Search in sources :

Example 1 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project eblocker by eblocker.

the class OcspCache method getOcspResponderUrl.

private String getOcspResponderUrl(X509Certificate certificate) throws IOException {
    byte[] extensionValue = certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (extensionValue == null) {
        return null;
    }
    ASN1OctetString octetString = ASN1OctetString.getInstance(extensionValue);
    ASN1Primitive primitive = ASN1Primitive.fromByteArray(octetString.getOctets());
    AuthorityInformationAccess authorityInformationAccessExtension = AuthorityInformationAccess.getInstance(primitive);
    for (AccessDescription i : authorityInformationAccessExtension.getAccessDescriptions()) {
        if (i.getAccessMethod().equals(OCSPObjectIdentifiers.id_pkix_ocsp)) {
            return i.getAccessLocation().getName().toString();
        }
    }
    return null;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 2 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project supply-chain-tools by secure-device-onboard.

the class OnDieCertPath method getIssuingCertificate.

private String getIssuingCertificate(Certificate cert) throws IllegalArgumentException, CertificateEncodingException, IOException {
    X509CertificateHolder certholder = new X509CertificateHolder(cert.getEncoded());
    AuthorityInformationAccess aia = AuthorityInformationAccess.fromExtensions(certholder.getExtensions());
    if (aia == null) {
        throw new IllegalArgumentException("AuthorityInformationAccess Extension missing from device certificate.");
    }
    AccessDescription[] descs = aia.getAccessDescriptions();
    if (descs.length != 1) {
        throw new IllegalArgumentException("Too many descriptions in AIA certificate extension: " + descs.length);
    }
    return descs[0].getAccessLocation().getName().toString();
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)

Example 3 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project neo4j by neo4j.

the class CertificateChainFactory method generateCertificate.

private static X509Certificate generateCertificate(X509Certificate issuingCert, PrivateKey issuingPrivateKey, KeyPair certKeyPair, String certName, String ocspURL, Path certificatePath, Path keyPath, BouncyCastleProvider bouncyCastleProvider) throws Exception {
    X509v3CertificateBuilder builder;
    if (issuingCert == null) {
        builder = new JcaX509v3CertificateBuilder(// issuer authority
        new X500Name("CN=" + certName), // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        NOT_BEFORE, // end of certificate validity
        NOT_AFTER, // subject name of certificate
        new X500Name("CN=" + certName), // public key of certificate
        certKeyPair.getPublic());
    } else {
        builder = new JcaX509v3CertificateBuilder(// issuer authority
        issuingCert, // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        NOT_BEFORE, // end of certificate validity
        NOT_AFTER, // subject name of certificate
        new X500Name("CN=" + certName), // public key of certificate
        certKeyPair.getPublic());
    }
    // key usage restrictions
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature));
    builder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
    // embed ocsp URI
    builder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(GeneralName.uniformResourceIdentifier, ocspURL + "/" + certName))));
    X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(bouncyCastleProvider).build(// self sign if root cert
    issuingPrivateKey == null ? certKeyPair.getPrivate() : issuingPrivateKey)));
    writePem("CERTIFICATE", certificate.getEncoded(), certificatePath);
    writePem("PRIVATE KEY", certKeyPair.getPrivate().getEncoded(), keyPath);
    return certificate;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) Random(java.util.Random) SecureRandom(java.security.SecureRandom) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 4 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project oxAuth by GluuFederation.

the class OCSPCertificateVerifier method getOCSPUrl.

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
    } catch (IOException ex) {
        log.error("Failed to get OCSP URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
        if (!correctAccessMethod) {
            continue;
        }
        GeneralName name = accessDescription.getAccessLocation();
        if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
            continue;
        }
        DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
        return derStr.getString();
    }
    return null;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERIA5String(org.bouncycastle.asn1.DERIA5String) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) IOException(java.io.IOException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 5 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project nhin-d by DirectProject.

the class AuthorityInfoAccessOCSPLocExtentionField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    final DERObject exValue = getExtensionValue(value);
    if (exValue == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            final Collection<String> coll = Collections.emptyList();
            this.policyValue = PolicyValueFactory.getInstance(coll);
            return;
        }
    }
    final AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(exValue);
    final Collection<String> retVal = new ArrayList<String>();
    for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
        if (accessDescription.getAccessMethod().equals(AccessDescription.id_ad_ocsp))
            retVal.add(accessDescription.getAccessLocation().getName().toString());
    }
    if (retVal.isEmpty() && isRequired())
        throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
    this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERObject(org.bouncycastle.asn1.DERObject) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ArrayList(java.util.ArrayList)

Aggregations

AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)22 AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)19 GeneralName (org.bouncycastle.asn1.x509.GeneralName)14 DERIA5String (org.bouncycastle.asn1.DERIA5String)9 IOException (java.io.IOException)8 ArrayList (java.util.ArrayList)8 DEROctetString (org.bouncycastle.asn1.DEROctetString)7 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 BigInteger (java.math.BigInteger)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)4 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)3 ASN1String (org.bouncycastle.asn1.ASN1String)3 DERSequence (org.bouncycastle.asn1.DERSequence)3 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)3 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)3 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)3 AccessDescription (com.github.zhenwei.core.asn1.x509.AccessDescription)2 AuthorityInformationAccess (com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess)2