List of usage examples for org.bouncycastle.asn1.x509 X509ObjectIdentifiers id_ad_ocsp
ASN1ObjectIdentifier id_ad_ocsp
To view the source code for org.bouncycastle.asn1.x509 X509ObjectIdentifiers id_ad_ocsp.
Click Source Link
From source file:org.xipki.ca.api.profile.x509.X509CertUtil.java
License:Open Source License
public static AuthorityInformationAccess createAuthorityInformationAccess(final List<String> caIssuerUris, final List<String> ocspUris) { if (CollectionUtil.isEmpty(ocspUris) && CollectionUtil.isEmpty(ocspUris)) { return null; }//from w w w. ja va 2 s . c o m List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size()); if (CollectionUtil.isNotEmpty(caIssuerUris)) { for (String uri : caIssuerUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn)); } } if (CollectionUtil.isNotEmpty(ocspUris)) { for (String uri : ocspUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn)); } } DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0])); return AuthorityInformationAccess.getInstance(seq); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionAuthorityInfoAccess(final StringBuilder failureMsg, final byte[] extensionValue, final X509IssuerInfo issuerInfo) { Set<String> eCaIssuerUris; if (aiaControl == null || aiaControl.includesCaIssuers()) { eCaIssuerUris = issuerInfo.getCaIssuerURLs(); } else {//from w ww . j a v a 2 s. com eCaIssuerUris = Collections.emptySet(); } Set<String> eOCSPUris; if (aiaControl == null || aiaControl.includesOcsp()) { eOCSPUris = issuerInfo.getOcspURLs(); } else { eOCSPUris = Collections.emptySet(); } if (CollectionUtil.isEmpty(eCaIssuerUris) && CollectionUtil.isEmpty(eOCSPUris)) { failureMsg.append("AIA is present but expected is 'none'"); failureMsg.append("; "); return; } AuthorityInformationAccess iAIA = AuthorityInformationAccess.getInstance(extensionValue); checkAIA(failureMsg, iAIA, X509ObjectIdentifiers.id_ad_caIssuers, eCaIssuerUris); checkAIA(failureMsg, iAIA, X509ObjectIdentifiers.id_ad_ocsp, eOCSPUris); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private static void checkAIA(final StringBuilder failureMsg, final AuthorityInformationAccess aia, final ASN1ObjectIdentifier accessMethod, final Set<String> expectedUris) { String typeDesc;// www. ja v a 2 s . c o m if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> iAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { iAccessDescriptions.add(accessDescription); } } int n = iAccessDescriptions.size(); if (n != expectedUris.size()) { failureMsg.append("number of AIA " + typeDesc + " URIs is '").append(n); failureMsg.append("' but expected is '").append(expectedUris.size()).append("'"); failureMsg.append("; "); return; } Set<String> iUris = new HashSet<>(); for (int i = 0; i < n; i++) { GeneralName iAccessLocation = iAccessDescriptions.get(i).getAccessLocation(); if (iAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { failureMsg.append("tag of accessLocation of AIA " + typeDesc + " is '") .append(iAccessLocation.getTagNo()); failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier).append("'"); failureMsg.append("; "); } else { String iOCSPUri = ((ASN1String) iAccessLocation.getName()).getString(); iUris.add(iOCSPUri); } } Set<String> diffs = str_in_b_not_in_a(expectedUris, iUris); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(iUris, expectedUris); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are absent but are required"); failureMsg.append("; "); } }
From source file:org.xipki.common.util.X509Util.java
License:Open Source License
public static List<String> extractOCSPUrls(final X509Certificate cert) throws CertificateEncodingException { byte[] extValue = getCoreExtValue(cert, Extension.authorityInfoAccess); if (extValue == null) { return Collections.emptyList(); }/*www . j a v a 2 s .c om*/ AuthorityInformationAccess iAIA = AuthorityInformationAccess.getInstance(extValue); AccessDescription[] iAccessDescriptions = iAIA.getAccessDescriptions(); List<AccessDescription> iOCSPAccessDescriptions = new LinkedList<>(); for (AccessDescription iAccessDescription : iAccessDescriptions) { if (iAccessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) { iOCSPAccessDescriptions.add(iAccessDescription); } } int n = iOCSPAccessDescriptions.size(); List<String> OCSPUris = new ArrayList<>(n); for (int i = 0; i < n; i++) { GeneralName iAccessLocation = iOCSPAccessDescriptions.get(i).getAccessLocation(); if (iAccessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) { String iOCSPUri = ((ASN1String) iAccessLocation.getName()).getString(); OCSPUris.add(iOCSPUri); } } return OCSPUris; }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionAuthorityInfoAccess(final StringBuilder failureMsg, final byte[] extensionValue, final X509IssuerInfo issuerInfo) { AuthorityInfoAccessControl aiaControl = certProfile.getAiaControl(); Set<String> expCaIssuerUris = (aiaControl == null || aiaControl.includesCaIssuers()) ? issuerInfo.getCaIssuerUrls() : Collections.emptySet(); Set<String> expOcspUris = (aiaControl == null || aiaControl.includesOcsp()) ? issuerInfo.getOcspUrls() : Collections.emptySet(); if (CollectionUtil.isEmpty(expCaIssuerUris) && CollectionUtil.isEmpty(expOcspUris)) { failureMsg.append("AIA is present but expected is 'none'; "); return;//from ww w . j a v a2 s .co m } AuthorityInformationAccess isAia = AuthorityInformationAccess.getInstance(extensionValue); checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_caIssuers, expCaIssuerUris); checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_ocsp, expOcspUris); }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private static void checkAia(final StringBuilder failureMsg, final AuthorityInformationAccess aia, final ASN1ObjectIdentifier accessMethod, final Set<String> expectedUris) { String typeDesc;//from w w w. j av a 2s . c om if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> isAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { isAccessDescriptions.add(accessDescription); } } int size = isAccessDescriptions.size(); if (size != expectedUris.size()) { addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size()); return; } Set<String> isUris = new HashSet<>(); for (int i = 0; i < size; i++) { GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation(); if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { addViolation(failureMsg, "tag of accessLocation of AIA ", isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier); } else { String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString(); isUris.add(isOcspUri); } } Set<String> diffs = strInBnotInA(expectedUris, isUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are present but not expected; "); } diffs = strInBnotInA(isUris, expectedUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are absent but are required; "); } }
From source file:org.xipki.pki.ca.server.impl.util.CaUtil.java
License:Open Source License
public static AuthorityInformationAccess createAuthorityInformationAccess(final List<String> caIssuerUris, final List<String> ocspUris) { if (CollectionUtil.isEmpty(caIssuerUris) && CollectionUtil.isEmpty(ocspUris)) { throw new IllegalArgumentException("caIssuerUris and ospUris must not be both empty"); }//from ww w .ja v a 2 s .co m List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size()); if (CollectionUtil.isNonEmpty(caIssuerUris)) { for (String uri : caIssuerUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn)); } } if (CollectionUtil.isNonEmpty(ocspUris)) { for (String uri : ocspUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn)); } } DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0])); return AuthorityInformationAccess.getInstance(seq); }
From source file:org.xipki.pki.ocsp.client.shell.BaseOcspStatusCommandSupport.java
License:Open Source License
public static List<String> extractOcspUrls(final AuthorityInformationAccess aia) throws CertificateEncodingException { AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); List<AccessDescription> ocspAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : accessDescriptions) { if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) { ocspAccessDescriptions.add(accessDescription); }/*from w ww . java2s . co m*/ } final int n = ocspAccessDescriptions.size(); List<String> ocspUris = new ArrayList<>(n); for (int i = 0; i < n; i++) { GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation(); if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) { String ocspUri = ((ASN1String) accessLocation.getName()).getString(); ocspUris.add(ocspUri); } } return ocspUris; }