Java Code Examples for org.bouncycastle.asn1.x509.AuthorityInformationAccess

The following examples show how to use org.bouncycastle.asn1.x509.AuthorityInformationAccess. These examples are extracted from open source projects.
Example 1
Project: signer   File: BasicCertificate.java    License: GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
    * Returns the AuthorityInfoAccess extension value on list format.<br>
    * Otherwise, returns <b>list empty</b>.<br>
    * @return List Authority info access list
    */
public List<String> getAuthorityInfoAccess() {
	List<String> address = new ArrayList<String>();
	try {
		byte[] authorityInfoAccess = certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
		if (authorityInfoAccess != null && authorityInfoAccess.length > 0) {
			AuthorityInformationAccess infoAccess = AuthorityInformationAccess.getInstance(
					JcaX509ExtensionUtils.parseExtensionValue(authorityInfoAccess));
			for (AccessDescription desc : infoAccess.getAccessDescriptions())
				if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier)
					address.add(((DERIA5String) desc.getAccessLocation().getName()).getString());
		}
		return address;
	} catch (Exception error) {
		logger.info(error.getMessage());
		return address;
	}
}
 
Example 2
Project: keystore-explorer   File: DAuthorityInformationAccess.java    License: GNU General Public License v3.0 6 votes vote down vote up
private void okPressed() {
	List<AccessDescription> accessDescriptions = jadAccessDescriptions.getAccessDescriptions();

	if (accessDescriptions.isEmpty()) {
		JOptionPane.showMessageDialog(this, res.getString("DAuthorityInformationAccess.ValueReq.message"),
				getTitle(), JOptionPane.WARNING_MESSAGE);
		return;
	}

	ASN1EncodableVector vec = new ASN1EncodableVector();
	for (AccessDescription accessDescription : accessDescriptions) {
		vec.add(accessDescription);
	}
	AuthorityInformationAccess authorityInformationAccess =
			AuthorityInformationAccess.getInstance(new DERSequence(vec));

	try {
		value = authorityInformationAccess.getEncoded(ASN1Encoding.DER);
	} catch (IOException e) {
		DError.displayError(this, e);
		return;
	}

	closeDialog();
}
 
Example 3
Project: xipki   File: Actions.java    License: Apache License 2.0 6 votes vote down vote up
public static List<String> extractOcspUrls(AuthorityInformationAccess aia)
    throws CertificateEncodingException {
  AccessDescription[] accessDescriptions = aia.getAccessDescriptions();
  List<AccessDescription> ocspAccessDescriptions = new LinkedList<>();
  for (AccessDescription accessDescription : accessDescriptions) {
    if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
      ocspAccessDescriptions.add(accessDescription);
    }
  }

  final int n = ocspAccessDescriptions.size();
  List<String> ocspUris = new ArrayList<>(n);
  for (int i = 0; i < n; i++) {
    GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation();
    if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) {
      String ocspUri = ((ASN1String) accessLocation.getName()).getString();
      ocspUris.add(ocspUri);
    }
  }

  return ocspUris;
}
 
Example 4
Project: xipki   File: ExtensionsChecker.java    License: Apache License 2.0 6 votes vote down vote up
private void checkExtnAuthorityInfoAccess(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  AuthorityInfoAccessControl aiaControl = certprofile.getAiaControl();
  Set<String> expCaIssuerUris = (aiaControl == null || aiaControl.isIncludesCaIssuers())
      ? issuerInfo.getCaIssuerUrls() : Collections.emptySet();

  Set<String> expOcspUris = (aiaControl == null || aiaControl.isIncludesOcsp())
      ? issuerInfo.getOcspUrls() : Collections.emptySet();

  if (CollectionUtil.isEmpty(expCaIssuerUris) && CollectionUtil.isEmpty(expOcspUris)) {
    failureMsg.append("AIA is present but expected is 'none'; ");
    return;
  }

  AuthorityInformationAccess isAia = AuthorityInformationAccess.getInstance(extensionValue);
  checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_caIssuers, expCaIssuerUris);
  checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_ocsp, expOcspUris);
}
 
Example 5
Project: portecle   File: X509Ext.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Get Authority Information Access (1.3.6.1.5.5.7.1.1) or Subject Information Access (1.3.6.1.5.5.7.1.11) extension
 * value as a string.
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 * @throws IOException If an I/O problem occurs
 */
private String getInformationAccessStringValue(byte[] bValue)
    throws IOException
{
	AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(bValue);

	StringBuilder sb = new StringBuilder();

	AccessDescription[] accDescs = access.getAccessDescriptions();
	for (AccessDescription accDesc : accDescs)
	{
		if (sb.length() != 0)
		{
			sb.append("<br>");
		}

		String accOid = accDesc.getAccessMethod().toString();
		String accMeth = getRes(accOid, "UnrecognisedAccessMethod");

		LinkClass linkClass = LinkClass.BROWSER;
		if (accOid.equals(AccessDescription.id_ad_ocsp.getId()))
		{
			linkClass = LinkClass.OCSP;
		}
		else if (accOid.equals(AccessDescription.id_ad_caIssuers.getId()))
		{
			linkClass = LinkClass.CERTIFICATE;
		}

		sb.append("<ul><li>");
		sb.append(MessageFormat.format(accMeth, accOid));
		sb.append(": <ul><li>");
		sb.append(getGeneralNameString(accDesc.getAccessLocation(), linkClass));
		sb.append("</li></ul></li></ul>");
	}

	return sb.toString();
}
 
Example 6
Project: keystore-explorer   File: DAuthorityInformationAccess.java    License: GNU General Public License v3.0 5 votes vote down vote up
private void prepopulateWithValue(byte[] value) throws IOException {
	AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(value);

	List<AccessDescription> accessDescriptionList =
			new ArrayList<>(Arrays.asList(authorityInformationAccess.getAccessDescriptions()));

	jadAccessDescriptions.setAccessDescriptions(accessDescriptionList);
}
 
Example 7
Project: acme-client   File: X509Utils.java    License: Apache License 2.0 5 votes vote down vote up
public static String getCACertificateURL(X509Certificate certificate) throws IOException {
	byte[] bOctets = ((ASN1OctetString) ASN1Primitive.fromByteArray(certificate.getExtensionValue(Extension.authorityInfoAccess.getId()))).getOctets();
	AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(ASN1Sequence.fromByteArray(bOctets));
	for (AccessDescription ad:access.getAccessDescriptions()){
		if (ad.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)){
			return ad.getAccessLocation().getName().toString();
		}
	}
	return null;
}
 
Example 8
Project: dss   File: DSSASN1Utils.java    License: GNU Lesser General Public License v2.1 5 votes vote down vote up
private static List<String> getAccessLocations(final CertificateToken certificate, ASN1ObjectIdentifier aiaType) {
	List<String> locationsUrls = new ArrayList<>();
	final byte[] authInfoAccessExtensionValue = certificate.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId());
	if (null == authInfoAccessExtensionValue) {
		return locationsUrls;
	}

	try {
		ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue);
		if (asn1Sequence == null || asn1Sequence.size() == 0) {
			LOG.warn("Empty ASN1Sequence for AuthorityInformationAccess");
			return locationsUrls;
		}
		AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(asn1Sequence);
		AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
		for (AccessDescription accessDescription : accessDescriptions) {
			if (aiaType.equals(accessDescription.getAccessMethod())) {
				GeneralName gn = accessDescription.getAccessLocation();
				String location = parseGn(gn);
				if (location != null) {
					locationsUrls.add(location);
				}
			}
		}
	} catch (Exception e) {
		LOG.error("Unable to parse authorityInfoAccess", e);
	}
	return locationsUrls;
}
 
Example 9
Project: oxAuth   File: OCSPCertificateVerifier.java    License: MIT License 5 votes vote down vote up
@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
	ASN1Primitive obj;
	try {
		obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
	} catch (IOException ex) {
		log.error("Failed to get OCSP URL", ex);
		return null;
	}

	if (obj == null) {
		return null;
	}

	AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);

	AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
	for (AccessDescription accessDescription : accessDescriptions) {
		boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
		if (!correctAccessMethod) {
			continue;
		}

		GeneralName name = accessDescription.getAccessLocation();
		if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
			continue;
		}

		DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
		return derStr.getString();
	}

	return null;

}
 
Example 10
Project: xipki   File: Actions.java    License: Apache License 2.0 5 votes vote down vote up
public static List<String> extractOcspUrls(X509Cert cert)
    throws CertificateEncodingException {
  byte[] extnValue = cert.getExtensionCoreValue(Extension.authorityInfoAccess);
  if (extnValue == null) {
    return Collections.emptyList();
  }

  AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(extnValue);
  return extractOcspUrls(aia);
}
 
Example 11
Project: xipki   File: Actions.java    License: Apache License 2.0 5 votes vote down vote up
public static List<String> extractOcspUrls(X509AttributeCertificateHolder cert)
    throws CertificateEncodingException {
  byte[] extValue = X509Util.getCoreExtValue(cert.getExtensions(),
      Extension.authorityInfoAccess);
  if (extValue == null) {
    return Collections.emptyList();
  }
  AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(extValue);
  return extractOcspUrls(aia);
}
 
Example 12
Project: keystore-explorer   File: X509Ext.java    License: GNU General Public License v3.0 4 votes vote down vote up
private String getAuthorityInformationAccessStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * AuthorityInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF
	 * AccessDescription
	 *
	 * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER,
	 * accessLocation GeneralName }
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(value);

	int accessDesc = 0;

	for (AccessDescription accessDescription : authorityInfoAccess.getAccessDescriptions()) {
		accessDesc++;

		// Convert OID to access method
		ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();

		AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId());

		String accessMethodStr = null;

		if (accessMethodType != null) {
			accessMethodStr = accessMethodType.friendly();
		} else {
			// Unrecognised Access Method OID
			accessMethodStr = ObjectIdUtil.toString(accessMethod);
		}

		GeneralName accessLocation = accessDescription.getAccessLocation();

		String accessLocationStr = GeneralNameUtil.toString(accessLocation);

		sb.append(MessageFormat.format(res.getString("AuthorityInformationAccess"), accessDesc));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(res.getString("AccessLocation"));
		sb.append(NEWLINE);
		sb.append(INDENT.toString(2));
		sb.append(accessLocationStr);
		sb.append(NEWLINE);
	}

	return sb.toString();
}
 
Example 13
Project: xipki   File: ExtensionsChecker.java    License: Apache License 2.0 4 votes vote down vote up
private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia,
    ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) {
  String typeDesc;
  if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) {
    typeDesc = "OCSP";
  } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) {
    typeDesc = "caIssuer";
  } else {
    typeDesc = accessMethod.getId();
  }

  List<AccessDescription> isAccessDescriptions = new LinkedList<>();
  for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
    if (accessMethod.equals(accessDescription.getAccessMethod())) {
      isAccessDescriptions.add(accessDescription);
    }
  }

  int size = isAccessDescriptions.size();
  if (size != expectedUris.size()) {
    addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size());
    return;
  }

  Set<String> isUris = new HashSet<>();
  for (int i = 0; i < size; i++) {
    GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation();
    if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) {
      addViolation(failureMsg, "tag of accessLocation of AIA ",
          isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier);
    } else {
      String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString();
      isUris.add(isOcspUri);
    }
  }

  Set<String> diffs = strInBnotInA(expectedUris, isUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are present but not expected; ");
  }

  diffs = strInBnotInA(isUris, expectedUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are absent but are required; ");
  }
}