Examples with Extension org.bouncycastle.asn1.x509.Extension used on opensource projects

Example 61 with Extension

use of org.bouncycastle.asn1.x509.Extension in project nhin-d by DirectProject.

the class TrustChainValidator method downloadCertsFromAIA.

/**
	 * Downloads certificates from the AIA URL and returns the result as a collection of certificates.
	 * @param url The URL listed in the AIA extension to locate the certificates.
	 * @return The certificates downloaded from the AIA extension URL
	 */
@SuppressWarnings("unchecked")
protected Collection<X509Certificate> downloadCertsFromAIA(String url) throws NHINDException {
    InputStream inputStream = null;
    Collection<? extends Certificate> retVal = null;
    try {
        // in this case the cert is a binary representation
        // of the CERT URL... transform to a string
        final URL certURL = new URL(url);
        final URLConnection connection = certURL.openConnection();
        // the connection is not actually made until the input stream
        // is open, so set the timeouts before getting the stream
        connection.setConnectTimeout(DEFAULT_URL_CONNECTION_TIMEOUT);
        connection.setReadTimeout(DEFAULT_URL_READ_TIMEOUT);
        // open the URL as in input stream
        inputStream = connection.getInputStream();
        // download the 
        retVal = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
    } catch (Exception e) {
        throw new NHINDException("Failed to download certificates from AIA extension.", e);
    } finally {
        IOUtils.closeQuietly(inputStream);
    }
    return (Collection<X509Certificate>) retVal;
}

Example 62 with Extension

use of org.bouncycastle.asn1.x509.Extension in project nhin-d by DirectProject.

the class TrustChainValidator method getIntermediateCertsByAIA.

/**
     * Retrieves intermediate certificate using the AIA extension.
     * @param certificate The certificate to search for AIA extensions.
     * @return Returns a collection of intermediate certs using the AIA extension.  If the AIA extension does not exists
     * or the certificate cannot be downloaded from the URL, then an empty list is returned.
     */
protected Collection<X509Certificate> getIntermediateCertsByAIA(X509Certificate certificate) {
    final Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
    // check to see if there are extensions
    final AuthorityInfoAccessExtentionField aiaField = new AuthorityInfoAccessExtentionField(false);
    try {
        // we can get all names from the AuthorityInfoAccessExtentionField objects
        aiaField.injectReferenceValue(certificate);
        final Collection<String> urlPairs = aiaField.getPolicyValue().getPolicyValue();
        // look through all of the values (if they exist) for caIssuers
        for (String urlPair : urlPairs) {
            if (urlPair.startsWith(CA_ISSUER_CHECK_STRING)) {
                // the url pair is in the format of caIssuer:URL... need to break it 
                // apart to get the url
                final String url = urlPair.substring(CA_ISSUER_CHECK_STRING.length());
                // now pull the certificate from the URL
                try {
                    final Collection<X509Certificate> intermCerts = downloadCertsFromAIA(url);
                    retVal.addAll(intermCerts);
                } catch (NHINDException e) {
                    LOGGER.warn("Intermediate cert cannot be resolved from AIA extension.", e);
                }
            }
        }
    }///CLOVER:OFF
     catch (PolicyProcessException e) {
        LOGGER.warn("Intermediate cert cannot be resolved from AIA extension.", e);
    }
    return retVal;
}

Example 63 with Extension

use of org.bouncycastle.asn1.x509.Extension in project robovm by robovm.

the class X509CRLEntryObject method getExtensionOIDs.

private Set getExtensionOIDs(boolean critical) {
    Extensions extensions = c.getExtensions();
    if (extensions != null) {
        Set set = new HashSet();
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
            Extension ext = extensions.getExtension(oid);
            if (critical == ext.isCritical()) {
                set.add(oid.getId());
            }
        }
        return set;
    }
    return null;
}

Example 64 with Extension

use of org.bouncycastle.asn1.x509.Extension in project robovm by robovm.

the class X509CRLObject method isRevoked.

/**
     * Checks whether the given certificate is on this CRL.
     *
     * @param cert the certificate to check for.
     * @return true if the given certificate is on this CRL,
     * false otherwise.
     */
public boolean isRevoked(Certificate cert) {
    if (!cert.getType().equals("X.509")) {
        throw new RuntimeException("X.509 CRL used with non X.509 Cert");
    }
    TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
    X500Name caName = c.getIssuer();
    if (certs != null) {
        BigInteger serial = ((X509Certificate) cert).getSerialNumber();
        for (int i = 0; i < certs.length; i++) {
            if (isIndirect && certs[i].hasExtensions()) {
                Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer);
                if (currentCaName != null) {
                    caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
                }
            }
            if (certs[i].getUserCertificate().getValue().equals(serial)) {
                X500Name issuer;
                if (cert instanceof X509Certificate) {
                    issuer = X500Name.getInstance(((X509Certificate) cert).getIssuerX500Principal().getEncoded());
                } else {
                    try {
                        issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
                    } catch (CertificateEncodingException e) {
                        throw new RuntimeException("Cannot process certificate");
                    }
                }
                if (!caName.equals(issuer)) {
                    return false;
                }
                return true;
            }
        }
    }
    return false;
}

Example 65 with Extension

use of org.bouncycastle.asn1.x509.Extension in project robovm by robovm.

the class X509CRLObject method getRevokedCertificate.

public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    Enumeration certs = c.getRevokedCertificateEnumeration();
    // the issuer
    X500Name previousCertificateIssuer = null;
    while (certs.hasMoreElements()) {
        TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
        if (serialNumber.equals(entry.getUserCertificate().getValue())) {
            return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
        }
        if (isIndirect && entry.hasExtensions()) {
            Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
            if (currentCaName != null) {
                previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
            }
        }
    }
    return null;
}