Examples with AccessDescription sun.security.x509.AccessDescription used on opensource projects

Search in sources :

Example 11 with AccessDescription

use of sun.security.x509.AccessDescription in project Bytecoder by mirkosertic.

the class ForwardBuilder method getCerts.

/**
 * Download Certificates from the given AIA and add them to the
 * specified Collection.
 */
// cs.getCertificates(caSelector) returns a collection of X509Certificate's
// because of the selector, so the cast is safe
@SuppressWarnings("unchecked")
private boolean getCerts(AuthorityInfoAccessExtension aiaExt, Collection<X509Certificate> certs) {
    if (Builder.USE_AIA == false) {
        return false;
    }
    List<AccessDescription> adList = aiaExt.getAccessDescriptions();
    if (adList == null || adList.isEmpty()) {
        return false;
    }
    boolean add = false;
    for (AccessDescription ad : adList) {
        CertStore cs = URICertStore.getInstance(ad);
        if (cs != null) {
            try {
                if (certs.addAll((Collection<X509Certificate>) cs.getCertificates(caSelector))) {
                    add = true;
                    if (!searchAllCertStores) {
                        return true;
                    }
                }
            } catch (CertStoreException cse) {
                if (debug != null) {
                    debug.println("exception getting certs from CertStore:");
                    cse.printStackTrace();
                }
            }
        }
    }
    return add;
}
Also used : AccessDescription(sun.security.x509.AccessDescription) CertStoreException(java.security.cert.CertStoreException) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate)

Example 12 with AccessDescription

use of sun.security.x509.AccessDescription in project Bytecoder by mirkosertic.

the class URICertStore method getInstance.

/**
 * Creates a CertStore from information included in the AccessDescription
 * object of a certificate's Authority Information Access Extension.
 */
static CertStore getInstance(AccessDescription ad) {
    if (!ad.getAccessMethod().equals(AccessDescription.Ad_CAISSUERS_Id)) {
        return null;
    }
    GeneralNameInterface gn = ad.getAccessLocation().getName();
    if (!(gn instanceof URIName)) {
        return null;
    }
    URI uri = ((URIName) gn).getURI();
    try {
        return URICertStore.getInstance(new URICertStoreParameters(uri));
    } catch (Exception ex) {
        if (debug != null) {
            debug.println("exception creating CertStore: " + ex);
            ex.printStackTrace();
        }
        return null;
    }
}
Also used : GeneralNameInterface(sun.security.x509.GeneralNameInterface) URICertStoreParameters(java.security.cert.URICertStoreParameters) URI(java.net.URI) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CertStoreException(java.security.cert.CertStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CRLException(java.security.cert.CRLException) URIName(sun.security.x509.URIName)

Example 13 with AccessDescription

use of sun.security.x509.AccessDescription in project keystore-explorer by kaikramer.

the class DAuthorityInformationAccess method prepopulateWithValue.

private void prepopulateWithValue(byte[] value) throws IOException {
    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(value);
    List<AccessDescription> accessDescriptionList = new ArrayList<AccessDescription>(Arrays.asList(authorityInformationAccess.getAccessDescriptions()));
    jadAccessDescriptions.setAccessDescriptions(accessDescriptionList);
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ArrayList(java.util.ArrayList)

Example 14 with AccessDescription

use of sun.security.x509.AccessDescription in project neo4j by neo4j.

the class CertificateChainFactory method generateCertificate.

private static X509Certificate generateCertificate(X509Certificate issuingCert, PrivateKey issuingPrivateKey, KeyPair certKeyPair, String certName, String ocspURL, Path certificatePath, Path keyPath, BouncyCastleProvider bouncyCastleProvider) throws Exception {
    X509v3CertificateBuilder builder;
    if (issuingCert == null) {
        builder = new JcaX509v3CertificateBuilder(// issuer authority
        new X500Name("CN=" + certName), // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        NOT_BEFORE, // end of certificate validity
        NOT_AFTER, // subject name of certificate
        new X500Name("CN=" + certName), // public key of certificate
        certKeyPair.getPublic());
    } else {
        builder = new JcaX509v3CertificateBuilder(// issuer authority
        issuingCert, // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        NOT_BEFORE, // end of certificate validity
        NOT_AFTER, // subject name of certificate
        new X500Name("CN=" + certName), // public key of certificate
        certKeyPair.getPublic());
    }
    // key usage restrictions
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature));
    builder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
    // embed ocsp URI
    builder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(GeneralName.uniformResourceIdentifier, ocspURL + "/" + certName))));
    X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(bouncyCastleProvider).build(// self sign if root cert
    issuingPrivateKey == null ? certKeyPair.getPrivate() : issuingPrivateKey)));
    writePem("CERTIFICATE", certificate.getEncoded(), certificatePath);
    writePem("PRIVATE KEY", certKeyPair.getPrivate().getEncoded(), keyPath);
    return certificate;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) Random(java.util.Random) SecureRandom(java.security.SecureRandom) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 15 with AccessDescription

use of sun.security.x509.AccessDescription in project oxAuth by GluuFederation.

the class OCSPCertificateVerifier method getOCSPUrl.

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
    } catch (IOException ex) {
        log.error("Failed to get OCSP URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
    AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
    for (AccessDescription accessDescription : accessDescriptions) {
        boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
        if (!correctAccessMethod) {
            continue;
        }
        GeneralName name = accessDescription.getAccessLocation();
        if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
            continue;
        }
        DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
        return derStr.getString();
    }
    return null;
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERIA5String(org.bouncycastle.asn1.DERIA5String) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) IOException(java.io.IOException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Aggregations

AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)24 GeneralName (org.bouncycastle.asn1.x509.GeneralName)13 AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)9 IOException (java.io.IOException)8 CertStoreException (java.security.cert.CertStoreException)7 ArrayList (java.util.ArrayList)6 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6 AccessDescription (sun.security.x509.AccessDescription)6 URIName (sun.security.x509.URIName)6 DERIA5String (org.bouncycastle.asn1.DERIA5String)5 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)5 URI (java.net.URI)4 CertificateException (java.security.cert.CertificateException)4 X509Certificate (java.security.cert.X509Certificate)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)4 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)4 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CRLException (java.security.cert.CRLException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial