List of usage examples for org.bouncycastle.asn1.x509 X509Extension cRLDistributionPoints
ASN1ObjectIdentifier cRLDistributionPoints
To view the source code for org.bouncycastle.asn1.x509 X509Extension cRLDistributionPoints.
Click Source Link
From source file:com.infinities.keystone4j.ssl.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. */// w w w . j a v a 2 s .c o m public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = null; ASN1InputStream oAsnInStream2 = null; try { oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; } finally { if (oAsnInStream != null) { oAsnInStream.close(); } if (oAsnInStream2 != null) { oAsnInStream2.close(); } } }
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
private void printCRLDistributionPoints(PrintStream outStream) throws Exception { outStream.format("X509v3 CRL Distribution Points: \n"); String extOid = X509Extension.cRLDistributionPoints.getId(); // 2.5.29.31 byte[] extVal = cert.getExtensionValue(extOid); if (extVal == null) { return;//from w w w. jav a 2 s . c o m } /* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String) * The ASN.1 definition for this is: Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension Extension ::= SEQUENCE { extnId OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains a DER encoding of a value -- of the type registered for use with -- the extnId object identifier value } */ byte[] extnValue = DEROctetString.getInstance(ASN1Object.fromByteArray(extVal)).getOctets(); CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Object.fromByteArray(extnValue)); DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints(); for (DistributionPoint distPoint : distPoints) { DistributionPointName distPointName = distPoint.getDistributionPoint(); int type = distPointName.getType(); if (DistributionPointName.FULL_NAME == type) { outStream.format("Full Name: \n"); GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName()); GeneralName[] names = generalNames.getNames(); for (GeneralName generalname : names) { int tag = generalname.getTagNo(); if (GeneralName.uniformResourceIdentifier == tag) { DEREncodable name = generalname.getName(); DERIA5String str = DERIA5String.getInstance(name); String value = str.getString(); outStream.format(" %s\n", value); } else { outStream.format("tag %d not yet implemented", tag); } } } else { outStream.format("type %d not yet implemented", type); } } }
From source file:ec.rubrica.util.CertificateUtils.java
License:Open Source License
public static String crlURLFromCert(X509Certificate cert) { /*//w w w .j a va2 s . com * Return the crlDistributionPoints extension from a certificate */ String url; try { url = CRLDistPoint .getInstance(X509ExtensionUtil.fromExtensionValue( cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()))) .getDistributionPoints()[0].getDistributionPoint().getName().toASN1Primitive().toString(); return url.substring(4, url.length() - 1); } catch (IOException e) { e.printStackTrace(); return null; } }
From source file:mitm.common.security.certificate.impl.StandardX509CertificateBuilder.java
License:Open Source License
protected X509v3CertificateBuilder createX509v3CertificateBuilder(X509Certificate issuerCertificate) throws IOException, CertificateParsingException, NoSuchAlgorithmException { X500Principal issuerPrincipal = getIssuer(); if (issuerCertificate != null) { issuerPrincipal = issuerCertificate.getSubjectX500Principal(); }/*w ww. j a v a 2s .com*/ X509v3CertificateBuilder builder = new X509v3CertificateBuilder( X500PrincipalUtils.toX500Name(issuerPrincipal), serialNumber, notBefore, notAfter, X500PrincipalUtils.toX500Name(subject), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())); if (isCA) { BasicConstraints basicConstraints = pathLengthConstraint == null ? new BasicConstraints(true) : new BasicConstraints(pathLengthConstraint); builder.addExtension(X509Extension.basicConstraints, cACritical, basicConstraints); } if (keyUsage != null && keyUsage.size() > 0) { builder.addExtension(X509Extension.keyUsage, keyUsageCritical, getKeyUsageASN1()); } if (extendedKeyUsage != null && extendedKeyUsage.size() > 0) { builder.addExtension(X509Extension.extendedKeyUsage, extendedKeyUsageCritical, getExtendedKeyUsageASN1()); } if (altNames != null) { builder.addExtension(X509Extension.subjectAlternativeName, altNamesCritical, altNames); } if (addSubjectKeyIdentier) { builder.addExtension(X509Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); } if (issuerCertificate != null && addAuthorityKeyIdentier) { builder.addExtension(X509Extension.authorityKeyIdentifier, false, getAuthorityKeyIdentifier(issuerCertificate)); } if (crlDistributionPointURIs != null && crlDistributionPointURIs.size() > 0) { CRLDistributionPointsBuilder distPointBuilder = new CRLDistributionPointsBuilder(); for (String uri : crlDistributionPointURIs) { distPointBuilder.addDistributionPoint(uri); } builder.addExtension(X509Extension.cRLDistributionPoints, false /* not critical */, distPointBuilder.buildCRLDistPoint()); } return builder; }
From source file:mitm.common.security.certpath.CRLDistPointCertPathChecker.java
License:Open Source License
@Override public void check(Certificate certificate, Collection<String> unresolvedCritExts) throws CertPathValidatorException { if (!(certificate instanceof X509Certificate)) { throw new CertPathValidatorException("Certificate is not a X509Certificate."); }//from w w w . ja v a 2s. c om X509Certificate x509Certificate = (X509Certificate) certificate; if (unresolvedCritExts != null && unresolvedCritExts.contains(X509Extension.cRLDistributionPoints.getId())) { try { CRLDistPoint distPoint = X509CertificateInspector.getCRLDistibutionPoints(x509Certificate); if (distPoint == null) { throw new CertPathValidatorException( "CRLDistributionPoints is critical but CRLDistPoint is null."); } Set<String> uris = CRLDistributionPointsInspector.getURIDistributionPointNames(distPoint); if (uris == null || uris.size() == 0) { throw new CertPathValidatorException("CRLDistributionPoints does not contain a supported URI."); } /* * TODO: check if we can handle the returned uri's */ /* * We can handle CRLDistributionPoints so remove from the critical extensions */ unresolvedCritExts.remove(X509Extension.cRLDistributionPoints.getId()); } catch (IOException e) { throw new CertPathValidatorException(e); } catch (CRLException e) { throw new CertPathValidatorException(e); } } }
From source file:mitm.common.security.certpath.CRLDistPointCertPathChecker.java
License:Open Source License
@Override public Set<String> getSupportedExtensions() { Set<String> supported = new HashSet<String>(); supported.add(X509Extension.cRLDistributionPoints.getId()); return supported; }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper.java
License:BSD License
private void addCrlDistributionPoints(X509v3CertificateBuilder generator) throws CertIOException { CRLDistPoint crldp = convertToCrlDistributionPoint(crlDistributionPoints); generator.addExtension(X509Extension.cRLDistributionPoints, false, crldp); }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateParser.java
License:BSD License
private void validateCrlDistributionPoints() { byte[] extensionValue = certificate.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (isRoot(certificate)) { // early ripe ncc ta certificates have crldp set so for now only warn here result.warnIfNotNull(extensionValue, CRLDP_OMITTED); return;// w w w .ja v a 2 s. c o m } else { if (!result.rejectIfNull(extensionValue, CRLDP_PRESENT)) { return; } } CRLDistPoint crlDistPoint; try { crlDistPoint = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)); result.pass(CRLDP_EXTENSION_PARSED); } catch (IOException e) { result.error(CRLDP_EXTENSION_PARSED); return; } testCrlDistributionPointsToUrisConversion(crlDistPoint); if (!result.hasFailureForCurrentLocation()) { result.rejectIfNull(findFirstRsyncCrlDistributionPoint(certificate), CRLDP_RSYNC_URI_PRESENT); } }
From source file:net.sf.jsignpdf.crl.CRLInfo.java
License:Mozilla Public License
/** * Returns (initialized, but maybe empty) set of URLs of CRLs for given * certificate./*from ww w . j a v a 2 s. c om*/ * * @param aCert * X509 certificate. * @return */ private Set<String> getCrlUrls(final X509Certificate aCert) { final Set<String> tmpResult = new HashSet<String>(); LOGGER.info(RES.get("console.crlinfo.retrieveCrlUrl", aCert.getSubjectX500Principal().getName())); final byte[] crlDPExtension = aCert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crlDPExtension != null) { CRLDistPoint crlDistPoints = null; try { crlDistPoints = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(crlDPExtension)); } catch (IOException e) { LOGGER.warn("", e); } if (crlDistPoints != null) { final DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints(); distPoint: for (DistributionPoint dp : distPoints) { final DistributionPointName dpName = dp.getDistributionPoint(); final GeneralNames generalNames = (GeneralNames) dpName.getName(); if (generalNames != null) { final GeneralName[] generalNameArr = generalNames.getNames(); if (generalNameArr != null) { for (final GeneralName generalName : generalNameArr) { if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) { final DERString derString = (DERString) generalName.getName(); final String uri = derString.getString(); if (uri != null && uri.startsWith("http")) { // ||uri.startsWith("ftp") LOGGER.info(RES.get("console.crlinfo.foundCrlUri", uri)); tmpResult.add(uri); continue distPoint; } } } } LOGGER.info(RES.get("console.crlinfo.noUrlInDistPoint")); } } } } else { LOGGER.info(RES.get("console.crlinfo.distPointNotSupported")); } return tmpResult; }
From source file:org.jnotary.crypto.CRLLoader.java
License:Open Source License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list. //from w ww . ja v a 2 s .c o m */ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return Collections.emptyList(); } ASN1InputStream oAsnInStream = null; ASN1InputStream oAsnInStream2 = null; List<String> crlUrls = new ArrayList<String>(); try { oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } } } finally { if (oAsnInStream != null) oAsnInStream.close(); if (oAsnInStream2 != null) oAsnInStream2.close(); } return crlUrls; }