()+"/ca/ocsp/" + tenantID))
        //            );
        //
        //            ASN1EncodableVector authInfoAccessASN = new ASN1EncodableVector();
        //            authInfoAccessASN.add(ocsp);
        //
        //            certGen.addExtension(X509Extensions.AuthorityInfoAccess, false, new DERSequence(authInfoAccessASN));
        //
        //            DistributionPointName crlEP = new DistributionPointName(DNP_TYPE, new GeneralNames(
        //                    new GeneralName(GeneralName.uniformResourceIdentifier, CAUtils.getServerURL()+"/ca/crl/" + tenantID)));
        //
        //            DistributionPoint[] distPoints = new DistributionPoint[1];
        //            distPoints[0] = new DistributionPoint(crlEP, null, null);
        //
        //            certGen.addExtension(X509Extensions.CRLDistributionPoints, false, new CRLDistPoint(distPoints));
        //
        //            ASN1Set attributes = request.getCertificationRequestInfo().getAttributes();
        //            for (int i = 0; i != attributes.size(); i++) {
        //                Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));
        //
        //                if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
        //                    X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0));
        //
        //                    Enumeration e = extensions.oids();
        //                    while (e.hasMoreElements()) {
        //                        DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
        //                        X509Extension ext = extensions.getExtension(oid);
        //
        //                        certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
        //                    }
        //                }
        //            }
        //            X509Certificate issuedCert = certGen.generateX509Certificate(privateKey);
        //            return issuedCert;
    } catch (Exception e) {
        throw new CaException("Error in signing the certificate", e);
    }
}

From source file:org.xdi.oxauth.cert.validation.CRLCertificateVerifier.java

License:MIT License

public String getCrlUri(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;// ww  w.j  a va2 s  . com
    try {
        obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
    } catch (IOException ex) {
        log.error("Failed to get CRL URL", ex);
        return null;
    }

    if (obj == null) {
        return null;
    }

    CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);

    DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
        if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
            continue;
        }

        GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
        GeneralName[] names = generalNames.getNames();
        for (GeneralName name : names) {
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                continue;
            }

            DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
            return derStr.getString();
        }
    }

    return null;
}

From source file:org.xdi.oxauth.cert.validation.OCSPCertificateVerifier.java

License:MIT License

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;//from  w  w w .ja v  a  2  s.com
    try {
        obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
    } catch (IOException ex) {
        log.error("Failed to get OCSP URL", ex);
        return null;
    }

    if (obj == null) {
        return null;
    }

    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);

    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        boolean correctAccessMethod = accessDescription.getAccessMethod()
                .equals(X509ObjectIdentifiers.ocspAccessMethod);
        if (!correctAccessMethod) {
            continue;
        }

        GeneralName name = accessDescription.getAccessLocation();
        if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
            continue;
        }

        DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
        return derStr.getString();
    }

    return null;

}

From source file:org.xipki.ca.api.profile.x509.X509CertUtil.java

License:Open Source License

public static AuthorityInformationAccess createAuthorityInformationAccess(final List<String> caIssuerUris,
        final List<String> ocspUris) {
    if (CollectionUtil.isEmpty(ocspUris) && CollectionUtil.isEmpty(ocspUris)) {
        return null;
    }//w w  w  . j  a  v a2s  . c  om

    List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size());

    if (CollectionUtil.isNotEmpty(caIssuerUris)) {
        for (String uri : caIssuerUris) {
            GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
            accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn));
        }
    }

    if (CollectionUtil.isNotEmpty(ocspUris)) {
        for (String uri : ocspUris) {
            GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
            accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn));
        }
    }

    DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0]));
    return AuthorityInformationAccess.getInstance(seq);
}

From source file:org.xipki.ca.api.profile.x509.X509CertUtil.java

License:Open Source License

public static CRLDistPoint createCRLDistributionPoints(final List<String> crlUris, final X500Name caSubject,
        final X500Name crlSignerSubject) throws IOException, CertprofileException {
    if (CollectionUtil.isEmpty(crlUris)) {
        return null;
    }/* w w  w.  j a v a 2 s .co  m*/

    int n = crlUris.size();
    DistributionPoint[] points = new DistributionPoint[1];

    GeneralName[] names = new GeneralName[n];
    for (int i = 0; i < n; i++) {
        names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i));
    }
    // Distribution Point
    GeneralNames gns = new GeneralNames(names);
    DistributionPointName pointName = new DistributionPointName(gns);

    GeneralNames crlIssuer = null;
    if (crlSignerSubject != null && crlSignerSubject.equals(caSubject) == false) {
        GeneralName crlIssuerName = new GeneralName(crlSignerSubject);
        crlIssuer = new GeneralNames(crlIssuerName);
    }

    points[0] = new DistributionPoint(pointName, null, crlIssuer);

    return new CRLDistPoint(points);
}

From source file:org.xipki.ca.certprofile.XmlX509CertprofileUtil.java

License:Open Source License

private static GeneralSubtree buildGeneralSubtree(final GeneralSubtreeBaseType type)
        throws CertprofileException {
    GeneralName base = null;//from  w w  w .  j  a  va 2s .  c  o m
    if (type.getDirectoryName() != null) {
        base = new GeneralName(X509Util.reverse(new X500Name(type.getDirectoryName())));
    } else if (type.getDNSName() != null) {
        base = new GeneralName(GeneralName.dNSName, type.getDNSName());
    } else if (type.getIpAddress() != null) {
        base = new GeneralName(GeneralName.iPAddress, type.getIpAddress());
    } else if (type.getRfc822Name() != null) {
        base = new GeneralName(GeneralName.rfc822Name, type.getRfc822Name());
    } else if (type.getUri() != null) {
        base = new GeneralName(GeneralName.uniformResourceIdentifier, type.getUri());
    } else {
        throw new RuntimeException("should not reach here, unknown child of GeneralSubtreeBaseType");
    }

    Integer i = type.getMinimum();
    if (i != null && i < 0) {
        throw new CertprofileException("negative minimum is not allowed: " + i);
    }

    BigInteger minimum = (i == null) ? null : BigInteger.valueOf(i.intValue());

    i = type.getMaximum();
    if (i != null && i < 0) {
        throw new CertprofileException("negative maximum is not allowed: " + i);
    }

    BigInteger maximum = (i == null) ? null : BigInteger.valueOf(i.intValue());

    return new GeneralSubtree(base, minimum, maximum);
}

From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java

License:Open Source License

private void checkExtensionNameConstraintsSubtrees(final StringBuilder failureMsg, final String description,
        final GeneralSubtree[] subtrees, final List<QaGeneralSubtree> expectedSubtrees) {
    int iSize = subtrees == null ? 0 : subtrees.length;
    int eSize = expectedSubtrees == null ? 0 : expectedSubtrees.size();
    if (iSize != eSize) {
        failureMsg.append("size of " + description + " is '" + iSize + "' but expected '" + eSize + "'");
        failureMsg.append("; ");
        return;/*  w  ww.j ava  2 s.c  o  m*/
    }

    for (int i = 0; i < iSize; i++) {
        GeneralSubtree iSubtree = subtrees[i];
        QaGeneralSubtree eSubtree = expectedSubtrees.get(i);
        BigInteger bigInt = iSubtree.getMinimum();
        int iMinimum = bigInt == null ? 0 : bigInt.intValue();
        Integer _int = eSubtree.getMinimum();
        int eMinimum = _int == null ? 0 : _int.intValue();
        String desc = description + " [" + i + "]";
        if (iMinimum != eMinimum) {
            failureMsg.append("minimum of " + desc + " is '" + iMinimum + "' but expected '" + eMinimum + "'");
            failureMsg.append("; ");
        }

        bigInt = iSubtree.getMaximum();
        Integer iMaximum = bigInt == null ? null : bigInt.intValue();
        Integer eMaximum = eSubtree.getMaximum();
        if (iMaximum != eMaximum) {
            failureMsg.append("maxmum of " + desc + " is '" + iMaximum + "' but expected '" + eMaximum + "'");
            failureMsg.append("; ");
        }

        GeneralName iBase = iSubtree.getBase();

        GeneralName eBase;
        if (eSubtree.getDirectoryName() != null) {
            eBase = new GeneralName(X509Util.reverse(new X500Name(eSubtree.getDirectoryName())));
        } else if (eSubtree.getDNSName() != null) {
            eBase = new GeneralName(GeneralName.dNSName, eSubtree.getDNSName());
        } else if (eSubtree.getIpAddress() != null) {
            eBase = new GeneralName(GeneralName.iPAddress, eSubtree.getIpAddress());
        } else if (eSubtree.getRfc822Name() != null) {
            eBase = new GeneralName(GeneralName.rfc822Name, eSubtree.getRfc822Name());
        } else if (eSubtree.getUri() != null) {
            eBase = new GeneralName(GeneralName.uniformResourceIdentifier, eSubtree.getUri());
        } else {
            throw new RuntimeException("should not reach here, unknown child of GeneralName");
        }

        if (iBase.equals(eBase) == false) {
            failureMsg.append("base of " + desc + " is '" + iBase + "' but expected '" + eBase + "'");
            failureMsg.append("; ");
        }
    }
}

From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java

License:Open Source License

private static void checkAIA(final StringBuilder failureMsg, final AuthorityInformationAccess aia,
        final ASN1ObjectIdentifier accessMethod, final Set<String> expectedUris) {
    String typeDesc;//w  ww  .ja  v a 2  s .c om
    if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) {
        typeDesc = "OCSP";
    } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) {
        typeDesc = "caIssuer";
    } else {
        typeDesc = accessMethod.getId();
    }

    List<AccessDescription> iAccessDescriptions = new LinkedList<>();
    for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
        if (accessMethod.equals(accessDescription.getAccessMethod())) {
            iAccessDescriptions.add(accessDescription);
        }
    }

    int n = iAccessDescriptions.size();
    if (n != expectedUris.size()) {
        failureMsg.append("number of AIA " + typeDesc + " URIs is '").append(n);
        failureMsg.append("' but expected is '").append(expectedUris.size()).append("'");
        failureMsg.append("; ");
        return;
    }

    Set<String> iUris = new HashSet<>();
    for (int i = 0; i < n; i++) {
        GeneralName iAccessLocation = iAccessDescriptions.get(i).getAccessLocation();
        if (iAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) {
            failureMsg.append("tag of accessLocation of AIA " + typeDesc + " is '")
                    .append(iAccessLocation.getTagNo());
            failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier).append("'");
            failureMsg.append("; ");
        } else {
            String iOCSPUri = ((ASN1String) iAccessLocation.getName()).getString();
            iUris.add(iOCSPUri);
        }
    }

    Set<String> diffs = str_in_b_not_in_a(expectedUris, iUris);
    if (CollectionUtil.isNotEmpty(diffs)) {
        failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are present but not expected");
        failureMsg.append("; ");
    }

    diffs = str_in_b_not_in_a(iUris, expectedUris);
    if (CollectionUtil.isNotEmpty(diffs)) {
        failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are absent but are required");
        failureMsg.append("; ");
    }
}

From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java

License:Open Source License

private void checkExtensionCrlDistributionPoints(final StringBuilder failureMsg, final byte[] extensionValue,
        final X509IssuerInfo issuerInfo) {
    CRLDistPoint iCRLDistPoints = CRLDistPoint.getInstance(extensionValue);
    DistributionPoint[] iDistributionPoints = iCRLDistPoints.getDistributionPoints();
    int n = iDistributionPoints == null ? 0 : iDistributionPoints.length;
    if (n != 1) {
        failureMsg.append("size of CRLDistributionPoints is '").append(n).append("' but expected is '1'");
        failureMsg.append("; ");
        return;//w  ww.j av  a  2s. com
    }

    Set<String> iCrlURLs = new HashSet<>();
    for (DistributionPoint entry : iDistributionPoints) {
        int asn1Type = entry.getDistributionPoint().getType();
        if (asn1Type != DistributionPointName.FULL_NAME) {
            failureMsg.append("tag of DistributionPointName of CRLDistibutionPoints is '").append(asn1Type);
            failureMsg.append("' but expected is '").append(DistributionPointName.FULL_NAME).append("'");
            failureMsg.append("; ");
            continue;
        }

        GeneralNames iDistributionPointNames = (GeneralNames) entry.getDistributionPoint().getName();
        GeneralName[] names = iDistributionPointNames.getNames();

        for (int i = 0; i < names.length; i++) {
            GeneralName name = names[i];
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                failureMsg.append("tag of CRL URL is '").append(name.getTagNo());
                failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier)
                        .append("'");
                failureMsg.append("; ");
            } else {
                String uri = ((ASN1String) name.getName()).getString();
                iCrlURLs.add(uri);
            }
        }

        Set<String> eCRLUrls = issuerInfo.getCrlURLs();
        Set<String> diffs = str_in_b_not_in_a(eCRLUrls, iCrlURLs);
        if (CollectionUtil.isNotEmpty(diffs)) {
            failureMsg.append("CRL URLs ").append(diffs.toString()).append(" are present but not expected");
            failureMsg.append("; ");
        }

        diffs = str_in_b_not_in_a(iCrlURLs, eCRLUrls);
        if (CollectionUtil.isNotEmpty(diffs)) {
            failureMsg.append("CRL URLs ").append(diffs.toString()).append(" are absent but are required");
            failureMsg.append("; ");
        }
    }
}

From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java

License:Open Source License

private void checkExtensionDeltaCrlDistributionPoints(final StringBuilder failureMsg,
        final byte[] extensionValue, final X509IssuerInfo issuerInfo) {
    CRLDistPoint iCRLDistPoints = CRLDistPoint.getInstance(extensionValue);
    DistributionPoint[] iDistributionPoints = iCRLDistPoints.getDistributionPoints();
    int n = iDistributionPoints == null ? 0 : iDistributionPoints.length;
    if (n != 1) {
        failureMsg.append("size of CRLDistributionPoints (deltaCRL) is '").append(n)
                .append("' but expected is '1'");
        failureMsg.append("; ");
        return;//from  w ww  .  j  a v a  2 s .  co  m
    }

    Set<String> iCrlURLs = new HashSet<>();
    for (DistributionPoint entry : iDistributionPoints) {
        int asn1Type = entry.getDistributionPoint().getType();
        if (asn1Type != DistributionPointName.FULL_NAME) {
            failureMsg.append("tag of DistributionPointName of CRLDistibutionPoints (deltaCRL) is '")
                    .append(asn1Type);
            failureMsg.append("' but expected is '").append(DistributionPointName.FULL_NAME).append("'");
            failureMsg.append("; ");
            continue;
        }

        GeneralNames iDistributionPointNames = (GeneralNames) entry.getDistributionPoint().getName();
        GeneralName[] names = iDistributionPointNames.getNames();

        for (int i = 0; i < names.length; i++) {
            GeneralName name = names[i];
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                failureMsg.append("tag of deltaCRL URL is '").append(name.getTagNo());
                failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier)
                        .append("'");
                failureMsg.append("; ");
            } else {
                String uri = ((ASN1String) name.getName()).getString();
                iCrlURLs.add(uri);
            }
        }

        Set<String> eCRLUrls = issuerInfo.getCrlURLs();
        Set<String> diffs = str_in_b_not_in_a(eCRLUrls, iCrlURLs);
        if (CollectionUtil.isNotEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs.toString())
                    .append(" are present but not expected");
            failureMsg.append("; ");
        }

        diffs = str_in_b_not_in_a(iCrlURLs, eCRLUrls);
        if (CollectionUtil.isNotEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs.toString()).append(" are absent but are required");
            failureMsg.append("; ");
        }
    }
}