Search in sources :

Example 26 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project keycloak by keycloak.

the class OCSPUtils method getResponderURIs.

/**
 * Extracts OCSP responder URI from X509 AIA v3 extension, if available. There can be
 * multiple responder URIs encoded in the certificate.
 * @param cert
 * @return a list of available responder URIs.
 * @throws CertificateEncodingException
 */
private static List<String> getResponderURIs(X509Certificate cert) throws CertificateEncodingException {
    LinkedList<String> responderURIs = new LinkedList<>();
    JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert);
    Extension aia = holder.getExtension(Extension.authorityInfoAccess);
    if (aia != null) {
        try {
            ASN1InputStream in = new ASN1InputStream(aia.getExtnValue().getOctetStream());
            ASN1Sequence seq = (ASN1Sequence) in.readObject();
            AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(seq);
            for (AccessDescription ad : authorityInfoAccess.getAccessDescriptions()) {
                if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    // See https://www.ietf.org/rfc/rfc2560.txt, 3.1 Certificate Content
                    if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
                        DERIA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
                        responderURIs.add(value.getString());
                    }
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    return responderURIs;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERIA5String(org.bouncycastle.asn1.DERIA5String) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) IOException(java.io.IOException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)

Example 27 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project jans by JanssenProject.

the class OCSPCertificateVerifier method getOCSPUrl.

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
    } catch (IOException ex) {
        log.error("Failed to get OCSP URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
        if (!correctAccessMethod) {
            continue;
        }
        GeneralName name = accessDescription.getAccessLocation();
        if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
            continue;
        }
        DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
        return derStr.getString();
    }
    return null;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERIA5String(org.bouncycastle.asn1.DERIA5String) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) IOException(java.io.IOException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 28 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project LinLong-Java by zhenwei1108.

the class ProvOcspRevocationChecker method getOcspResponderURI.

static URI getOcspResponderURI(X509Certificate cert) {
    byte[] extValue = cert.getExtensionValue(com.github.zhenwei.core.asn1.x509.Extension.authorityInfoAccess.getId());
    if (extValue == null) {
        return null;
    } else {
        AuthorityInformationAccess aiAccess = AuthorityInformationAccess.getInstance(ASN1OctetString.getInstance(extValue).getOctets());
        AccessDescription[] descriptions = aiAccess.getAccessDescriptions();
        for (int i = 0; i != descriptions.length; i++) {
            AccessDescription aDesc = descriptions[i];
            if (AccessDescription.id_ad_ocsp.equals(aDesc.getAccessMethod())) {
                GeneralName name = aDesc.getAccessLocation();
                if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    try {
                        return new URI(((ASN1String) name.getName()).getString());
                    } catch (URISyntaxException e) {
                    // ignore...
                    }
                }
            }
        }
        return null;
    }
}
Also used : AuthorityInformationAccess(com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess) AccessDescription(com.github.zhenwei.core.asn1.x509.AccessDescription) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI)

Example 29 with AuthorityInformationAccess

use of com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess in project X-Road by nordic-institute.

the class CertUtils method getOcspResponderUriFromCert.

/**
 * @param subject certificate from which to get the OCSP responder URI
 * @return OCSP responder URI from given certificate.
 * @throws IOException if an I/O error occurred
 */
public static String getOcspResponderUriFromCert(X509Certificate subject) throws IOException {
    final byte[] extensionValue = subject.getExtensionValue(Extension.authorityInfoAccess.toString());
    if (extensionValue != null) {
        ASN1Primitive derObject = toDERObject(extensionValue);
        if (derObject instanceof DEROctetString) {
            DEROctetString derOctetString = (DEROctetString) derObject;
            derObject = toDERObject(derOctetString.getOctets());
            AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(derObject);
            AccessDescription[] descriptions = authorityInformationAccess.getAccessDescriptions();
            for (AccessDescription desc : descriptions) {
                if (desc.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    GeneralName generalName = desc.getAccessLocation();
                    return generalName.getName().toString();
                }
            }
        }
    }
    return null;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Aggregations

AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)22 AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)19 GeneralName (org.bouncycastle.asn1.x509.GeneralName)14 DERIA5String (org.bouncycastle.asn1.DERIA5String)9 IOException (java.io.IOException)8 ArrayList (java.util.ArrayList)8 DEROctetString (org.bouncycastle.asn1.DEROctetString)7 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 BigInteger (java.math.BigInteger)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)4 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)3 ASN1String (org.bouncycastle.asn1.ASN1String)3 DERSequence (org.bouncycastle.asn1.DERSequence)3 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)3 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)3 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)3 AccessDescription (com.github.zhenwei.core.asn1.x509.AccessDescription)2 AuthorityInformationAccess (com.github.zhenwei.core.asn1.x509.AuthorityInformationAccess)2