Java Code Examples for org.bouncycastle.asn1.x509.AccessDescription#getAccessLocation()

private static List<String> getAccessLocations(final CertificateToken certificate, ASN1ObjectIdentifier aiaType) {
	List<String> locationsUrls = new ArrayList<>();
	final byte[] authInfoAccessExtensionValue = certificate.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId());
	if (null == authInfoAccessExtensionValue) {
		return locationsUrls;
	}

	try {
		ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue);
		if (asn1Sequence == null || asn1Sequence.size() == 0) {
			LOG.warn("Empty ASN1Sequence for AuthorityInformationAccess");
			return locationsUrls;
		}
		AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(asn1Sequence);
		AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
		for (AccessDescription accessDescription : accessDescriptions) {
			if (aiaType.equals(accessDescription.getAccessMethod())) {
				GeneralName gn = accessDescription.getAccessLocation();
				String location = parseGn(gn);
				if (location != null) {
					locationsUrls.add(location);
				}
			}
		}
	} catch (Exception e) {
		LOG.error("Unable to parse authorityInfoAccess", e);
	}
	return locationsUrls;
}
 

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
	ASN1Primitive obj;
	try {
		obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
	} catch (IOException ex) {
		log.error("Failed to get OCSP URL", ex);
		return null;
	}

	if (obj == null) {
		return null;
	}

	AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);

	AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
	for (AccessDescription accessDescription : accessDescriptions) {
		boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
		if (!correctAccessMethod) {
			continue;
		}

		GeneralName name = accessDescription.getAccessLocation();
		if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
			continue;
		}

		DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
		return derStr.getString();
	}

	return null;

}
 

private String getAuthorityInformationAccessStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * AuthorityInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF
	 * AccessDescription
	 *
	 * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER,
	 * accessLocation GeneralName }
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(value);

	int accessDesc = 0;

	for (AccessDescription accessDescription : authorityInfoAccess.getAccessDescriptions()) {
		accessDesc++;

		// Convert OID to access method
		ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();

		AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId());

		String accessMethodStr = null;

		if (accessMethodType != null) {
			accessMethodStr = accessMethodType.friendly();
		} else {
			// Unrecognised Access Method OID
			accessMethodStr = ObjectIdUtil.toString(accessMethod);
		}

		GeneralName accessLocation = accessDescription.getAccessLocation();

		String accessLocationStr = GeneralNameUtil.toString(accessLocation);

		sb.append(MessageFormat.format(res.getString("AuthorityInformationAccess"), accessDesc));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(res.getString("AccessLocation"));
		sb.append(NEWLINE);
		sb.append(INDENT.toString(2));
		sb.append(accessLocationStr);
		sb.append(NEWLINE);
	}

	return sb.toString();
}
 

private String getSubjectInformationAccessStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * SubjectInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF
	 * AccessDescription
	 *
	 * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER,
	 * accessLocation GeneralName }
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	SubjectInfoAccess subjectInfoAccess = SubjectInfoAccess.getInstance(value);

	int accessDesc = 0;

	for (AccessDescription accessDescription : subjectInfoAccess.getAccessDescriptionList()) {
		accessDesc++;

		// Convert OID to access method
		ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();

		AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId());

		String accessMethodStr = null;

		if (accessMethodType != null) {
			accessMethodStr = accessMethodType.friendly();
		} else {
			// Unrecognised Access Method OID
			accessMethodStr = ObjectIdUtil.toString(accessMethod);
		}

		GeneralName accessLocation = accessDescription.getAccessLocation();

		String accessLocationStr = GeneralNameUtil.toString(accessLocation);

		sb.append(MessageFormat.format(res.getString("SubjectInformationAccess"), accessDesc));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(res.getString("AccessLocation"));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(INDENT);
		sb.append(accessLocationStr);
		sb.append(NEWLINE);
	}

	return sb.toString();
}
 

private void checkExtnSubjectInfoAccess(StringBuilder failureMsg, byte[] extensionValue,
    Extensions requestedExtns, ExtensionControl extControl) {
  Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> conf =
      certprofile.getSubjectInfoAccessModes();
  if (conf == null) {
    failureMsg.append("extension is present but not expected; ");
    return;
  }

  ASN1Encodable requestExtValue = null;
  if (requestedExtns != null) {
    requestExtValue = requestedExtns.getExtensionParsedValue(Extension.subjectInfoAccess);
  }
  if (requestExtValue == null) {
    failureMsg.append("extension is present but not expected; ");
    return;
  }

  ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue);
  ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue);

  int size = requestSeq.size();

  if (certSeq.size() != size) {
    addViolation(failureMsg, "size of GeneralNames", certSeq.size(), size);
    return;
  }

  for (int i = 0; i < size; i++) {
    AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i));
    ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
    Set<GeneralNameMode> generalNameModes = conf.get(accessMethod);

    if (generalNameModes == null) {
      failureMsg.append("accessMethod in requestedExtension ")
        .append(accessMethod.getId()).append(" is not allowed; ");
      continue;
    }

    AccessDescription certAccessDesc = AccessDescription.getInstance(
        certSeq.getObjectAt(i));
    ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod();

    boolean bo = (accessMethod == null) ? (certAccessMethod == null)
        : accessMethod.equals(certAccessMethod);

    if (!bo) {
      addViolation(failureMsg, "accessMethod",
          (certAccessMethod == null) ? "null" : certAccessMethod.getId(),
          (accessMethod == null) ? "null" : accessMethod.getId());
      continue;
    }

    GeneralName accessLocation;
    try {
      accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes);
    } catch (BadCertTemplateException ex) {
      failureMsg.append("invalid requestedExtension: ").append(ex.getMessage()).append("; ");
      continue;
    }

    GeneralName certAccessLocation = certAccessDesc.getAccessLocation();
    if (!certAccessLocation.equals(accessLocation)) {
      failureMsg.append("accessLocation does not match the requested one; ");
    }
  }
}