List of usage examples for org.bouncycastle.asn1.x509 X509Extension certificatePolicies
ASN1ObjectIdentifier certificatePolicies
To view the source code for org.bouncycastle.asn1.x509 X509Extension certificatePolicies.
Click Source Link
From source file:com.rcn.service.CertificateService.java
License:Open Source License
private void addCaExtension(JcaX509v3CertificateBuilder v3CertGen) { v3CertGen.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true)); v3CertGen.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); ASN1EncodableVector intPolicies = new ASN1EncodableVector(); intPolicies.add(new PolicyInformation(new DERObjectIdentifier(ANY_POLICY))); v3CertGen.addExtension(X509Extension.certificatePolicies, false, new DERSequence(intPolicies)); }
From source file:ec.rubrica.util.BouncyCastleUtils.java
License:Open Source License
public static boolean certificateHasPolicy(X509Certificate cert, String sOid) { try {/* w ww . j ava 2 s .c o m*/ logger.fine("Read cert policies: " + cert.getSerialNumber().toString()); ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); ASN1InputStream aIn = new ASN1InputStream(bIn); ASN1Sequence seq = (ASN1Sequence) aIn.readObject(); X509CertificateStructure obj = new X509CertificateStructure(seq); TBSCertificateStructure tbsCert = obj.getTBSCertificate(); if (tbsCert.getVersion() == 3) { X509Extensions ext = tbsCert.getExtensions(); if (ext != null) { Enumeration en = ext.oids(); while (en.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) en.nextElement(); X509Extension extVal = ext.getExtension(oid); ASN1OctetString oct = extVal.getValue(); ASN1InputStream extIn = new ASN1InputStream(new ByteArrayInputStream(oct.getOctets())); if (oid.equals(X509Extension.certificatePolicies)) { ASN1Sequence cp = (ASN1Sequence) extIn.readObject(); for (int i = 0; i != cp.size(); i++) { PolicyInformation pol = PolicyInformation.getInstance(cp.getObjectAt(i)); DERObjectIdentifier dOid = pol.getPolicyIdentifier(); String soid2 = dOid.getId(); logger.fine("Policy: " + soid2); if (soid2.startsWith(sOid)) return true; } } } } } } catch (Exception ex) { logger.severe("Error reading cert policies: " + ex); } return false; }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
public static List<String> getPolicyIdentifiers(final X509Certificate cert) { final byte[] certificatePolicies = cert.getExtensionValue(X509Extension.certificatePolicies.getId()); if (certificatePolicies == null) { return Collections.emptyList(); }// w ww . j a va 2 s. c om ASN1InputStream input = null; ASN1Sequence seq = null; try { input = new ASN1InputStream(certificatePolicies); final DEROctetString s = (DEROctetString) input.readObject(); final byte[] content = s.getOctets(); input.close(); input = new ASN1InputStream(content); seq = (ASN1Sequence) input.readObject(); } catch (IOException e) { throw new DSSException("Error when computing certificate's extensions.", e); } finally { closeQuietly(input); } final List<String> policyIdentifiers = new ArrayList<String>(); for (int ii = 0; ii < seq.size(); ii++) { final PolicyInformation policyInfo = PolicyInformation.getInstance(seq.getObjectAt(ii)); // System.out.println("\t----> PolicyIdentifier: " + policyInfo.getPolicyIdentifier().getId()); policyIdentifiers.add(policyInfo.getPolicyIdentifier().getId()); } return policyIdentifiers; }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper.java
License:BSD License
private void addPolicies(X509v3CertificateBuilder generator) throws CertIOException { generator.addExtension(X509Extension.certificatePolicies, true, new DERSequence(policies)); }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateParser.java
License:BSD License
private void validateCertificatePolicy() { if (!result.rejectIfNull(certificate.getCriticalExtensionOIDs(), CRITICAL_EXT_PRESENT)) { return;/*from w ww . j a v a2s. c om*/ } result.rejectIfFalse( certificate.getCriticalExtensionOIDs().contains(X509Extension.certificatePolicies.getId()), POLICY_EXT_CRITICAL); try { byte[] extensionValue = certificate.getExtensionValue(X509Extension.certificatePolicies.getId()); if (!result.rejectIfNull(extensionValue, POLICY_EXT_VALUE)) { return; } ASN1Sequence policies = ASN1Sequence.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)); if (!result.rejectIfFalse(policies.size() == 1, SINGLE_CERT_POLICY)) { return; } PolicyInformation policy = PolicyInformation.getInstance(policies.getObjectAt(0)); if (!result.rejectIfNull(policy.getPolicyIdentifier(), POLICY_ID_PRESENT)) { return; } result.rejectIfFalse(POLICY_OID.equals(policy.getPolicyIdentifier()), POLICY_ID_VERSION); } catch (IOException e) { result.rejectIfFalse(false, POLICY_VALIDATION); } }