Search in sources :

Example 31 with DistributionPoint

use of de.carne.certmgr.certs.x509.DistributionPoint in project keystore-explorer by kaikramer.

the class X509Ext method getCrlDistributionPointsStringValue.

private String getCrlDistributionPointsStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * CRLDistPointSyntax ::= ASN1Sequence SIZE (1..MAX) OF
		 * DistributionPoint
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    CRLDistPoint crlDistributionPoints = CRLDistPoint.getInstance(value);
    int distPoint = 0;
    for (DistributionPoint distributionPoint : crlDistributionPoints.getDistributionPoints()) {
        distPoint++;
        sb.append(MessageFormat.format(res.getString("CrlDistributionPoint"), distPoint));
        sb.append(NEWLINE);
        sb.append(getDistributionPointString(distributionPoint, INDENT.toString(1)));
    }
    return sb.toString();
}
Also used : IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 32 with DistributionPoint

use of de.carne.certmgr.certs.x509.DistributionPoint in project keystore-explorer by kaikramer.

the class CRLDistributionPoints method toASN1Primitive.

@Override
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    Iterator<DistributionPoint> it = distributionPointList.iterator();
    while (it.hasNext()) {
        v.add(it.next().toASN1Primitive());
    }
    return new DERSequence(v);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 33 with DistributionPoint

use of de.carne.certmgr.certs.x509.DistributionPoint in project zm-mailbox by Zimbra.

the class CertUtil method printCRLDistributionPoints.

private void printCRLDistributionPoints(PrintStream outStream) throws Exception {
    outStream.format("X509v3 CRL Distribution Points: \n");
    // 2.5.29.31
    String extOid = X509Extension.cRLDistributionPoints.getId();
    byte[] extVal = cert.getExtensionValue(extOid);
    if (extVal == null) {
        return;
    }
    /* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String)
         *
           The ASN.1 definition for this is:

             Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

             Extension  ::=  SEQUENCE  {
                 extnId        OBJECT IDENTIFIER,
                 critical      BOOLEAN DEFAULT FALSE,
                 extnValue     OCTET STRING
                               -- contains a DER encoding of a value
                               -- of the type registered for use with
                               -- the extnId object identifier value
             }
         */
    byte[] extnValue = DEROctetString.getInstance(ASN1Primitive.fromByteArray(extVal)).getOctets();
    CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Primitive.fromByteArray(extnValue));
    DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints();
    for (DistributionPoint distPoint : distPoints) {
        DistributionPointName distPointName = distPoint.getDistributionPoint();
        int type = distPointName.getType();
        if (DistributionPointName.FULL_NAME == type) {
            outStream.format("Full Name: \n");
            GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName());
            GeneralName[] names = generalNames.getNames();
            for (GeneralName generalname : names) {
                int tag = generalname.getTagNo();
                if (GeneralName.uniformResourceIdentifier == tag) {
                    ASN1Encodable name = generalname.getName();
                    DERIA5String str = DERIA5String.getInstance(name);
                    String value = str.getString();
                    outStream.format("    %s\n", value);
                } else {
                    outStream.format("tag %d not yet implemented", tag);
                }
            }
        } else {
            outStream.format("type %d not yet implemented", type);
        }
    }
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 34 with DistributionPoint

use of de.carne.certmgr.certs.x509.DistributionPoint in project keycloak by keycloak.

the class CRLUtils method getCRLDistributionPoints.

/**
 * Retrieves a list of CRL distribution points from CRLDP v3 certificate extension
 * See <a href="www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-cchain-and-verify-clr-with-bouncy-castle/">CRL validation</a>
 * @param cert
 * @return
 * @throws IOException
 */
public static List<String> getCRLDistributionPoints(X509Certificate cert) throws IOException {
    byte[] data = cert.getExtensionValue(CRL_DISTRIBUTION_POINTS_OID);
    if (data == null) {
        return Collections.emptyList();
    }
    List<String> distributionPointUrls = new LinkedList<>();
    DEROctetString octetString;
    try (ASN1InputStream crldpExtensionInputStream = new ASN1InputStream(new ByteArrayInputStream(data))) {
        octetString = (DEROctetString) crldpExtensionInputStream.readObject();
    }
    byte[] octets = octetString.getOctets();
    CRLDistPoint crlDP;
    try (ASN1InputStream crldpInputStream = new ASN1InputStream(new ByteArrayInputStream(octets))) {
        crlDP = CRLDistPoint.getInstance(crldpInputStream.readObject());
    }
    for (DistributionPoint dp : crlDP.getDistributionPoints()) {
        DistributionPointName dpn = dp.getDistributionPoint();
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            GeneralName[] names = GeneralNames.getInstance(dpn.getName()).getNames();
            for (GeneralName gn : names) {
                if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    String url = DERIA5String.getInstance(gn.getName()).getString();
                    distributionPointUrls.add(url);
                }
            }
        }
    }
    return distributionPointUrls;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) LinkedList(java.util.LinkedList) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Aggregations

DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)28 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)25 GeneralName (org.bouncycastle.asn1.x509.GeneralName)24 IOException (java.io.IOException)16 DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)16 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)12 DERIA5String (org.bouncycastle.asn1.DERIA5String)11 ArrayList (java.util.ArrayList)8 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)8 GeneralSecurityException (java.security.GeneralSecurityException)7 CertPathValidatorException (java.security.cert.CertPathValidatorException)6 List (java.util.List)6 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)6 DEROctetString (org.bouncycastle.asn1.DEROctetString)6 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)5 DistributionPoint (de.carne.certmgr.certs.x509.DistributionPoint)4 CertPathBuilderException (java.security.cert.CertPathBuilderException)4 CertificateExpiredException (java.security.cert.CertificateExpiredException)4 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4