Example 16 with DistributionPointName
use of de.carne.certmgr.certs.x509.DistributionPointName in project signer by demoiselle.
the class BasicCertificate method getCRLDistributionPoint.
/**
* @return A list of ulrs that inform the location of the certificate revocation lists
* @throws IOException exception
*/
public List<String> getCRLDistributionPoint() throws IOException {
List<String> crlUrls = new ArrayList<>();
ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId());
if (primitive == null) {
return null;
}
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive);
DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName dpn = distributionPoint.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
for (GeneralName genName : genNames) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(genName.getName()).getString();
crlUrls.add(url);
logger.info("Adicionando a url {}", url);
}
}
}
}
}
return crlUrls;
}
Also used :
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 17 with DistributionPointName
use of de.carne.certmgr.certs.x509.DistributionPointName in project keystore-explorer by kaikramer.
the class X509Ext method getIssuingDistributionPointStringValue.
private String getIssuingDistributionPointStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* IssuingDistributionPoint ::= ASN1Sequence {
* distributionPoint [0] DistributionPointName OPTIONAL,
* onlyContainsUserCerts [1] ASN1Boolean DEFAULT FALSE,
* onlyContainsCACerts [2] ASN1Boolean DEFAULT FALSE,
* onlySomeReasons [3] ReasonFlags OPTIONAL,
* indirectCRL [4] ASN1Boolean DEFAULT FALSE,
* onlyContainsAttributeCerts [5] ASN1Boolean DEFAULT FALSE }
*/
// @formatter:on
/*
* Getting any DEFAULTS returns a false ASN1Boolean when no value
* present which saves the bother of a null check
*/
StringBuilder sb = new StringBuilder();
IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(value);
DistributionPointName distributionPointName = issuingDistributionPoint.getDistributionPoint();
if (distributionPointName != null) {
// Optional
sb.append(getDistributionPointNameString(distributionPointName, ""));
}
boolean onlyContainsUserCerts = issuingDistributionPoint.onlyContainsUserCerts();
sb.append(MessageFormat.format(res.getString("OnlyContainsUserCerts"), onlyContainsUserCerts));
sb.append(NEWLINE);
boolean onlyContainsCaCerts = issuingDistributionPoint.onlyContainsCACerts();
sb.append(MessageFormat.format(res.getString("OnlyContainsCaCerts"), onlyContainsCaCerts));
sb.append(NEWLINE);
ReasonFlags onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
if (onlySomeReasons != null) {
// Optional
sb.append(res.getString("OnlySomeReasons"));
sb.append(NEWLINE);
String[] reasonFlags = getReasonFlagsStrings(onlySomeReasons);
for (String reasonFlag : reasonFlags) {
sb.append(INDENT);
sb.append(reasonFlag);
sb.append(NEWLINE);
}
}
boolean indirectCrl = issuingDistributionPoint.isIndirectCRL();
sb.append(MessageFormat.format(res.getString("IndirectCrl"), indirectCrl));
sb.append(NEWLINE);
boolean onlyContainsAttributeCerts = issuingDistributionPoint.onlyContainsAttributeCerts();
sb.append(MessageFormat.format(res.getString("OnlyContainsAttributeCerts"), onlyContainsAttributeCerts));
sb.append(NEWLINE);
return sb.toString();
}
Also used :
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
ReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
Example 18 with DistributionPointName
use of de.carne.certmgr.certs.x509.DistributionPointName in project keystore-explorer by kaikramer.
the class X509Ext method getDistributionPointString.
private String getDistributionPointString(DistributionPoint distributionPoint, String baseIndent) throws IOException {
// @formatter:off
/*
* DistributionPoint ::= ASN1Sequence {
* distributionPoint [0] DistributionPointName OPTIONAL,
* reasons [1] ReasonFlags OPTIONAL,
* cRLIssuer [2] GeneralNames OPTIONAL
* }
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
ReasonFlags reasons = distributionPoint.getReasons();
GeneralNames crlIssuer = distributionPoint.getCRLIssuer();
if (distributionPointName != null) {
// Optional
sb.append(getDistributionPointNameString(distributionPointName, baseIndent));
}
if (reasons != null) {
// Optional
sb.append(baseIndent);
sb.append(res.getString("DistributionPointReasons"));
sb.append(NEWLINE);
String[] reasonFlags = getReasonFlagsStrings(reasons);
for (String reasonFlag : reasonFlags) {
sb.append(baseIndent);
sb.append(INDENT);
sb.append(reasonFlag);
sb.append(NEWLINE);
}
}
if (crlIssuer != null) {
// Optional
sb.append(baseIndent);
sb.append(res.getString("DistributionPointCrlIssuer"));
sb.append(NEWLINE);
for (GeneralName generalName : crlIssuer.getNames()) {
sb.append(baseIndent);
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
}
return sb.toString();
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 19 with DistributionPointName
use of de.carne.certmgr.certs.x509.DistributionPointName in project zm-mailbox by Zimbra.
the class CertUtil method printCRLDistributionPoints.
private void printCRLDistributionPoints(PrintStream outStream) throws Exception {
outStream.format("X509v3 CRL Distribution Points: \n");
// 2.5.29.31
String extOid = X509Extension.cRLDistributionPoints.getId();
byte[] extVal = cert.getExtensionValue(extOid);
if (extVal == null) {
return;
}
/* http://download.oracle.com/javase/6/docs/api/java/security/cert/X509Extension.html#getExtensionValue(java.lang.String)
*
The ASN.1 definition for this is:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
}
*/
byte[] extnValue = DEROctetString.getInstance(ASN1Primitive.fromByteArray(extVal)).getOctets();
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(ASN1Primitive.fromByteArray(extnValue));
DistributionPoint[] distPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distPoint : distPoints) {
DistributionPointName distPointName = distPoint.getDistributionPoint();
int type = distPointName.getType();
if (DistributionPointName.FULL_NAME == type) {
outStream.format("Full Name: \n");
GeneralNames generalNames = GeneralNames.getInstance(distPointName.getName());
GeneralName[] names = generalNames.getNames();
for (GeneralName generalname : names) {
int tag = generalname.getTagNo();
if (GeneralName.uniformResourceIdentifier == tag) {
ASN1Encodable name = generalname.getName();
DERIA5String str = DERIA5String.getInstance(name);
String value = str.getString();
outStream.format(" %s\n", value);
} else {
outStream.format("tag %d not yet implemented", tag);
}
}
} else {
outStream.format("type %d not yet implemented", type);
}
}
}
Also used :
DERIA5String(org.bouncycastle.asn1.DERIA5String)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Aggregations
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)16
GeneralName (org.bouncycastle.asn1.x509.GeneralName)15
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)14
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)13
IOException (java.io.IOException)9
DERIA5String (org.bouncycastle.asn1.DERIA5String)9
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)9
GeneralSecurityException (java.security.GeneralSecurityException)6
CertPathValidatorException (java.security.cert.CertPathValidatorException)6
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)5
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)5
CertPathBuilderException (java.security.cert.CertPathBuilderException)4
CertificateExpiredException (java.security.cert.CertificateExpiredException)4
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4
ArrayList (java.util.ArrayList)4
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)4
DistributionPoint (de.carne.certmgr.certs.x509.DistributionPoint)3
DistributionPointName (de.carne.certmgr.certs.x509.DistributionPointName)3
