Examples with ASN1TaggedObject org.bouncycastle.asn1.ASN1TaggedObject used on opensource projects

Example 21 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project pdfbox by apache.

the class CertificateVerifier method extractOCSPURL.

/**
 * Extract the OCSP URL from an X.509 certificate if available.
 *
 * @param cert X.509 certificate
 * @return the URL of the OCSP validation service
 * @throws IOException
 */
private static String extractOCSPURL(X509Certificate cert) throws IOException {
    byte[] authorityExtensionValue = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
    if (authorityExtensionValue != null) {
        // copied from CertInformationHelper.getAuthorityInfoExtensionValue()
        // DRY refactor should be done some day
        ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
        Enumeration<?> objects = asn1Seq.getObjects();
        while (objects.hasMoreElements()) {
            // AccessDescription
            ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
            ASN1Encodable oid = obj.getObjectAt(0);
            // accessLocation
            ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
            if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
                ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
                String ocspURL = new String(url.getOctets());
                LOG.info("OCSP URL: " + ocspURL);
                return ocspURL;
            }
        }
    }
    return null;
}

Example 22 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project pdfbox by apache.

the class CertInformationHelper method getAuthorityInfoExtensionValue.

/**
 * Extracts authority information access extension values from the given data. The Data
 * structure has to be implemented as described in RFC 2459, 4.2.2.1.
 *
 * @param extensionValue byte[] of the extension value.
 * @param certInfo where to put the found values
 * @throws IOException when there is a problem with the extensionValue
 */
protected static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
    ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
    Enumeration<?> objects = asn1Seq.getObjects();
    while (objects.hasMoreElements()) {
        // AccessDescription
        ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
        ASN1Encodable oid = obj.getObjectAt(0);
        // accessLocation
        ASN1TaggedObject location = (ASN1TaggedObject) obj.getObjectAt(1);
        if (X509ObjectIdentifiers.id_ad_ocsp.equals(oid) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
            ASN1OctetString url = (ASN1OctetString) location.getBaseObject();
            certInfo.setOcspUrl(new String(url.getOctets()));
        } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(oid)) {
            ASN1OctetString uri = (ASN1OctetString) location.getBaseObject();
            certInfo.setIssuerUrl(new String(uri.getOctets()));
        }
    }
}

Example 23 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project pdfbox by apache.

the class CertInformationHelper method extractCrlUrlFromSequence.

private static String extractCrlUrlFromSequence(ASN1Sequence sequence) {
    ASN1TaggedObject taggedObject = (ASN1TaggedObject) sequence.getObjectAt(0);
    taggedObject = (ASN1TaggedObject) taggedObject.getBaseObject();
    if (taggedObject.getBaseObject() instanceof ASN1TaggedObject) {
        taggedObject = (ASN1TaggedObject) taggedObject.getBaseObject();
    } else if (taggedObject.getBaseObject() instanceof ASN1Sequence) {
        // multiple URLs (we take the first)
        ASN1Sequence seq = (ASN1Sequence) taggedObject.getBaseObject();
        if (seq.getObjectAt(0) instanceof ASN1TaggedObject) {
            taggedObject = (ASN1TaggedObject) seq.getObjectAt(0);
        } else {
            return null;
        }
    } else {
        return null;
    }
    if (taggedObject.getBaseObject() instanceof ASN1OctetString) {
        ASN1OctetString uri = (ASN1OctetString) taggedObject.getBaseObject();
        String url = new String(uri.getOctets());
        // return first http(s)-Url for crl
        if (url.startsWith("http")) {
            return url;
        }
    }
    // else happens with http://blogs.adobe.com/security/SampleSignedPDFDocument.pdf
    return null;
}

Example 24 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method prepareNextCertI1.

protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (i)
    //
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (Exception e) {
        throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
    }
    int tmpInt;
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            try {
                ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                if (constraint.getTagNo() == 0) {
                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    if (tmpInt < explicitPolicy) {
                        return tmpInt;
                    }
                    break;
                }
            } catch (IllegalArgumentException e) {
                throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
            }
        }
    }
    return explicitPolicy;
}

Example 25 with ASN1TaggedObject

use of org.bouncycastle.asn1.ASN1TaggedObject in project robovm by robovm.

the class RFC3280CertPathUtilities method wrapupCertB.

protected static int wrapupCertB(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (b)
    //
    int tmpInt;
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
    }
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
            switch(constraint.getTagNo()) {
                case 0:
                    try {
                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    } catch (Exception e) {
                        throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, index);
                    }
                    if (tmpInt == 0) {
                        return 0;
                    }
                    break;
            }
        }
    }
    return explicitPolicy;
}