Java Code Examples for org.bouncycastle.asn1.x509.CRLDistPoint

The following examples show how to use org.bouncycastle.asn1.x509.CRLDistPoint. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may want to check out the right sidebar which shows the related API usage.
Example 1
Source Project: SecuritySample   Source File: CRLDistributionPointsImpl.java    License: Apache License 2.0 6 votes vote down vote up
public CRLDistributionPointsImpl(X509Certificate cert) throws CertificateException, IOException {
	URINames = new ArrayList<>();
	byte[] extVal = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
	if (extVal == null)
		return;
	CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extVal));
	DistributionPoint[] points = crlDistPoint.getDistributionPoints();
	for (DistributionPoint p : points) {
		GeneralNames tmp = p.getCRLIssuer();
		if (tmp != null) {
			GeneralName[] crlIssers = tmp.getNames();
			for (int i = 0; i < crlIssers.length; i++) {
				if (crlIssers[i].getTagNo() == GeneralName.uniformResourceIdentifier) {
					String issuerUrl = crlIssers[i].toString();
					URINames.add(issuerUrl);
				}
			}
		}
	}
}
 
Example 2
Source Project: qpid-broker-j   Source File: TlsResourceBuilder.java    License: Apache License 2.0 5 votes vote down vote up
private static Extension createDistributionPointExtension(final String crlUri) throws CertificateException
{
    try
    {
        final GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, crlUri);
        final DistributionPointName pointName = new DistributionPointName(new GeneralNames(generalName));
        final DistributionPoint[] points = new DistributionPoint[]{new DistributionPoint(pointName, null, null)};
        return new Extension(Extension.cRLDistributionPoints, false, new CRLDistPoint(points).getEncoded());
    }
    catch (IOException e)
    {
        throw new CertificateException(e);
    }
}
 
Example 3
/**
 * 
 * @return A list of ulrs that inform the location of the certificate revocation lists
 * @throws IOException exception
 */
public List<String> getCRLDistributionPoint() throws IOException {

    List<String> crlUrls = new ArrayList<>();
    ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId());
    if (primitive == null) {
        return null;
    }
    CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive);
    DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints();

    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName dpn = distributionPoint.getDistributionPoint();
        // Look for URIs in fullName
        if (dpn != null) {
            if (dpn.getType() == DistributionPointName.FULL_NAME) {
                GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
                for (GeneralName genName : genNames) {
                    if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
                        String url = DERIA5String.getInstance(genName.getName()).getString();
                        crlUrls.add(url);
                        logger.info("Adicionando a url {}", url);
                    }
                }
            }
        }
    }
    return crlUrls;
}
 
Example 4
Source Project: dss   Source File: DSSASN1Utils.java    License: GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate.
 *
 * @param certificateToken
 *            the cert token certificate
 * @return the {@code List} of CRL URI, or empty list if the extension is not present
 */
public static List<String> getCrlUrls(final CertificateToken certificateToken) {
	final List<String> urls = new ArrayList<>();

	final byte[] crlDistributionPointsBytes = certificateToken.getCertificate().getExtensionValue(Extension.cRLDistributionPoints.getId());
	if (crlDistributionPointsBytes != null) {
		try {
			final ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes);
			final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence);
			final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
			for (final DistributionPoint distributionPoint : distributionPoints) {

				final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
				if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
					continue;
				}
				final GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
				final GeneralName[] names = generalNames.getNames();
				for (final GeneralName name : names) {
					String location = parseGn(name);
					if (location != null) {
						urls.add(location);
					}
				}
			}
		} catch (Exception e) {
			LOG.error("Unable to parse cRLDistributionPoints", e);
		}
	}

	return urls;
}
 
Example 5
Source Project: oxAuth   Source File: CRLCertificateVerifier.java    License: MIT License 5 votes vote down vote up
public String getCrlUri(X509Certificate certificate) throws IOException {
	ASN1Primitive obj;
	try {
		obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
	} catch (IOException ex) {
		log.error("Failed to get CRL URL", ex);
		return null;
	}

	if (obj == null) {
		return null;
	}

	CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);

	DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
	for (DistributionPoint distributionPoint : distributionPoints) {
		DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
		if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
			continue;
		}

		GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
		GeneralName[] names = generalNames.getNames();
		for (GeneralName name : names) {
			if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
				continue;
			}

			DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
			return derStr.getString();
		}
	}

	return null;
}
 
Example 6
Source Project: Spark   Source File: SparkTrustManager.java    License: Apache License 2.0 5 votes vote down vote up
public Collection<X509CRL> loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException,
        NoSuchAlgorithmException, CertStoreException, CRLException, CertificateException {

    // for each certificate in chain
    for (X509Certificate cert : chain) {
        if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) {
            ASN1Primitive primitive = JcaX509ExtensionUtils
                    .parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
            // extract distribution point extension
            CRLDistPoint distPoint = CRLDistPoint.getInstance(primitive);
            DistributionPoint[] dp = distPoint.getDistributionPoints();
            // each distribution point extension can hold number of distribution points
            for (DistributionPoint d : dp) {
                DistributionPointName dpName = d.getDistributionPoint();
                // Look for URIs in fullName
                if (dpName != null && dpName.getType() == DistributionPointName.FULL_NAME) {
                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    // Look for an URI
                    for (GeneralName genName : genNames) {
                        // extract url
                        URL url = new URL(genName.getName().toString());
                        try {
                            // download from Internet to the collection
                            crlCollection.add(downloadCRL(url));
                        } catch (CertificateException | CRLException e) {
                            throw new CRLException("Couldn't download CRL");
                        }
                    }
                }
            }
        } else {
            Log.warning("Certificate " + cert.getSubjectX500Principal().getName().toString() + " have no CRLs");
        }
        // parameters for cert store is collection type, using collection with crl create parameters
        CollectionCertStoreParameters params = new CollectionCertStoreParameters(crlCollection);
        // this parameters are next used for creation of certificate store with crls
        crlStore = CertStore.getInstance("Collection", params);
    }
    return crlCollection;
}
 
Example 7
Source Project: portecle   Source File: X509Ext.java    License: GNU General Public License v2.0 4 votes vote down vote up
/**
 * Get extension value for CRL Distribution Points as a string.
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 * @throws IOException If an I/O problem occurs
 */
private String getCrlDistributionPointsStringValue(byte[] bValue)
    throws IOException
{
	CRLDistPoint dps = CRLDistPoint.getInstance(bValue);
	DistributionPoint[] points = dps.getDistributionPoints();

	StringBuilder sb = new StringBuilder();
	sb.append("<ul>");

	for (DistributionPoint point : points)
	{
		DistributionPointName dpn;
		if ((dpn = point.getDistributionPoint()) != null)
		{
			sb.append("<li>");
			switch (dpn.getType())
			{
				case DistributionPointName.FULL_NAME:
					sb.append(RB.getString("CrlDistributionPoint.0.0"));
					sb.append(": ");
					sb.append(getGeneralNamesString((GeneralNames) dpn.getName(), LinkClass.CRL));
					break;
				case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER:
					sb.append(RB.getString("CrlDistributionPoint.0.1"));
					sb.append(": ");
					// TODO: need better decode?
					sb.append(stringify(dpn.getName()));
					break;
				default:
					sb.append(RB.getString("UnknownCrlDistributionPointName"));
					sb.append(": ");
					sb.append(stringify(dpn.getName()));
					break;
			}
			sb.append("</li>");
		}

		ReasonFlags flags;
		if ((flags = point.getReasons()) != null)
		{
			sb.append("<li>");
			sb.append(RB.getString("CrlDistributionPoint.1"));
			sb.append(": ");
			// TODO: decode
			sb.append(stringify(flags));
			sb.append("</li>");
		}

		GeneralNames issuer;
		if ((issuer = point.getCRLIssuer()) != null)
		{
			sb.append("<li>");
			sb.append(RB.getString("CrlDistributionPoint.2"));
			sb.append(": ");
			sb.append(getGeneralNamesString(issuer, LinkClass.CRL));
			sb.append("</li>");
		}
	}

	sb.append("</ul>");
	return sb.toString();
}
 
Example 8
CrlDistPointExtension(final DistributionPoint... points) {
  super(Extension.cRLDistributionPoints, false, new CRLDistPoint(points));
}
 
Example 9
Source Project: xipki   Source File: ExtensionsChecker.java    License: Apache License 2.0 4 votes vote down vote up
private void checkExtnCrlDistributionPoints(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
  DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
  if (isDistributionPoints == null) {
    addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
    return;
  } else {
    int len = isDistributionPoints.length;
    if (len != 1) {
      addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
      return;
    }
  }

  Set<String> isCrlUrls = new HashSet<>();
  for (DistributionPoint entry : isDistributionPoints) {
    int asn1Type = entry.getDistributionPoint().getType();
    if (asn1Type != DistributionPointName.FULL_NAME) {
      addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints",
          asn1Type, DistributionPointName.FULL_NAME);
      continue;
    }

    GeneralNames isDistributionPointNames =
        GeneralNames.getInstance(entry.getDistributionPoint().getName());
    GeneralName[] names = isDistributionPointNames.getNames();

    for (int i = 0; i < names.length; i++) {
      GeneralName name = names[i];
      if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
        addViolation(failureMsg, "tag of CRL URL", name.getTagNo(),
            GeneralName.uniformResourceIdentifier);
      } else {
        String uri = ((ASN1String) name.getName()).getString();
        isCrlUrls.add(uri);
      }
    }

    Set<String> expCrlUrls = issuerInfo.getCrlUrls();
    Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
    }

    diffs = strInBnotInA(isCrlUrls, expCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
    }
  }
}
 
Example 10
Source Project: xipki   Source File: ExtensionsChecker.java    License: Apache License 2.0 4 votes vote down vote up
private void checkExtnDeltaCrlDistributionPoints(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
  DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
  if (isDistributionPoints == null) {
    addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
    return;
  } else {
    int len = isDistributionPoints.length;
    if (len != 1) {
      addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
      return;
    }
  }

  Set<String> isCrlUrls = new HashSet<>();
  for (DistributionPoint entry : isDistributionPoints) {
    int asn1Type = entry.getDistributionPoint().getType();
    if (asn1Type != DistributionPointName.FULL_NAME) {
      addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)",
          asn1Type, DistributionPointName.FULL_NAME);
      continue;
    }

    GeneralNames isDistributionPointNames =
        GeneralNames.getInstance(entry.getDistributionPoint().getName());
    GeneralName[] names = isDistributionPointNames.getNames();

    for (int i = 0; i < names.length; i++) {
      GeneralName name = names[i];
      if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
        addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(),
            GeneralName.uniformResourceIdentifier);
      } else {
        String uri = ((ASN1String) name.getName()).getString();
        isCrlUrls.add(uri);
      }
    }

    Set<String> expCrlUrls = issuerInfo.getCrlUrls();
    Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
    }

    diffs = strInBnotInA(isCrlUrls, expCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
    }
  }
}
 
Example 11
Source Project: Spark   Source File: CertificateModel.java    License: Apache License 2.0 4 votes vote down vote up
private String CRLPointsExtractor(ASN1Primitive primitive) {
	CRLDistPoint point = CRLDistPoint.getInstance(primitive);
	return point.toString();
}
 
Example 12
Source Project: keystore-explorer   Source File: X509Ext.java    License: GNU General Public License v3.0 3 votes vote down vote up
private String getCrlDistributionPointsStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * CRLDistPointSyntax ::= ASN1Sequence SIZE (1..MAX) OF
	 * DistributionPoint
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	CRLDistPoint crlDistributionPoints = CRLDistPoint.getInstance(value);

	int distPoint = 0;

	for (DistributionPoint distributionPoint : crlDistributionPoints.getDistributionPoints()) {
		distPoint++;

		sb.append(MessageFormat.format(res.getString("CrlDistributionPoint"), distPoint));
		sb.append(NEWLINE);

		sb.append(getDistributionPointString(distributionPoint, INDENT.toString(1)));
	}

	return sb.toString();
}