List of usage examples for org.bouncycastle.i18n.filter UntrustedUrlInput UntrustedUrlInput
public UntrustedUrlInput(Object url)
From source file:dk.itst.oiosaml.sp.metadata.CRLChecker.java
License:Mozilla Public License
/** * Gets an URL to use when performing an OCSP validation of a certificate. * // w w w . ja va 2s .c o m * @param conf * @param entityId * @param certificate * @return the URL to use. * @see <a href="http://oid-info.com/get/1.3.6.1.5.5.7.48.1">http://oid-info.com/get/1.3.6.1.5.5.7.48.1</a> */ private String getOCSPUrl(Configuration conf, String entityId, X509Certificate certificate) { String url = conf.getString(Constants.PROP_OCSP_RESPONDER); if (url != null) { return url; } log.debug("No OCSP configured for " + entityId + " attempting to extract OCSP location from certificate " + certificate.getSubjectDN()); AuthorityInformationAccess authInfoAcc = null; ASN1InputStream aIn = null; try { byte[] bytes = certificate.getExtensionValue(AUTH_INFO_ACCESS); aIn = new ASN1InputStream(bytes); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(octs.getOctets()); ASN1Primitive auth_info_acc = aIn.readObject(); if (auth_info_acc != null) { authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc); } } catch (Exception e) { log.debug("Cannot extract access location of OCSP responder.", e); return null; } finally { if (aIn != null) { try { aIn.close(); } catch (IOException e) { } } } List<String> ocspUrls = getOCSPUrls(authInfoAcc); Iterator<String> urlIt = ocspUrls.iterator(); while (urlIt.hasNext()) { // Just return the first URL Object ocspUrl = new UntrustedUrlInput(urlIt.next()); url = ocspUrl.toString(); } return url; }