Example 41 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method getAdditionalStoresFromCRLDistributionPoint.
static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, Map<GeneralName, PKIXCRLStore> namedCRLStoreMap, Date validDate, JcaJceHelper helper) throws AnnotatedException {
if (null == crldp) {
return Collections.EMPTY_LIST;
}
DistributionPoint[] dps;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("Distribution points could not be read.", e);
}
List<PKIXCRLStore> stores = new ArrayList<PKIXCRLStore>();
for (int i = 0; i < dps.length; i++) {
DistributionPointName dpn = dps[i].getDistributionPoint();
// look for URIs in fullName
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]);
if (store != null) {
stores.add(store);
}
}
}
}
// if the named CRL store is empty, and we're told to check with CRLDP
if (stores.isEmpty() && Properties.isOverrideSet("com.github.zhenwei.provider.x509.enableCRLDP")) {
CertificateFactory certFact;
try {
certFact = helper.createCertificateFactory("X.509");
} catch (Exception e) {
throw new AnnotatedException("cannot create certificate factory: " + e.getMessage(), e);
}
for (int i = 0; i < dps.length; i++) {
DistributionPointName dpn = dps[i].getDistributionPoint();
// look for URIs in fullName
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
GeneralName name = genNames[i];
if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
try {
URI distributionPoint = new URI(((ASN1String) name.getName()).getString());
PKIXCRLStore store = CrlCache.getCrl(certFact, validDate, distributionPoint);
if (store != null) {
stores.add(store);
}
break;
} catch (Exception e) {
// ignore... TODO: maybe log
}
}
}
}
}
}
return stores;
}
Also used :
ArrayList(java.util.ArrayList)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
CertificateFactory(java.security.cert.CertificateFactory)
URI(java.net.URI)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
CertStoreException(java.security.cert.CertStoreException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CRLException(java.security.cert.CRLException)
StoreException(com.github.zhenwei.core.util.StoreException)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
ExtCertPathBuilderException(com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
Example 42 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project eblocker by eblocker.
the class CrlCacheCertStore method extractCrls.
private List<String> extractCrls(X509Certificate certificate) throws IOException {
CRLDistPoint crlDistPoint = getCrlExtensions(certificate);
if (crlDistPoint == null) {
return Collections.emptyList();
}
List<String> urls = new ArrayList<>();
for (DistributionPoint point : crlDistPoint.getDistributionPoints()) {
DistributionPointName pointName = point.getDistributionPoint();
if (pointName.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] names = ((GeneralNames) pointName.getName()).getNames();
for (GeneralName name : names) {
urls.add(DERIA5String.getInstance(name.getName()).getString());
}
}
}
return urls;
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 43 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project jsignpdf by intoolswetrust.
the class CRLInfo method getCrlUrls.
/**
* Returns (initialized, but maybe empty) set of URLs of CRLs for given certificate.
*
* @param aCert X509 certificate.
* @return
*/
private Set<String> getCrlUrls(final X509Certificate aCert) {
final Set<String> tmpResult = new HashSet<String>();
LOGGER.info(RES.get("console.crlinfo.retrieveCrlUrl", aCert.getSubjectX500Principal().getName()));
final byte[] crlDPExtension = aCert.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
if (crlDPExtension != null) {
CRLDistPoint crlDistPoints = null;
try {
crlDistPoints = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(crlDPExtension));
} catch (IOException e) {
LOGGER.log(Level.WARNING, "", e);
}
if (crlDistPoints != null) {
final DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints();
distPoint: for (DistributionPoint dp : distPoints) {
final DistributionPointName dpName = dp.getDistributionPoint();
final GeneralNames generalNames = (GeneralNames) dpName.getName();
if (generalNames != null) {
final GeneralName[] generalNameArr = generalNames.getNames();
if (generalNameArr != null) {
for (final GeneralName generalName : generalNameArr) {
if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) {
final ASN1String derString = (ASN1String) generalName.getName();
final String uri = derString.getString();
if (uri != null && uri.startsWith("http")) {
// ||uri.startsWith("ftp")
LOGGER.info(RES.get("console.crlinfo.foundCrlUri", uri));
tmpResult.add(uri);
continue distPoint;
}
}
}
}
LOGGER.info(RES.get("console.crlinfo.noUrlInDistPoint"));
}
}
}
} else {
LOGGER.info(RES.get("console.crlinfo.distPointNotSupported"));
}
return tmpResult;
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ASN1String(org.bouncycastle.asn1.ASN1String)
IOException(java.io.IOException)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1String(org.bouncycastle.asn1.ASN1String)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
HashSet(java.util.HashSet)
Example 44 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project documentproduction by qld-gov-au.
the class CRLDistributionPointsExtractor method getCrlDistributionPoints.
/**
* Extracts all CRL distribution point URLs from the
* "CRL Distribution Point" extension in a X.509 certificate. If CRL
* distribution point extension is unavailable, returns an empty list.
*/
public static List<String> getCrlDistributionPoints(X509Certificate cert) {
ASN1InputStream oAsnInStream = null;
ASN1InputStream oAsnInStream2 = null;
try {
byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
if (crldpExt == null) {
List<String> emptyList = new ArrayList<String>();
return emptyList;
}
oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt));
ASN1Primitive derObjCrlDP = oAsnInStream.readObject();
DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP;
byte[] crldpExtOctets = dosCrlDP.getOctets();
oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets));
ASN1Primitive derObj2 = oAsnInStream2.readObject();
CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
List<String> crlUrls = new ArrayList<String>();
for (DistributionPoint dp : distPoint.getDistributionPoints()) {
DistributionPointName dpn = dp.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
// Look for an URI
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(genNames[j].getName()).getString();
crlUrls.add(url);
}
}
}
}
}
return crlUrls;
} catch (IOException ex) {
throw new RuntimeException(ex);
} finally {
IOUtils.closeQuietly(oAsnInStream);
IOUtils.closeQuietly(oAsnInStream2);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
IOException(java.io.IOException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 45 with CRLDistPoint
use of com.github.zhenwei.core.asn1.x509.CRLDistPoint in project pri by secure-device-onboard.
the class OnDieSignatureValidator method checkRevocations.
private static boolean checkRevocations(List<Certificate> certificateList, OnDieCache onDieCache) {
// Check revocations first.
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
for (Certificate cert : certificateList) {
X509Certificate x509cert = (X509Certificate) cert;
X509CertificateHolder certHolder = new X509CertificateHolder(x509cert.getEncoded());
CRLDistPoint cdp = CRLDistPoint.fromExtensions(certHolder.getExtensions());
if (cdp != null) {
DistributionPoint[] distPoints = cdp.getDistributionPoints();
for (DistributionPoint dp : distPoints) {
GeneralName[] generalNames = GeneralNames.getInstance(dp.getDistributionPoint().getName()).getNames();
for (GeneralName generalName : generalNames) {
byte[] crlBytes = onDieCache.getCrl(generalName.getName().toString());
if (crlBytes == null) {
LoggerFactory.getLogger(OnDieSignatureValidator.class).warn("CRL not found in cache for: " + generalName.getName().toString());
return false;
} else {
CRL crl = certificateFactory.generateCRL(new ByteArrayInputStream(crlBytes));
if (crl.isRevoked(cert)) {
return false;
}
}
}
}
}
}
} catch (IOException | CertificateException | CRLException ex) {
return false;
}
return true;
}
Also used :
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRL(java.security.cert.CRL)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
CRLException(java.security.cert.CRLException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)34
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)30
GeneralName (org.bouncycastle.asn1.x509.GeneralName)29
IOException (java.io.IOException)24
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)22
ArrayList (java.util.ArrayList)17
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15
DERIA5String (org.bouncycastle.asn1.DERIA5String)14
CertPathValidatorException (java.security.cert.CertPathValidatorException)13
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)11
GeneralSecurityException (java.security.GeneralSecurityException)11
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)10
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)10
CRLException (java.security.cert.CRLException)10
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)10
DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)9
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)9
CertStoreException (java.security.cert.CertStoreException)8
HashSet (java.util.HashSet)7
