use of de.carne.certmgr.certs.x509.DistributionPoint in project keystore-explorer by kaikramer.
the class X509Ext method getCrlDistributionPointsStringValue.
private String getCrlDistributionPointsStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* CRLDistPointSyntax ::= ASN1Sequence SIZE (1..MAX) OF
* DistributionPoint
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
CRLDistPoint crlDistributionPoints = CRLDistPoint.getInstance(value);
int distPoint = 0;
for (DistributionPoint distributionPoint : crlDistributionPoints.getDistributionPoints()) {
distPoint++;
sb.append(MessageFormat.format(res.getString("CrlDistributionPoint"), distPoint));
sb.append(NEWLINE);
sb.append(getDistributionPointString(distributionPoint, INDENT.toString(1)));
}
return sb.toString();
}
use of de.carne.certmgr.certs.x509.DistributionPoint in project keystore-explorer by kaikramer.
the class CRLDistributionPoints method toASN1Primitive.
@Override
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
Iterator<DistributionPoint> it = distributionPointList.iterator();
while (it.hasNext()) {
v.add(it.next().toASN1Primitive());
}
return new DERSequence(v);
}
use of de.carne.certmgr.certs.x509.DistributionPoint in project zm-mailbox by Zimbra.
the class CertUtil method printCRLDistributionPoints.
private void printCRLDistributionPoints(PrintStream outStream) throws Exception {
outStream.format("X509v3 CRL Distribution Points: \n");
// 2.5.29.31
String extOid = X509Extension.cRLDistributionPoints.getId();
byte[] extVal = cert.getExtensionValue(extOid);
if (extVal == null) {
return;
}
/* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String)
*
The ASN.1 definition for this is:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
}
*/
byte[] extnValue = DEROctetString.getInstance(ASN1Primitive.fromByteArray(extVal)).getOctets();
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Primitive.fromByteArray(extnValue));
DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distPoint : distPoints) {
DistributionPointName distPointName = distPoint.getDistributionPoint();
int type = distPointName.getType();
if (DistributionPointName.FULL_NAME == type) {
outStream.format("Full Name: \n");
GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName());
GeneralName[] names = generalNames.getNames();
for (GeneralName generalname : names) {
int tag = generalname.getTagNo();
if (GeneralName.uniformResourceIdentifier == tag) {
ASN1Encodable name = generalname.getName();
DERIA5String str = DERIA5String.getInstance(name);
String value = str.getString();
outStream.format(" %s\n", value);
} else {
outStream.format("tag %d not yet implemented", tag);
}
}
} else {
outStream.format("type %d not yet implemented", type);
}
}
}
use of de.carne.certmgr.certs.x509.DistributionPoint in project keycloak by keycloak.
the class CRLUtils method getCRLDistributionPoints.
/**
* Retrieves a list of CRL distribution points from CRLDP v3 certificate extension
* See <a href="www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-cchain-and-verify-clr-with-bouncy-castle/">CRL validation</a>
* @param cert
* @return
* @throws IOException
*/
public static List<String> getCRLDistributionPoints(X509Certificate cert) throws IOException {
byte[] data = cert.getExtensionValue(CRL_DISTRIBUTION_POINTS_OID);
if (data == null) {
return Collections.emptyList();
}
List<String> distributionPointUrls = new LinkedList<>();
DEROctetString octetString;
try (ASN1InputStream crldpExtensionInputStream = new ASN1InputStream(new ByteArrayInputStream(data))) {
octetString = (DEROctetString) crldpExtensionInputStream.readObject();
}
byte[] octets = octetString.getOctets();
CRLDistPoint crlDP;
try (ASN1InputStream crldpInputStream = new ASN1InputStream(new ByteArrayInputStream(octets))) {
crlDP = CRLDistPoint.getInstance(crldpInputStream.readObject());
}
for (DistributionPoint dp : crlDP.getDistributionPoints()) {
DistributionPointName dpn = dp.getDistributionPoint();
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] names = GeneralNames.getInstance(dpn.getName()).getNames();
for (GeneralName gn : names) {
if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(gn.getName()).getString();
distributionPointUrls.add(url);
}
}
}
}
return distributionPointUrls;
}
Aggregations