List of usage examples for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier
int uniformResourceIdentifier
To view the source code for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier.
Click Source Link
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * This utility method extracts the Authority Information Access Extention's URLs * // w w w. j a v a 2 s .c om * @param crl a CRL to parse * @return the Authority Information Access Extention's URLs, or an empty Collection if none were found */ public static Collection<String> getAuthorityInformationAccess(CRL crl) { Collection<String> result = new ArrayList<String>(); if (crl instanceof X509CRL) { X509CRL x509crl = (X509CRL) crl; ASN1Primitive derObject = getExtensionValue(x509crl, Extension.authorityInfoAccess.getId()); if (derObject != null) { AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(derObject); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); if ((accessDescriptions != null) && (accessDescriptions.length > 0)) { for (AccessDescription accessDescription : accessDescriptions) { if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)) { GeneralName generalName = accessDescription.getAccessLocation(); if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) { // Due to bug in java getting some ASN.1 objects, it can be tagged an extra time... ASN1Primitive obj = generalName.toASN1Primitive(); if (obj instanceof ASN1TaggedObject) { obj = ASN1TaggedObject.getInstance(obj).getObject(); } final DERIA5String deria5String = DERIA5String.getInstance(obj); result.add(deria5String.getString()); } } } } } } return result; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Returns OCSP URL that is inside AuthorityInformationAccess extension, or null. * /* w w w. java 2 s . c o m*/ * @param cert is the certificate to parse * @throws CertificateParsingException */ public static String getAuthorityInformationAccessOcspUrl(Certificate cert) throws CertificateParsingException { String ret = null; if (cert instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) cert; try { ASN1Primitive obj = getExtensionValue(x509cert, Extension.authorityInfoAccess.getId()); if (obj == null) { return null; } AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(obj); AccessDescription[] ad = aia.getAccessDescriptions(); if ((ad != null) && (ad.length > 0)) { for (int i = 0; i < ad.length; i++) { if (ad[i].getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod)) { GeneralName gn = ad[i].getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { // After encoding in a cert, it is tagged an extra time... ASN1Primitive gnobj = gn.toASN1Primitive(); if (gnobj instanceof ASN1TaggedObject) { gnobj = ASN1TaggedObject.getInstance(gnobj).getObject(); } final DERIA5String str = DERIA5String.getInstance(gnobj); ret = str.getString(); break; // no need to go on any further, we got a value } } } } } catch (Exception e) { log.error("Error parsing AuthorityInformationAccess", e); throw new CertificateParsingException(e.toString()); } } return ret; }
From source file:org.codice.ddf.security.ocsp.checker.OcspChecker.java
License:Open Source License
/** * Attempts to grab additional OCSP server urls off of the given {@param cert}. * * @param - the {@link X509Certificate} to check. * @return {@link List} of additional OCSP server urls found on the given {@param cert}. *//* www. j av a2s .c o m*/ private List<String> getOcspUrlsFromCert(X509Certificate cert) { List<String> ocspUrls = new ArrayList<>(); try { byte[] authorityInfoAccess = cert.getExtensionValue(Extension.authorityInfoAccess.getId()); if (authorityInfoAccess == null) { return ocspUrls; } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(X509ExtensionUtil.fromExtensionValue(authorityInfoAccess)); if (authorityInformationAccess == null) { return ocspUrls; } for (AccessDescription description : authorityInformationAccess.getAccessDescriptions()) { GeneralName accessLocation = description.getAccessLocation(); if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) ocspUrls.add(((DERIA5String) accessLocation.getName()).getString()); } } catch (IOException e) { LOGGER.debug("Problem retrieving the OCSP server url(s) from the certificate." + CONTINUING_MSG, e); } return ocspUrls; }
From source file:org.cryptacular.x509.ExtensionReaderTest.java
License:Open Source License
private GeneralName uri(final String uri) { return new GeneralName(GeneralName.uniformResourceIdentifier, uri); }
From source file:org.demoiselle.signer.core.extension.BasicCertificate.java
License:Open Source License
/** * Returns the AuthorityInfoAccess extension value on list format.<br> * Otherwise, returns <b>list empty</b>.<br> * @return List Authority info access list *//* w w w . jav a 2 s . com*/ public List<String> getAuthorityInfoAccess() { List<String> address = new ArrayList<String>(); try { byte[] authorityInfoAccess = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (authorityInfoAccess != null && authorityInfoAccess.length > 0) { AuthorityInformationAccess infoAccess = AuthorityInformationAccess .getInstance(X509ExtensionUtil.fromExtensionValue(authorityInfoAccess)); for (AccessDescription desc : infoAccess.getAccessDescriptions()) if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) address.add(((DERIA5String) desc.getAccessLocation().getName()).getString()); } return address; } catch (Exception error) { logger.info(error.getMessage()); return address; } }
From source file:org.demoiselle.signer.core.extension.BasicCertificate.java
License:Open Source License
/** * /*from w w w. j ava2s. c o m*/ * @return A list of ulrs that inform the location of the certificate revocation lists * @throws IOException exception */ public List<String> getCRLDistributionPoint() throws IOException { List<String> crlUrls = new ArrayList<>(); ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId()); if (primitive == null) { return null; } CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive); DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName dpn = distributionPoint.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url); logger.info("Adicionando a url {}", url); } } } } } return crlUrls; }
From source file:org.dihedron.crypto.crl.CRL.java
License:Open Source License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list.// w w w . j a va2s .co m */ public static List<String> getCrlDistributionPoints(X509Certificate certificate) throws CertificateParsingException, IOException { List<String> urls = new ArrayList<>(); byte[] extension = certificate.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (extension == null) { // return an empty list return urls; } try (ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(extension))) { byte[] crldpExtOctets = ((DEROctetString) oAsnInStream.readObject()).getOctets(); try (ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets))) { for (DistributionPoint dp : CRLDistPoint.getInstance(oAsnInStream2.readObject()) .getDistributionPoints()) { DistributionPointName name = dp.getDistributionPoint(); // look for URIs in fullName if (name != null && name.getType() == DistributionPointName.FULL_NAME) { GeneralName[] generalNames = GeneralNames.getInstance(name.getName()).getNames(); // look for an URI for (GeneralName generalName : generalNames) { if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(generalName.getName()).getString(); urls.add(url); } } } } return urls; } } }
From source file:org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator.java
License:Open Source License
protected void addSubjectAlternativeNames(X509v3CertificateBuilder certificateBuilder, KeyPair keyPair, @Nullable String applicationUri, List<String> dnsNames, List<String> ipAddresses) throws CertIOException, NoSuchAlgorithmException { List<GeneralName> generalNames = new ArrayList<>(); if (applicationUri != null) { generalNames.add(new GeneralName(GeneralName.uniformResourceIdentifier, applicationUri)); }/*from w w w. j a va 2s . co m*/ dnsNames.stream().distinct().map(s -> new GeneralName(GeneralName.dNSName, s)).forEach(generalNames::add); ipAddresses.stream().distinct().map(s -> new GeneralName(GeneralName.iPAddress, s)) .forEach(generalNames::add); certificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); // Subject Key Identifier certificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic())); }
From source file:org.ejbca.core.model.ca.caadmin.X509CA.java
License:Open Source License
/** Generate a list of Distribution points. * @param distPoints distribution points as String in semi column (';') separated format. * @return list of distribution points.//from w w w .ja v a2 s . c o m */ private List<DistributionPoint> generateDistributionPoints(String distPoints) { if (distPoints == null) { distPoints = ""; } // Multiple CDPs are separated with the ';' sign Iterator<String> it = StringTools.splitURIs(distPoints).iterator(); ArrayList<DistributionPoint> result = new ArrayList<DistributionPoint>(); while (it.hasNext()) { String uri = (String) it.next(); GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(uri)); if (log.isDebugEnabled()) { log.debug("Added CRL distpoint: " + uri); } ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(gn); GeneralNames gns = new GeneralNames(new DERSequence(vec)); DistributionPointName dpn = new DistributionPointName(0, gns); result.add(new DistributionPoint(dpn, null, null)); } return result; }
From source file:org.ejbca.core.model.ca.certextensions.standard.AuthorityInformationAccess.java
License:Open Source License
@Override public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey) throws CertificateExtentionConfigurationException, CertificateExtensionException { final ASN1EncodableVector accessList = new ASN1EncodableVector(); GeneralName accessLocation;/* w ww. ja va 2 s . co m*/ String url; // caIssuers final List<String> caIssuers = certProfile.getCaIssuers(); if (caIssuers != null) { for (final Iterator<String> it = caIssuers.iterator(); it.hasNext();) { url = it.next(); if (StringUtils.isNotEmpty(url)) { accessLocation = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(url)); accessList.add(new AccessDescription(AccessDescription.id_ad_caIssuers, accessLocation)); } } } // ocsp url final X509CA x509ca = (X509CA) ca; url = certProfile.getOCSPServiceLocatorURI(); if (certProfile.getUseDefaultOCSPServiceLocator()) { url = x509ca.getDefaultOCSPServiceLocator(); } if (StringUtils.isNotEmpty(url)) { accessLocation = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(url)); accessList.add(new AccessDescription(AccessDescription.id_ad_ocsp, accessLocation)); } org.bouncycastle.asn1.x509.AuthorityInformationAccess ret = null; if (accessList.size() > 0) { ret = new org.bouncycastle.asn1.x509.AuthorityInformationAccess(new DERSequence(accessList)); } if (ret == null) { log.error("AuthorityInformationAccess is used, but nor caIssuers not Ocsp url are defined!"); } return ret; }