Search in sources :

Example 21 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project xipki by xipki.

the class BaseOcspStatusAction method extractOcspUrls.

public static List<String> extractOcspUrls(AuthorityInformationAccess aia) throws CertificateEncodingException {
    AccessDescription[] accessDescriptions = aia.getAccessDescriptions();
    List<AccessDescription> ocspAccessDescriptions = new LinkedList<>();
    for (AccessDescription accessDescription : accessDescriptions) {
        if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
            ocspAccessDescriptions.add(accessDescription);
        }
    }
    final int n = ocspAccessDescriptions.size();
    List<String> ocspUris = new ArrayList<>(n);
    for (int i = 0; i < n; i++) {
        GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation();
        if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) {
            String ocspUri = ((ASN1String) accessLocation.getName()).getString();
            ocspUris.add(ocspUri);
        }
    }
    return ocspUris;
}
Also used : AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ArrayList(java.util.ArrayList) ASN1String(org.bouncycastle.asn1.ASN1String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1String(org.bouncycastle.asn1.ASN1String) LinkedList(java.util.LinkedList)

Example 22 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project xipki by xipki.

the class ExtensionsChecker method checkAia.

private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia, ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) {
    String typeDesc;
    if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) {
        typeDesc = "OCSP";
    } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) {
        typeDesc = "caIssuer";
    } else {
        typeDesc = accessMethod.getId();
    }
    List<AccessDescription> isAccessDescriptions = new LinkedList<>();
    for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
        if (accessMethod.equals(accessDescription.getAccessMethod())) {
            isAccessDescriptions.add(accessDescription);
        }
    }
    int size = isAccessDescriptions.size();
    if (size != expectedUris.size()) {
        addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size());
        return;
    }
    Set<String> isUris = new HashSet<>();
    for (int i = 0; i < size; i++) {
        GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation();
        if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) {
            addViolation(failureMsg, "tag of accessLocation of AIA ", isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier);
        } else {
            String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString();
            isUris.add(isOcspUri);
        }
    }
    Set<String> diffs = strInBnotInA(expectedUris, isUris);
    if (CollectionUtil.isNonEmpty(diffs)) {
        failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString());
        failureMsg.append(" are present but not expected; ");
    }
    diffs = strInBnotInA(isUris, expectedUris);
    if (CollectionUtil.isNonEmpty(diffs)) {
        failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString());
        failureMsg.append(" are absent but are required; ");
    }
}
Also used : AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1String(org.bouncycastle.asn1.ASN1String) LinkedList(java.util.LinkedList) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 23 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project xipki by xipki.

the class IdentifiedCertprofile method getExtensions.

/**
 * Get the extensions.
 *
 * @param requestedSubject
 *          Subject requested subject. Must not be {@code null}.
 * @param grantedSubject
 *          Granted subject. Must not be {@code null}.
 * @param requestedExtensions
 *          Extensions requested by the requestor. Could be {@code null}.
 * @param publicKeyInfo
 *          Subject public key. Must not be {@code null}.
 * @param publicCaInfo
 *          CA information. Must not be {@code null}.
 * @param crlSignerCert
 *          CRL signer certificate. Could be {@code null}.
 * @param notBefore
 *          NotBefore. Must not be {@code null}.
 * @param notAfter
 *          NotAfter. Must not be {@code null}.
 * @return the extensions of the certificate to be issued.
 */
public ExtensionValues getExtensions(X500Name requestedSubject, X500Name grantedSubject, Extensions requestedExtensions, SubjectPublicKeyInfo publicKeyInfo, PublicCaInfo publicCaInfo, X509Cert crlSignerCert, Date notBefore, Date notAfter) throws CertprofileException, BadCertTemplateException {
    notNull(publicKeyInfo, "publicKeyInfo");
    ExtensionValues values = new ExtensionValues();
    Map<ASN1ObjectIdentifier, ExtensionControl> controls = new HashMap<>(certprofile.getExtensionControls());
    // CTLog extension will be processed by the CA
    controls.remove(Extn.id_SCTs);
    Map<ASN1ObjectIdentifier, Extension> requestedExtns = new HashMap<>();
    // remove the request extensions which are not permitted in the request
    if (requestedExtensions != null) {
        ASN1ObjectIdentifier[] oids = requestedExtensions.getExtensionOIDs();
        for (ASN1ObjectIdentifier m : oids) {
            ExtensionControl control = controls.get(m);
            if (control == null || control.isRequest()) {
                requestedExtns.put(m, requestedExtensions.getExtension(m));
            }
        }
    }
    // SubjectKeyIdentifier
    ASN1ObjectIdentifier extType = Extension.subjectKeyIdentifier;
    ExtensionControl extControl = controls.remove(extType);
    if (extControl != null) {
        SubjectKeyIdentifier value = certprofile.getSubjectKeyIdentifier(publicKeyInfo);
        addExtension(values, extType, value, extControl);
    }
    // Authority key identifier
    extType = Extension.authorityKeyIdentifier;
    extControl = controls.remove(extType);
    if (extControl != null) {
        AuthorityKeyIdentifier value = null;
        if (certprofile.useIssuerAndSerialInAki()) {
            GeneralNames x509CaIssuer = new GeneralNames(new GeneralName(publicCaInfo.getIssuer()));
            value = new AuthorityKeyIdentifier(x509CaIssuer, publicCaInfo.getSerialNumber());
        } else {
            byte[] ikiValue = publicCaInfo.getSubjectKeyIdentifer();
            if (ikiValue != null) {
                value = new AuthorityKeyIdentifier(ikiValue);
            }
        }
        addExtension(values, extType, value, extControl);
    }
    // IssuerAltName
    extType = Extension.issuerAlternativeName;
    extControl = controls.remove(extType);
    if (extControl != null) {
        GeneralNames value = publicCaInfo.getSubjectAltName();
        addExtension(values, extType, value, extControl);
    }
    // AuthorityInfoAccess
    extType = Extension.authorityInfoAccess;
    extControl = controls.remove(extType);
    CaUris caUris = publicCaInfo.getCaUris();
    if (extControl != null) {
        AuthorityInfoAccessControl aiaControl = certprofile.getAiaControl();
        List<String> caIssuers = null;
        if (aiaControl != null && aiaControl.isIncludesCaIssuers()) {
            caIssuers = caUris.getCacertUris();
            assertAllUrisHasProtocol(caIssuers, aiaControl.getCaIssuersProtocols());
        }
        List<String> ocspUris = null;
        if (aiaControl != null && aiaControl.isIncludesOcsp()) {
            ocspUris = caUris.getOcspUris();
            assertAllUrisHasProtocol(ocspUris, aiaControl.getOcspProtocols());
        }
        AuthorityInformationAccess value = null;
        if (CollectionUtil.isNotEmpty(caIssuers) || CollectionUtil.isNotEmpty(ocspUris)) {
            value = CaUtil.createAuthorityInformationAccess(caIssuers, ocspUris);
        }
        addExtension(values, extType, value, extControl);
    }
    if (controls.containsKey(Extension.cRLDistributionPoints) || controls.containsKey(Extension.freshestCRL)) {
        X500Name crlSignerSubject = (crlSignerCert == null) ? null : crlSignerCert.getSubject();
        X500Name x500CaPrincipal = publicCaInfo.getSubject();
        // CRLDistributionPoints
        extType = Extension.cRLDistributionPoints;
        extControl = controls.remove(extType);
        if (extControl != null) {
            CRLDistPoint value = null;
            List<String> uris = caUris.getCrlUris();
            if (CollectionUtil.isNotEmpty(uris)) {
                CrlDistributionPointsControl control = certprofile.getCrlDpControl();
                Set<String> protocols = control == null ? null : control.getProtocols();
                assertAllUrisHasProtocol(uris, protocols);
                value = CaUtil.createCrlDistributionPoints(uris, x500CaPrincipal, crlSignerSubject);
            }
            addExtension(values, extType, value, extControl);
        }
        // FreshestCRL
        extType = Extension.freshestCRL;
        extControl = controls.remove(extType);
        if (extControl != null) {
            CRLDistPoint value = null;
            List<String> uris = caUris.getDeltaCrlUris();
            if (CollectionUtil.isNotEmpty(uris)) {
                CrlDistributionPointsControl control = certprofile.getFreshestCrlControl();
                Set<String> protocols = control == null ? null : control.getProtocols();
                assertAllUrisHasProtocol(uris, protocols);
                value = CaUtil.createCrlDistributionPoints(caUris.getDeltaCrlUris(), x500CaPrincipal, crlSignerSubject);
            }
            addExtension(values, extType, value, extControl);
        }
    }
    // BasicConstraints
    extType = Extension.basicConstraints;
    extControl = controls.remove(extType);
    if (extControl != null) {
        BasicConstraints value = CaUtil.createBasicConstraints(certprofile.getCertLevel(), certprofile.getPathLenBasicConstraint());
        addExtension(values, extType, value, extControl);
    }
    // KeyUsage
    extType = Extension.keyUsage;
    extControl = controls.remove(extType);
    if (extControl != null) {
        Set<KeyUsage> usages = new HashSet<>();
        Set<KeyUsageControl> usageOccs = certprofile.getKeyUsage();
        for (KeyUsageControl k : usageOccs) {
            if (k.isRequired()) {
                usages.add(k.getKeyUsage());
            }
        }
        // the optional KeyUsage will only be set if requested explicitly
        addRequestedKeyusage(usages, requestedExtns, usageOccs);
        org.bouncycastle.asn1.x509.KeyUsage value = X509Util.createKeyUsage(usages);
        addExtension(values, extType, value, extControl);
    }
    // ExtendedKeyUsage
    extType = Extension.extendedKeyUsage;
    extControl = controls.remove(extType);
    if (extControl != null) {
        List<ASN1ObjectIdentifier> usages = new LinkedList<>();
        Set<ExtKeyUsageControl> usageOccs = certprofile.getExtendedKeyUsages();
        for (ExtKeyUsageControl k : usageOccs) {
            if (k.isRequired()) {
                usages.add(k.getExtKeyUsage());
            }
        }
        // the optional ExtKeyUsage will only be set if requested explicitly
        addRequestedExtKeyusage(usages, requestedExtns, usageOccs);
        if (extControl.isCritical() && usages.contains(ObjectIdentifiers.XKU.id_kp_anyExtendedKeyUsage)) {
            extControl = new ExtensionControl(false, extControl.isRequired(), extControl.isRequest());
        }
        if (!extControl.isCritical() && usages.contains(ObjectIdentifiers.XKU.id_kp_timeStamping)) {
            extControl = new ExtensionControl(true, extControl.isRequired(), extControl.isRequest());
        }
        ExtendedKeyUsage value = X509Util.createExtendedUsage(usages);
        addExtension(values, extType, value, extControl);
    }
    // ocsp-nocheck
    extType = ObjectIdentifiers.Extn.id_extension_pkix_ocsp_nocheck;
    extControl = controls.remove(extType);
    if (extControl != null) {
        // the extension ocsp-nocheck will only be set if requested explicitly
        addExtension(values, extType, DERNull.INSTANCE, extControl);
    }
    // SubjectInfoAccess
    extType = Extension.subjectInfoAccess;
    extControl = controls.remove(extType);
    if (extControl != null) {
        ASN1Sequence value = createSubjectInfoAccess(requestedExtns, certprofile.getSubjectInfoAccessModes());
        addExtension(values, extType, value, extControl);
    }
    // CertificatePolicies
    extType = Extension.certificatePolicies;
    extControl = controls.remove(extType);
    if (extControl != null) {
        ASN1Encodable value = certprofile.getCertificatePolicies();
        addExtension(values, extType, value, extControl);
    }
    ExtensionValues subvalues = certprofile.getExtensions(Collections.unmodifiableMap(controls), requestedSubject, grantedSubject, requestedExtns, notBefore, notAfter, publicCaInfo);
    Set<ASN1ObjectIdentifier> extTypes = new HashSet<>(controls.keySet());
    for (ASN1ObjectIdentifier type : extTypes) {
        extControl = controls.get(type);
        ExtensionValue value = subvalues.getExtensionValue(type);
        if (value == null && extControl.isRequest()) {
            Extension reqExt = requestedExtns.get(type);
            if (reqExt != null) {
                value = new ExtensionValue(extControl.isCritical(), reqExt.getParsedValue());
            }
        }
        if (value != null) {
            addExtension(values, type, value, extControl);
            controls.remove(type);
        }
    }
    Set<ASN1ObjectIdentifier> unprocessedExtTypes = new HashSet<>();
    for (Entry<ASN1ObjectIdentifier, ExtensionControl> entry : controls.entrySet()) {
        if (entry.getValue().isRequired()) {
            unprocessedExtTypes.add(entry.getKey());
        }
    }
    if (CollectionUtil.isNotEmpty(unprocessedExtTypes)) {
        throw new CertprofileException("could not add required extensions " + CertprofileUtil.toString(unprocessedExtTypes));
    }
    // Check the SubjectAltNames
    if (certprofile.getCertDomain() == CertDomain.CABForumBR && getCertLevel() == CertLevel.EndEntity) {
        // Make sure that the commonName included in SubjectAltName
        String commonName = X509Util.getCommonName(grantedSubject);
        boolean commonNameInSan = commonName == null;
        // No private IP address is permitted
        GeneralName[] genNames = GeneralNames.getInstance(values.getExtensionValue(Extension.subjectAlternativeName).getValue()).getNames();
        for (GeneralName m : genNames) {
            if (GeneralName.dNSName == m.getTagNo()) {
                String domain = DERIA5String.getInstance(m.getName()).getString();
                if (!commonNameInSan && domain.equals(commonName)) {
                    commonNameInSan = true;
                }
                if (domain.indexOf('_') != -1) {
                    throw new BadCertTemplateException("invalid DNSName " + domain);
                }
                if (!ExtensionSpec.isValidPublicDomain(domain)) {
                    throw new BadCertTemplateException("invalid DNSName " + domain);
                }
            } else if (GeneralName.iPAddress == m.getTagNo()) {
                byte[] octets = DEROctetString.getInstance(m.getName()).getOctets();
                if (octets.length == 4) {
                    // IPv4 address
                    if (!commonNameInSan) {
                        String ipAddressText = (0xFF & octets[0]) + "." + (0xFF & octets[1]) + "." + (0xFF & octets[2]) + "." + (0xFF & octets[3]);
                        if (ipAddressText.equals(commonName)) {
                            commonNameInSan = true;
                        }
                    }
                // if (!ExtensionSpec.isValidPublicIPv4Address(octets)) {
                // throw new BadCertTemplateException(
                // "invalid IPv4Address " + ipAddressText);
                // }
                } else if (octets.length == 8) {
                    // IPv6 address
                    if (!commonNameInSan) {
                        // get the number of ":"
                        List<Integer> positions = new ArrayList<>(7);
                        int n = commonName.length();
                        for (int i = 0; i < n; i++) {
                            if (commonName.charAt(i) == ':') {
                                positions.add(i);
                            }
                        }
                        if (positions.size() == 7) {
                            String[] blocks = new String[8];
                            blocks[0] = commonName.substring(0, positions.get(0));
                            for (int i = 0; i < 6; i++) {
                                blocks[i + 1] = commonName.substring(positions.get(i) + 1, positions.get(i + 1));
                            }
                            blocks[7] = commonName.substring(positions.get(6) + 1);
                            byte[] commonNameBytes = new byte[16];
                            for (int i = 0; i < 8; i++) {
                                String block = blocks[i];
                                int blen = block.length();
                                if (blen == 1 | blen == 2) {
                                    commonNameBytes[i * 2 + 1] = (byte) Integer.parseInt(block, 16);
                                } else if (blen == 3 | blen == 4) {
                                    commonNameBytes[i * 2] = (byte) Integer.parseInt(block.substring(0, blen - 2), 16);
                                    commonNameBytes[i * 2 + 1] = (byte) Integer.parseInt(block.substring(blen - 2), 16);
                                } else if (blen != 0) {
                                    throw new BadCertTemplateException("invalid IP address in commonName " + commonName);
                                }
                            }
                            if (Arrays.equals(commonNameBytes, octets)) {
                                commonNameInSan = true;
                            }
                        }
                    }
                } else {
                    throw new BadCertTemplateException("invalid IP address " + Hex.toHexString(octets));
                }
            }
        }
        if (!commonNameInSan) {
            throw new BadCertTemplateException("content of subject:commonName is not included in extension:SubjectAlternativeNames");
        }
    }
    return values;
}
Also used : KeyUsage(org.xipki.security.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) org.bouncycastle.asn1.x509(org.bouncycastle.asn1.x509) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) BigInteger(java.math.BigInteger) CaUris(org.xipki.ca.api.CaUris)

Example 24 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project keystore-explorer by kaikramer.

the class X509Ext method getAuthorityInformationAccessStringValue.

private static String getAuthorityInformationAccessStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * AuthorityInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF
		 * AccessDescription
		 *
		 * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER,
		 * accessLocation GeneralName }
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(value);
    int accessDesc = 0;
    for (AccessDescription accessDescription : authorityInfoAccess.getAccessDescriptions()) {
        accessDesc++;
        // Convert OID to access method
        ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();
        AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId());
        String accessMethodStr = null;
        if (accessMethodType != null) {
            accessMethodStr = accessMethodType.friendly();
        } else {
            // Unrecognised Access Method OID
            accessMethodStr = ObjectIdUtil.toString(accessMethod);
        }
        GeneralName accessLocation = accessDescription.getAccessLocation();
        String accessLocationStr = GeneralNameUtil.toString(accessLocation);
        sb.append(MessageFormat.format(res.getString("AuthorityInformationAccess"), accessDesc));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr));
        sb.append(NEWLINE);
        sb.append(INDENT);
        sb.append(res.getString("AccessLocation"));
        sb.append(NEWLINE);
        sb.append(INDENT.toString(2));
        sb.append(accessLocationStr);
        sb.append(NEWLINE);
    }
    return sb.toString();
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1BMPString(org.bouncycastle.asn1.ASN1BMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1PrintableString(org.bouncycastle.asn1.ASN1PrintableString) GeneralName(org.bouncycastle.asn1.x509.GeneralName) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 25 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project keystore-explorer by kaikramer.

the class DAuthorityInformationAccess method okPressed.

private void okPressed() {
    List<AccessDescription> accessDescriptions = jadAccessDescriptions.getAccessDescriptions();
    if (accessDescriptions.isEmpty()) {
        JOptionPane.showMessageDialog(this, res.getString("DAuthorityInformationAccess.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return;
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (AccessDescription accessDescription : accessDescriptions) {
        vec.add(accessDescription);
    }
    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(new DERSequence(vec));
    try {
        value = authorityInformationAccess.getEncoded(ASN1Encoding.DER);
    } catch (IOException e) {
        DError.displayError(this, e);
        return;
    }
    closeDialog();
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERSequence(org.bouncycastle.asn1.DERSequence) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IOException(java.io.IOException)

Aggregations

AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)22 AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)19 GeneralName (org.bouncycastle.asn1.x509.GeneralName)14 DERIA5String (org.bouncycastle.asn1.DERIA5String)9 IOException (java.io.IOException)8 ArrayList (java.util.ArrayList)8 DEROctetString (org.bouncycastle.asn1.DEROctetString)7 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 BigInteger (java.math.BigInteger)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)4 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)3 ASN1String (org.bouncycastle.asn1.ASN1String)3 DERSequence (org.bouncycastle.asn1.DERSequence)3 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)3 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)3 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)3 AccessDescription (com.github.zhenwei.core.asn1.x509.AccessDescription)2 AuthorityInformationAccess (com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess)2