List of usage examples for java.security.cert X509Certificate getExtensionValue
public byte[] getExtensionValue(String oid);
From source file:be.fedict.trust.PublicKeyTrustLinker.java
private boolean isCa(X509Certificate certificate) { byte[] basicConstraintsValue = certificate.getExtensionValue(X509Extensions.BasicConstraints.getId()); if (null == basicConstraintsValue) { return false; }/*from www . j a v a 2 s .c o m*/ ASN1Encodable basicConstraintsDecoded; try { basicConstraintsDecoded = X509ExtensionUtil.fromExtensionValue(basicConstraintsValue); } catch (IOException e) { LOG.error("IO error", e); return false; } if (false == basicConstraintsDecoded instanceof ASN1Sequence) { LOG.debug("basic constraints extension is not an ASN1 sequence"); return false; } ASN1Sequence basicConstraintsSequence = (ASN1Sequence) basicConstraintsDecoded; BasicConstraints basicConstraints = BasicConstraints.getInstance(basicConstraintsSequence); return basicConstraints.isCA(); }
From source file:be.fedict.trust.linker.PublicKeyTrustLinker.java
private boolean isCa(X509Certificate certificate) { byte[] basicConstraintsValue = certificate.getExtensionValue(Extension.basicConstraints.getId()); if (null == basicConstraintsValue) { return false; }/*from w w w.ja v a 2 s . c o m*/ ASN1Encodable basicConstraintsDecoded; try { basicConstraintsDecoded = X509ExtensionUtil.fromExtensionValue(basicConstraintsValue); } catch (IOException e) { LOG.error("IO error", e); return false; } if (false == basicConstraintsDecoded instanceof ASN1Sequence) { LOG.debug("basic constraints extension is not an ASN1 sequence"); return false; } ASN1Sequence basicConstraintsSequence = (ASN1Sequence) basicConstraintsDecoded; BasicConstraints basicConstraints = BasicConstraints.getInstance(basicConstraintsSequence); return basicConstraints.isCA(); }
From source file:org.dataone.proto.trove.jsse.X509CertificateToolset.java
/** * Retrieves the extension value given by the OID * * @see http://stackoverflow.com/questions/2409618/how-do-i-decode-a-der-encoded-string-in-java * @param X509Certificate/*from ww w . j a v a 2 s .c om*/ * @param oid * @return * @throws IOException */ protected String getExtensionValue(X509Certificate X509Certificate, String oid) throws IOException { String decoded = null; byte[] extensionValue = X509Certificate.getExtensionValue(oid); if (extensionValue != null) { ASN1Primitive derObject = toASN1Primitive(extensionValue); if (derObject instanceof DEROctetString) { DEROctetString derOctetString = (DEROctetString) derObject; derObject = toASN1Primitive(derOctetString.getOctets()); if (derObject instanceof DERUTF8String) { DERUTF8String s = DERUTF8String.getInstance(derObject); decoded = s.getString(); } } } return decoded; }
From source file:be.fedict.eid.dss.model.bean.TrustValidationServiceBean.java
private byte[] getAuthorityKeyId(X509Certificate cert) throws IOException { byte[] extvalue = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); if (extvalue == null) { return null; }/* ww w. java2 s. co m*/ DEROctetString oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(extvalue)) .readObject()); /*AuthorityKeyIdentifier keyId = new AuthorityKeyIdentifier( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream( oct.getOctets())).readObject());*/ AuthorityKeyIdentifier keyId = new AuthorityKeyIdentifier(oct.getOctets()); return keyId.getKeyIdentifier(); }
From source file:org.apache.synapse.transport.certificatevalidation.crl.CRLVerifier.java
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list./*ww w .j a va 2s . com*/ */ private List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateVerificationException { //Gets the DER-encoded OCTET string for the extension value for CRLDistributionPoints byte[] crlDPExtensionValue = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crlDPExtensionValue == null) throw new CertificateVerificationException("Certificate doesn't have CRL Distribution points"); //crlDPExtensionValue is encoded in ASN.1 format. ASN1InputStream asn1In = new ASN1InputStream(crlDPExtensionValue); //DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules defined in ITU-T X.690, 2002, specification. //ASN.1 encoding rules can be used to encode any data object into a binary file. Read the object in octets. CRLDistPoint distPoint; try { DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject(); //Get Input stream in octets ASN1InputStream asn1InOctets = new ASN1InputStream(crlDEROctetString.getOctets()); ASN1Primitive crlDERObject = asn1InOctets.readObject(); distPoint = CRLDistPoint.getInstance(crlDERObject); } catch (IOException e) { throw new CertificateVerificationException("Cannot read certificate to get CRL urls", e); } List<String> crlUrls = new ArrayList<String>(); //Loop through ASN1Encodable DistributionPoints for (DistributionPoint dp : distPoint.getDistributionPoints()) { //get ASN1Encodable DistributionPointName DistributionPointName dpn = dp.getDistributionPoint(); if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { //Create ASN1Encodable General Names GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for a URI //todo: May be able to check for OCSP url specifically. for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { //DERIA5String contains an ascii string. //A IA5String is a restricted character string type in the ASN.1 notation String url = DERIA5String.getInstance(genName.getName()).getString().trim(); crlUrls.add(url); } } } } if (crlUrls.isEmpty()) throw new CertificateVerificationException("Cant get CRL urls from certificate"); return crlUrls; }
From source file:org.apache.synapse.transport.utils.sslcert.crl.CRLVerifier.java
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list./*w ww . j a v a 2s .co m*/ */ private List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateVerificationException { //Gets the DER-encoded OCTET string for the extension value for CRLDistributionPoints byte[] crlDPExtensionValue = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (crlDPExtensionValue == null) throw new CertificateVerificationException("Certificate doesn't have CRL " + "distribution points"); //crlDPExtensionValue is encoded in ASN.1 format. ASN1InputStream asn1In = new ASN1InputStream(crlDPExtensionValue); // DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules defined in ITU-T X.690, // 2002, specification. ASN.1 encoding rules can be used to encode any data object into a // binary file. Read the object in octets. CRLDistPoint distPoint; try { DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject(); //Get Input stream in octets ASN1InputStream asn1InOctets = new ASN1InputStream(crlDEROctetString.getOctets()); ASN1Primitive asn1Primitive = asn1InOctets.readObject(); distPoint = CRLDistPoint.getInstance(asn1Primitive); } catch (IOException e) { throw new CertificateVerificationException("Cannot read certificate to get CRL urls", e); } List<String> crlUrls = new ArrayList<String>(); //Loop through ASN1Encodable DistributionPoints for (DistributionPoint dp : distPoint.getDistributionPoints()) { //get ASN1Encodable DistributionPointName DistributionPointName dpn = dp.getDistributionPoint(); if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { //Create ASN1Encodable General Names GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for a URI //todo: May be able to check for OCSP url specifically. for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { //DERIA5String contains an ascii string. //A IA5String is a restricted character string type in the ASN.1 notation String url = DERIA5String.getInstance(genName.getName()).getString().trim(); crlUrls.add(url); } } } } if (crlUrls.isEmpty()) { throw new CertificateVerificationException("Cant get CRL urls from certificate"); } return crlUrls; }
From source file:org.wso2.carbon.identity.authenticator.pki.cert.validation.crl.CRLVerifier.java
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point"//from www . j a v a 2s . c om * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list. */ private List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateVerificationException { // Gets the DER-encoded OCTET string for the extension value for // CRLDistributionPoints byte[] crlDPExtensionValue = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if (crlDPExtensionValue == null) throw new CertificateVerificationException("Certificate doesn't have CRL Distribution points"); // crlDPExtensionValue is encoded in ASN.1 format. ASN1InputStream asn1In = new ASN1InputStream(crlDPExtensionValue); // DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules // defined in ITU-T X.690, 2002, specification. // ASN.1 encoding rules can be used to encode any data object into a // binary file. Read the object in octets. CRLDistPoint distPoint; try { DEROctetString crlDEROctetString = (DEROctetString) asn1In.readObject(); // Get Input stream in octets ASN1InputStream asn1InOctets = new ASN1InputStream(crlDEROctetString.getOctets()); DERObject crlDERObject = asn1InOctets.readObject(); distPoint = CRLDistPoint.getInstance(crlDERObject); } catch (IOException e) { throw new CertificateVerificationException("Cannot read certificate to get CRL urls", e); } List<String> crlUrls = new ArrayList<String>(); // Loop through ASN1Encodable DistributionPoints for (DistributionPoint dp : distPoint.getDistributionPoints()) { // get ASN1Encodable DistributionPointName DistributionPointName dpn = dp.getDistributionPoint(); if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { // Create ASN1Encodable General Names GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for a URI // todo: May be able to check for OCSP url specifically. for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { // DERIA5String contains an ascii string. // A IA5String is a restricted character string type in // the ASN.1 notation String url = DERIA5String.getInstance(genName.getName()).getString().trim(); crlUrls.add(url); } } } } if (crlUrls.isEmpty()) throw new CertificateVerificationException("Cant get CRL urls from certificate"); return crlUrls; }
From source file:org.ejbca.ui.web.CertificateView.java
public boolean hasNameConstraints() { if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; byte[] ext = x509cert.getExtensionValue(Extension.nameConstraints.getId()); return ext != null; }//from ww w . j a va 2s . c o m return false; }
From source file:be.fedict.eid.applet.service.signer.time.TSPTimeStampService.java
private byte[] getSubjectKeyId(X509Certificate cert) throws IOException { byte[] extvalue = cert.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); if (extvalue == null) { return null; }/*from w w w. j a v a2s. co m*/ ASN1OctetString str = ASN1OctetString .getInstance(new ASN1InputStream(new ByteArrayInputStream(extvalue)).readObject()); SubjectKeyIdentifier keyId = SubjectKeyIdentifier .getInstance(new ASN1InputStream(new ByteArrayInputStream(str.getOctets())).readObject()); return keyId.getKeyIdentifier(); }
From source file:be.fedict.eid.applet.service.signer.time.TSPTimeStampService.java
private byte[] getAuthorityKeyId(X509Certificate cert) throws IOException { byte[] extvalue = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); if (extvalue == null) { return null; }/* w w w.j a v a 2 s . c om*/ DEROctetString oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(extvalue)) .readObject()); /*AuthorityKeyIdentifier keyId = new AuthorityKeyIdentifier( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream( oct.getOctets())).readObject());*/ AuthorityKeyIdentifier keyId = new AuthorityKeyIdentifier(oct.getOctets()); return keyId.getKeyIdentifier(); }