use of com.github.zhenwei.core.asn1.x509.AccessDescription in project jdk8u_jdk by JetBrains.
the class OCSP method getResponderURI.
static URI getResponderURI(X509CertImpl certImpl) {
// Examine the certificate's AuthorityInfoAccess extension
AuthorityInfoAccessExtension aia = certImpl.getAuthorityInfoAccessExtension();
if (aia == null) {
return null;
}
List<AccessDescription> descriptions = aia.getAccessDescriptions();
for (AccessDescription description : descriptions) {
if (description.getAccessMethod().equals(AccessDescription.Ad_OCSP_Id)) {
GeneralName generalName = description.getAccessLocation();
if (generalName.getType() == GeneralNameInterface.NAME_URI) {
URIName uri = (URIName) generalName.getName();
return uri.getURI();
}
}
}
return null;
}
use of com.github.zhenwei.core.asn1.x509.AccessDescription in project oxAuth by GluuFederation.
the class OCSPCertificateVerifier method getOCSPUrl.
@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
} catch (IOException ex) {
log.error("Failed to get OCSP URL", ex);
return null;
}
if (obj == null) {
return null;
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
for (AccessDescription accessDescription : accessDescriptions) {
boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
if (!correctAccessMethod) {
continue;
}
GeneralName name = accessDescription.getAccessLocation();
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
return null;
}
use of com.github.zhenwei.core.asn1.x509.AccessDescription in project nhin-d by DirectProject.
the class AuthorityInfoAccessExtentionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
final Collection<String> coll = Collections.emptyList();
this.policyValue = PolicyValueFactory.getInstance(coll);
return;
}
}
final AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(exValue);
final Collection<String> retVal = new ArrayList<String>();
for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
final String accessMethod = AuthorityInfoAccessMethodIdentifier.fromId(accessDescription.getAccessMethod().toString()).getName();
retVal.add(accessMethod + ":" + accessDescription.getAccessLocation().getName().toString());
}
if (retVal.isEmpty() && isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
use of com.github.zhenwei.core.asn1.x509.AccessDescription in project xipki by xipki.
the class CaUtil method createAuthorityInformationAccess.
public static AuthorityInformationAccess createAuthorityInformationAccess(List<String> caIssuerUris, List<String> ocspUris) {
if (CollectionUtil.isEmpty(caIssuerUris) && CollectionUtil.isEmpty(ocspUris)) {
throw new IllegalArgumentException("caIssuerUris and ospUris must not be both empty");
}
List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size());
if (CollectionUtil.isNonEmpty(caIssuerUris)) {
for (String uri : caIssuerUris) {
GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn));
}
}
if (CollectionUtil.isNonEmpty(ocspUris)) {
for (String uri : ocspUris) {
GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn));
}
}
DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0]));
return AuthorityInformationAccess.getInstance(seq);
}
use of com.github.zhenwei.core.asn1.x509.AccessDescription in project xipki by xipki.
the class IdentifiedX509Certprofile method createSubjectInfoAccess.
// method addRequestedExtKeyusage
private static ASN1Sequence createSubjectInfoAccess(Extensions requestedExtensions, Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException {
if (modes == null) {
return null;
}
ASN1Encodable extValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess);
if (extValue == null) {
return null;
}
ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue);
int size = reqSeq.size();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (int i = 0; i < size; i++) {
AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i));
ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
Set<GeneralNameMode> generalNameModes = modes.get(accessMethod);
if (generalNameModes == null) {
throw new BadCertTemplateException("subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed");
}
GeneralName accessLocation = X509CertprofileUtil.createGeneralName(ad.getAccessLocation(), generalNameModes);
vec.add(new AccessDescription(accessMethod, accessLocation));
}
return vec.size() > 0 ? new DERSequence(vec) : null;
}
Aggregations