org.bouncycastle.asn1.x509.GeneralName#uniformResourceIdentifier

Source File: CRLDistributionPointsImpl.java From SecuritySample with Apache License 2.0

6 votes

public CRLDistributionPointsImpl(X509Certificate cert) throws CertificateException, IOException {
	URINames = new ArrayList<>();
	byte[] extVal = cert.getExtensionValue(Extension.cRLDistributionPoints.getId());
	if (extVal == null)
		return;
	CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extVal));
	DistributionPoint[] points = crlDistPoint.getDistributionPoints();
	for (DistributionPoint p : points) {
		GeneralNames tmp = p.getCRLIssuer();
		if (tmp != null) {
			GeneralName[] crlIssers = tmp.getNames();
			for (int i = 0; i < crlIssers.length; i++) {
				if (crlIssers[i].getTagNo() == GeneralName.uniformResourceIdentifier) {
					String issuerUrl = crlIssers[i].toString();
					URINames.add(issuerUrl);
				}
			}
		}
	}
}

Source File: TlsResourceBuilder.java From qpid-broker-j with Apache License 2.0

6 votes

private static Extension createDistributionPointExtension(final String crlUri) throws CertificateException
{
    try
    {
        final GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, crlUri);
        final DistributionPointName pointName = new DistributionPointName(new GeneralNames(generalName));
        final DistributionPoint[] points = new DistributionPoint[]{new DistributionPoint(pointName, null, null)};
        return new Extension(Extension.cRLDistributionPoints, false, new CRLDistPoint(points).getEncoded());
    }
    catch (IOException e)
    {
        throw new CertificateException(e);
    }
}

Source File: BasicCertificate.java From signer with GNU Lesser General Public License v3.0

6 votes

/**
    * Returns the AuthorityInfoAccess extension value on list format.<br>
    * Otherwise, returns <b>list empty</b>.<br>
    * @return List Authority info access list
    */
public List<String> getAuthorityInfoAccess() {
	List<String> address = new ArrayList<String>();
	try {
		byte[] authorityInfoAccess = certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
		if (authorityInfoAccess != null && authorityInfoAccess.length > 0) {
			AuthorityInformationAccess infoAccess = AuthorityInformationAccess.getInstance(
					JcaX509ExtensionUtils.parseExtensionValue(authorityInfoAccess));
			for (AccessDescription desc : infoAccess.getAccessDescriptions())
				if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier)
					address.add(((DERIA5String) desc.getAccessLocation().getName()).getString());
		}
		return address;
	} catch (Exception error) {
		logger.info(error.getMessage());
		return address;
	}
}

Source File: SubjectAlternativeName.java From vespa with Apache License 2.0

6 votes

private String getValue(GeneralName bcGeneralName) {
    ASN1Encodable name = bcGeneralName.getName();
    switch (bcGeneralName.getTagNo()) {
        case GeneralName.rfc822Name:
        case GeneralName.dNSName:
        case GeneralName.uniformResourceIdentifier:
            return DERIA5String.getInstance(name).getString();
        case GeneralName.directoryName:
            return X500Name.getInstance(name).toString();
        case GeneralName.iPAddress:
            byte[] octets = DEROctetString.getInstance(name.toASN1Primitive()).getOctets();
            try {
                return InetAddress.getByAddress(octets).getHostAddress();
            } catch (UnknownHostException e) {
                // Only thrown if IP address is of invalid length, which is an illegal argument
                throw new IllegalArgumentException(e);
            }
        default:
            return name.toString();
    }
}

Source File: Actions.java From xipki with Apache License 2.0

6 votes

public static List<String> extractOcspUrls(AuthorityInformationAccess aia)
    throws CertificateEncodingException {
  AccessDescription[] accessDescriptions = aia.getAccessDescriptions();
  List<AccessDescription> ocspAccessDescriptions = new LinkedList<>();
  for (AccessDescription accessDescription : accessDescriptions) {
    if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
      ocspAccessDescriptions.add(accessDescription);
    }
  }

  final int n = ocspAccessDescriptions.size();
  List<String> ocspUris = new ArrayList<>(n);
  for (int i = 0; i < n; i++) {
    GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation();
    if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) {
      String ocspUri = ((ASN1String) accessLocation.getName()).getString();
      ocspUris.add(ocspUri);
    }
  }

  return ocspUris;
}

Source File: BasicCertificate.java From signer with GNU Lesser General Public License v3.0

5 votes

/**
 * 
 * @return A list of ulrs that inform the location of the certificate revocation lists
 * @throws IOException exception
 */
public List<String> getCRLDistributionPoint() throws IOException {

    List<String> crlUrls = new ArrayList<>();
    ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId());
    if (primitive == null) {
        return null;
    }
    CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive);
    DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints();

    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName dpn = distributionPoint.getDistributionPoint();
        // Look for URIs in fullName
        if (dpn != null) {
            if (dpn.getType() == DistributionPointName.FULL_NAME) {
                GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
                for (GeneralName genName : genNames) {
                    if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
                        String url = DERIA5String.getInstance(genName.getName()).getString();
                        crlUrls.add(url);
                        logger.info("Adicionando a url {}", url);
                    }
                }
            }
        }
    }
    return crlUrls;
}

Source File: AbstractCRLUtils.java From dss with GNU Lesser General Public License v2.1

5 votes

private String getUrl(DistributionPointName distributionPoint) {
	if ((distributionPoint != null) && (DistributionPointName.FULL_NAME == distributionPoint.getType())) {
		final GeneralNames generalNames = (GeneralNames) distributionPoint.getName();
		if ((generalNames != null) && (generalNames.getNames() != null && generalNames.getNames().length > 0)) {
			for (GeneralName generalName : generalNames.getNames()) {
				if (GeneralName.uniformResourceIdentifier == generalName.getTagNo()) {
					ASN1String str = (ASN1String) ((DERTaggedObject) generalName.toASN1Primitive()).getObject();
					return str.getString();
				}
			}
		}
	}
	return null;
}

Source File: DSSASN1Utils.java From dss with GNU Lesser General Public License v2.1

5 votes

private static String parseGn(GeneralName gn) {
	try {
		if (GeneralName.uniformResourceIdentifier == gn.getTagNo()) {
			ASN1String str = (ASN1String) ((DERTaggedObject) gn.toASN1Primitive()).getObject();
			return str.getString();
		}
	} catch (Exception e) {
		LOG.warn("Unable to parse GN '{}'", gn, e);
	}
	return null;
}

Source File: CRLCertificateVerifier.java From oxAuth with MIT License

5 votes

public String getCrlUri(X509Certificate certificate) throws IOException {
	ASN1Primitive obj;
	try {
		obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
	} catch (IOException ex) {
		log.error("Failed to get CRL URL", ex);
		return null;
	}

	if (obj == null) {
		return null;
	}

	CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);

	DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
	for (DistributionPoint distributionPoint : distributionPoints) {
		DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
		if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
			continue;
		}

		GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
		GeneralName[] names = generalNames.getNames();
		for (GeneralName name : names) {
			if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
				continue;
			}

			DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
			return derStr.getString();
		}
	}

	return null;
}

Source File: OCSPCertificateVerifier.java From oxAuth with MIT License

5 votes

@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
	ASN1Primitive obj;
	try {
		obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
	} catch (IOException ex) {
		log.error("Failed to get OCSP URL", ex);
		return null;
	}

	if (obj == null) {
		return null;
	}

	AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);

	AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
	for (AccessDescription accessDescription : accessDescriptions) {
		boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
		if (!correctAccessMethod) {
			continue;
		}

		GeneralName name = accessDescription.getAccessLocation();
		if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
			continue;
		}

		DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
		return derStr.getString();
	}

	return null;

}

Source File: ZTSInstanceRegister.java From athenz with Apache License 2.0

4 votes

private static InstanceRegisterInformation generateInstanceRegisterInfo(final String domainName,
        final String serviceName, PrivateKey privateKey, final String serviceToken,
        final String csrDn, final String csrDomain) {

    if (domainName == null || serviceName == null) {
        throw new IllegalArgumentException("Principal's Domain and Service must be specified");
    }

    if (csrDomain == null) {
        throw new IllegalArgumentException("X509 CSR Domain must be specified");
    }

    // Athenz uses lower case for all elements, so let's
    // generate our dn which will be based on our service name

    final String domain = domainName.toLowerCase();
    final String service = serviceName.toLowerCase();
    final String cn = domain + "." + service;

    String dn = "cn=" + cn;
    if (csrDn != null) {
        dn = dn.concat(",").concat(csrDn);
    }

    // now let's generate our dsnName field based on our principal's details

    final String hostName = service + '.' + domain.replace('.', '-') + '.' + csrDomain;
    final String instanceUri = "athenz://instanceid/" + domain + "/" + service;
    GeneralName[] sanArray = new GeneralName[2];
    sanArray[0] = new GeneralName(GeneralName.dNSName, new DERIA5String(hostName));
    sanArray[1] = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(instanceUri));

    String csr;
    try {
        csr = Crypto.generateX509CSR(privateKey, dn, sanArray);
    } catch (OperatorCreationException | IOException ex) {
        throw new ZTSClientException(ZTSClientException.BAD_REQUEST, ex.getMessage());
    }

    return new InstanceRegisterInformation().setCsr(csr).setProvider("sys.auth.zts")
            .setDomain(domain).setService(service).setAttestationData(serviceToken);
}

Source File: DGeneralNameChooser.java From keystore-explorer with GNU General Public License v3.0

4 votes

private void populate(GeneralName generalName) {
	if (generalName == null) {
		jrbDirectoryName.setSelected(true);
	} else {
		switch (generalName.getTagNo()) {
		case GeneralName.directoryName: {
			jrbDirectoryName.setSelected(true);
			jdnDirectoryName.setDistinguishedName((X500Name) generalName.getName());
			break;
		}
		case GeneralName.dNSName: {
			jrbDnsName.setSelected(true);
			jtfDnsName.setText(((DERIA5String) generalName.getName()).getString());
			break;
		}
		case GeneralName.iPAddress: {
			jrbIpAddress.setSelected(true);
			byte[] ipAddressBytes = ((ASN1OctetString) generalName.getName()).getOctets();
			try {
				jtfIpAddress.setText(InetAddress.getByAddress(ipAddressBytes).getHostAddress());
			} catch (UnknownHostException e) {
				// cannot happen here because user input was checked for validity
			}
			break;
		}
		case GeneralName.registeredID: {
			jrbRegisteredId.setSelected(true);
			joiRegisteredId.setObjectId((ASN1ObjectIdentifier) generalName.getName());
			break;
		}
		case GeneralName.rfc822Name: {
			jrbRfc822Name.setSelected(true);
			jtfRfc822Name.setText(((DERIA5String) generalName.getName()).getString());
			break;
		}
		case GeneralName.uniformResourceIdentifier: {
			jrbUniformResourceIdentifier.setSelected(true);
			jtfUniformResourceIdentifier.setText(((DERIA5String) generalName.getName()).getString());
			break;
		}
		case GeneralName.otherName: {
			jrbPrincipalName.setSelected(true);
			// we currently only support UPN in otherName
			jtfPrincipalName.setText(GeneralNameUtil.parseUPN(generalName));
			break;
		}
		}
	}
}

Source File: ExtensionsChecker.java From xipki with Apache License 2.0

4 votes

private void checkExtnCrlDistributionPoints(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
  DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
  if (isDistributionPoints == null) {
    addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
    return;
  } else {
    int len = isDistributionPoints.length;
    if (len != 1) {
      addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
      return;
    }
  }

  Set<String> isCrlUrls = new HashSet<>();
  for (DistributionPoint entry : isDistributionPoints) {
    int asn1Type = entry.getDistributionPoint().getType();
    if (asn1Type != DistributionPointName.FULL_NAME) {
      addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints",
          asn1Type, DistributionPointName.FULL_NAME);
      continue;
    }

    GeneralNames isDistributionPointNames =
        GeneralNames.getInstance(entry.getDistributionPoint().getName());
    GeneralName[] names = isDistributionPointNames.getNames();

    for (int i = 0; i < names.length; i++) {
      GeneralName name = names[i];
      if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
        addViolation(failureMsg, "tag of CRL URL", name.getTagNo(),
            GeneralName.uniformResourceIdentifier);
      } else {
        String uri = ((ASN1String) name.getName()).getString();
        isCrlUrls.add(uri);
      }
    }

    Set<String> expCrlUrls = issuerInfo.getCrlUrls();
    Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
    }

    diffs = strInBnotInA(isCrlUrls, expCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
    }
  }
}

Source File: ExtensionsChecker.java From xipki with Apache License 2.0

4 votes

private void checkExtnDeltaCrlDistributionPoints(StringBuilder failureMsg,
    byte[] extensionValue, IssuerInfo issuerInfo) {
  CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
  DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
  if (isDistributionPoints == null) {
    addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
    return;
  } else {
    int len = isDistributionPoints.length;
    if (len != 1) {
      addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
      return;
    }
  }

  Set<String> isCrlUrls = new HashSet<>();
  for (DistributionPoint entry : isDistributionPoints) {
    int asn1Type = entry.getDistributionPoint().getType();
    if (asn1Type != DistributionPointName.FULL_NAME) {
      addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)",
          asn1Type, DistributionPointName.FULL_NAME);
      continue;
    }

    GeneralNames isDistributionPointNames =
        GeneralNames.getInstance(entry.getDistributionPoint().getName());
    GeneralName[] names = isDistributionPointNames.getNames();

    for (int i = 0; i < names.length; i++) {
      GeneralName name = names[i];
      if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
        addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(),
            GeneralName.uniformResourceIdentifier);
      } else {
        String uri = ((ASN1String) name.getName()).getString();
        isCrlUrls.add(uri);
      }
    }

    Set<String> expCrlUrls = issuerInfo.getCrlUrls();
    Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
    }

    diffs = strInBnotInA(isCrlUrls, expCrlUrls);
    if (CollectionUtil.isNotEmpty(diffs)) {
      failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
    }
  }
}

Source File: ExtensionsChecker.java From xipki with Apache License 2.0

4 votes

private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia,
    ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) {
  String typeDesc;
  if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) {
    typeDesc = "OCSP";
  } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) {
    typeDesc = "caIssuer";
  } else {
    typeDesc = accessMethod.getId();
  }

  List<AccessDescription> isAccessDescriptions = new LinkedList<>();
  for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
    if (accessMethod.equals(accessDescription.getAccessMethod())) {
      isAccessDescriptions.add(accessDescription);
    }
  }

  int size = isAccessDescriptions.size();
  if (size != expectedUris.size()) {
    addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size());
    return;
  }

  Set<String> isUris = new HashSet<>();
  for (int i = 0; i < size; i++) {
    GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation();
    if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) {
      addViolation(failureMsg, "tag of accessLocation of AIA ",
          isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier);
    } else {
      String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString();
      isUris.add(isOcspUri);
    }
  }

  Set<String> diffs = strInBnotInA(expectedUris, isUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are present but not expected; ");
  }

  diffs = strInBnotInA(isUris, expectedUris);
  if (CollectionUtil.isNotEmpty(diffs)) {
    failureMsg.append(typeDesc).append(" URIs ").append(diffs);
    failureMsg.append(" are absent but are required; ");
  }
}

Java Code Examples for org.bouncycastle.asn1.x509.GeneralName#uniformResourceIdentifier()