use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.
the class CertificateVerifier method downloadExtraCertificates.
/**
* Download extra certificates from the URI mentioned in id-ad-caIssuers in the "authority
* information access" extension. The method is lenient, i.e. catches all exceptions.
*
* @param ext an X509 object that can have extensions.
*
* @return a certificate set, never null.
* @throws ExecutionException
*/
public static Set<X509Certificate> downloadExtraCertificates(X509Extension ext) throws ExecutionException {
// https://tools.ietf.org/html/rfc2459#section-4.2.2.1
// https://tools.ietf.org/html/rfc3280#section-4.2.2.1
// https://tools.ietf.org/html/rfc4325
Set<X509Certificate> resultSet = new HashSet<X509Certificate>();
byte[] authorityExtensionValue = ext.getExtensionValue(Extension.authorityInfoAccess.getId());
if (authorityExtensionValue == null) {
return resultSet;
}
ASN1Primitive asn1Prim;
try {
asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
} catch (IOException ex) {
LOG.warn(ex.getMessage(), ex);
return resultSet;
}
if (!(asn1Prim instanceof ASN1Sequence)) {
LOG.warn("ASN1Sequence expected, got " + asn1Prim.getClass().getSimpleName());
return resultSet;
}
ASN1Sequence asn1Seq = (ASN1Sequence) asn1Prim;
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
if (!X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
continue;
}
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
ASN1OctetString uri = (ASN1OctetString) location.getObject();
String urlString = new String(uri.getOctets());
LOG.info("CA issuers URL: " + urlString);
Collection<? extends Certificate> altCerts = ISSUER_CERTS.get(urlString);
for (Certificate altCert : altCerts) {
resultSet.add((X509Certificate) altCert);
}
LOG.info("CA issuers URL: " + altCerts.size() + " certificate(s) downloaded");
}
LOG.info("CA issuers: Downloaded " + resultSet.size() + " certificate(s) total");
return resultSet;
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.
the class CertificateVerifier method extractOCSPURL.
/**
* Extract the OCSP URL from an X.509 certificate if available.
*
* @param cert X.509 certificate
* @return the URL of the OCSP validation service
* @throws IOException
*/
private static String extractOCSPURL(X509Certificate cert) throws IOException {
byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
if (authorityExtensionValue != null) {
// copied from CertInformationHelper.getAuthorityInfoExtensionValue()
// DRY refactor should be done some day
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
// accessLocation
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
ASN1OctetString url = (ASN1OctetString) location.getObject();
String ocspURL = new String(url.getOctets());
LOG.info("OCSP URL: " + ocspURL);
return ocspURL;
}
}
}
return null;
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.
the class CertInformationCollector method getAuthorityInfoExtensionValue.
static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
// accessLocation
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
ASN1OctetString url = (ASN1OctetString) location.getObject();
certInfo.setOcspUrl(new String(url.getOctets()));
} else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
ASN1OctetString uri = (ASN1OctetString) location.getObject();
certInfo.setIssuerUrl(new String(uri.getOctets()));
}
}
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project documentproduction by qld-gov-au.
the class TimeStampManager method signTimeStamp.
/**
* Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
*
* @param signer information about signer
* @return information about SignerInformation
* @throws IOException
*/
private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException {
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
ASN1EncodableVector vector = new ASN1EncodableVector();
if (unsignedAttributes != null) {
vector = unsignedAttributes.toASN1EncodableVector();
}
byte[] token = this.tsaClient.getTimeStampToken(signer.getSignature());
ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
vector.add(signatureTimeStamp);
Attributes signedAttributes = new Attributes(vector);
// replace unsignedAttributes with the signed once
return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
use of com.github.zhenwei.core.asn1.ASN1Encodable in project attestation by TokenScript.
the class URLUtility method decodeList.
/**
* @param url The part of the URL that contains encoding. I.e. it must be pruned for domainame and such
*/
public static List<byte[]> decodeList(String url) throws IOException {
List<byte[]> res = new ArrayList<>();
byte[] decodedData = decodeData(url);
ASN1InputStream input = new ASN1InputStream(decodedData);
ASN1Encodable[] asn1 = ASN1Sequence.getInstance(input.readObject()).toArray();
input.close();
for (ASN1Encodable current : asn1) {
res.add(ASN1OctetString.getInstance(current).getOctets());
}
return res;
}
Aggregations