use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project OpenUnison by TremoloSecurity.
the class X509ExtensionParsingUtil method extractTaggedObjects.
/**
* Returns a {@link HashMap} whose keys represent the tags and whose values represent the values
* of a {@link DLSequence}.
*/
public static HashMap<Integer, ASN1Primitive> extractTaggedObjects(ASN1Sequence asn1Sequence) throws CertificateParsingException {
HashMap<Integer, ASN1Primitive> taggedObjects = new HashMap<Integer, ASN1Primitive>();
for (ASN1Encodable asn1EncodablePurpose : asn1Sequence.toArray()) {
if (asn1EncodablePurpose == null || !(asn1EncodablePurpose instanceof ASN1TaggedObject)) {
throw new CertificateParsingException("Expected DERTagged object");
}
ASN1TaggedObject asn1TaggedObject = (ASN1TaggedObject) asn1EncodablePurpose;
taggedObjects.put(Integer.valueOf(asn1TaggedObject.getTagNo()), asn1TaggedObject.getObject());
}
return taggedObjects;
}
use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project OpenUnison by TremoloSecurity.
the class UpnExtractor method loadNTPrincipal.
private String loadNTPrincipal(X509Certificate[] certs) throws CertificateParsingException, IOException {
X509Certificate cert = certs[0];
Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
if (subjectAlternativeNames != null && !subjectAlternativeNames.isEmpty()) {
for (List<?> subjectAltName : subjectAlternativeNames) {
if (((Integer) subjectAltName.get(0)) == GeneralName.otherName) {
ASN1InputStream asn1Input = new ASN1InputStream((byte[]) subjectAltName.get(1));
ASN1Primitive derObject = asn1Input.readObject();
DLSequence seq = (DLSequence) derObject;
ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
if (id.getId().equals("1.3.6.1.4.1.311.20.2.3")) {
ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
DERUTF8String str = null;
while (str == null) {
if (obj.getObject() instanceof DERTaggedObject) {
obj = (ASN1TaggedObject) obj.getObject();
} else if (obj.getObject() instanceof DERUTF8String) {
str = (DERUTF8String) obj.getObject();
} else {
asn1Input.close();
return null;
}
}
asn1Input.close();
return str.getString();
}
}
}
}
return null;
}
use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project documentproduction by qld-gov-au.
the class CertificateVerifier method downloadExtraCertificates.
/**
* Download extra certificates from the URI mentioned in id-ad-caIssuers in the "authority
* information access" extension. The method is lenient, i.e. catches all exceptions.
*
* @param ext an X509 object that can have extensions.
*
* @return a certificate set, never null.
* @throws ExecutionException
*/
public static Set<X509Certificate> downloadExtraCertificates(X509Extension ext) throws ExecutionException {
// https://tools.ietf.org/html/rfc2459#section-4.2.2.1
// https://tools.ietf.org/html/rfc3280#section-4.2.2.1
// https://tools.ietf.org/html/rfc4325
Set<X509Certificate> resultSet = new HashSet<X509Certificate>();
byte[] authorityExtensionValue = ext.getExtensionValue(Extension.authorityInfoAccess.getId());
if (authorityExtensionValue == null) {
return resultSet;
}
ASN1Primitive asn1Prim;
try {
asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
} catch (IOException ex) {
LOG.warn(ex.getMessage(), ex);
return resultSet;
}
if (!(asn1Prim instanceof ASN1Sequence)) {
LOG.warn("ASN1Sequence expected, got " + asn1Prim.getClass().getSimpleName());
return resultSet;
}
ASN1Sequence asn1Seq = (ASN1Sequence) asn1Prim;
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
if (!X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
continue;
}
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
ASN1OctetString uri = (ASN1OctetString) location.getObject();
String urlString = new String(uri.getOctets());
LOG.info("CA issuers URL: " + urlString);
Collection<? extends Certificate> altCerts = ISSUER_CERTS.get(urlString);
for (Certificate altCert : altCerts) {
resultSet.add((X509Certificate) altCert);
}
LOG.info("CA issuers URL: " + altCerts.size() + " certificate(s) downloaded");
}
LOG.info("CA issuers: Downloaded " + resultSet.size() + " certificate(s) total");
return resultSet;
}
use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project documentproduction by qld-gov-au.
the class CertificateVerifier method extractOCSPURL.
/**
* Extract the OCSP URL from an X.509 certificate if available.
*
* @param cert X.509 certificate
* @return the URL of the OCSP validation service
* @throws IOException
*/
private static String extractOCSPURL(X509Certificate cert) throws IOException {
byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
if (authorityExtensionValue != null) {
// copied from CertInformationHelper.getAuthorityInfoExtensionValue()
// DRY refactor should be done some day
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
// accessLocation
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
ASN1OctetString url = (ASN1OctetString) location.getObject();
String ocspURL = new String(url.getOctets());
LOG.info("OCSP URL: " + ocspURL);
return ocspURL;
}
}
}
return null;
}
use of com.github.zhenwei.core.asn1.ASN1TaggedObject in project documentproduction by qld-gov-au.
the class CertInformationCollector method getAuthorityInfoExtensionValue.
static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1Encodable oid = obj.getObjectAt(0);
// accessLocation
ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
ASN1OctetString url = (ASN1OctetString) location.getObject();
certInfo.setOcspUrl(new String(url.getOctets()));
} else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
ASN1OctetString uri = (ASN1OctetString) location.getObject();
certInfo.setIssuerUrl(new String(uri.getOctets()));
}
}
}
Aggregations