Example 46 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project jsignpdf by intoolswetrust.
the class CRLInfo method getCrlUrls.
/**
* Returns (initialized, but maybe empty) set of URLs of CRLs for given certificate.
*
* @param aCert X509 certificate.
* @return
*/
private Set<String> getCrlUrls(final X509Certificate aCert) {
final Set<String> tmpResult = new HashSet<String>();
LOGGER.info(RES.get("console.crlinfo.retrieveCrlUrl", aCert.getSubjectX500Principal().getName()));
final byte[] crlDPExtension = aCert.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
if (crlDPExtension != null) {
CRLDistPoint crlDistPoints = null;
try {
crlDistPoints = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(crlDPExtension));
} catch (IOException e) {
LOGGER.log(Level.WARNING, "", e);
}
if (crlDistPoints != null) {
final DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints();
distPoint: for (DistributionPoint dp : distPoints) {
final DistributionPointName dpName = dp.getDistributionPoint();
final GeneralNames generalNames = (GeneralNames) dpName.getName();
if (generalNames != null) {
final GeneralName[] generalNameArr = generalNames.getNames();
if (generalNameArr != null) {
for (final GeneralName generalName : generalNameArr) {
if (generalName.getTagNo() == GeneralName.uniformResourceIdentifier) {
final ASN1String derString = (ASN1String) generalName.getName();
final String uri = derString.getString();
if (uri != null && uri.startsWith("http")) {
// ||uri.startsWith("ftp")
LOGGER.info(RES.get("console.crlinfo.foundCrlUri", uri));
tmpResult.add(uri);
continue distPoint;
}
}
}
}
LOGGER.info(RES.get("console.crlinfo.noUrlInDistPoint"));
}
}
}
} else {
LOGGER.info(RES.get("console.crlinfo.distPointNotSupported"));
}
return tmpResult;
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ASN1String(org.bouncycastle.asn1.ASN1String)
IOException(java.io.IOException)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1String(org.bouncycastle.asn1.ASN1String)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
HashSet(java.util.HashSet)
Example 47 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project documentproduction by qld-gov-au.
the class CRLDistributionPointsExtractor method getCrlDistributionPoints.
/**
* Extracts all CRL distribution point URLs from the
* "CRL Distribution Point" extension in a X.509 certificate. If CRL
* distribution point extension is unavailable, returns an empty list.
*/
public static List<String> getCrlDistributionPoints(X509Certificate cert) {
ASN1InputStream oAsnInStream = null;
ASN1InputStream oAsnInStream2 = null;
try {
byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
if (crldpExt == null) {
List<String> emptyList = new ArrayList<String>();
return emptyList;
}
oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt));
ASN1Primitive derObjCrlDP = oAsnInStream.readObject();
DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP;
byte[] crldpExtOctets = dosCrlDP.getOctets();
oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets));
ASN1Primitive derObj2 = oAsnInStream2.readObject();
CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
List<String> crlUrls = new ArrayList<String>();
for (DistributionPoint dp : distPoint.getDistributionPoints()) {
DistributionPointName dpn = dp.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
// Look for an URI
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(genNames[j].getName()).getString();
crlUrls.add(url);
}
}
}
}
}
return crlUrls;
} catch (IOException ex) {
throw new RuntimeException(ex);
} finally {
IOUtils.closeQuietly(oAsnInStream);
IOUtils.closeQuietly(oAsnInStream2);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
IOException(java.io.IOException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 48 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project peppol-commons by phax.
the class CRLHelper method getAllDistributionPoints.
/**
* Extracts all CRL distribution point URLs from the "CRL Distribution Point"
* extension in a X.509 certificate. If CRL distribution point extension is
* unavailable, returns an empty list.
*
* @param aCert
* The certificate to extract the CRLs from
* @return Never <code>null</code> but maybe empty list of distribution
* points.
*/
@Nonnull
public static ICommonsList<String> getAllDistributionPoints(@Nonnull final X509Certificate aCert) {
ValueEnforcer.notNull(aCert, "Certificate");
final ICommonsList<String> ret = new CommonsArrayList<>();
// Gets the DER-encoded OCTET string for the extension value for
// CRLDistributionPoints
final byte[] aExtensionValue = aCert.getExtensionValue(Extension.cRLDistributionPoints.getId());
if (aExtensionValue != null) {
// crlDPExtensionValue is encoded in ASN.1 format.
try (final ASN1InputStream asn1In = new ASN1InputStream(aExtensionValue)) {
// DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules
// defined in ITU-T X.690, 2002, specification.
// ASN.1 encoding rules can be used to encode any data object into a
// binary file. Read the object in octets.
final CRLDistPoint aDistPoint;
try {
final DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject();
// Get Input stream in octets
try (final ASN1InputStream asn1InOctets = new ASN1InputStream(crlDEROctetString.getOctets())) {
final ASN1Primitive crlDERObject = asn1InOctets.readObject();
aDistPoint = CRLDistPoint.getInstance(crlDERObject);
}
} catch (final IOException e) {
throw new UncheckedIOException(e);
}
// Loop through ASN1Encodable DistributionPoints
for (final DistributionPoint dp : aDistPoint.getDistributionPoints()) {
// get ASN1Encodable DistributionPointName
final DistributionPointName dpn = dp.getDistributionPoint();
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
// Create ASN1Encodable General Names
final GeneralName[] aGenNames = GeneralNames.getInstance(dpn.getName()).getNames();
// Look for a URI
for (final GeneralName aGenName : aGenNames) {
if (aGenName.getTagNo() == GeneralName.uniformResourceIdentifier) {
// DERIA5String contains an ascii string.
// A IA5String is a restricted character string type in the
// ASN.1 notation
final String sURL = ASN1IA5String.getInstance(aGenName.getName()).getString().trim();
ret.add(sURL);
}
}
}
}
} catch (final IOException ex) {
throw new UncheckedIOException(ex);
}
}
return ret;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
UncheckedIOException(java.io.UncheckedIOException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CommonsArrayList(com.helger.commons.collection.impl.CommonsArrayList)
Nonnull(javax.annotation.Nonnull)
Aggregations
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)30
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)29
GeneralName (org.bouncycastle.asn1.x509.GeneralName)29
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)27
IOException (java.io.IOException)22
ArrayList (java.util.ArrayList)19
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)18
CertPathValidatorException (java.security.cert.CertPathValidatorException)16
GeneralSecurityException (java.security.GeneralSecurityException)13
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)11
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)11
DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)11
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11
DEROctetString (org.bouncycastle.asn1.DEROctetString)11
CertPathBuilderException (java.security.cert.CertPathBuilderException)10
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9
CertStoreException (java.security.cert.CertStoreException)8
