org.bouncycastle.asn1.x509.AuthorityInformationAccess Java Examples

The following examples show how to use org.bouncycastle.asn1.x509.AuthorityInformationAccess. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: BasicCertificate.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
    * Returns the AuthorityInfoAccess extension value on list format.<br>
    * Otherwise, returns <b>list empty</b>.<br>
    * @return List Authority info access list
    */
public List<String> getAuthorityInfoAccess() {
	List<String> address = new ArrayList<String>();
	try {
		byte[] authorityInfoAccess = certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
		if (authorityInfoAccess != null && authorityInfoAccess.length > 0) {
			AuthorityInformationAccess infoAccess = AuthorityInformationAccess.getInstance(
					JcaX509ExtensionUtils.parseExtensionValue(authorityInfoAccess));
			for (AccessDescription desc : infoAccess.getAccessDescriptions())
				if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier)
					address.add(((DERIA5String) desc.getAccessLocation().getName()).getString());
		}
		return address;
	} catch (Exception error) {
		logger.info(error.getMessage());
		return address;
	}
}
 
Example #2
Source File: DAuthorityInformationAccess.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up
private void okPressed() {
	List<AccessDescription> accessDescriptions = jadAccessDescriptions.getAccessDescriptions();

	if (accessDescriptions.isEmpty()) {
		JOptionPane.showMessageDialog(this, res.getString("DAuthorityInformationAccess.ValueReq.message"),
				getTitle(), JOptionPane.WARNING_MESSAGE);
		return;
	}

	ASN1EncodableVector vec = new ASN1EncodableVector();
	for (AccessDescription accessDescription : accessDescriptions) {
		vec.add(accessDescription);
	}
	AuthorityInformationAccess authorityInformationAccess =
			AuthorityInformationAccess.getInstance(new DERSequence(vec));

	try {
		value = authorityInformationAccess.getEncoded(ASN1Encoding.DER);
	} catch (IOException e) {
		DError.displayError(this, e);
		return;
	}

	closeDialog();
}
 
Example #3
Source File: Actions.java    From xipki with Apache License 2.0 6 votes vote down vote up
public static List<String> extractOcspUrls(AuthorityInformationAccess aia)
    throws CertificateEncodingException {
  AccessDescription[] accessDescriptions = aia.getAccessDescriptions();
  List<AccessDescription> ocspAccessDescriptions = new LinkedList<>();
  for (AccessDescription accessDescription : accessDescriptions) {
    if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
      ocspAccessDescriptions.add(accessDescription);
    }
  }

  final int n = ocspAccessDescriptions.size();
  List<String> ocspUris = new ArrayList<>(n);
  for (int i = 0; i < n; i++) {
    GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation();
    if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) {
      String ocspUri = ((ASN1String) accessLocation.getName()).getString();
      ocspUris.add(ocspUri);
    }
  }

  return ocspUris;
}
 
Example #4
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 6 votes vote down vote up
private void checkExtnAuthorityInfoAccess(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  AuthorityInfoAccessControl aiaControl = certprofile.getAiaControl();
  Set<String> expCaIssuerUris = (aiaControl == null || aiaControl.isIncludesCaIssuers())
      ? issuerInfo.getCaIssuerUrls() : Collections.emptySet();

  Set<String> expOcspUris = (aiaControl == null || aiaControl.isIncludesOcsp())
      ? issuerInfo.getOcspUrls() : Collections.emptySet();

  if (CollectionUtil.isEmpty(expCaIssuerUris) && CollectionUtil.isEmpty(expOcspUris)) {
    failureMsg.append("AIA is present but expected is 'none'; ");
    return;
  }

  AuthorityInformationAccess isAia = AuthorityInformationAccess.getInstance(extensionValue);
  checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_caIssuers, expCaIssuerUris);
  checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_ocsp, expOcspUris);
}
 
Example #5
Source File: X509Ext.java    From portecle with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Get Authority Information Access (1.3.6.1.5.5.7.1.1) or Subject Information Access (1.3.6.1.5.5.7.1.11) extension
 * value as a string.
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 * @throws IOException If an I/O problem occurs
 */
private String getInformationAccessStringValue(byte[] bValue)
    throws IOException
{
	AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(bValue);

	StringBuilder sb = new StringBuilder();

	AccessDescription[] accDescs = access.getAccessDescriptions();
	for (AccessDescription accDesc : accDescs)
	{
		if (sb.length() != 0)
		{
			sb.append("<br>");
		}

		String accOid = accDesc.getAccessMethod().toString();
		String accMeth = getRes(accOid, "UnrecognisedAccessMethod");

		LinkClass linkClass = LinkClass.BROWSER;
		if (accOid.equals(AccessDescription.id_ad_ocsp.getId()))
		{
			linkClass = LinkClass.OCSP;
		}
		else if (accOid.equals(AccessDescription.id_ad_caIssuers.getId()))
		{
			linkClass = LinkClass.CERTIFICATE;
		}

		sb.append("<ul><li>");
		sb.append(MessageFormat.format(accMeth, accOid));
		sb.append(": <ul><li>");
		sb.append(getGeneralNameString(accDesc.getAccessLocation(), linkClass));
		sb.append("</li></ul></li></ul>");
	}

	return sb.toString();
}
 
Example #6
Source File: DAuthorityInformationAccess.java    From keystore-explorer with GNU General Public License v3.0 5 votes vote down vote up
private void prepopulateWithValue(byte[] value) throws IOException {
	AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(value);

	List<AccessDescription> accessDescriptionList =
			new ArrayList<>(Arrays.asList(authorityInformationAccess.getAccessDescriptions()));

	jadAccessDescriptions.setAccessDescriptions(accessDescriptionList);
}
 
Example #7
Source File: X509Utils.java    From acme-client with Apache License 2.0 5 votes vote down vote up
public static String getCACertificateURL(X509Certificate certificate) throws IOException {
	byte[] bOctets = ((ASN1OctetString) ASN1Primitive.fromByteArray(certificate.getExtensionValue(Extension.authorityInfoAccess.getId()))).getOctets();
	AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(ASN1Sequence.fromByteArray(bOctets));
	for (AccessDescription ad:access.getAccessDescriptions()){
		if (ad.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)){
			return ad.getAccessLocation().getName().toString();
		}
	}
	return null;
}
 
Example #8
Source File: DSSASN1Utils.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
private static List<String> getAccessLocations(final CertificateToken certificate, ASN1ObjectIdentifier aiaType) {
	List<String> locationsUrls = new ArrayList<>();
	final byte[] authInfoAccessExtensionValue = certificate.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId());
	if (null == authInfoAccessExtensionValue) {
		return locationsUrls;
	}

	try {
		ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue);
		if (asn1Sequence == null || asn1Sequence.size() == 0) {
			LOG.warn("Empty ASN1Sequence for AuthorityInformationAccess");
			return locationsUrls;
		}
		AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(asn1Sequence);
		AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
		for (AccessDescription accessDescription : accessDescriptions) {
			if (aiaType.equals(accessDescription.getAccessMethod())) {
				GeneralName gn = accessDescription.getAccessLocation();
				String location = parseGn(gn);
				if (location != null) {
					locationsUrls.add(location);
				}
			}
		}
	} catch (Exception e) {
		LOG.error("Unable to parse authorityInfoAccess", e);
	}
	return locationsUrls;
}
 
Example #9
Source File: OCSPCertificateVerifier.java    From oxAuth with MIT License 5 votes vote down vote up
@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
	ASN1Primitive obj;
	try {
		obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
	} catch (IOException ex) {
		log.error("Failed to get OCSP URL", ex);
		return null;
	}

	if (obj == null) {
		return null;
	}

	AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);

	AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
	for (AccessDescription accessDescription : accessDescriptions) {
		boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
		if (!correctAccessMethod) {
			continue;
		}

		GeneralName name = accessDescription.getAccessLocation();
		if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
			continue;
		}

		DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
		return derStr.getString();
	}

	return null;

}
 
Example #10
Source File: Actions.java    From xipki with Apache License 2.0 5 votes vote down vote up
public static List<String> extractOcspUrls(X509Cert cert)
    throws CertificateEncodingException {
  byte[] extnValue = cert.getExtensionCoreValue(Extension.authorityInfoAccess);
  if (extnValue == null) {
    return Collections.emptyList();
  }

  AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(extnValue);
  return extractOcspUrls(aia);
}
 
Example #11
Source File: Actions.java    From xipki with Apache License 2.0 5 votes vote down vote up
public static List<String> extractOcspUrls(X509AttributeCertificateHolder cert)
    throws CertificateEncodingException {
  byte[] extValue = X509Util.getCoreExtValue(cert.getExtensions(),
      Extension.authorityInfoAccess);
  if (extValue == null) {
    return Collections.emptyList();
  }
  AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(extValue);
  return extractOcspUrls(aia);
}
 
Example #12
Source File: X509Ext.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up
private String getAuthorityInformationAccessStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * AuthorityInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF
	 * AccessDescription
	 *
	 * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER,
	 * accessLocation GeneralName }
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(value);

	int accessDesc = 0;

	for (AccessDescription accessDescription : authorityInfoAccess.getAccessDescriptions()) {
		accessDesc++;

		// Convert OID to access method
		ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();

		AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId());

		String accessMethodStr = null;

		if (accessMethodType != null) {
			accessMethodStr = accessMethodType.friendly();
		} else {
			// Unrecognised Access Method OID
			accessMethodStr = ObjectIdUtil.toString(accessMethod);
		}

		GeneralName accessLocation = accessDescription.getAccessLocation();

		String accessLocationStr = GeneralNameUtil.toString(accessLocation);

		sb.append(MessageFormat.format(res.getString("AuthorityInformationAccess"), accessDesc));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr));
		sb.append(NEWLINE);
		sb.append(INDENT);
		sb.append(res.getString("AccessLocation"));
		sb.append(NEWLINE);
		sb.append(INDENT.toString(2));
		sb.append(accessLocationStr);
		sb.append(NEWLINE);
	}

	return sb.toString();
}
 
Example #13
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia,
    ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) {
  String typeDesc;
  if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) {
    typeDesc = "OCSP";
  } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) {
    typeDesc = "caIssuer";
  } else {
    typeDesc = accessMethod.getId();
  }

  List<AccessDescription> isAccessDescriptions = new LinkedList<>();
  for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
    if (accessMethod.equals(accessDescription.getAccessMethod())) {
      isAccessDescriptions.add(accessDescription);
    }
  }

  int size = isAccessDescriptions.size();
  if (size != expectedUris.size()) {
    addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size());
    return;
  }

  Set<String> isUris = new HashSet<>();
  for (int i = 0; i < size; i++) {
    GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation();
    if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) {
      addViolation(failureMsg, "tag of accessLocation of AIA ",
          isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier);
    } else {
      String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString();
      isUris.add(isOcspUri);
    }
  }

  Set<String> diffs = strInBnotInA(expectedUris, isUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are present but not expected; ");
  }

  diffs = strInBnotInA(isUris, expectedUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are absent but are required; ");
  }
}