Refine search
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); requestGenerator.setRequestExtensions(new Extensions(new Extension[]{ext}));
if(extensions != null && extensions.getExtension(Extension.subjectAlternativeName) != null) { certBuilder.addExtension(Extension.subjectAlternativeName, false, extensions.getExtensionParsedValue(Extension.subjectAlternativeName));
continue; if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { final Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); final GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); if (gns != null && gns.getNames() != null && gns.getNames().length > 0) {
private Set getExtensionOIDs(boolean critical) { Extensions extensions = c.getExtensions(); if (extensions != null) { Set set = new HashSet(); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } return set; } return null; }
private Set loadCRLEntries() { Set entrySet = new HashSet(); Enumeration certs = c.getRevokedCertificateEnumeration(); X500Name previousCertificateIssuer = null; // the issuer while (certs.hasMoreElements()) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); entrySet.add(crlEntry); if (isIndirect && entry.hasExtensions()) { Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); if (currentCaName != null) { previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); } } } return entrySet; }
Enumeration e = extensions.oids(); while (e.hasMoreElements()) ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); if (oid.equals(Extension.keyUsage) || oid.equals(Extension.certificatePolicies) || oid.equals(Extension.policyMappings) || oid.equals(Extension.inhibitAnyPolicy) || oid.equals(Extension.cRLDistributionPoints) Extension ext = extensions.getExtension(oid); if (ext.isCritical())
@Override public X509ExtensionBuilder addExtensions(X509Extensions extensionSet) throws IOException { if (extensionSet == null) { return this; } // Optimisation if (extensionSet instanceof BcX509Extensions) { Extensions exts = ((BcX509Extensions) extensionSet).getExtensions(); @SuppressWarnings("unchecked") Enumeration<ASN1ObjectIdentifier> oids = exts.oids(); while (oids.hasMoreElements()) { ASN1ObjectIdentifier oid = oids.nextElement(); Extension ext = exts.getExtension(oid); this.extensions.addExtension(ext.getExtnId(), ext.isCritical(), ext.getParsedValue()); } } else { // Fallback for (String oid : extensionSet.getExtensionOID()) { this.extensions.addExtension(new ASN1ObjectIdentifier(oid), extensionSet.isCritical(oid), extensionSet.getExtensionValue(oid)); } } return this; }
public Extensions getExtensions() { if (crlEntryExtensions == null && seq.size() == 3) { crlEntryExtensions = Extensions.getInstance(seq.getObjectAt(2)); } return crlEntryExtensions; }
ASN1Sequence seq; try { seq = ASN1Sequence.getInstance(controls.getEncoded()); } catch (IOException ex) { certResponses.add( final int seqSize = seq.size(); AttributeTypeAndValue atv = AttributeTypeAndValue.getInstance(seq.getObjectAt(j)); if (atv.getType().equals(CMPObjectIdentifiers.regCtrl_oldCertID)) { oldCertIdAtv = atv; break; if (extensions != null) { ASN1ObjectIdentifier[] oids = extensions.getExtensionOIDs(); for (ASN1ObjectIdentifier oid : oids) { extns.put(oid.getId(), extensions.getExtension(oid)); ASN1ObjectIdentifier[] oldOids = oldExtensions.getExtensionOIDs(); for (ASN1ObjectIdentifier oid : oldOids) { String id = oid.getId(); if (! (extns.containsKey(id) || kupCertExtnIds.contains(id))) { extns.put(id, oldExtensions.getExtension(oid)); extensions = new Extensions(extns.values().toArray(new Extension[0])); } else { if (certprofileName == null) {
private static ASN1Sequence createSubjectInfoAccess(Extensions requestedExtensions, Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException { if (modes == null) { return null; } ASN1Encodable extValue = requestedExtensions.getExtensionParsedValue( Extension.subjectInfoAccess); if (extValue == null) { return null; } ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue); int size = reqSeq.size(); ASN1EncodableVector vec = new ASN1EncodableVector(); for (int i = 0; i < size; i++) { AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); Set<GeneralNameMode> generalNameModes = modes.get(accessMethod); if (generalNameModes == null) { throw new BadCertTemplateException("subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed"); } GeneralName accessLocation = BaseCertprofile.createGeneralName( ad.getAccessLocation(), generalNameModes); vec.add(new AccessDescription(accessMethod, accessLocation)); } // end for return vec.size() > 0 ? new DERSequence(vec) : null; } // method createSubjectInfoAccess
@Override public byte[] getExtensionValue(String oid) { Extension ext = this.extensions.getExtension(new ASN1ObjectIdentifier(oid)); if (ext == null) { return null; } return ext.getExtnValue().getOctets(); }
ASN1ObjectIdentifier[] oids = exts.getCriticalExtensionOIDs(); if (oids != null) { for (ASN1ObjectIdentifier oid : oids) { if (!Extension.authorityKeyIdentifier.equals(oid)) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "unknown critical extension " + oid.getId()); Extension ext = exts.getExtension(Extension.authorityKeyIdentifier); if (ext == null) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "issuer's AKI not present"); } else { AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(ext.getParsedValue()); if (crlDetails != null) { ASN1ObjectIdentifier extId = Extension.reasonCode; ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId); if (extValue != null) { int reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue(); extValue = crlDetails.getExtensionParsedValue(extId); if (extValue != null) { try { } catch (ParseException ex) { throw new OperationException(ErrorCode.INVALID_EXTENSION, "invalid extension " + extId.getId());
for (ASN1ObjectIdentifier oid : bcExtensions.getNonCriticalExtensionOIDs()) { certGen.addExtension(oid.getId(), false, bcExtensions.getExtension(oid).getExtnValue().getOctets()); for (ASN1ObjectIdentifier oid : bcExtensions.getCriticalExtensionOIDs()) { certGen.addExtension(oid.getId(), true, bcExtensions.getExtension(oid).getExtnValue().getOctets());
private String attributeCertificateInfoFor(AttributeCertificate certificate) { VOMSAttribute attribute = VOMSACUtils.deserializeVOMSAttributes(certificate); StringBuilder sb = new StringBuilder(); sb.append(attribute.getIssuer().getName(X500Principal.RFC2253)).append('\n'); sb.append(" +--Validity: ").append(validityStatementFor(certificate)).append('\n'); Extensions extensions = certificate.getAcinfo().getExtensions(); if (extensions != null) { ASN1ObjectIdentifier[] ids = extensions.getExtensionOIDs(); if (ids != null && ids.length != 0) { sb.append(" +--Extensions:\n"); sb.append(" | |\n"); int index = 1; for (ASN1ObjectIdentifier id : ids) { boolean isLast = index == ids.length; Extension e = extensions.getExtension(id); String padding = isLast ? " | " : " | | "; sb.append(extensionInfoFor(id, e, attribute, padding)); index++; } } } String oid = certificate.getSignatureAlgorithm().getAlgorithm().getId(); sb.append(" +--Algorithm: ").append(nameForOid(oid)).append('\n'); String fqanInfo = fqanInfoFor(attribute); if(!fqanInfo.isEmpty()) { sb.append(" +--FQANs: ").append(fqanInfo).append('\n'); } return sb.toString(); }
ASN1ObjectIdentifier[] oids = extensions.getExtensionOIDs(); Extension ext = extensions.getExtension(oid); StringBuilder failureMsg = new StringBuilder(); ExtensionControl extControl = extensionControls.get(oid); if (extControl.isCritical() != ext.isCritical()) { addViolation(failureMsg, "critical", ext.isCritical(), extControl.isCritical()); byte[] extensionValue = ext.getExtnValue().getOctets(); try { if (Extension.authorityKeyIdentifier.equals(oid)) { } else if (Extension.subjectKeyIdentifier.equals(oid)) { } else if (Extension.keyUsage.equals(oid)) {
public static Extensions getInstance( Object obj) { if (obj instanceof Extensions) { return (Extensions)obj; } else if (obj != null) { return new Extensions(ASN1Sequence.getInstance(obj)); } return null; }
public static Extensions getInstance( ASN1TaggedObject obj, boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); }
@Override public boolean isCritical(String oid) { Extension ext = this.extensions.getExtension(new ASN1ObjectIdentifier(oid)); return ext != null && ext.isCritical(); }
/** * return the parsed value of the extension represented by the object identifier * passed in. * * @return the parsed value of the extension if it's present, null otherwise. */ public ASN1Encodable getExtensionParsedValue(ASN1ObjectIdentifier oid) { Extension ext = this.getExtension(oid); if (ext != null) { return ext.getParsedValue(); } return null; }
private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), issuerCert, serialNumber)); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); sentNonce = ext.getExtnId().getEncoded(); return gen.build(); }