org.bouncycastle.asn1.x509.DistributionPointName Java Examples

The following examples show how to use org.bouncycastle.asn1.x509.DistributionPointName. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TlsResourceBuilder.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
private static Extension createDistributionPointExtension(final String crlUri) throws CertificateException
{
    try
    {
        final GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, crlUri);
        final DistributionPointName pointName = new DistributionPointName(new GeneralNames(generalName));
        final DistributionPoint[] points = new DistributionPoint[]{new DistributionPoint(pointName, null, null)};
        return new Extension(Extension.cRLDistributionPoints, false, new CRLDistPoint(points).getEncoded());
    }
    catch (IOException e)
    {
        throw new CertificateException(e);
    }
}
 
Example #2
Source File: BasicCertificate.java    From signer with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * 
 * @return A list of ulrs that inform the location of the certificate revocation lists
 * @throws IOException exception
 */
public List<String> getCRLDistributionPoint() throws IOException {

    List<String> crlUrls = new ArrayList<>();
    ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId());
    if (primitive == null) {
        return null;
    }
    CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive);
    DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints();

    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName dpn = distributionPoint.getDistributionPoint();
        // Look for URIs in fullName
        if (dpn != null) {
            if (dpn.getType() == DistributionPointName.FULL_NAME) {
                GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
                for (GeneralName genName : genNames) {
                    if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
                        String url = DERIA5String.getInstance(genName.getName()).getString();
                        crlUrls.add(url);
                        logger.info("Adicionando a url {}", url);
                    }
                }
            }
        }
    }
    return crlUrls;
}
 
Example #3
Source File: CrlDistPointExtension.java    From java-certificate-authority with Apache License 2.0 5 votes vote down vote up
public static CrlDistPointExtension create(final NameType distribPointNameType,
    final String distribPointName,
    final NameType crlIssuerNameType,
    final String crlIssuer,
    final ReasonFlags reasons) {
  final DistributionPointName dp = new DistributionPointName(
      distribPointNameType.generalNames(distribPointName));
  final GeneralNames crl;
  if (crlIssuerNameType != null && crlIssuer != null) {
    crl = crlIssuerNameType.generalNames(crlIssuer);
  } else {
    crl = null;
  }
  return create(dp, reasons, crl);
}
 
Example #4
Source File: AbstractCRLUtils.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
private String getUrl(DistributionPointName distributionPoint) {
	if ((distributionPoint != null) && (DistributionPointName.FULL_NAME == distributionPoint.getType())) {
		final GeneralNames generalNames = (GeneralNames) distributionPoint.getName();
		if ((generalNames != null) && (generalNames.getNames() != null && generalNames.getNames().length > 0)) {
			for (GeneralName generalName : generalNames.getNames()) {
				if (GeneralName.uniformResourceIdentifier == generalName.getTagNo()) {
					ASN1String str = (ASN1String) ((DERTaggedObject) generalName.toASN1Primitive()).getObject();
					return str.getString();
				}
			}
		}
	}
	return null;
}
 
Example #5
Source File: DSSASN1Utils.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate.
 *
 * @param certificateToken
 *            the cert token certificate
 * @return the {@code List} of CRL URI, or empty list if the extension is not present
 */
public static List<String> getCrlUrls(final CertificateToken certificateToken) {
	final List<String> urls = new ArrayList<>();

	final byte[] crlDistributionPointsBytes = certificateToken.getCertificate().getExtensionValue(Extension.cRLDistributionPoints.getId());
	if (crlDistributionPointsBytes != null) {
		try {
			final ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes);
			final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence);
			final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
			for (final DistributionPoint distributionPoint : distributionPoints) {

				final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
				if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
					continue;
				}
				final GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
				final GeneralName[] names = generalNames.getNames();
				for (final GeneralName name : names) {
					String location = parseGn(name);
					if (location != null) {
						urls.add(location);
					}
				}
			}
		} catch (Exception e) {
			LOG.error("Unable to parse cRLDistributionPoints", e);
		}
	}

	return urls;
}
 
Example #6
Source File: CRLCertificateVerifier.java    From oxAuth with MIT License 5 votes vote down vote up
public String getCrlUri(X509Certificate certificate) throws IOException {
	ASN1Primitive obj;
	try {
		obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
	} catch (IOException ex) {
		log.error("Failed to get CRL URL", ex);
		return null;
	}

	if (obj == null) {
		return null;
	}

	CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);

	DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
	for (DistributionPoint distributionPoint : distributionPoints) {
		DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
		if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
			continue;
		}

		GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
		GeneralName[] names = generalNames.getNames();
		for (GeneralName name : names) {
			if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
				continue;
			}

			DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
			return derStr.getString();
		}
	}

	return null;
}
 
Example #7
Source File: SparkTrustManager.java    From Spark with Apache License 2.0 5 votes vote down vote up
public Collection<X509CRL> loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException,
        NoSuchAlgorithmException, CertStoreException, CRLException, CertificateException {

    // for each certificate in chain
    for (X509Certificate cert : chain) {
        if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) {
            ASN1Primitive primitive = JcaX509ExtensionUtils
                    .parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
            // extract distribution point extension
            CRLDistPoint distPoint = CRLDistPoint.getInstance(primitive);
            DistributionPoint[] dp = distPoint.getDistributionPoints();
            // each distribution point extension can hold number of distribution points
            for (DistributionPoint d : dp) {
                DistributionPointName dpName = d.getDistributionPoint();
                // Look for URIs in fullName
                if (dpName != null && dpName.getType() == DistributionPointName.FULL_NAME) {
                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    // Look for an URI
                    for (GeneralName genName : genNames) {
                        // extract url
                        URL url = new URL(genName.getName().toString());
                        try {
                            // download from Internet to the collection
                            crlCollection.add(downloadCRL(url));
                        } catch (CertificateException | CRLException e) {
                            throw new CRLException("Couldn't download CRL");
                        }
                    }
                }
            }
        } else {
            Log.warning("Certificate " + cert.getSubjectX500Principal().getName().toString() + " have no CRLs");
        }
        // parameters for cert store is collection type, using collection with crl create parameters
        CollectionCertStoreParameters params = new CollectionCertStoreParameters(crlCollection);
        // this parameters are next used for creation of certificate store with crls
        crlStore = CertStore.getInstance("Collection", params);
    }
    return crlCollection;
}
 
Example #8
Source File: X509Ext.java    From portecle with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Get extension value for CRL Distribution Points as a string.
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 * @throws IOException If an I/O problem occurs
 */
private String getCrlDistributionPointsStringValue(byte[] bValue)
    throws IOException
{
	CRLDistPoint dps = CRLDistPoint.getInstance(bValue);
	DistributionPoint[] points = dps.getDistributionPoints();

	StringBuilder sb = new StringBuilder();
	sb.append("<ul>");

	for (DistributionPoint point : points)
	{
		DistributionPointName dpn;
		if ((dpn = point.getDistributionPoint()) != null)
		{
			sb.append("<li>");
			switch (dpn.getType())
			{
				case DistributionPointName.FULL_NAME:
					sb.append(RB.getString("CrlDistributionPoint.0.0"));
					sb.append(": ");
					sb.append(getGeneralNamesString((GeneralNames) dpn.getName(), LinkClass.CRL));
					break;
				case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER:
					sb.append(RB.getString("CrlDistributionPoint.0.1"));
					sb.append(": ");
					// TODO: need better decode?
					sb.append(stringify(dpn.getName()));
					break;
				default:
					sb.append(RB.getString("UnknownCrlDistributionPointName"));
					sb.append(": ");
					sb.append(stringify(dpn.getName()));
					break;
			}
			sb.append("</li>");
		}

		ReasonFlags flags;
		if ((flags = point.getReasons()) != null)
		{
			sb.append("<li>");
			sb.append(RB.getString("CrlDistributionPoint.1"));
			sb.append(": ");
			// TODO: decode
			sb.append(stringify(flags));
			sb.append("</li>");
		}

		GeneralNames issuer;
		if ((issuer = point.getCRLIssuer()) != null)
		{
			sb.append("<li>");
			sb.append(RB.getString("CrlDistributionPoint.2"));
			sb.append(": ");
			sb.append(getGeneralNamesString(issuer, LinkClass.CRL));
			sb.append("</li>");
		}
	}

	sb.append("</ul>");
	return sb.toString();
}
 
Example #9
Source File: X509Ext.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up
private String getIssuingDistributionPointStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * IssuingDistributionPoint ::= ASN1Sequence {
	 *     distributionPoint [0] DistributionPointName OPTIONAL,
	 *     onlyContainsUserCerts [1] ASN1Boolean DEFAULT FALSE,
	 *     onlyContainsCACerts [2] ASN1Boolean DEFAULT FALSE,
	 *     onlySomeReasons [3] ReasonFlags OPTIONAL,
	 *     indirectCRL [4] ASN1Boolean DEFAULT FALSE,
	 *     onlyContainsAttributeCerts [5] ASN1Boolean DEFAULT FALSE }
	 */

	// @formatter:on

	/*
	 * Getting any DEFAULTS returns a false ASN1Boolean when no value
	 * present which saves the bother of a null check
	 */

	StringBuilder sb = new StringBuilder();

	IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(value);

	DistributionPointName distributionPointName = issuingDistributionPoint.getDistributionPoint();

	if (distributionPointName != null) { // Optional
		sb.append(getDistributionPointNameString(distributionPointName, ""));
	}

	boolean onlyContainsUserCerts = issuingDistributionPoint.onlyContainsUserCerts();
	sb.append(MessageFormat.format(res.getString("OnlyContainsUserCerts"), onlyContainsUserCerts));
	sb.append(NEWLINE);

	boolean onlyContainsCaCerts = issuingDistributionPoint.onlyContainsCACerts();
	sb.append(MessageFormat.format(res.getString("OnlyContainsCaCerts"), onlyContainsCaCerts));
	sb.append(NEWLINE);

	ReasonFlags onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
	if (onlySomeReasons != null) {// Optional
		sb.append(res.getString("OnlySomeReasons"));
		sb.append(NEWLINE);

		String[] reasonFlags = getReasonFlagsStrings(onlySomeReasons);

		for (String reasonFlag : reasonFlags) {
			sb.append(INDENT);
			sb.append(reasonFlag);
			sb.append(NEWLINE);
		}
	}

	boolean indirectCrl = issuingDistributionPoint.isIndirectCRL();
	sb.append(MessageFormat.format(res.getString("IndirectCrl"), indirectCrl));
	sb.append(NEWLINE);

	boolean onlyContainsAttributeCerts = issuingDistributionPoint.onlyContainsAttributeCerts();
	sb.append(MessageFormat.format(res.getString("OnlyContainsAttributeCerts"), onlyContainsAttributeCerts));
	sb.append(NEWLINE);

	return sb.toString();
}
 
Example #10
Source File: X509Ext.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up
private String getDistributionPointString(DistributionPoint distributionPoint, String baseIndent)
		throws IOException {
	// @formatter:off

	/*
	 * DistributionPoint ::= ASN1Sequence {
	 * 		distributionPoint [0] DistributionPointName OPTIONAL,
	 * 		reasons [1] ReasonFlags OPTIONAL,
	 * 		cRLIssuer [2] GeneralNames OPTIONAL
	 * }
	 *
	 * GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
	ReasonFlags reasons = distributionPoint.getReasons();
	GeneralNames crlIssuer = distributionPoint.getCRLIssuer();

	if (distributionPointName != null) { // Optional
		sb.append(getDistributionPointNameString(distributionPointName, baseIndent));
	}

	if (reasons != null) { // Optional
		sb.append(baseIndent);
		sb.append(res.getString("DistributionPointReasons"));
		sb.append(NEWLINE);

		String[] reasonFlags = getReasonFlagsStrings(reasons);

		for (String reasonFlag : reasonFlags) {
			sb.append(baseIndent);
			sb.append(INDENT);
			sb.append(reasonFlag);
			sb.append(NEWLINE);
		}
	}

	if (crlIssuer != null) { // Optional
		sb.append(baseIndent);
		sb.append(res.getString("DistributionPointCrlIssuer"));
		sb.append(NEWLINE);

		for (GeneralName generalName : crlIssuer.getNames()) {
			sb.append(baseIndent);
			sb.append(INDENT);
			sb.append(GeneralNameUtil.toString(generalName));
			sb.append(NEWLINE);
		}
	}

	return sb.toString();
}
 
Example #11
Source File: X509Ext.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up
private String getDistributionPointNameString(DistributionPointName distributionPointName, String baseIndent)
		throws IOException {
	// @formatter:off

	/*
	 * DistributionPointName ::= CHOICE {
	 * 		fullname [0] GeneralNames,
	 * 		nameRelativeToCRLIssuer [1] RelativeDistinguishedName
	 * }
	 *
	 * RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF
	 * AttributeTypeAndValue
	 *
	 * AttributeTypeAndValue ::= ASN1Sequence { type AttributeType, value
	 * AttributeValue }
	 */

	// @formatter: on

	StringBuilder sb = new StringBuilder();

	sb.append(baseIndent);
	sb.append(res.getString("DistributionPointName"));
	sb.append(NEWLINE);

	if (distributionPointName.getType() == DistributionPointName.FULL_NAME) {
		sb.append(baseIndent);
		sb.append(INDENT);
		sb.append(res.getString("DistributionPointFullName"));
		sb.append(NEWLINE);

		GeneralNames generalNames = GeneralNames.getInstance(distributionPointName.getName());

		for (GeneralName generalName : generalNames.getNames()) {
			sb.append(baseIndent);
			sb.append(INDENT);
			sb.append(INDENT);
			sb.append(GeneralNameUtil.toString(generalName));
			sb.append(NEWLINE);
		}
	} else {
		// DistributionPointName.TAG_NAMERELATIVETOCRLISSUER
		sb.append(baseIndent);
		sb.append(INDENT);
		sb.append(res.getString("DistributionPointNameRelativeToCrlIssuer"));
		sb.append(NEWLINE);

		RDN rdn = RDN.getInstance(distributionPointName.getName());

		for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
			ASN1ObjectIdentifier attributeType = attributeTypeAndValue.getType();
			ASN1Encodable attributeValue = attributeTypeAndValue.getValue();

			String attributeTypeStr = getAttributeTypeString(attributeType);
			String attributeValueStr = getAttributeValueString(attributeType, attributeValue);

			sb.append(baseIndent);
			sb.append(INDENT);
			sb.append(INDENT);
			sb.append(MessageFormat.format("{0}={1}", attributeTypeStr, attributeValueStr));
			sb.append(NEWLINE);
		}
	}

	return sb.toString();
}
 
Example #12
Source File: CrlDistPointExtension.java    From java-certificate-authority with Apache License 2.0 4 votes vote down vote up
public static CrlDistPointExtension create(final DistributionPointName distributionPoint,
    final ReasonFlags reasons,
    final GeneralNames cRLIssuer) {
  final DistributionPoint p = new DistributionPoint(distributionPoint, reasons, cRLIssuer);
  return create(p);
}
 
Example #13
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 4 votes vote down vote up
private void checkExtnCrlDistributionPoints(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
  DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
  if (isDistributionPoints == null) {
    addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
    return;
  } else {
    int len = isDistributionPoints.length;
    if (len != 1) {
      addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
      return;
    }
  }

  Set<String> isCrlUrls = new HashSet<>();
  for (DistributionPoint entry : isDistributionPoints) {
    int asn1Type = entry.getDistributionPoint().getType();
    if (asn1Type != DistributionPointName.FULL_NAME) {
      addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints",
          asn1Type, DistributionPointName.FULL_NAME);
      continue;
    }

    GeneralNames isDistributionPointNames =
        GeneralNames.getInstance(entry.getDistributionPoint().getName());
    GeneralName[] names = isDistributionPointNames.getNames();

    for (int i = 0; i < names.length; i++) {
      GeneralName name = names[i];
      if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
        addViolation(failureMsg, "tag of CRL URL", name.getTagNo(),
            GeneralName.uniformResourceIdentifier);
      } else {
        String uri = ((ASN1String) name.getName()).getString();
        isCrlUrls.add(uri);
      }
    }

    Set<String> expCrlUrls = issuerInfo.getCrlUrls();
    Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
    }

    diffs = strInBnotInA(isCrlUrls, expCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
    }
  }
}
 
Example #14
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 4 votes vote down vote up
private void checkExtnDeltaCrlDistributionPoints(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
  DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
  if (isDistributionPoints == null) {
    addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
    return;
  } else {
    int len = isDistributionPoints.length;
    if (len != 1) {
      addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
      return;
    }
  }

  Set<String> isCrlUrls = new HashSet<>();
  for (DistributionPoint entry : isDistributionPoints) {
    int asn1Type = entry.getDistributionPoint().getType();
    if (asn1Type != DistributionPointName.FULL_NAME) {
      addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)",
          asn1Type, DistributionPointName.FULL_NAME);
      continue;
    }

    GeneralNames isDistributionPointNames =
        GeneralNames.getInstance(entry.getDistributionPoint().getName());
    GeneralName[] names = isDistributionPointNames.getNames();

    for (int i = 0; i < names.length; i++) {
      GeneralName name = names[i];
      if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
        addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(),
            GeneralName.uniformResourceIdentifier);
      } else {
        String uri = ((ASN1String) name.getName()).getString();
        isCrlUrls.add(uri);
      }
    }

    Set<String> expCrlUrls = issuerInfo.getCrlUrls();
    Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
    }

    diffs = strInBnotInA(isCrlUrls, expCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
    }
  }
}