use of com.github.zhenwei.core.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509CertificateObject method getNonCriticalExtensionOIDs.
@Override
public Set getNonCriticalExtensionOIDs() {
if (this.getVersion() == 3) {
HashSet set = new HashSet();
X509Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (!ext.isCritical()) {
set.add(oid.getId());
}
}
return set;
}
}
return null;
}
use of com.github.zhenwei.core.asn1.x509.Extensions in project BiglyBT by BiglySoftware.
the class X509V2AttributeCertificate method getExtensionValue.
@Override
public byte[] getExtensionValue(String oid) {
X509Extensions extensions = cert.getAcinfo().getExtensions();
if (extensions != null) {
X509Extension ext = extensions.getExtension(new DERObjectIdentifier(oid));
if (ext != null) {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
try {
dOut.writeObject(ext.getValue());
return bOut.toByteArray();
} catch (Exception e) {
throw new RuntimeException("error encoding " + e.toString());
}
}
}
return null;
}
use of com.github.zhenwei.core.asn1.x509.Extensions in project jmulticard by ctt-gob-es.
the class X509CRLHolder method init.
private void init(CertificateList x509CRL) {
this.x509CRL = x509CRL;
this.extensions = x509CRL.getTBSCertList().getExtensions();
this.isIndirect = isIndirectCRL(extensions);
this.issuerName = new GeneralNames(new GeneralName(x509CRL.getIssuer()));
}
use of com.github.zhenwei.core.asn1.x509.Extensions in project jmulticard by ctt-gob-es.
the class CertUtils method doReplaceExtension.
static ExtensionsGenerator doReplaceExtension(ExtensionsGenerator extGenerator, Extension ext) {
boolean isReplaced = false;
Extensions exts = extGenerator.generate();
extGenerator = new ExtensionsGenerator();
for (Enumeration en = exts.oids(); en.hasMoreElements(); ) {
ASN1ObjectIdentifier extOid = (ASN1ObjectIdentifier) en.nextElement();
if (extOid.equals(ext.getExtnId())) {
isReplaced = true;
extGenerator.addExtension(ext);
} else {
extGenerator.addExtension(exts.getExtension(extOid));
}
}
if (!isReplaced) {
throw new IllegalArgumentException("replace - original extension (OID = " + ext.getExtnId() + ") not found");
}
return extGenerator;
}
use of com.github.zhenwei.core.asn1.x509.Extensions in project keycloak by keycloak.
the class CertificateValidator method validatePolicy.
private static void validatePolicy(X509Certificate[] certs, List<String> expectedPolicies, String policyCheckMode) throws GeneralSecurityException {
if (expectedPolicies == null || expectedPolicies.size() == 0) {
logger.debug("Certificate Policy validation is not enabled.");
return;
}
Extensions certExtensions = new JcaX509CertificateHolder(certs[0]).getExtensions();
if (certExtensions == null)
throw new GeneralSecurityException("Certificate Policy validation was expected, but no certificate extensions were found");
CertificatePolicies policies = CertificatePolicies.fromExtensions(certExtensions);
if (policies == null)
throw new GeneralSecurityException("Certificate Policy validation was expected, but no certificate policy extensions were found");
List<String> policyList = new LinkedList<>();
Arrays.stream(policies.getPolicyInformation()).forEach(p -> policyList.add(p.getPolicyIdentifier().toString().toLowerCase()));
logger.debugf("Certificate policies found: %s", String.join(",", policyList));
if (policyCheckMode == CERTIFICATE_POLICY_MODE_ANY) {
boolean hasMatch = expectedPolicies.stream().anyMatch(p -> policyList.contains(p.toLowerCase()));
if (!hasMatch) {
String message = String.format("Certificate Policy check failed: mode = ANY, found = \'%s\', expected = \'%s\'.", String.join(",", policyList), String.join(",", expectedPolicies));
throw new GeneralSecurityException(message);
}
} else {
for (String policy : expectedPolicies) {
if (!policyList.contains(policy.toLowerCase())) {
String message = String.format("Certificate Policy check failed: mode = ALL, certificate policy \'%s\' is missing.", policy);
throw new GeneralSecurityException(message);
}
}
}
}
Aggregations