use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project keycloak by keycloak.
the class OCSPUtils method getResponderURIs.
/**
* Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be
* multiple responder URIs encoded in the certificate.
* @param cert
* @return a list of available responder URIs.
* @throws CertificateEncodingException
*/
private static List<String> getResponderURIs(X509Certificate cert) throws CertificateEncodingException {
LinkedList<String> responderURIs = new LinkedList<>();
JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert);
Extension aia = holder.getExtension(Extension.authorityInfoAccess);
if (aia != null) {
try {
ASN1InputStream in = new ASN1InputStream(aia.getExtnValue().getOctetStream());
ASN1Sequence seq = (ASN1Sequence) in.readObject();
AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(seq);
for (AccessDescription ad : authorityInfoAccess.getAccessDescriptions()) {
if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
// See https://www.ietf.org/rfc/rfc2560.txt, 3.1 Certificate Content
if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
DERIA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
responderURIs.add(value.getString());
}
}
}
} catch (IOException e) {
e.printStackTrace();
}
}
return responderURIs;
}
use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project jans by JanssenProject.
the class OCSPCertificateVerifier method getOCSPUrl.
@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
} catch (IOException ex) {
log.error("Failed to get OCSP URL", ex);
return null;
}
if (obj == null) {
return null;
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
for (AccessDescription accessDescription : accessDescriptions) {
boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
if (!correctAccessMethod) {
continue;
}
GeneralName name = accessDescription.getAccessLocation();
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
return null;
}
use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project LinLong-Java by zhenwei1108.
the class ProvOcspRevocationChecker method getOcspResponderURI.
static URI getOcspResponderURI(X509Certificate cert) {
byte[] extValue = cert.getExtensionValue(com.github.zhenwei.core.asn1.x509.Extension.authorityInfoAccess.getId());
if (extValue == null) {
return null;
} else {
AuthorityInformationAccess aiAccess = AuthorityInformationAccess.getInstance(ASN1OctetString.getInstance(extValue).getOctets());
AccessDescription[] descriptions = aiAccess.getAccessDescriptions();
for (int i = 0; i != descriptions.length; i++) {
AccessDescription aDesc = descriptions[i];
if (AccessDescription.id_ad_ocsp.equals(aDesc.getAccessMethod())) {
GeneralName name = aDesc.getAccessLocation();
if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
try {
return new URI(((ASN1String) name.getName()).getString());
} catch (URISyntaxException e) {
// ignore...
}
}
}
}
return null;
}
}
use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project X-Road by nordic-institute.
the class CertUtils method getOcspResponderUriFromCert.
/**
* @param subject certificate from which to get the OCSP responder URI
* @return OCSP responder URI from given certificate.
* @throws IOException if an I/O error occurred
*/
public static String getOcspResponderUriFromCert(X509Certificate subject) throws IOException {
final byte[] extensionValue = subject.getExtensionValue(Extension.authorityInfoAccess.toString());
if (extensionValue != null) {
ASN1Primitive derObject = toDERObject(extensionValue);
if (derObject instanceof DEROctetString) {
DEROctetString derOctetString = (DEROctetString) derObject;
derObject = toDERObject(derOctetString.getOctets());
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(derObject);
AccessDescription[] descriptions = authorityInformationAccess.getAccessDescriptions();
for (AccessDescription desc : descriptions) {
if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
GeneralName generalName = desc.getAccessLocation();
return generalName.getName().toString();
}
}
}
}
return null;
}
Aggregations