Examples with AccessDescription - com.github.zhenwei.core.asn1.x509.AccessDescription

Example 16 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project ddf by codice.

the class OcspChecker method getOcspUrlsFromCert.

/**
 * Attempts to grab additional OCSP server urls off of the given {@param cert}.
 *
 * @param - the {@link X509Certificate} to check.
 * @return {@link List} of additional OCSP server urls found on the given {@param cert}.
 */
private List<URI> getOcspUrlsFromCert(X509Certificate cert) {
    List<URI> ocspUrls = new ArrayList<>();
    try {
        byte[] authorityInfoAccess = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (authorityInfoAccess == null) {
            return ocspUrls;
        }
        AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(X509ExtensionUtil.fromExtensionValue(authorityInfoAccess));
        if (authorityInformationAccess == null) {
            return ocspUrls;
        }
        for (AccessDescription description : authorityInformationAccess.getAccessDescriptions()) {
            GeneralName accessLocation = description.getAccessLocation();
            if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier)
                try {
                    ocspUrls.add(new URI(((DERIA5String) accessLocation.getName()).getString()));
                } catch (URISyntaxException e) {
                    LOGGER.debug("Location is not a URI.", e);
                }
        }
    } catch (IOException e) {
        LOGGER.debug("Problem retrieving the OCSP server url(s) from the certificate." + CONTINUING_MSG, e);
    }
    return ocspUrls;
}

Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) URI(java.net.URI)

Example 17 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project pri-fidoiot by secure-device-onboard.

the class OnDieCertSignatureFunction method getIssuingCertificate.

private String getIssuingCertificate(Certificate cert) throws IllegalArgumentException, IOException, CertificateEncodingException {
    X509CertificateHolder certholder = new X509CertificateHolder(cert.getEncoded());
    AuthorityInformationAccess aia = AuthorityInformationAccess.fromExtensions(certholder.getExtensions());
    if (aia == null) {
        throw new IllegalArgumentException("AuthorityInformationAccess Extension missing from device certificate.");
    }
    AccessDescription[] descs = aia.getAccessDescriptions();
    if (descs.length != 1) {
        throw new IllegalArgumentException("Too many descriptions in AIA certificate extension: " + descs.length);
    }
    return descs[0].getAccessLocation().getName().toString();
}

Example 18 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project LinLong-Java by zhenwei1108.

the class AccessDescription method toASN1Primitive.

public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector accessDescription = new ASN1EncodableVector(2);
    accessDescription.add(accessMethod);
    accessDescription.add(accessLocation);
    return new DERSequence(accessDescription);
}

Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Example 19 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project LinLong-Java by zhenwei1108.

the class PKIXCertPathReviewer method getOCSPUrls.

protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess) {
    Vector urls = new Vector();
    if (authInfoAccess != null) {
        AccessDescription[] ads = authInfoAccess.getAccessDescriptions();
        for (int i = 0; i < ads.length; i++) {
            if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                GeneralName name = ads[i].getAccessLocation();
                if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    String url = ((ASN1IA5String) name.getName()).getString();
                    urls.add(url);
                }
            }
        }
    }
    return urls;
}

Also used : AccessDescription(com.github.zhenwei.core.asn1.x509.AccessDescription) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) LocaleString(com.github.zhenwei.core.i18n.LocaleString) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) Vector(java.util.Vector) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)

Example 20 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project module-ballerina-http by ballerina-platform.

the class OCSPVerifier method getAIALocations.

/**
 * Authority Information Access (AIA) is a non-critical extension in an X509 Certificate. This contains the
 * URL of the OCSP endpoint if one is available.
 *
 * @param cert is the certificate
 * @return a lit of URLs in AIA extension of the certificate which will hopefully contain an OCSP endpoint.
 * @throws CertificateVerificationException if any error occurs while retrieving authority access points from the
 * certificate.
 */
public static List<String> getAIALocations(X509Certificate cert) throws CertificateVerificationException {
    // Gets the DER-encoded OCTET string for the extension value for Authority information access points.
    byte[] aiaExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (aiaExtensionValue == null) {
        throw new CertificateVerificationException("Certificate doesn't have Authority Information Access points");
    }
    AuthorityInformationAccess authorityInformationAccess;
    ASN1InputStream asn1InputStream = null;
    try {
        DEROctetString oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(aiaExtensionValue)).readObject());
        asn1InputStream = new ASN1InputStream(oct.getOctets());
        authorityInformationAccess = AuthorityInformationAccess.getInstance(asn1InputStream.readObject());
    } catch (IOException e) {
        throw new CertificateVerificationException("Cannot read certificate to get OSCP urls", e);
    } finally {
        try {
            if (asn1InputStream != null) {
                asn1InputStream.close();
            }
        } catch (IOException e) {
            LOG.error("Cannot close ASN1InputStream", e);
        }
    }
    List<String> ocspUrlList = new ArrayList<>();
    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        GeneralName gn = accessDescription.getAccessLocation();
        if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) {
            DERIA5String str = DERIA5String.getInstance(gn.getName());
            String accessLocation = str.getString();
            ocspUrlList.add(accessLocation);
        }
    }
    if (ocspUrlList.isEmpty()) {
        throw new CertificateVerificationException("Cannot get OCSP urls from certificate");
    }
    return ocspUrlList;
}

Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ArrayList(java.util.ArrayList) IOException(java.io.IOException) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) CertificateVerificationException(io.ballerina.stdlib.http.transport.contractimpl.common.certificatevalidation.CertificateVerificationException) ByteArrayInputStream(java.io.ByteArrayInputStream) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Aggregations

AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)30 AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)16 GeneralName (org.bouncycastle.asn1.x509.GeneralName)15 IOException (java.io.IOException)8 DERIA5String (org.bouncycastle.asn1.DERIA5String)8 ArrayList (java.util.ArrayList)7 DEROctetString (org.bouncycastle.asn1.DEROctetString)6 AccessDescription (sun.security.x509.AccessDescription)6 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)5 X509Certificate (java.security.cert.X509Certificate)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)4 CertStore (java.security.cert.CertStore)3 CertStoreException (java.security.cert.CertStoreException)3 ASN1String (org.bouncycastle.asn1.ASN1String)3 DERSequence (org.bouncycastle.asn1.DERSequence)3 AccessDescription (com.github.zhenwei.core.asn1.x509.AccessDescription)2 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)2