List of usage examples for java.security.cert X509Certificate getExtensionValue
public byte[] getExtensionValue(String oid);
From source file:demo.sts.provider.cert.CrlVerifier.java
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. *//*ww w .j a v a 2 s. c o m*/ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(CRL_DISTRIBUTION_POINT_ID); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
From source file:net.sf.dsig.verify.X509CRLHelper.java
/** * Retrieve the CRL URI distribution point from an X.509 certificate, using * the 2.5.29.31 extension value// w w w. j av a2 s . c o m * * @param certificate an {@link X509Certificate} object * @return a String containing the URI of the CRL distribution point, or * null if none can be found */ public static String getCRLDistributionPointUri(X509Certificate certificate) { byte[] derCdpBytes = certificate.getExtensionValue(OID_CRLDISTRIBUTIONPOINTS); if (derCdpBytes == null) { return null; } try { ASN1InputStream ais = new ASN1InputStream(derCdpBytes); DEROctetString dos = (DEROctetString) ais.readObject(); ais.close(); ais = new ASN1InputStream(dos.getOctets()); DERSequence seq = (DERSequence) ais.readObject(); ais.close(); CRLDistPoint cdp = new CRLDistPoint(seq); for (int i = 0; i < cdp.getDistributionPoints().length; i++) { DistributionPoint dp = cdp.getDistributionPoints()[i]; DistributionPointName dpn = dp.getDistributionPoint(); GeneralNames gns = (GeneralNames) dpn.getName(); for (int j = 0; j < gns.getNames().length; j++) { GeneralName gn = gns.getNames()[j]; if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { return ((DERString) gn.getName()).getString(); } } } } catch (IOException e) { logger.warn("ASN.1 decoding failed; will fall back to default CRL DistributionPoint, if set"); } return null; }
From source file:net.sf.dsig.verify.OCSPHelper.java
/** * Retrieve the OCSP URI distribution point from an X.509 certificate, using * the 1.3.6.1.5.5.7.1.1 extension value * // w w w . j a va 2 s . com * @param certificate the {@link X509Certificate} object * @return a String containing the URI of the OCSP authority info access, * or null if none can be found */ public static String getOCSPAccessLocationUri(X509Certificate certificate) { try { byte[] derAiaBytes = certificate.getExtensionValue(OID_AUTHORITYINFOACCESS); if (derAiaBytes == null) { return null; } ASN1InputStream ais = new ASN1InputStream(derAiaBytes); DEROctetString dos = (DEROctetString) ais.readObject(); ais.close(); ais = new ASN1InputStream(dos.getOctets()); DERSequence seq = (DERSequence) ais.readObject(); ais.close(); AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(seq); for (int i = 0; i < aia.getAccessDescriptions().length; i++) { AccessDescription ad = aia.getAccessDescriptions()[i]; if (!ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { continue; } GeneralName gn = ad.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { return ((DERString) gn.getName()).getString(); } } } catch (IOException e) { logger.warn("ASN.1 decoding failed; will fall back to default OCSP AccessLocation, if set"); } return null; }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil.java
public static URI[] getCrlDistributionPoints(X509Certificate certificate) { byte[] extensionValue = certificate .getExtensionValue(org.bouncycastle.asn1.x509.X509Extension.cRLDistributionPoints.getId()); if (extensionValue == null) { return null; }//from www. j a v a 2s. c o m try { CRLDistPoint crldp = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)); return convertCrlDistributionPointToUris(crldp); } catch (IOException e) { return null; } }
From source file:org.xdi.oxauth.cert.validation.CRLCertificateVerifier.java
/** * @param certificate//w w w .ja v a 2 s .co m * the certificate from which we need the ExtensionValue * @param oid * the Object Identifier value for the extension. * @return the extension value as an ASN1Primitive object * @throws IOException */ private static ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException { byte[] bytes = certificate.getExtensionValue(oid); if (bytes == null) { return null; } ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); return aIn.readObject(); }
From source file:org.opensaml.xml.security.x509.X509Util.java
/** * Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if * present.//ww w . j av a 2s. c om * * @param certificate an X.509 certificate possibly containing a subject key identifier * @return the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate * does not contain the extension * @throws IOException */ public static byte[] getSubjectKeyIdentifier(X509Certificate certificate) { byte[] derValue = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); if (derValue == null || derValue.length == 0) { return null; } SubjectKeyIdentifier ski = null; try { ski = new SubjectKeyIdentifierStructure(derValue); } catch (IOException e) { log.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e); return null; } if (ski != null) { return ski.getKeyIdentifier(); } else { return null; } }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil.java
public static X509CertificateInformationAccessDescriptor[] getAuthorityInformationAccess( X509Certificate certificate) { try {/* ww w . j a va 2 s.co m*/ byte[] extensionValue = certificate .getExtensionValue(org.bouncycastle.asn1.x509.X509Extension.authorityInfoAccess.getId()); if (extensionValue == null) { return null; } AccessDescription[] accessDescriptions = AuthorityInformationAccess .getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getAccessDescriptions(); return X509CertificateInformationAccessDescriptor.convertAccessDescriptors(accessDescriptions); } catch (IOException e) { throw new X509CertificateOperationException(e); } }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil.java
public static X509CertificateInformationAccessDescriptor[] getSubjectInformationAccess( X509Certificate certificate) { try {//from ww w. ja v a2 s .co m byte[] extensionValue = certificate .getExtensionValue(org.bouncycastle.asn1.x509.X509Extension.subjectInfoAccess.getId()); if (extensionValue == null) { return null; } AccessDescription[] accessDescriptions = AuthorityInformationAccess .getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getAccessDescriptions(); return X509CertificateInformationAccessDescriptor.convertAccessDescriptors(accessDescriptions); } catch (IOException e) { throw new X509CertificateOperationException(e); } }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil.java
public static boolean isCa(X509Certificate certificate) { try {// w ww.ja v a2s . c o m byte[] basicConstraintsExtension = certificate .getExtensionValue(org.bouncycastle.asn1.x509.X509Extension.basicConstraints.getId()); if (basicConstraintsExtension == null) { /** * The Basic Constraints extension field [...] MUST be present when * the Subject is a CA, and MUST NOT be present otherwise. * http://tools.ietf.org/html/draft-ietf-sidr-res-certs-21#section-4.9.1 */ return false; } BasicConstraints constraints = BasicConstraints .getInstance(X509ExtensionUtil.fromExtensionValue(basicConstraintsExtension)); return constraints.isCA(); } catch (IOException e) { throw new X509CertificateOperationException(e); } }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * // w ww .j ava2 s . c o m * @param certificate * the X509 certificate. * @return the CRL URI, or <code>null</code> if the extension is not * present. */ public static URI getCrlUri(X509Certificate certificate) { byte[] crlDistributionPointsValue = certificate .getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (null == crlDistributionPointsValue) { return null; } ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue)) .readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } String str = ((DERIA5String) name.getName()).getString(); URI uri = toURI(str); return uri; } } return null; }