List of usage examples for org.bouncycastle.asn1.x509 SubjectKeyIdentifier getKeyIdentifier
public byte[] getKeyIdentifier()
From source file:org.objectweb.proactive.core.security.CertTools.java
License:Open Source License
/** * Get the subject key identifier from a certificate extensions * * @param cert certificate containing the extension * @return byte[] containing the subject key identifier * @throws IOException if extension can not be parsed */// w w w . ja v a 2 s . c om public static byte[] getSubjectKeyId(X509Certificate cert) throws IOException { byte[] extvalue = cert.getExtensionValue("2.5.29.14"); if (extvalue == null) { return null; } ASN1OctetString str = ASN1OctetString .getInstance(new ASN1InputStream(new ByteArrayInputStream(extvalue)).readObject()); SubjectKeyIdentifier keyId = SubjectKeyIdentifier .getInstance(new ASN1InputStream(new ByteArrayInputStream(str.getOctets())).readObject()); return keyId.getKeyIdentifier(); }
From source file:org.opensaml.xml.security.x509.X509Util.java
License:Apache License
/** * Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if * present.//from ww w . j av a 2 s. c om * * @param certificate an X.509 certificate possibly containing a subject key identifier * @return the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate * does not contain the extension * @throws IOException */ public static byte[] getSubjectKeyIdentifier(X509Certificate certificate) { byte[] derValue = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); if (derValue == null || derValue.length == 0) { return null; } SubjectKeyIdentifier ski = null; try { ski = new SubjectKeyIdentifierStructure(derValue); } catch (IOException e) { log.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e); return null; } if (ski != null) { return ski.getKeyIdentifier(); } else { return null; } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionSubjectKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue, final SubjectPublicKeyInfo subjectPublicKeyInfo) { // subjectKeyIdentifier SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue); byte[] ski = asn1.getKeyIdentifier(); byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes(); byte[] expectedSki = HashCalculator.hash(HashAlgoType.SHA1, pkData); if (Arrays.equals(expectedSki, ski) == false) { failureMsg.append("SKI is '" + hex(ski) + "' but expected is '" + hex(expectedSki) + "'"); failureMsg.append("; "); }// w w w.j a v a 2 s .c o m }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionSubjectKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue, final SubjectPublicKeyInfo subjectPublicKeyInfo) { // subjectKeyIdentifier SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue); byte[] ski = asn1.getKeyIdentifier(); byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes(); byte[] expectedSki = HashAlgoType.SHA1.hash(pkData); if (!Arrays.equals(expectedSki, ski)) { addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki)); }/*from w w w . j ava 2 s . c o m*/ }
From source file:org.xwiki.crypto.pkix.internal.extension.BcX509Extensions.java
License:Open Source License
@Override public byte[] getSubjectKeyIdentifier() { SubjectKeyIdentifier id = SubjectKeyIdentifier.fromExtensions(this.extensions); return (id != null) ? id.getKeyIdentifier() : null; }
From source file:support.revocation.RevocationInfo.java
License:Apache License
/** * Creates a new <code>RevocationInfo</code> instance based on the given * certificate//from w w w . j a va2s . c om * @param certificate */ public RevocationInfo(Certificate certificate) { if (certificate instanceof X509Certificate) try { X509Certificate x509cert = (X509Certificate) certificate; // process Authority Information Access extension // to determine OCSP services AuthorityInformationAccess info = AuthorityInformationAccess .getInstance(certificateExtension(x509cert, Extension.authorityInfoAccess.getId())); if (info != null) for (AccessDescription desc : info.getAccessDescriptions()) if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { String url = urlFromGeneralName(desc.getAccessLocation()); if (url != null) ocsp.add(url); } ocsp = Collections.unmodifiableList(ocsp); // process CRL Distribution Points extension // to determine CRL services CRLDistPoint points = CRLDistPoint .getInstance(certificateExtension(x509cert, Extension.cRLDistributionPoints.getId())); if (points != null) for (DistributionPoint point : points.getDistributionPoints()) { // no support for CRLs issued from another CA GeneralNames crlIssuer = point.getCRLIssuer(); if (crlIssuer != null && !crlIssuer.equals(DERNull.INSTANCE)) continue; // no support for partial CRLs ReasonFlags reasons = point.getReasons(); if (reasons != null && !reasons.equals(DERNull.INSTANCE)) continue; // use all distribution points ASN1Encodable names = point.getDistributionPoint().getName(); if (names instanceof GeneralNames) for (GeneralName name : ((GeneralNames) names).getNames()) { String url = urlFromGeneralName(name); if (url != null) crl.add(url); } } crl = Collections.unmodifiableList(crl); // Authority Key Identifier AuthorityKeyIdentifier authorityKeyId = AuthorityKeyIdentifier .getInstance(certificateExtension(x509cert, Extension.authorityKeyIdentifier.getId())); if (authorityKeyId != null) { byte[] keyidentifier = authorityKeyId.getKeyIdentifier(); if (keyidentifier != null) { authorityKeyIdentifier = new ArrayList<>(keyidentifier.length); for (byte value : keyidentifier) authorityKeyIdentifier.add(value); authorityKeyIdentifier = Collections.unmodifiableList(authorityKeyIdentifier); } BigInteger serial = authorityKeyId.getAuthorityCertSerialNumber(); if (serial != null) authoritySerial = serial.toString(); } // Subject Key Identifier SubjectKeyIdentifier subjectKeyId = SubjectKeyIdentifier .getInstance(certificateExtension(x509cert, Extension.subjectKeyIdentifier.getId())); if (subjectKeyId != null) { byte[] keyidentifier = subjectKeyId.getKeyIdentifier(); if (keyidentifier != null) { subjectKeyIdentifier = new ArrayList<>(keyidentifier.length); for (byte value : keyidentifier) subjectKeyIdentifier.add(value); subjectKeyIdentifier = Collections.unmodifiableList(subjectKeyIdentifier); } } } catch (ClassCastException | IllegalArgumentException e) { e.printStackTrace(); } }