Java Code Examples for org.bouncycastle.asn1.x509.DistributionPoint#getDistributionPoint()
The following examples show how to use
org.bouncycastle.asn1.x509.DistributionPoint#getDistributionPoint() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: BasicCertificate.java From signer with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
*
* @return A list of ulrs that inform the location of the certificate revocation lists
* @throws IOException exception
*/
public List<String> getCRLDistributionPoint() throws IOException {
List<String> crlUrls = new ArrayList<>();
ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId());
if (primitive == null) {
return null;
}
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive);
DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName dpn = distributionPoint.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
for (GeneralName genName : genNames) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(genName.getName()).getString();
crlUrls.add(url);
logger.info("Adicionando a url {}", url);
}
}
}
}
}
return crlUrls;
}
Example 2
| Source File: DSSASN1Utils.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate.
*
* @param certificateToken
* the cert token certificate
* @return the {@code List} of CRL URI, or empty list if the extension is not present
*/
public static List<String> getCrlUrls(final CertificateToken certificateToken) {
final List<String> urls = new ArrayList<>();
final byte[] crlDistributionPointsBytes = certificateToken.getCertificate().getExtensionValue(Extension.cRLDistributionPoints.getId());
if (crlDistributionPointsBytes != null) {
try {
final ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes);
final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence);
final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (final DistributionPoint distributionPoint : distributionPoints) {
final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
final GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
final GeneralName[] names = generalNames.getNames();
for (final GeneralName name : names) {
String location = parseGn(name);
if (location != null) {
urls.add(location);
}
}
}
} catch (Exception e) {
LOG.error("Unable to parse cRLDistributionPoints", e);
}
}
return urls;
}
Example 3
| Source File: CRLCertificateVerifier.java From oxAuth with MIT License | 5 votes |
|
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
Example 4
| Source File: SparkTrustManager.java From Spark with Apache License 2.0 | 5 votes |
|
public Collection<X509CRL> loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException,
NoSuchAlgorithmException, CertStoreException, CRLException, CertificateException {
// for each certificate in chain
for (X509Certificate cert : chain) {
if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) {
ASN1Primitive primitive = JcaX509ExtensionUtils
.parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
// extract distribution point extension
CRLDistPoint distPoint = CRLDistPoint.getInstance(primitive);
DistributionPoint[] dp = distPoint.getDistributionPoints();
// each distribution point extension can hold number of distribution points
for (DistributionPoint d : dp) {
DistributionPointName dpName = d.getDistributionPoint();
// Look for URIs in fullName
if (dpName != null && dpName.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
// Look for an URI
for (GeneralName genName : genNames) {
// extract url
URL url = new URL(genName.getName().toString());
try {
// download from Internet to the collection
crlCollection.add(downloadCRL(url));
} catch (CertificateException | CRLException e) {
throw new CRLException("Couldn't download CRL");
}
}
}
}
} else {
Log.warning("Certificate " + cert.getSubjectX500Principal().getName().toString() + " have no CRLs");
}
// parameters for cert store is collection type, using collection with crl create parameters
CollectionCertStoreParameters params = new CollectionCertStoreParameters(crlCollection);
// this parameters are next used for creation of certificate store with crls
crlStore = CertStore.getInstance("Collection", params);
}
return crlCollection;
}
Example 5
| Source File: X509Ext.java From portecle with GNU General Public License v2.0 | 4 votes |
|
/**
* Get extension value for CRL Distribution Points as a string.
*
* @param bValue The octet string value
* @return Extension value as a string
* @throws IOException If an I/O problem occurs
*/
private String getCrlDistributionPointsStringValue(byte[] bValue)
throws IOException
{
CRLDistPoint dps = CRLDistPoint.getInstance(bValue);
DistributionPoint[] points = dps.getDistributionPoints();
StringBuilder sb = new StringBuilder();
sb.append("<ul>");
for (DistributionPoint point : points)
{
DistributionPointName dpn;
if ((dpn = point.getDistributionPoint()) != null)
{
sb.append("<li>");
switch (dpn.getType())
{
case DistributionPointName.FULL_NAME:
sb.append(RB.getString("CrlDistributionPoint.0.0"));
sb.append(": ");
sb.append(getGeneralNamesString((GeneralNames) dpn.getName(), LinkClass.CRL));
break;
case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER:
sb.append(RB.getString("CrlDistributionPoint.0.1"));
sb.append(": ");
// TODO: need better decode?
sb.append(stringify(dpn.getName()));
break;
default:
sb.append(RB.getString("UnknownCrlDistributionPointName"));
sb.append(": ");
sb.append(stringify(dpn.getName()));
break;
}
sb.append("</li>");
}
ReasonFlags flags;
if ((flags = point.getReasons()) != null)
{
sb.append("<li>");
sb.append(RB.getString("CrlDistributionPoint.1"));
sb.append(": ");
// TODO: decode
sb.append(stringify(flags));
sb.append("</li>");
}
GeneralNames issuer;
if ((issuer = point.getCRLIssuer()) != null)
{
sb.append("<li>");
sb.append(RB.getString("CrlDistributionPoint.2"));
sb.append(": ");
sb.append(getGeneralNamesString(issuer, LinkClass.CRL));
sb.append("</li>");
}
}
sb.append("</ul>");
return sb.toString();
}
Example 6
| Source File: X509Ext.java From keystore-explorer with GNU General Public License v3.0 | 4 votes |
|
private String getDistributionPointString(DistributionPoint distributionPoint, String baseIndent)
throws IOException {
// @formatter:off
/*
* DistributionPoint ::= ASN1Sequence {
* distributionPoint [0] DistributionPointName OPTIONAL,
* reasons [1] ReasonFlags OPTIONAL,
* cRLIssuer [2] GeneralNames OPTIONAL
* }
*
* GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
ReasonFlags reasons = distributionPoint.getReasons();
GeneralNames crlIssuer = distributionPoint.getCRLIssuer();
if (distributionPointName != null) { // Optional
sb.append(getDistributionPointNameString(distributionPointName, baseIndent));
}
if (reasons != null) { // Optional
sb.append(baseIndent);
sb.append(res.getString("DistributionPointReasons"));
sb.append(NEWLINE);
String[] reasonFlags = getReasonFlagsStrings(reasons);
for (String reasonFlag : reasonFlags) {
sb.append(baseIndent);
sb.append(INDENT);
sb.append(reasonFlag);
sb.append(NEWLINE);
}
}
if (crlIssuer != null) { // Optional
sb.append(baseIndent);
sb.append(res.getString("DistributionPointCrlIssuer"));
sb.append(NEWLINE);
for (GeneralName generalName : crlIssuer.getNames()) {
sb.append(baseIndent);
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
}
return sb.toString();
}
