List of usage examples for org.bouncycastle.asn1.x509 IssuingDistributionPoint getInstance
public static IssuingDistributionPoint getInstance(Object obj)
From source file:be.fedict.trust.crl.CrlTrustLinker.java
License:Open Source License
private boolean isIndirectCRL(X509CRL crl) { byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); boolean isIndirect = false; if (idp != null) { isIndirect = IssuingDistributionPoint.getInstance(idp).isIndirectCRL(); }/*from w w w . ja va 2 s . c o m*/ return isIndirect; }
From source file:be.fedict.trust.service.bean.HarvesterMDB.java
License:Open Source License
/** * Returns if the specified CRL is indirect. * /*from w ww . j a v a 2s . c o m*/ * @param crl * the CRL * @return true or false * @throws CRLException * something went wrong reading the * {@link org.bouncycastle.asn1.x509.IssuingDistributionPoint}. */ private boolean isIndirectCRL(X509CRL crl) throws CRLException { byte[] idp = crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); boolean isIndirect = false; try { if (idp != null) { isIndirect = IssuingDistributionPoint.getInstance(X509ExtensionUtil.fromExtensionValue(idp)) .isIndirectCRL(); } } catch (Exception e) { throw new CRLException("Exception reading IssuingDistributionPoint", e); } return isIndirect; }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static ReasonsMask processCRLD2(X509CRL crl, DistributionPoint dp) throws SimpleValidationErrorException { IssuingDistributionPoint idp = null; try {/* ww w .j a v a 2 s. c om*/ idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)); } catch (Exception e) { throw new SimpleValidationErrorException(ValidationErrorCode.distrPtExtError, e); } // (d) (1) if (idp != null && idp.getOnlySomeReasons() != null && dp.getReasons() != null) { return new ReasonsMask(dp.getReasons().intValue()) .intersect(new ReasonsMask(idp.getOnlySomeReasons().intValue())); } // (d) (4) if ((idp == null || idp.getOnlySomeReasons() == null) && dp.getReasons() == null) { return ReasonsMask.allReasons; } // (d) (2) and (d)(3) return (dp.getReasons() == null ? ReasonsMask.allReasons : new ReasonsMask(dp.getReasons().intValue())) .intersect(idp == null ? ReasonsMask.allReasons : new ReasonsMask(idp.getOnlySomeReasons().intValue())); }
From source file:eu.europa.ec.markt.dss.validation102853.crl.CommonCRLSource.java
License:Open Source License
private void checkCriticalExtensions(final X509CRL x509CRL, final List<String> dpUrlStringList, final CRLValidity crlValidity) { final Set<String> criticalExtensionOIDs = x509CRL.getCriticalExtensionOIDs(); if (criticalExtensionOIDs == null || criticalExtensionOIDs.size() == 0) { crlValidity.unknownCriticalExtension = false; return;/* ww w . ja va 2 s . c om*/ } final String issuingDistributionPointOid = PKIXExtensions.IssuingDistributionPoint_Id.toString(); for (final String criticalExtensionOID : criticalExtensionOIDs) { if (issuingDistributionPointOid.equals(criticalExtensionOID)) { final byte[] extensionValue = x509CRL.getExtensionValue(issuingDistributionPointOid); final ASN1OctetString asn1OctetStringExtensionValue = ASN1OctetString.getInstance(extensionValue); final IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint .getInstance(asn1OctetStringExtensionValue.getOctets()); final boolean onlyAttributeCerts = issuingDistributionPoint.onlyContainsAttributeCerts(); final boolean onlyCaCerts = issuingDistributionPoint.onlyContainsCACerts(); final boolean onlyUserCerts = issuingDistributionPoint.onlyContainsUserCerts(); final boolean indirectCrl = issuingDistributionPoint.isIndirectCRL(); final ReasonFlags reasonFlags = issuingDistributionPoint.getOnlySomeReasons(); final DistributionPointName distributionPointName = issuingDistributionPoint.getDistributionPoint(); boolean urlFound = false; if (FULL_NAME == distributionPointName.getType()) { final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); if (generalNames != null) { final GeneralName[] names = generalNames.getNames(); if (names != null && names.length > 0) { for (final GeneralName generalName : names) { if (uniformResourceIdentifier == generalName.getTagNo()) { final String name = generalName.getName().toString(); if (DSSUtils.isNotEmpty(dpUrlStringList) && dpUrlStringList.contains(name)) { urlFound = true; } } } } } } if (!(onlyAttributeCerts && onlyCaCerts && onlyUserCerts && indirectCrl) && reasonFlags == null && urlFound) { crlValidity.unknownCriticalExtension = false; } continue; } crlValidity.unknownCriticalExtension = true; } }
From source file:eu.europa.esig.dss.x509.crl.CRLUtils.java
License:Open Source License
private static void checkCriticalExtensions(final X509CRL x509CRL, final CRLValidity crlValidity) { final Set<String> criticalExtensionOIDs = x509CRL.getCriticalExtensionOIDs(); if ((criticalExtensionOIDs == null) || (criticalExtensionOIDs.size() == 0)) { crlValidity.setUnknownCriticalExtension(false); } else {// w ww . j a va 2 s. c om byte[] extensionValue = x509CRL.getExtensionValue(Extension.issuingDistributionPoint.getId()); IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint .getInstance(ASN1OctetString.getInstance(extensionValue).getOctets()); final boolean onlyAttributeCerts = issuingDistributionPoint.onlyContainsAttributeCerts(); final boolean onlyCaCerts = issuingDistributionPoint.onlyContainsCACerts(); final boolean onlyUserCerts = issuingDistributionPoint.onlyContainsUserCerts(); final boolean indirectCrl = issuingDistributionPoint.isIndirectCRL(); ReasonFlags onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons(); DistributionPointName distributionPoint = issuingDistributionPoint.getDistributionPoint(); boolean urlFound = false; if (DistributionPointName.FULL_NAME == distributionPoint.getType()) { final GeneralNames generalNames = (GeneralNames) distributionPoint.getName(); if ((generalNames != null) && (generalNames.getNames() != null) && (generalNames.getNames().length > 0)) { for (GeneralName generalName : generalNames.getNames()) { if (GeneralName.uniformResourceIdentifier == generalName.getTagNo()) { urlFound = true; } } } } if (!(onlyAttributeCerts && onlyCaCerts && onlyUserCerts && indirectCrl) && (onlySomeReasons == null) && urlFound) { crlValidity.setUnknownCriticalExtension(false); } } }
From source file:mitm.common.security.certificate.X509ExtensionInspector.java
License:Open Source License
/** * Returns the IssuingDistributionPoint extension *//*from w ww . jav a 2 s. co m*/ public static IssuingDistributionPoint getIssuingDistributionPoint(X509Extension extension) throws IOException { IssuingDistributionPoint idp = null; ASN1Object derIDP = ASN1Utils.getExtensionValue(extension, org.bouncycastle.asn1.x509.X509Extension.issuingDistributionPoint.getId()); if (derIDP != null) { idp = IssuingDistributionPoint.getInstance(derIDP); } return idp; }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getIssuingDistributionPointStringValue(byte[] value) throws IOException { // @formatter:off /*//w w w .ja v a2 s. com * IssuingDistributionPoint ::= ASN1Sequence { * distributionPoint [0] DistributionPointName OPTIONAL, * onlyContainsUserCerts [1] ASN1Boolean DEFAULT FALSE, * onlyContainsCACerts [2] ASN1Boolean DEFAULT FALSE, * onlySomeReasons [3] ReasonFlags OPTIONAL, * indirectCRL [4] ASN1Boolean DEFAULT FALSE, * onlyContainsAttributeCerts [5] ASN1Boolean DEFAULT FALSE } */ // @formatter:on /* * Getting any DEFAULTS returns a false ASN1Boolean when no value * present which saves the bother of a null check */ StringBuilder sb = new StringBuilder(); IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(value); DistributionPointName distributionPointName = issuingDistributionPoint.getDistributionPoint(); if (distributionPointName != null) { // Optional sb.append(getDistributionPointNameString(distributionPointName, "")); } boolean onlyContainsUserCerts = issuingDistributionPoint.onlyContainsUserCerts(); sb.append(MessageFormat.format(res.getString("OnlyContainsUserCerts"), onlyContainsUserCerts)); sb.append(NEWLINE); boolean onlyContainsCaCerts = issuingDistributionPoint.onlyContainsCACerts(); sb.append(MessageFormat.format(res.getString("OnlyContainsCaCerts"), onlyContainsCaCerts)); sb.append(NEWLINE); ReasonFlags onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons(); if (onlySomeReasons != null) {// Optional sb.append(res.getString("OnlySomeReasons")); sb.append(NEWLINE); String[] reasonFlags = getReasonFlagsStrings(onlySomeReasons); for (String reasonFlag : reasonFlags) { sb.append(INDENT); sb.append(reasonFlag); sb.append(NEWLINE); } } boolean indirectCrl = issuingDistributionPoint.isIndirectCRL(); sb.append(MessageFormat.format(res.getString("IndirectCrl"), indirectCrl)); sb.append(NEWLINE); boolean onlyContainsAttributeCerts = issuingDistributionPoint.onlyContainsAttributeCerts(); sb.append(MessageFormat.format(res.getString("OnlyContainsAttributeCerts"), onlyContainsAttributeCerts)); sb.append(NEWLINE); return sb.toString(); }
From source file:org.cesecore.certificates.ca.X509CATest.java
License:Open Source License
/** * Tests the extension CRL Distribution Point on CRLs * /*from ww w . j a va 2 s. c om*/ */ @Test public void testCRLDistPointOnCRL() throws Exception { final CryptoToken cryptoToken = getNewCryptoToken(); final X509CA ca = createTestCA(cryptoToken, CADN); final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; X509CAInfo cainfo = (X509CAInfo) ca.getCAInfo(); cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); ca.updateCA(cryptoToken, cainfo); Collection<RevokedCertInfo> revcerts = new ArrayList<RevokedCertInfo>(); X509CRLHolder crl = ca.generateCRL(cryptoToken, revcerts, 1); assertNotNull(crl); X509CRL xcrl = CertTools.getCRLfromByteArray(crl.getEncoded()); byte[] cdpDER = xcrl.getExtensionValue(Extension.issuingDistributionPoint.getId()); assertNotNull("CRL has no distribution points", cdpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); IssuingDistributionPoint cdp = IssuingDistributionPoint.getInstance((ASN1Sequence) aIn.readObject()); DistributionPointName distpoint = cdp.getDistributionPoint(); assertEquals("CRL distribution point is different", cdpURL, ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(null); ca.updateCA(cryptoToken, cainfo); crl = ca.generateCRL(cryptoToken, revcerts, 1); assertNotNull(crl); xcrl = CertTools.getCRLfromByteArray(crl.getEncoded()); assertNull("CRL has distribution points", xcrl.getExtensionValue(Extension.cRLDistributionPoints.getId())); }
From source file:org.ejbca.core.ejb.crl.PublishingCrlSessionTest.java
License:Open Source License
/** * Tests the extension CRL Distribution Point on CRLs */// w ww .ja v a2 s .com @Test public void testCRLDistPointOnCRL() throws Exception { final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; X509CAInfo cainfo = (X509CAInfo) testx509ca.getCAInfo(); X509CRL x509crl; byte[] cdpDER; cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); caSession.editCA(roleMgmgToken, cainfo); publishingCrlSessionRemote.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); cdpDER = x509crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); assertNotNull("CRL has no distribution points", cdpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); IssuingDistributionPoint cdp = IssuingDistributionPoint.getInstance((ASN1Sequence) aIn.readObject()); DistributionPointName distpoint = cdp.getDistributionPoint(); assertEquals("CRL distribution point is different", cdpURL, ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(""); caSession.editCA(roleMgmgToken, cainfo); publishingCrlSessionRemote.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); assertNull("CRL has distribution points", x509crl.getExtensionValue(Extension.cRLDistributionPoints.getId())); }