List of usage examples for org.bouncycastle.asn1.x509 X509ObjectIdentifiers id_ad_caIssuers
ASN1ObjectIdentifier id_ad_caIssuers
To view the source code for org.bouncycastle.asn1.x509 X509ObjectIdentifiers id_ad_caIssuers.
Click Source Link
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
/** * This method loads the issuer certificate from the given location (AIA). The certificate must be DER-encoded and may be supplied in binary or * printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN * CERTIFICATE-----, and must be bounded at the end by -----END CERTIFICATE-----. It throws an * {@code DSSException} or return {@code null} when the certificate cannot be loaded. * * @param cert certificate for which the issuer should be loaded * @param loader the loader to use//ww w . ja va 2s . co m * @return */ public static X509Certificate loadIssuerCertificate(final X509Certificate cert, final DataLoader loader) { final String url = getAccessLocation(cert, X509ObjectIdentifiers.id_ad_caIssuers); if (url == null) { LOG.info("There is no AIA extension for certificate download."); return null; } LOG.debug("Loading certificate from {}", url); if (loader == null) { throw new DSSNullException(DataLoader.class); } byte[] bytes = loader.get(url); if (bytes == null || bytes.length <= 0) { LOG.error("Unable to read data from {}.", url); return null; } final X509Certificate issuerCert = loadCertificate(bytes); if (issuerCert == null) { LOG.error("Unable to read data from {}.", url); return null; } if (!cert.getIssuerX500Principal().equals(issuerCert.getSubjectX500Principal())) { LOG.info("There is AIA extension, but the issuer subject name and subject name does not match."); LOG.info("CERT ISSUER : " + cert.getIssuerX500Principal().toString()); LOG.info("ISSUER SUBJECT : " + issuerCert.getSubjectX500Principal().toString()); // return null; } return issuerCert; }
From source file:eu.europa.ec.markt.dss.validation.certificate.AIACertificateSource.java
License:Open Source License
@Override public List<CertificateAndContext> getCertificateBySubjectName(X500Principal subjectName) { List<CertificateAndContext> list = new ArrayList<CertificateAndContext>(); try {//from w w w . ja va 2 s. c om String url = getAccessLocation(certificate, X509ObjectIdentifiers.id_ad_caIssuers); if (url != null) { CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) factory.generateCertificate(httpDataLoader.get(url)); if (cert.getSubjectX500Principal().equals(subjectName)) { list.add(new CertificateAndContext()); } } } catch (CannotFetchDataException e) { return Collections.emptyList(); } catch (CertificateException e) { return Collections.emptyList(); } return list; }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static List<String> getAccessLocations(final CertificateToken certificate) { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }//w ww .ja v a 2 s . c o m // Parse the extension ASN1Sequence asn1Sequence = null; try { asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue); } catch (DSSException e) { return null; } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(asn1Sequence); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); List<String> locationsUrls = new ArrayList<String>(); for (AccessDescription accessDescription : accessDescriptions) { if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessDescription.getAccessMethod())) { GeneralName gn = accessDescription.getAccessLocation(); if (GeneralName.uniformResourceIdentifier == gn.getTagNo()) { DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); locationsUrls.add(str.getString()); } } } return locationsUrls; }
From source file:it.zero11.acme.utils.X509Utils.java
License:Apache License
public static String getCACertificateURL(X509Certificate certificate) throws IOException { byte[] bOctets = ((ASN1OctetString) ASN1Primitive .fromByteArray(certificate.getExtensionValue(Extension.authorityInfoAccess.getId()))).getOctets(); AuthorityInformationAccess access = AuthorityInformationAccess .getInstance(ASN1Sequence.fromByteArray(bOctets)); for (AccessDescription ad : access.getAccessDescriptions()) { if (ad.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)) { return ad.getAccessLocation().getName().toString(); }//from w w w. java 2 s. c o m } return null; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * This utility method extracts the Authority Information Access Extention's URLs * /* w w w.j av a 2s .c o m*/ * @param crl a CRL to parse * @return the Authority Information Access Extention's URLs, or an empty Collection if none were found */ public static Collection<String> getAuthorityInformationAccess(CRL crl) { Collection<String> result = new ArrayList<String>(); if (crl instanceof X509CRL) { X509CRL x509crl = (X509CRL) crl; ASN1Primitive derObject = getExtensionValue(x509crl, Extension.authorityInfoAccess.getId()); if (derObject != null) { AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(derObject); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); if ((accessDescriptions != null) && (accessDescriptions.length > 0)) { for (AccessDescription accessDescription : accessDescriptions) { if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)) { GeneralName generalName = accessDescription.getAccessLocation(); if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) { // Due to bug in java getting some ASN.1 objects, it can be tagged an extra time... ASN1Primitive obj = generalName.toASN1Primitive(); if (obj instanceof ASN1TaggedObject) { obj = ASN1TaggedObject.getInstance(obj).getObject(); } final DERIA5String deria5String = DERIA5String.getInstance(obj); result.add(deria5String.getString()); } } } } } } return result; }
From source file:org.xipki.ca.api.profile.x509.X509CertUtil.java
License:Open Source License
public static AuthorityInformationAccess createAuthorityInformationAccess(final List<String> caIssuerUris, final List<String> ocspUris) { if (CollectionUtil.isEmpty(ocspUris) && CollectionUtil.isEmpty(ocspUris)) { return null; }/* www . j a va2s . c om*/ List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size()); if (CollectionUtil.isNotEmpty(caIssuerUris)) { for (String uri : caIssuerUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn)); } } if (CollectionUtil.isNotEmpty(ocspUris)) { for (String uri : ocspUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn)); } } DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0])); return AuthorityInformationAccess.getInstance(seq); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionAuthorityInfoAccess(final StringBuilder failureMsg, final byte[] extensionValue, final X509IssuerInfo issuerInfo) { Set<String> eCaIssuerUris; if (aiaControl == null || aiaControl.includesCaIssuers()) { eCaIssuerUris = issuerInfo.getCaIssuerURLs(); } else {//from www . j a v a 2s . c o m eCaIssuerUris = Collections.emptySet(); } Set<String> eOCSPUris; if (aiaControl == null || aiaControl.includesOcsp()) { eOCSPUris = issuerInfo.getOcspURLs(); } else { eOCSPUris = Collections.emptySet(); } if (CollectionUtil.isEmpty(eCaIssuerUris) && CollectionUtil.isEmpty(eOCSPUris)) { failureMsg.append("AIA is present but expected is 'none'"); failureMsg.append("; "); return; } AuthorityInformationAccess iAIA = AuthorityInformationAccess.getInstance(extensionValue); checkAIA(failureMsg, iAIA, X509ObjectIdentifiers.id_ad_caIssuers, eCaIssuerUris); checkAIA(failureMsg, iAIA, X509ObjectIdentifiers.id_ad_ocsp, eOCSPUris); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private static void checkAIA(final StringBuilder failureMsg, final AuthorityInformationAccess aia, final ASN1ObjectIdentifier accessMethod, final Set<String> expectedUris) { String typeDesc;// www .ja v a 2 s.co m if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> iAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { iAccessDescriptions.add(accessDescription); } } int n = iAccessDescriptions.size(); if (n != expectedUris.size()) { failureMsg.append("number of AIA " + typeDesc + " URIs is '").append(n); failureMsg.append("' but expected is '").append(expectedUris.size()).append("'"); failureMsg.append("; "); return; } Set<String> iUris = new HashSet<>(); for (int i = 0; i < n; i++) { GeneralName iAccessLocation = iAccessDescriptions.get(i).getAccessLocation(); if (iAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { failureMsg.append("tag of accessLocation of AIA " + typeDesc + " is '") .append(iAccessLocation.getTagNo()); failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier).append("'"); failureMsg.append("; "); } else { String iOCSPUri = ((ASN1String) iAccessLocation.getName()).getString(); iUris.add(iOCSPUri); } } Set<String> diffs = str_in_b_not_in_a(expectedUris, iUris); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(iUris, expectedUris); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are absent but are required"); failureMsg.append("; "); } }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionAuthorityInfoAccess(final StringBuilder failureMsg, final byte[] extensionValue, final X509IssuerInfo issuerInfo) { AuthorityInfoAccessControl aiaControl = certProfile.getAiaControl(); Set<String> expCaIssuerUris = (aiaControl == null || aiaControl.includesCaIssuers()) ? issuerInfo.getCaIssuerUrls() : Collections.emptySet(); Set<String> expOcspUris = (aiaControl == null || aiaControl.includesOcsp()) ? issuerInfo.getOcspUrls() : Collections.emptySet(); if (CollectionUtil.isEmpty(expCaIssuerUris) && CollectionUtil.isEmpty(expOcspUris)) { failureMsg.append("AIA is present but expected is 'none'; "); return;/*w w w. jav a2s . c o m*/ } AuthorityInformationAccess isAia = AuthorityInformationAccess.getInstance(extensionValue); checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_caIssuers, expCaIssuerUris); checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_ocsp, expOcspUris); }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private static void checkAia(final StringBuilder failureMsg, final AuthorityInformationAccess aia, final ASN1ObjectIdentifier accessMethod, final Set<String> expectedUris) { String typeDesc;//from w w w. j a v a 2 s .co m if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> isAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { isAccessDescriptions.add(accessDescription); } } int size = isAccessDescriptions.size(); if (size != expectedUris.size()) { addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size()); return; } Set<String> isUris = new HashSet<>(); for (int i = 0; i < size; i++) { GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation(); if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { addViolation(failureMsg, "tag of accessLocation of AIA ", isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier); } else { String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString(); isUris.add(isOcspUri); } } Set<String> diffs = strInBnotInA(expectedUris, isUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are present but not expected; "); } diffs = strInBnotInA(isUris, expectedUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are absent but are required; "); } }