Search in sources :

Example 21 with CRLDistPoint

use of org.bouncycastle.asn1.x509.CRLDistPoint in project keycloak by keycloak.

the class CRLUtils method getCRLDistributionPoints.

/**
 * Retrieves a list of CRL distribution points from CRLDP v3 certificate extension
 * See <a href="www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-cchain-and-verify-clr-with-bouncy-castle/">CRL validation</a>
 * @param cert
 * @return
 * @throws IOException
 */
public static List<String> getCRLDistributionPoints(X509Certificate cert) throws IOException {
    byte[] data = cert.getExtensionValue(CRL_DISTRIBUTION_POINTS_OID);
    if (data == null) {
        return Collections.emptyList();
    }
    List<String> distributionPointUrls = new LinkedList<>();
    DEROctetString octetString;
    try (ASN1InputStream crldpExtensionInputStream = new ASN1InputStream(new ByteArrayInputStream(data))) {
        octetString = (DEROctetString) crldpExtensionInputStream.readObject();
    }
    byte[] octets = octetString.getOctets();
    CRLDistPoint crlDP;
    try (ASN1InputStream crldpInputStream = new ASN1InputStream(new ByteArrayInputStream(octets))) {
        crlDP = CRLDistPoint.getInstance(crldpInputStream.readObject());
    }
    for (DistributionPoint dp : crlDP.getDistributionPoints()) {
        DistributionPointName dpn = dp.getDistributionPoint();
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            GeneralName[] names = GeneralNames.getInstance(dpn.getName()).getNames();
            for (GeneralName gn : names) {
                if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) {
                    String url = DERIA5String.getInstance(gn.getName()).getString();
                    distributionPointUrls.add(url);
                }
            }
        }
    }
    return distributionPointUrls;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) LinkedList(java.util.LinkedList) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Aggregations

CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)21 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)18 GeneralName (org.bouncycastle.asn1.x509.GeneralName)17 DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)13 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)12 IOException (java.io.IOException)9 DERIA5String (org.bouncycastle.asn1.DERIA5String)9 CRLException (java.security.cert.CRLException)5 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)5 GeneralSecurityException (java.security.GeneralSecurityException)4 CertPathValidatorException (java.security.cert.CertPathValidatorException)4 CertificateException (java.security.cert.CertificateException)4 ArrayList (java.util.ArrayList)4 HashSet (java.util.HashSet)4 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)4 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)4 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)4