List of usage examples for java.security.cert X509CRL getExtensionValue
public byte[] getExtensionValue(String oid);
From source file:mitm.common.security.crl.X509CRLInspector.java
/** * Returns the crl number extension if present, null if not present *//* w ww.j a va2 s .co m*/ public static BigInteger getCRLNumber(X509CRL crl) throws IOException { byte[] derCRLNumber = crl.getExtensionValue(X509Extension.cRLNumber.getId()); BigInteger crlNumber = null; if (derCRLNumber != null) { ASN1Encodable extension = DERUtils.fromExtensionValue(derCRLNumber); /* CRL number must be a positive number */ crlNumber = CRLNumber.getInstance(extension).getCRLNumber(); } return crlNumber; }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
private boolean isIndirectCRL(X509CRL crl) { byte[] idp = crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); boolean isIndirect = false; if (idp != null) { isIndirect = IssuingDistributionPoint.getInstance(idp).isIndirectCRL(); }/* w w w. j a v a 2s . com*/ return isIndirect; }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
private BigInteger getCrlNumber(X509CRL crl) { byte[] crlNumberExtensionValue = crl.getExtensionValue(X509Extensions.CRLNumber.getId()); if (null == crlNumberExtensionValue) { return null; }/*from ww w . jav a 2s .com*/ try { DEROctetString octetString = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(crlNumberExtensionValue)).readObject()); byte[] octets = octetString.getOctets(); DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject(); BigInteger crlNumber = integer.getPositiveValue(); return crlNumber; } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
private BigInteger getDeltaCrlIndicator(X509CRL deltaCrl) { byte[] deltaCrlIndicatorValue = deltaCrl.getExtensionValue(X509Extensions.DeltaCRLIndicator.getId()); if (null == deltaCrlIndicatorValue) return null; try {//from w w w . j a v a2 s .c o m DEROctetString octetString = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(deltaCrlIndicatorValue)).readObject()); byte[] octets = octetString.getOctets(); DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject(); BigInteger crlNumber = integer.getPositiveValue(); return crlNumber; } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } }
From source file:be.fedict.trust.service.bean.HarvesterMDB.java
private BigInteger getCrlNumber(X509CRL crl) { byte[] crlNumberExtensionValue = crl.getExtensionValue("2.5.29.20"); if (null == crlNumberExtensionValue) { return null; }/*from w w w . j ava 2s . c o m*/ try { DEROctetString octetString = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(crlNumberExtensionValue)).readObject()); byte[] octets = octetString.getOctets(); DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject(); return integer.getPositiveValue(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } }
From source file:be.fedict.trust.service.bean.HarvesterMDB.java
/** * Returns if the specified CRL is indirect. * /*from w w w. java 2s. c om*/ * @param crl * the CRL * @return true or false * @throws CRLException * something went wrong reading the * {@link org.bouncycastle.asn1.x509.IssuingDistributionPoint}. */ private boolean isIndirectCRL(X509CRL crl) throws CRLException { byte[] idp = crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); boolean isIndirect = false; try { if (idp != null) { isIndirect = IssuingDistributionPoint.getInstance(X509ExtensionUtil.fromExtensionValue(idp)) .isIndirectCRL(); } } catch (Exception e) { throw new CRLException("Exception reading IssuingDistributionPoint", e); } return isIndirect; }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
private List<URI> getDeltaCrlUris(X509CRL x509crl) { byte[] freshestCrlValue = x509crl.getExtensionValue(X509Extensions.FreshestCRL.getId()); if (null == freshestCrlValue) { LOG.debug("no freshestCRL extension"); return null; }//from w w w . ja va 2 s . co m ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(freshestCrlValue)).readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } List<URI> deltaCrlUris = new LinkedList<URI>(); CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } String str = ((DERIA5String) name.getName()).getString(); URI uri = toURI(str); deltaCrlUris.add(uri); } } return deltaCrlUris; }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileC.java
/** * Create a reference to a X509CRL// ww w. j a v a 2 s . com * * @param crl * @return * @throws NoSuchAlgorithmException * @throws CRLException */ private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws NoSuchAlgorithmException, CRLException { MessageDigest sha1digest = MessageDigest.getInstance(X509ObjectIdentifiers.id_SHA1.getId(), new BouncyCastleProvider()); OtherHash hash = new OtherHash(sha1digest.digest(crl.getEncoded())); BigInteger crlnumber; CrlIdentifier crlid; if (crl.getExtensionValue("2.5.29.20") != null) { crlnumber = new DERInteger(crl.getExtensionValue("2.5.29.20")).getPositiveValue(); crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber); } else { crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate())); } CrlValidatedID crlvid = new CrlValidatedID(hash, crlid); return crlvid; }
From source file:be.fedict.eid.applet.service.signer.facets.XAdESXLSignatureFacet.java
private BigInteger getCrlNumber(X509CRL crl) { byte[] crlNumberExtensionValue = crl.getExtensionValue(X509Extensions.CRLNumber.getId()); if (null == crlNumberExtensionValue) { return null; }//w w w .java 2 s . com try { ASN1InputStream asn1InputStream = new ASN1InputStream(crlNumberExtensionValue); ASN1OctetString octetString = (ASN1OctetString) asn1InputStream.readObject(); byte[] octets = octetString.getOctets(); DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject(); BigInteger crlNumber = integer.getPositiveValue(); return crlNumber; } catch (IOException e) { throw new RuntimeException("I/O error: " + e.getMessage(), e); } }
From source file:com.sun.identity.security.cert.AMCRLStore.java
/** * It checks whether the crl has IssuingDistributionPointExtension * or not. If there is, it returns the extension. * @param X509CRL crl// w ww . j ava2s. c o m */ private IssuingDistributionPointExtension getCRLIDPExt(X509CRL crl) { IssuingDistributionPointExtension idpExt = null; if (crl == null) { return null; } if (debug.messageEnabled()) { debug.message("AMCRLStore.getCRLIDPExt: crl = " + crl); } try { byte[] ext = crl.getExtensionValue(PKIXExtensions.IssuingDistributionPoint_Id.toString()); if (ext != null) { idpExt = new IssuingDistributionPointExtension(ext); } } catch (Exception e) { debug.error("Error finding CRL distribution Point configured: ", e); } return idpExt; }