List of usage examples for org.bouncycastle.asn1.x509 X509Extensions CRLDistributionPoints
ASN1ObjectIdentifier CRLDistributionPoints
To view the source code for org.bouncycastle.asn1.x509 X509Extensions CRLDistributionPoints.
Click Source Link
From source file:be.fedict.eid.tsl.Tsl2PdfExporter.java
License:Open Source License
private static List<String> getCrlDistributionPoints(final X509Certificate cert) throws IOException { final byte[] extValue = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (extValue != null) { final ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(extValue)); final DERObject derObj = oAsnInStream.readObject(); final DEROctetString dos = (DEROctetString) derObj; final byte[] val2 = dos.getOctets(); final ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(val2)); final DERObject derObj2 = oAsnInStream2.readObject(); return getDERValue(derObj2); } else {// ww w. java2 s . c o m return Collections.emptyList(); } }
From source file:br.gov.frameworkdemoiselle.certificate.extension.BasicCertificate.java
License:Open Source License
/** * Returns a List of URL for Certificate Revocation List. Must have on or * more<br>//from w w w. ja v a2s . c o m * Otherwise, returns <b>null</b>.<br> * * @return String * @throws IOException */ public List<String> getCRLDistributionPoint() throws IOException { List<String> lcrS = new ArrayList<String>(); DERObject derObj = getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (derObj == null) { return null; } CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(derObj); DistributionPoint[] dp = crlDistPoint.getDistributionPoints(); for (int i = 0; i < dp.length; i++) { DERSequence seq = (DERSequence) new ASN1InputStream( dp[i].getDistributionPoint().getName().getDEREncoded()).readObject(); DERTaggedObject tag = (DERTaggedObject) seq.getObjectAt(0); try { ASN1OctetString oct = DEROctetString.getInstance(tag); lcrS.add(new String(oct.getOctets())); } catch (Exception e) { // No um objeto com informao de DistributionPoint } } return lcrS; }
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * Set CRL Distribution Points (RFC3280 4.2.1.14) *///from w w w . j a v a 2 s.c om protected void setCRLDistributionPoints() { if (!crlDistributionPoints.isEmpty()) { generator.addExtension(X509Extensions.CRLDistributionPoints, false, new CRLDistPoint(crlDistributionPoints.toArray(emptyDistributionPointArray))); } }
From source file:demo.sts.provider.cert.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. *//*from w w w . jav a2s . c o m*/ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
From source file:eu.europa.ec.markt.dss.validation.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * /*from w w w .j av a 2 s . co m*/ * @param certificate the X509 certificate. * @return the CRL URI, or <code>null</code> if the extension is not present. * @throws MalformedURLException */ @SuppressWarnings("deprecation") public String getCrlUri(X509Certificate certificate) throws MalformedURLException { byte[] crlDistributionPointsValue = certificate .getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (null == crlDistributionPointsValue) { return null; } ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue)) .readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.fine("not a uniform resource identifier"); continue; } String str = null; if (name.getDERObject() instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) name.getDERObject(); DERIA5String derStr = DERIA5String.getInstance(taggedObject.getObject()); str = derStr.getString(); } else { DERIA5String derStr = DERIA5String.getInstance(name.getDERObject()); str = derStr.getString(); } if (str != null && (str.startsWith("http://") || str.startsWith("https://"))) { return str; } else { LOG.info("Supports only http:// and https:// protocol for CRL"); } } } return null; }
From source file:org.apache.cxf.ws.security.sts.provider.cert.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. *//* ww w. j ava 2s. c o m*/ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (crldpExt == null) { List<String> emptyList = new ArrayList<String>(); return emptyList; } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } } return crlUrls; }
From source file:org.apache.synapse.transport.certificatevalidation.crl.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list./*from ww w .java2 s .co m*/ */ private List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateVerificationException { //Gets the DER-encoded OCTET string for the extension value for CRLDistributionPoints byte[] crlDPExtensionValue = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (crlDPExtensionValue == null) throw new CertificateVerificationException("Certificate doesn't have CRL Distribution points"); //crlDPExtensionValue is encoded in ASN.1 format. ASN1InputStream asn1In = new ASN1InputStream(crlDPExtensionValue); //DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules defined in ITU-T X.690, 2002, specification. //ASN.1 encoding rules can be used to encode any data object into a binary file. Read the object in octets. CRLDistPoint distPoint; try { DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject(); //Get Input stream in octets ASN1InputStream asn1InOctets = new ASN1InputStream(crlDEROctetString.getOctets()); DERObject crlDERObject = asn1InOctets.readObject(); distPoint = CRLDistPoint.getInstance(crlDERObject); } catch (IOException e) { throw new CertificateVerificationException("Cannot read certificate to get CRL urls", e); } List<String> crlUrls = new ArrayList<String>(); //Loop through ASN1Encodable DistributionPoints for (DistributionPoint dp : distPoint.getDistributionPoints()) { //get ASN1Encodable DistributionPointName DistributionPointName dpn = dp.getDistributionPoint(); if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { //Create ASN1Encodable General Names GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for a URI //todo: May be able to check for OCSP url specifically. for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { //DERIA5String contains an ascii string. //A IA5String is a restricted character string type in the ASN.1 notation String url = DERIA5String.getInstance(genName.getName()).getString().trim(); crlUrls.add(url); } } } } if (crlUrls.isEmpty()) throw new CertificateVerificationException("Cant get CRL urls from certificate"); return crlUrls; }
From source file:org.apache.synapse.transport.certificatevalidation.CRLVerifierTest.java
License:Apache License
public X509Certificate generateFakePeerCert(BigInteger serialNumber, PublicKey entityKey, PrivateKey caKey, X509Certificate caCert, X509Certificate firstCertificate) throws Exception { Utils utils = new Utils(); X509V3CertificateGenerator certGen = utils.getUsableCertificateGenerator(caCert, entityKey, serialNumber); certGen.copyAndAddExtension(new DERObjectIdentifier(X509Extensions.CRLDistributionPoints.getId()), false, firstCertificate);//from w w w .j a v a 2 s . com return certGen.generateX509Certificate(caKey, "BC"); }
From source file:org.apache.synapse.transport.utils.sslcert.crl.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list.//from w w w . j av a 2s. co m */ private List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateVerificationException { //Gets the DER-encoded OCTET string for the extension value for CRLDistributionPoints byte[] crlDPExtensionValue = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (crlDPExtensionValue == null) throw new CertificateVerificationException("Certificate doesn't have CRL " + "distribution points"); //crlDPExtensionValue is encoded in ASN.1 format. ASN1InputStream asn1In = new ASN1InputStream(crlDPExtensionValue); // DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules defined in ITU-T X.690, // 2002, specification. ASN.1 encoding rules can be used to encode any data object into a // binary file. Read the object in octets. CRLDistPoint distPoint; try { DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject(); //Get Input stream in octets ASN1InputStream asn1InOctets = new ASN1InputStream(crlDEROctetString.getOctets()); ASN1Primitive asn1Primitive = asn1InOctets.readObject(); distPoint = CRLDistPoint.getInstance(asn1Primitive); } catch (IOException e) { throw new CertificateVerificationException("Cannot read certificate to get CRL urls", e); } List<String> crlUrls = new ArrayList<String>(); //Loop through ASN1Encodable DistributionPoints for (DistributionPoint dp : distPoint.getDistributionPoints()) { //get ASN1Encodable DistributionPointName DistributionPointName dpn = dp.getDistributionPoint(); if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { //Create ASN1Encodable General Names GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for a URI //todo: May be able to check for OCSP url specifically. for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { //DERIA5String contains an ascii string. //A IA5String is a restricted character string type in the ASN.1 notation String url = DERIA5String.getInstance(genName.getName()).getString().trim(); crlUrls.add(url); } } } } if (crlUrls.isEmpty()) { throw new CertificateVerificationException("Cant get CRL urls from certificate"); } return crlUrls; }
From source file:org.cesecore.certificates.crl.CrlCreateSessionCRLTest.java
License:Open Source License
/** * Tests the extension CRL Distribution Point on CRLs */// w w w .j a va 2 s . co m @Test public void testCRLDistPointOnCRL() throws Exception { final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; X509CAInfo cainfo = (X509CAInfo) testx509ca.getCAInfo(); X509CRL x509crl; byte[] cdpDER; cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); caSession.editCA(roleMgmgToken, cainfo); crlCreateSession.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); cdpDER = x509crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); assertNotNull("CRL has no distribution points", cdpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); IssuingDistributionPoint cdp = new IssuingDistributionPoint((ASN1Sequence) aIn.readObject()); DistributionPointName distpoint = cdp.getDistributionPoint(); assertEquals("CRL distribution point is different", cdpURL, ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(""); caSession.editCA(roleMgmgToken, cainfo); crlCreateSession.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); assertNull("CRL has distribution points", x509crl.getExtensionValue(X509Extensions.CRLDistributionPoints.getId())); }