Example 31 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project keystore-explorer by kaikramer.
the class X509Ext method getCrlDistributionPointsStringValue.
private String getCrlDistributionPointsStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* CRLDistPointSyntax ::= ASN1Sequence SIZE (1..MAX) OF
* DistributionPoint
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
CRLDistPoint crlDistributionPoints = CRLDistPoint.getInstance(value);
int distPoint = 0;
for (DistributionPoint distributionPoint : crlDistributionPoints.getDistributionPoints()) {
distPoint++;
sb.append(MessageFormat.format(res.getString("CrlDistributionPoint"), distPoint));
sb.append(NEWLINE);
sb.append(getDistributionPointString(distributionPoint, INDENT.toString(1)));
}
return sb.toString();
}
Also used :
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 32 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project keystore-explorer by kaikramer.
the class CRLDistributionPoints method toASN1Primitive.
@Override
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
Iterator<DistributionPoint> it = distributionPointList.iterator();
while (it.hasNext()) {
v.add(it.next().toASN1Primitive());
}
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 33 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project zm-mailbox by Zimbra.
the class CertUtil method printCRLDistributionPoints.
private void printCRLDistributionPoints(PrintStream outStream) throws Exception {
outStream.format("X509v3 CRL Distribution Points: \n");
// 2.5.29.31
String extOid = X509Extension.cRLDistributionPoints.getId();
byte[] extVal = cert.getExtensionValue(extOid);
if (extVal == null) {
return;
}
/* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String)
*
The ASN.1 definition for this is:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
}
*/
byte[] extnValue = DEROctetString.getInstance(ASN1Primitive.fromByteArray(extVal)).getOctets();
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Primitive.fromByteArray(extnValue));
DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distPoint : distPoints) {
DistributionPointName distPointName = distPoint.getDistributionPoint();
int type = distPointName.getType();
if (DistributionPointName.FULL_NAME == type) {
outStream.format("Full Name: \n");
GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName());
GeneralName[] names = generalNames.getNames();
for (GeneralName generalname : names) {
int tag = generalname.getTagNo();
if (GeneralName.uniformResourceIdentifier == tag) {
ASN1Encodable name = generalname.getName();
DERIA5String str = DERIA5String.getInstance(name);
String value = str.getString();
outStream.format(" %s\n", value);
} else {
outStream.format("tag %d not yet implemented", tag);
}
}
} else {
outStream.format("type %d not yet implemented", type);
}
}
}
Also used :
DERIA5String(org.bouncycastle.asn1.DERIA5String)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 34 with DistributionPoint
use of de.carne.certmgr.certs.x509.DistributionPoint in project keycloak by keycloak.
the class CRLUtils method getCRLDistributionPoints.
/**
* Retrieves a list of CRL distribution points from CRLDP v3 certificate extension
* See <a href="www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-cchain-and-verify-clr-with-bouncy-castle/">CRL validation</a>
* @param cert
* @return
* @throws IOException
*/
public static List<String> getCRLDistributionPoints(X509Certificate cert) throws IOException {
byte[] data = cert.getExtensionValue(CRL_DISTRIBUTION_POINTS_OID);
if (data == null) {
return Collections.emptyList();
}
List<String> distributionPointUrls = new LinkedList<>();
DEROctetString octetString;
try (ASN1InputStream crldpExtensionInputStream = new ASN1InputStream(new ByteArrayInputStream(data))) {
octetString = (DEROctetString) crldpExtensionInputStream.readObject();
}
byte[] octets = octetString.getOctets();
CRLDistPoint crlDP;
try (ASN1InputStream crldpInputStream = new ASN1InputStream(new ByteArrayInputStream(octets))) {
crlDP = CRLDistPoint.getInstance(crldpInputStream.readObject());
}
for (DistributionPoint dp : crlDP.getDistributionPoints()) {
DistributionPointName dpn = dp.getDistributionPoint();
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] names = GeneralNames.getInstance(dpn.getName()).getNames();
for (GeneralName gn : names) {
if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(gn.getName()).getString();
distributionPointUrls.add(url);
}
}
}
}
return distributionPointUrls;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
LinkedList(java.util.LinkedList)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Aggregations
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)28
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)25
GeneralName (org.bouncycastle.asn1.x509.GeneralName)24
IOException (java.io.IOException)16
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)16
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)12
DERIA5String (org.bouncycastle.asn1.DERIA5String)11
ArrayList (java.util.ArrayList)8
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)8
GeneralSecurityException (java.security.GeneralSecurityException)7
CertPathValidatorException (java.security.cert.CertPathValidatorException)6
List (java.util.List)6
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)6
DEROctetString (org.bouncycastle.asn1.DEROctetString)6
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)5
DistributionPoint (de.carne.certmgr.certs.x509.DistributionPoint)4
CertPathBuilderException (java.security.cert.CertPathBuilderException)4
CertificateExpiredException (java.security.cert.CertificateExpiredException)4
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4
