Example 6 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project cas by apereo.
the class CRLDistributionPointRevocationChecker method getDistributionPoints.
/**
* Gets the distribution points.
*
* @param cert the cert
* @return the url distribution points
*/
private static URI[] getDistributionPoints(final X509Certificate cert) {
final List<DistributionPoint> points;
try {
points = new ExtensionReader(cert).readCRLDistributionPoints();
} catch (final Exception e) {
LOGGER.error("Error reading CRLDistributionPoints extension field on [{}]", CertUtils.toString(cert), e);
return new URI[0];
}
final List<URI> urls = new ArrayList<>();
if (points != null) {
points.stream().map(DistributionPoint::getDistributionPoint).filter(Objects::nonNull).forEach(pointName -> {
final ASN1Sequence nameSequence = ASN1Sequence.getInstance(pointName.getName());
IntStream.range(0, nameSequence.size()).mapToObj(i -> GeneralName.getInstance(nameSequence.getObjectAt(i))).forEach(name -> {
LOGGER.debug("Found CRL distribution point [{}].", name);
try {
addURL(urls, DERIA5String.getInstance(name.getName()).getString());
} catch (final Exception e) {
LOGGER.warn("[{}] not supported. String or GeneralNameList expected.", pointName);
}
});
});
}
return urls.toArray(new URI[urls.size()]);
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
IntStream(java.util.stream.IntStream)
RevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
URLDecoder(java.net.URLDecoder)
SneakyThrows(lombok.SneakyThrows)
URL(java.net.URL)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
X509CRL(java.security.cert.X509CRL)
ByteArrayResource(org.springframework.core.io.ByteArrayResource)
ArrayList(java.util.ArrayList)
CollectionUtils(org.apereo.cas.util.CollectionUtils)
URI(java.net.URI)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
CRLFetcher(org.apereo.cas.adaptors.x509.authentication.CRLFetcher)
MalformedURLException(java.net.MalformedURLException)
Element(net.sf.ehcache.Element)
StandardCharsets(java.nio.charset.StandardCharsets)
CertUtils(org.apereo.cas.util.crypto.CertUtils)
ExtensionReader(org.cryptacular.x509.ExtensionReader)
Objects(java.util.Objects)
Slf4j(lombok.extern.slf4j.Slf4j)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
List(java.util.List)
ResourceCRLFetcher(org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher)
Cache(net.sf.ehcache.Cache)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ArrayList(java.util.ArrayList)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
URI(java.net.URI)
MalformedURLException(java.net.MalformedURLException)
ExtensionReader(org.cryptacular.x509.ExtensionReader)
Example 7 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project keystore-explorer by kaikramer.
the class X509Ext method getFreshestCrlStringValue.
private String getFreshestCrlStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* FreshestCRL ::= CRLDistributionPoints
*
* CRLDistributionPoints ::= ASN1Sequence SIZE (1..MAX) OF
* DistributionPoint
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
CRLDistributionPoints freshestCRL = CRLDistributionPoints.getInstance(value);
int distPoint = 0;
for (DistributionPoint distributionPoint : freshestCRL.getDistributionPointList()) {
distPoint++;
sb.append(MessageFormat.format(res.getString("FreshestCrlDistributionPoint"), distPoint));
sb.append(NEWLINE);
sb.append(getDistributionPointString(distributionPoint, INDENT.toString(1)));
}
return sb.toString();
}
Also used :
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 8 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project Spark by igniterealtime.
the class SparkTrustManager method loadCRL.
public Collection<X509CRL> loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertStoreException, CRLException, CertificateException {
// for each certificate in chain
for (X509Certificate cert : chain) {
if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) {
ASN1Primitive primitive = JcaX509ExtensionUtils.parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
// extract distribution point extension
CRLDistPoint distPoint = CRLDistPoint.getInstance(primitive);
DistributionPoint[] dp = distPoint.getDistributionPoints();
// each distribution point extension can hold number of distribution points
for (DistributionPoint d : dp) {
DistributionPointName dpName = d.getDistributionPoint();
// Look for URIs in fullName
if (dpName != null && dpName.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
// Look for an URI
for (GeneralName genName : genNames) {
// extract url
URL url = new URL(genName.getName().toString());
try {
// download from Internet to the collection
crlCollection.add(downloadCRL(url));
} catch (CertificateException | CRLException e) {
throw new CRLException("Couldn't download CRL");
}
}
}
}
} else {
Log.warning("Certificate " + cert.getSubjectX500Principal().getName().toString() + " have no CRLs");
}
// parameters for cert store is collection type, using collection with crl create parameters
CollectionCertStoreParameters params = new CollectionCertStoreParameters(crlCollection);
// this parameters are next used for creation of certificate store with crls
crlStore = CertStore.getInstance("Collection", params);
}
return crlCollection;
}
Also used :
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
URL(java.net.URL)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
CRLException(java.security.cert.CRLException)
Example 9 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project certmgr by hdecarne.
the class CRLDistributionPointsController method init.
/**
* Initialize the dialog with existing extension data.
*
* @param data The extension data to use.
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public CRLDistributionPointsController init(CRLDistributionPointsExtensionData data, boolean expertMode) {
init(expertMode);
this.ctlCritical.setSelected(data.getCritical());
ObservableList<GeneralName> nameItems = this.ctlNames.getItems();
for (DistributionPoint distributionPoint : data) {
DistributionPointName distributionPointName = distributionPoint.getName();
if (distributionPointName != null) {
GeneralNames names = distributionPointName.getFullName();
if (names != null) {
for (GeneralName name : names) {
nameItems.add(name);
}
}
break;
}
}
return this;
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
Example 10 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project certmgr by hdecarne.
the class CRLDistributionPointsController method validateAndGetDistributionPoint.
private DistributionPoint validateAndGetDistributionPoint() throws ValidationException {
GeneralNames names = new GeneralNames();
int nameCount = 0;
for (GeneralName name : this.ctlNames.getItems()) {
names.addName(name);
nameCount++;
}
InputValidator.isTrue(nameCount > 0, CRLDistributionPointsI18N::formatSTR_MESSAGE_NO_NAMES);
return new DistributionPoint(new DistributionPointName(names));
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
Aggregations
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)24
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)21
GeneralName (org.bouncycastle.asn1.x509.GeneralName)20
IOException (java.io.IOException)14
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)12
DERIA5String (org.bouncycastle.asn1.DERIA5String)9
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)9
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)8
GeneralSecurityException (java.security.GeneralSecurityException)7
ArrayList (java.util.ArrayList)7
CertPathValidatorException (java.security.cert.CertPathValidatorException)6
List (java.util.List)6
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5
DEROctetString (org.bouncycastle.asn1.DEROctetString)5
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)5
DistributionPoint (de.carne.certmgr.certs.x509.DistributionPoint)4
CertPathBuilderException (java.security.cert.CertPathBuilderException)4
CertificateExpiredException (java.security.cert.CertificateExpiredException)4
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4
