Search in sources :

Example 21 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project jdk8u_jdk by JetBrains.

the class OCSP method getResponderURI.

static URI getResponderURI(X509CertImpl certImpl) {
    // Examine the certificate's AuthorityInfoAccess extension
    AuthorityInfoAccessExtension aia = certImpl.getAuthorityInfoAccessExtension();
    if (aia == null) {
        return null;
    }
    List<AccessDescription> descriptions = aia.getAccessDescriptions();
    for (AccessDescription description : descriptions) {
        if (description.getAccessMethod().equals(AccessDescription.Ad_OCSP_Id)) {
            GeneralName generalName = description.getAccessLocation();
            if (generalName.getType() == GeneralNameInterface.NAME_URI) {
                URIName uri = (URIName) generalName.getName();
                return uri.getURI();
            }
        }
    }
    return null;
}
Also used : AuthorityInfoAccessExtension(sun.security.x509.AuthorityInfoAccessExtension) AccessDescription(sun.security.x509.AccessDescription) GeneralName(sun.security.x509.GeneralName) URIName(sun.security.x509.URIName)

Example 22 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project oxAuth by GluuFederation.

the class OCSPCertificateVerifier method getOCSPUrl.

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
    } catch (IOException ex) {
        log.error("Failed to get OCSP URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
        if (!correctAccessMethod) {
            continue;
        }
        GeneralName name = accessDescription.getAccessLocation();
        if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
            continue;
        }
        DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
        return derStr.getString();
    }
    return null;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERIA5String(org.bouncycastle.asn1.DERIA5String) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) IOException(java.io.IOException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 23 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project nhin-d by DirectProject.

the class AuthorityInfoAccessExtentionField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    final DERObject exValue = getExtensionValue(value);
    if (exValue == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            final Collection<String> coll = Collections.emptyList();
            this.policyValue = PolicyValueFactory.getInstance(coll);
            return;
        }
    }
    final AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(exValue);
    final Collection<String> retVal = new ArrayList<String>();
    for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
        final String accessMethod = AuthorityInfoAccessMethodIdentifier.fromId(accessDescription.getAccessMethod().toString()).getName();
        retVal.add(accessMethod + ":" + accessDescription.getAccessLocation().getName().toString());
    }
    if (retVal.isEmpty() && isRequired())
        throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
    this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERObject(org.bouncycastle.asn1.DERObject) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ArrayList(java.util.ArrayList)

Example 24 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project xipki by xipki.

the class CaUtil method createAuthorityInformationAccess.

public static AuthorityInformationAccess createAuthorityInformationAccess(List<String> caIssuerUris, List<String> ocspUris) {
    if (CollectionUtil.isEmpty(caIssuerUris) && CollectionUtil.isEmpty(ocspUris)) {
        throw new IllegalArgumentException("caIssuerUris and ospUris must not be both empty");
    }
    List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size());
    if (CollectionUtil.isNonEmpty(caIssuerUris)) {
        for (String uri : caIssuerUris) {
            GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
            accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn));
        }
    }
    if (CollectionUtil.isNonEmpty(ocspUris)) {
        for (String uri : ocspUris) {
            GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
            accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn));
        }
    }
    DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0]));
    return AuthorityInformationAccess.getInstance(seq);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ArrayList(java.util.ArrayList) ASN1String(org.bouncycastle.asn1.ASN1String) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 25 with AccessDescription

use of com.github.zhenwei.core.asn1.x509.AccessDescription in project xipki by xipki.

the class IdentifiedX509Certprofile method createSubjectInfoAccess.

// method addRequestedExtKeyusage
private static ASN1Sequence createSubjectInfoAccess(Extensions requestedExtensions, Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException {
    if (modes == null) {
        return null;
    }
    ASN1Encodable extValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess);
    if (extValue == null) {
        return null;
    }
    ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue);
    int size = reqSeq.size();
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (int i = 0; i < size; i++) {
        AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i));
        ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
        Set<GeneralNameMode> generalNameModes = modes.get(accessMethod);
        if (generalNameModes == null) {
            throw new BadCertTemplateException("subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed");
        }
        GeneralName accessLocation = X509CertprofileUtil.createGeneralName(ad.getAccessLocation(), generalNameModes);
        vec.add(new AccessDescription(accessMethod, accessLocation));
    }
    return vec.size() > 0 ? new DERSequence(vec) : null;
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)30 AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)16 GeneralName (org.bouncycastle.asn1.x509.GeneralName)15 IOException (java.io.IOException)8 DERIA5String (org.bouncycastle.asn1.DERIA5String)8 ArrayList (java.util.ArrayList)7 DEROctetString (org.bouncycastle.asn1.DEROctetString)6 AccessDescription (sun.security.x509.AccessDescription)6 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)5 X509Certificate (java.security.cert.X509Certificate)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)4 CertStore (java.security.cert.CertStore)3 CertStoreException (java.security.cert.CertStoreException)3 ASN1String (org.bouncycastle.asn1.ASN1String)3 DERSequence (org.bouncycastle.asn1.DERSequence)3 AccessDescription (com.github.zhenwei.core.asn1.x509.AccessDescription)2 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)2