Example 21 with AccessDescription
use of sun.security.x509.AccessDescription in project oxAuth by GluuFederation.
the class OCSPCertificateVerifier method getOCSPUrl.
@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
} catch (IOException ex) {
log.error("Failed to get OCSP URL", ex);
return null;
}
if (obj == null) {
return null;
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
for (AccessDescription accessDescription : accessDescriptions) {
boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
if (!correctAccessMethod) {
continue;
}
GeneralName name = accessDescription.getAccessLocation();
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
return null;
}
Also used :
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
IOException(java.io.IOException)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Example 22 with AccessDescription
use of sun.security.x509.AccessDescription in project nhin-d by DirectProject.
the class AuthorityInfoAccessExtentionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
final Collection<String> coll = Collections.emptyList();
this.policyValue = PolicyValueFactory.getInstance(coll);
return;
}
}
final AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(exValue);
final Collection<String> retVal = new ArrayList<String>();
for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
final String accessMethod = AuthorityInfoAccessMethodIdentifier.fromId(accessDescription.getAccessMethod().toString()).getName();
retVal.add(accessMethod + ":" + accessDescription.getAccessLocation().getName().toString());
}
if (retVal.isEmpty() && isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
DERObject(org.bouncycastle.asn1.DERObject)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
ArrayList(java.util.ArrayList)
Example 23 with AccessDescription
use of sun.security.x509.AccessDescription in project xipki by xipki.
the class CaUtil method createAuthorityInformationAccess.
public static AuthorityInformationAccess createAuthorityInformationAccess(List<String> caIssuerUris, List<String> ocspUris) {
if (CollectionUtil.isEmpty(caIssuerUris) && CollectionUtil.isEmpty(ocspUris)) {
throw new IllegalArgumentException("caIssuerUris and ospUris must not be both empty");
}
List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size());
if (CollectionUtil.isNonEmpty(caIssuerUris)) {
for (String uri : caIssuerUris) {
GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn));
}
}
if (CollectionUtil.isNonEmpty(ocspUris)) {
for (String uri : ocspUris) {
GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri);
accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn));
}
}
DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0]));
return AuthorityInformationAccess.getInstance(seq);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
ArrayList(java.util.ArrayList)
ASN1String(org.bouncycastle.asn1.ASN1String)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 24 with AccessDescription
use of sun.security.x509.AccessDescription in project xipki by xipki.
the class IdentifiedX509Certprofile method createSubjectInfoAccess.
// method addRequestedExtKeyusage
private static ASN1Sequence createSubjectInfoAccess(Extensions requestedExtensions, Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException {
if (modes == null) {
return null;
}
ASN1Encodable extValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess);
if (extValue == null) {
return null;
}
ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue);
int size = reqSeq.size();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (int i = 0; i < size; i++) {
AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i));
ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
Set<GeneralNameMode> generalNameModes = modes.get(accessMethod);
if (generalNameModes == null) {
throw new BadCertTemplateException("subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed");
}
GeneralName accessLocation = X509CertprofileUtil.createGeneralName(ad.getAccessLocation(), generalNameModes);
vec.add(new AccessDescription(accessMethod, accessLocation));
}
return vec.size() > 0 ? new DERSequence(vec) : null;
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 25 with AccessDescription
use of sun.security.x509.AccessDescription in project xipki by xipki.
the class BaseOcspStatusAction method extractOcspUrls.
public static List<String> extractOcspUrls(AuthorityInformationAccess aia) throws CertificateEncodingException {
AccessDescription[] accessDescriptions = aia.getAccessDescriptions();
List<AccessDescription> ocspAccessDescriptions = new LinkedList<>();
for (AccessDescription accessDescription : accessDescriptions) {
if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
ocspAccessDescriptions.add(accessDescription);
}
}
final int n = ocspAccessDescriptions.size();
List<String> ocspUris = new ArrayList<>(n);
for (int i = 0; i < n; i++) {
GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation();
if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) {
String ocspUri = ((ASN1String) accessLocation.getName()).getString();
ocspUris.add(ocspUri);
}
}
return ocspUris;
}
Also used :
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
ArrayList(java.util.ArrayList)
ASN1String(org.bouncycastle.asn1.ASN1String)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1String(org.bouncycastle.asn1.ASN1String)
LinkedList(java.util.LinkedList)
Aggregations
AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)24
GeneralName (org.bouncycastle.asn1.x509.GeneralName)13
AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)9
IOException (java.io.IOException)8
CertStoreException (java.security.cert.CertStoreException)7
ArrayList (java.util.ArrayList)6
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6
AccessDescription (sun.security.x509.AccessDescription)6
URIName (sun.security.x509.URIName)6
DERIA5String (org.bouncycastle.asn1.DERIA5String)5
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)5
URI (java.net.URI)4
CertificateException (java.security.cert.CertificateException)4
X509Certificate (java.security.cert.X509Certificate)4
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)4
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)4
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CRLException (java.security.cert.CRLException)3
