Example 11 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project pdfbox by apache.
the class CRLVerifier method getCrlDistributionPoints.
/**
* Extracts all CRL distribution point URLs from the "CRL Distribution
* Point" extension in a X.509 certificate. If CRL distribution point
* extension is unavailable, returns an empty list.
* @param cert
* @return List of CRL distribution point URLs.
* @throws java.io.IOException
*/
public static List<String> getCrlDistributionPoints(X509Certificate cert) throws IOException {
byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
if (crldpExt == null) {
return new ArrayList<>();
}
ASN1Primitive derObjCrlDP;
try (ASN1InputStream oAsnInStream = new ASN1InputStream(crldpExt)) {
derObjCrlDP = oAsnInStream.readObject();
}
if (!(derObjCrlDP instanceof ASN1OctetString)) {
LOG.warn("CRL distribution points for certificate subject " + cert.getSubjectX500Principal().getName() + " should be an octet string, but is " + derObjCrlDP);
return new ArrayList<>();
}
ASN1OctetString dosCrlDP = (ASN1OctetString) derObjCrlDP;
byte[] crldpExtOctets = dosCrlDP.getOctets();
ASN1Primitive derObj2;
try (ASN1InputStream oAsnInStream2 = new ASN1InputStream(crldpExtOctets)) {
derObj2 = oAsnInStream2.readObject();
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
List<String> crlUrls = new ArrayList<>();
for (DistributionPoint dp : distPoint.getDistributionPoints()) {
DistributionPointName dpn = dp.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
// Look for an URI
for (GeneralName genName : GeneralNames.getInstance(dpn.getName()).getNames()) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = ASN1IA5String.getInstance(genName.getName()).getString();
crlUrls.add(url);
}
}
}
}
return crlUrls;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 12 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project keystore-explorer by kaikramer.
the class DDistributionPointsChooser method okPressed.
private void okPressed() {
DistributionPointName distributionPointName;
ReasonFlags reasonFlags = null;
int reasons = 0;
if (jcbKeyCompromise.isSelected()) {
reasons = reasons | ReasonFlags.keyCompromise;
}
if (jcbCACompromise.isSelected()) {
reasons = reasons | ReasonFlags.cACompromise;
}
if (jcbAffiliationChanged.isSelected()) {
reasons = reasons | ReasonFlags.affiliationChanged;
}
if (jcbSuperseded.isSelected()) {
reasons = reasons | ReasonFlags.superseded;
}
if (jcbCessationOfOperation.isSelected()) {
reasons = reasons | ReasonFlags.cessationOfOperation;
}
if (jcbCertificateHold.isSelected()) {
reasons = reasons | ReasonFlags.certificateHold;
}
if (jcbPrivilegeWithdrawn.isSelected()) {
reasons = reasons | ReasonFlags.privilegeWithdrawn;
}
if (jcbAACompromise.isSelected()) {
reasons = reasons | ReasonFlags.aACompromise;
}
if (reasons > 0) {
reasonFlags = new ReasonFlags(reasons);
}
if (jgnDistributionPointFullName.getGeneralNames().getNames().length == 0) {
JOptionPane.showMessageDialog(this, res.getString("DDistributionPointsChooser.DistributionPointFullNameNumberNonZero.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
} else {
distributionPointName = new DistributionPointName(jgnDistributionPointFullName.getGeneralNames());
}
GeneralNames cRLIssuer = null;
if (jgnDistributionPointCrlIssuer.getGeneralNames().getNames().length > 0) {
cRLIssuer = jgnDistributionPointCrlIssuer.getGeneralNames();
}
distributionPoint = new DistributionPoint(distributionPointName, reasonFlags, cRLIssuer);
closeDialog();
}
Also used :
JGeneralNames(org.kse.gui.crypto.generalname.JGeneralNames)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 13 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project zookeeper by apache.
the class QuorumSSLTest method buildEndEntityCert.
public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey, String hostname, String ipAddress, String crlPath, Integer ocspPort) throws Exception {
X509CertificateHolder holder = new JcaX509CertificateHolder(caCert);
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey);
List<GeneralName> generalNames = new ArrayList<>();
if (hostname != null) {
generalNames.add(new GeneralName(GeneralName.dNSName, hostname));
}
if (ipAddress != null) {
generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress));
}
SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic().getEncoded()));
X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils();
JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()), certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic());
X509v3CertificateBuilder certificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(holder)).addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(entityKeyInfo)).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
if (!generalNames.isEmpty()) {
certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {})));
}
if (crlPath != null) {
DistributionPointName distPointOne = new DistributionPointName(new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, "file://" + crlPath)));
certificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[] { new DistributionPoint(distPointOne, null, null) }));
}
if (ocspPort != null) {
certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort)));
}
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(signer));
}
Also used :
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Random(java.util.Random)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 14 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project jans by JanssenProject.
the class CRLCertificateVerifier method getCrlUri.
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
Also used :
DERIA5String(org.bouncycastle.asn1.DERIA5String)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
IOException(java.io.IOException)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 15 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project LinLong-Java by zhenwei1108.
the class X509RevocationChecker method getAdditionalStoresFromCRLDistributionPoint.
static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, Map<GeneralName, PKIXCRLStore> namedCRLStoreMap) throws AnnotatedException {
if (crldp == null) {
return Collections.emptyList();
}
DistributionPoint[] dps;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("could not read distribution points could not be read", e);
}
List<PKIXCRLStore> stores = new ArrayList<PKIXCRLStore>();
for (int i = 0; i < dps.length; i++) {
DistributionPointName dpn = dps[i].getDistributionPoint();
// look for URIs in fullName
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]);
if (store != null) {
stores.add(store);
}
}
}
}
return stores;
}
Also used :
ArrayList(java.util.ArrayList)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
KeyStoreException(java.security.KeyStoreException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore)
Aggregations
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)30
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)29
GeneralName (org.bouncycastle.asn1.x509.GeneralName)29
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)27
IOException (java.io.IOException)22
ArrayList (java.util.ArrayList)19
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)18
CertPathValidatorException (java.security.cert.CertPathValidatorException)16
GeneralSecurityException (java.security.GeneralSecurityException)13
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)11
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)11
DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)11
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11
DEROctetString (org.bouncycastle.asn1.DEROctetString)11
CertPathBuilderException (java.security.cert.CertPathBuilderException)10
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9
CertStoreException (java.security.cert.CertStoreException)8
