List of usage examples for org.bouncycastle.cert X509AttributeCertificateHolder getIssuer
public AttributeCertificateIssuer getIssuer()
From source file:org.italiangrid.voms.asn1.VOMSACUtils.java
License:Apache License
/** * Deserializes the information in a VOMS attribute certificate. * //from w ww . ja v a2 s . co m * @param ac * a VOMS {@link AttributeCertificate} * @return a {@link VOMSAttribute} object which provides more convenient * access to the VOMS authorization information */ public static VOMSAttribute deserializeVOMSAttributes(AttributeCertificate ac) { VOMSAttributesImpl attrs = new VOMSAttributesImpl(); X509AttributeCertificateHolder acHolder = new X509AttributeCertificateHolder(ac); Attribute[] asn1Attrs = acHolder.getAttributes(VOMS_FQANS_OID); for (Attribute a : asn1Attrs) { DERObject theVOMSDerObject = a.getAttributeValues()[0].getDERObject(); IetfAttrSyntax attrSyntax = new IetfAttrSyntax(ASN1Sequence.getInstance(theVOMSDerObject)); String policyAuthority = policyAuthoritySanityChecks(attrSyntax); // The policy authority string has the following format: // <vo name>://<hostname>:<port> attrs.setVO(policyAuthority.substring(0, policyAuthority.indexOf(POLICY_AUTHORITY_SEP))); attrs.setHost(policyAuthority.substring(policyAuthority.indexOf(POLICY_AUTHORITY_SEP) + 3, policyAuthority.lastIndexOf(":"))); attrs.setPort(Integer.parseInt(policyAuthority.substring(policyAuthority.lastIndexOf(":") + 1))); attrs.setFQANs(deserializeFQANs(attrSyntax)); attrs.setNotBefore(acHolder.getNotBefore()); attrs.setNotAfter(acHolder.getNotAfter()); attrs.setSignature(acHolder.getSignature()); attrs.setGenericAttributes(deserializeGAs(acHolder)); attrs.setAACertificates(deserializeACCerts(acHolder)); attrs.setTargets(deserializeACTargets(acHolder)); attrs.setVOMSAC(acHolder); try { attrs.setIssuer(new X500Principal(acHolder.getIssuer().getNames()[0].getEncoded())); attrs.setHolder(new X500Principal(acHolder.getHolder().getIssuer()[0].getEncoded())); attrs.setHolderSerialNumber(acHolder.getHolder().getSerialNumber()); } catch (IOException e) { throw new VOMSError("Error parsing attribute certificate issuer or holder name: " + e.getMessage(), e); } } return attrs; }
From source file:org.xipki.pki.ocsp.client.shell.BaseOcspStatusCommandSupport.java
License:Open Source License
@Override protected final Object doExecute() throws Exception { if (StringUtil.isBlank(serialNumberList) && isEmpty(certFiles)) { throw new IllegalCmdParamException("Neither serialNumbers nor certFiles is set"); }// w w w. j a va 2s . co m X509Certificate issuerCert = X509Util.parseCert(issuerCertFile); Map<BigInteger, byte[]> encodedCerts = null; List<BigInteger> sns = new LinkedList<>(); if (isNotEmpty(certFiles)) { encodedCerts = new HashMap<>(certFiles.size()); String ocspUrl = null; X500Name issuerX500Name = null; if (isAttrCert) { issuerX500Name = X500Name.getInstance(issuerCert.getSubjectX500Principal().getEncoded()); } for (String certFile : certFiles) { BigInteger sn; List<String> ocspUrls; if (isAttrCert) { X509AttributeCertificateHolder cert = new X509AttributeCertificateHolder(IoUtil.read(certFile)); // no signature validation AttributeCertificateIssuer reqIssuer = cert.getIssuer(); if (reqIssuer != null && issuerX500Name != null) { X500Name reqIssuerName = reqIssuer.getNames()[0]; if (!issuerX500Name.equals(reqIssuerName)) { throw new IllegalCmdParamException( "certificate " + certFile + " is not issued by the given issuer"); } } ocspUrls = extractOcspUrls(cert); sn = cert.getSerialNumber(); } else { X509Certificate cert = X509Util.parseCert(certFile); if (!X509Util.issues(issuerCert, cert)) { throw new IllegalCmdParamException( "certificate " + certFile + " is not issued by the given issuer"); } ocspUrls = extractOcspUrls(cert); sn = cert.getSerialNumber(); } if (isBlank(serverUrl)) { if (CollectionUtil.isEmpty(ocspUrls)) { throw new IllegalCmdParamException("could not extract OCSP responder URL"); } else { String url = ocspUrls.get(0); if (ocspUrl != null && !ocspUrl.equals(url)) { throw new IllegalCmdParamException( "given certificates have different" + " OCSP responder URL in certificate"); } else { ocspUrl = url; } } } // end if sns.add(sn); byte[] encodedCert = IoUtil.read(certFile); encodedCerts.put(sn, encodedCert); } // end for if (isBlank(serverUrl)) { serverUrl = ocspUrl; } } else { StringTokenizer st = new StringTokenizer(serialNumberList, ", "); while (st.hasMoreTokens()) { String token = st.nextToken(); StringTokenizer st2 = new StringTokenizer(token, "-"); BigInteger from = toBigInt(st2.nextToken(), hex); BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : null; if (to == null) { sns.add(from); } else { BigIntegerRange range = new BigIntegerRange(from, to); if (range.getDiff().compareTo(BigInteger.valueOf(10)) > 0) { throw new IllegalCmdParamException("to many serial numbers"); } BigInteger sn = range.getFrom(); while (range.isInRange(sn)) { sns.add(sn); sn = sn.add(BigInteger.ONE); } } } } if (isBlank(serverUrl)) { throw new IllegalCmdParamException("could not get URL for the OCSP responder"); } X509Certificate respIssuer = null; if (respIssuerFile != null) { respIssuer = X509Util.parseCert(IoUtil.expandFilepath(respIssuerFile)); } URL serverUrlObj = new URL(serverUrl); RequestOptions options = getRequestOptions(); checkParameters(respIssuer, sns, encodedCerts); boolean saveReq = isNotBlank(reqout); boolean saveResp = isNotBlank(respout); RequestResponseDebug debug = null; if (saveReq || saveResp) { debug = new RequestResponseDebug(); } IssuerHash issuerHash = new IssuerHash(HashAlgoType.getNonNullHashAlgoType(options.getHashAlgorithmId()), Certificate.getInstance(issuerCert.getEncoded())); OCSPResp response; try { response = requestor.ask(issuerCert, sns.toArray(new BigInteger[0]), serverUrlObj, options, debug); } finally { if (debug != null && debug.size() > 0) { RequestResponsePair reqResp = debug.get(0); if (saveReq) { byte[] bytes = reqResp.getRequest(); if (bytes != null) { IoUtil.save(reqout, bytes); } } if (saveResp) { byte[] bytes = reqResp.getResponse(); if (bytes != null) { IoUtil.save(respout, bytes); } } } // end if } // end finally return processResponse(response, respIssuer, issuerHash, sns, encodedCerts); }