Example 1 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project supply-chain-tools by secure-device-onboard.
the class OnDieSignatureValidator method checkRevocations.
private boolean checkRevocations(List<Certificate> certificateList) {
// Check revocations first.
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
for (Certificate cert : certificateList) {
X509Certificate x509cert = (X509Certificate) cert;
X509CertificateHolder certHolder = new X509CertificateHolder(x509cert.getEncoded());
CRLDistPoint cdp = CRLDistPoint.fromExtensions(certHolder.getExtensions());
if (cdp != null) {
DistributionPoint[] distPoints = cdp.getDistributionPoints();
for (DistributionPoint dp : distPoints) {
GeneralName[] generalNames = GeneralNames.getInstance(dp.getDistributionPoint().getName()).getNames();
for (GeneralName generalName : generalNames) {
byte[] crlBytes = onDieCache.getCertOrCrl(generalName.toString());
if (crlBytes == null) {
LoggerFactory.getLogger(getClass()).error("CRL ({}) not found in cache for cert: {}", generalName.getName().toString(), x509cert.getIssuerX500Principal().getName());
return false;
} else {
CRL crl = certificateFactory.generateCRL(new ByteArrayInputStream(crlBytes));
if (crl.isRevoked(cert)) {
return false;
}
}
}
}
}
}
} catch (IOException | CertificateException | CRLException ex) {
return false;
}
return true;
}
Also used :
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRL(java.security.cert.CRL)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
CRLException(java.security.cert.CRLException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 2 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project documentproduction by qld-gov-au.
the class CRLVerifier method getCrlDistributionPoints.
/**
* Extracts all CRL distribution point URLs from the "CRL Distribution
* Point" extension in a X.509 certificate. If CRL distribution point
* extension is unavailable, returns an empty list.
* @param cert
* @return List of CRL distribution point URLs.
* @throws java.io.IOException
*/
public static List<String> getCrlDistributionPoints(X509Certificate cert) throws IOException {
byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
if (crldpExt == null) {
return new ArrayList<String>();
}
ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt));
ASN1Primitive derObjCrlDP = oAsnInStream.readObject();
ASN1OctetString dosCrlDP = (ASN1OctetString) derObjCrlDP;
byte[] crldpExtOctets = dosCrlDP.getOctets();
ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets));
ASN1Primitive derObj2 = oAsnInStream2.readObject();
CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
List<String> crlUrls = new ArrayList<String>();
for (DistributionPoint dp : distPoint.getDistributionPoints()) {
DistributionPointName dpn = dp.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
// Look for an URI
for (GeneralName genName : GeneralNames.getInstance(dpn.getName()).getNames()) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(genName.getName()).getString();
crlUrls.add(url);
}
}
}
}
return crlUrls;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 3 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project pdf-sign-check by spapas.
the class CRLVerifier method getCrlDistributionPoints.
/**
* Extracts all CRL distribution point URLs from the "CRL Distribution
* Point" extension in a X.509 certificate. If CRL distribution point
* extension is unavailable, returns an empty list.
* @param cert
* @return List of CRL distribution point URLs.
* @throws java.io.IOException
*/
public static List<String> getCrlDistributionPoints(X509Certificate cert) throws IOException {
byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
if (crldpExt == null) {
return new ArrayList<>();
}
ASN1Primitive derObjCrlDP;
try (ASN1InputStream oAsnInStream = new ASN1InputStream(crldpExt)) {
derObjCrlDP = oAsnInStream.readObject();
}
if (!(derObjCrlDP instanceof ASN1OctetString)) {
LOG.warn("CRL distribution points for certificate subject " + cert.getSubjectX500Principal().getName() + " should be an octet string, but is " + derObjCrlDP);
return new ArrayList<>();
}
ASN1OctetString dosCrlDP = (ASN1OctetString) derObjCrlDP;
byte[] crldpExtOctets = dosCrlDP.getOctets();
ASN1Primitive derObj2;
try (ASN1InputStream oAsnInStream2 = new ASN1InputStream(crldpExtOctets)) {
derObj2 = oAsnInStream2.readObject();
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
List<String> crlUrls = new ArrayList<>();
for (DistributionPoint dp : distPoint.getDistributionPoints()) {
DistributionPointName dpn = dp.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
// Look for an URI
for (GeneralName genName : GeneralNames.getInstance(dpn.getName()).getNames()) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = ASN1IA5String.getInstance(genName.getName()).getString();
crlUrls.add(url);
}
}
}
}
return crlUrls;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 4 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project oxAuth by GluuFederation.
the class CRLCertificateVerifier method getCrlUri.
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
Also used :
DERIA5String(org.bouncycastle.asn1.DERIA5String)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
IOException(java.io.IOException)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 5 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project nhin-d by DirectProject.
the class CRLDistributionPointNameExtentionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
final Collection<String> coll = Collections.emptyList();
this.policyValue = PolicyValueFactory.getInstance(coll);
return;
}
}
final CRLDistPoint distPoints = CRLDistPoint.getInstance(exValue);
final Collection<String> retVal = new ArrayList<String>();
for (DistributionPoint distPoint : distPoints.getDistributionPoints()) {
if (distPoint.getDistributionPoint() != null && distPoint.getDistributionPoint().getType() == DistributionPointName.FULL_NAME) {
final GeneralNames names = GeneralNames.getInstance(distPoint.getDistributionPoint().getName());
for (GeneralName name : names.getNames()) {
retVal.add(name.getName().toString());
}
}
}
if (retVal.isEmpty() && isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
DERObject(org.bouncycastle.asn1.DERObject)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ArrayList(java.util.ArrayList)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Aggregations
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)34
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)30
GeneralName (org.bouncycastle.asn1.x509.GeneralName)29
IOException (java.io.IOException)24
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)22
ArrayList (java.util.ArrayList)17
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15
DERIA5String (org.bouncycastle.asn1.DERIA5String)14
CertPathValidatorException (java.security.cert.CertPathValidatorException)13
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)11
GeneralSecurityException (java.security.GeneralSecurityException)11
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)10
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)10
CRLException (java.security.cert.CRLException)10
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)10
DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)9
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)9
CertStoreException (java.security.cert.CertStoreException)8
HashSet (java.util.HashSet)7
