/** * Constructor which will take the byte[] returned from getExtensionValue() * * @param encodedValue a DER octet encoded string with the extension structure in it. * @throws IOException on parsing errors. */ public AuthorityKeyIdentifierStructure( byte[] encodedValue) throws IOException { super((ASN1Sequence)X509ExtensionUtil.fromExtensionValue(encodedValue)); }
/** {@inheritDoc} */ @Override @SuppressWarnings("unchecked") public Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert) throws CertificateParsingException { return X509ExtensionUtil.getSubjectAlternativeNames(cert); }
/** * @deprecated use org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils.getSubjectAlternativeNames() */ public static Collection getSubjectAlternativeNames(X509Certificate cert) throws CertificateParsingException { byte[] extVal = cert.getExtensionValue(Extension.subjectAlternativeName.getId()); return getAlternativeNames(extVal); }
/** * Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if * present. * * @param certificate an X.509 certificate possibly containing a subject key identifier * @return the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate * does not contain the extension * @throws IOException */ public static byte[] getSubjectKeyIdentifier(X509Certificate certificate) { Logger log = getLogger(); byte[] derValue = certificate.getExtensionValue(SKI_OID); if (derValue == null || derValue.length == 0) { return null; } try { final ASN1Primitive ski = X509ExtensionUtil.fromExtensionValue(derValue); return ((DEROctetString) ski).getOctets(); } catch (IOException e) { log.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e); return null; } }
/** * @deprecated use org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils.getIssuerAlternativeNames() */ public static Collection getIssuerAlternativeNames(X509Certificate cert) throws CertificateParsingException { byte[] extVal = cert.getExtensionValue(Extension.issuerAlternativeName.getId()); return getAlternativeNames(extVal); }
public static Collection<List<?>> getSubjectAlternativeNames( X509Certificate cert) throws CertificateParsingException { return X509ExtensionUtil.getSubjectAlternativeNames(cert);
private boolean isCa(X509Certificate certificate) { byte[] basicConstraintsValue = certificate.getExtensionValue(Extension.basicConstraints.getId()); if (null == basicConstraintsValue) { return false; } ASN1Encodable basicConstraintsDecoded; try { basicConstraintsDecoded = X509ExtensionUtil.fromExtensionValue(basicConstraintsValue); } catch (IOException e) { LOG.error("IO error", e); return false; } if (false == basicConstraintsDecoded instanceof ASN1Sequence) { LOG.debug("basic constraints extension is not an ASN1 sequence"); return false; } ASN1Sequence basicConstraintsSequence = (ASN1Sequence) basicConstraintsDecoded; BasicConstraints basicConstraints = BasicConstraints.getInstance(basicConstraintsSequence); return basicConstraints.isCA(); } }
Collection<List<?>> altNames = null; try { altNames = X509ExtensionUtil.getSubjectAlternativeNames(certificate); } catch (CertificateParsingException e) { log.error("Encountered an problem trying to extract Subject Alternate "
public static BigInteger getCrlNumber(X509CRL crl) throws IOException { byte[] crlNumEnc = crl.getExtensionValue(X509Extension.cRLNumber.getId()); BigInteger crlNum = null; // XAdES 7.4.2: "The 'number' element is an optional hint ..." if (crlNumEnc != null) { ASN1Object derCrlNum = X509ExtensionUtil.fromExtensionValue(crlNumEnc); crlNum = CRLNumber.getInstance(derCrlNum).getCRLNumber(); } return crlNum; } }
Collection<List<?>> altNames = null; try { altNames = X509ExtensionUtil.getSubjectAlternativeNames(certificate); } catch (CertificateParsingException e) { log.error("Encountered an problem trying to extract Subject Alternate "
/** * Returns the OCSP responder {@link URI} or {@code null} if it doesn't have one. */ public static URI ocspUri(X509Certificate certificate) throws IOException { byte[] value = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (value == null) { return null; } ASN1Primitive authorityInfoAccess = X509ExtensionUtil.fromExtensionValue(value); if (!(authorityInfoAccess instanceof DLSequence)) { return null; } DLSequence aiaSequence = (DLSequence) authorityInfoAccess; DERTaggedObject taggedObject = findObject(aiaSequence, OCSP_RESPONDER_OID, DERTaggedObject.class); if (taggedObject == null) { return null; } if (taggedObject.getTagNo() != BERTags.OBJECT_IDENTIFIER) { return null; } byte[] encoded = taggedObject.getEncoded(); int length = (int) encoded[1] & 0xFF; String uri = new String(encoded, 2, length, CharsetUtil.UTF_8); return URI.create(uri); }
KeyStore keyStore = getKeyStore(cert); X509Certificate certificate = getCertificate(cert, keyStore); Collection<?> alternativeNames = X509ExtensionUtil.getSubjectAlternativeNames(certificate); for (Object alternativeName : alternativeNames) { if (alternativeName instanceof ArrayList) {
/** * add a given extension field for the standard extensions tag (tag 3) * copying the extension value from another certificate. * @throws CertificateParsingException if the extension cannot be extracted. */ public void copyAndAddExtension( String oid, boolean critical, X509Certificate cert) throws CertificateParsingException { byte[] extValue = cert.getExtensionValue(oid); if (extValue == null) { throw new CertificateParsingException("extension " + oid + " not present"); } try { ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue); this.addExtension(oid, critical, value); } catch (IOException e) { throw new CertificateParsingException(e.toString()); } }
KeyStore keyStore = getKeyStore(cert); X509Certificate certificate = getCertificate(cert, keyStore); Collection<?> alternativeNames = X509ExtensionUtil.getSubjectAlternativeNames(certificate); for (Object alternativeName : alternativeNames) { if (alternativeName instanceof ArrayList) {
/** * Returns the AuthorityInfoAccess extension value on list format.<br> * Otherwise, returns <b>list empty</b>.<br> * @return List Authority info access list */ public List<String> getAuthorityInfoAccess() { List<String> address = new ArrayList<String>(); try { byte[] authorityInfoAccess = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (authorityInfoAccess != null && authorityInfoAccess.length > 0) { AuthorityInformationAccess infoAccess = AuthorityInformationAccess.getInstance(X509ExtensionUtil .fromExtensionValue(authorityInfoAccess)); for (AccessDescription desc : infoAccess.getAccessDescriptions()) if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) address.add(((DERIA5String) desc.getAccessLocation().getName()).getString()); } return address; } catch (Exception error) { logger.info(error.getMessage()); return address; } }
private String getSubjectAlternativeNames(final X509Certificate certificate, final int index, final int type) { final byte[] extVal = certificate.getExtensionValue(Extension.issuerAlternativeName.getId()); if (extVal == null) { return null; } try { final Enumeration<?> it = DERSequence.getInstance(X509ExtensionUtil.fromExtensionValue(extVal)).getObjects(); int i = index; while (it.hasMoreElements()) { if (index == i++) { final GeneralName genName = GeneralName.getInstance(it.nextElement()); if (genName.getTagNo() == type) { return ASN1String.class.cast(genName.getName()).getString(); } } } } catch (final IOException e) { // no-op } return null; }
/** * Returns the AuthorityInfoAccess extension value on list format.<br> * Otherwise, returns <b>list empty</b>.<br> * @return List */ public List<String> getAuthorityInfoAccess() { List<String> address = new ArrayList<String>(); try { byte[] extensionValue = certificate.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId()); if (extensionValue != null && extensionValue.length > 0) { AuthorityInformationAccess infoAccess = AuthorityInformationAccess.getInstance(X509ExtensionUtil .fromExtensionValue(extensionValue)); for (AccessDescription desc : infoAccess.getAccessDescriptions()) if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) address.add(((DERIA5String) desc.getAccessLocation().getName()).getString()); } return address; } catch (IOException error) { LOGGER.info(error.getMessage()); return address; } }
@Override public DistributionPoint[] getCRLDistributionPoints( X509Certificate cert ) { try { byte[] value = cert.getExtensionValue( X509Extensions.CRLDistributionPoints.getId() ); if ( value == null ) { return null; } CRLDistPoint crlDistPoints = CRLDistPoint.getInstance( X509ExtensionUtil.fromExtensionValue( value ) ); return crlDistPoints.getDistributionPoints(); } catch ( IOException ex ) { throw new CryptoFailure( "Unable to extract CRLDistributionPoints from X509Certificate extensions", ex ); } }
Enumeration it = DERSequence.getInstance(fromExtensionValue(extVal)).getObjects(); while (it.hasMoreElements())
/** * Returns if the specified CRL is indirect. * * @param crl * the CRL * @return true or false * @throws CRLException * something went wrong reading the * {@link org.bouncycastle.asn1.x509.IssuingDistributionPoint}. */ private boolean isIndirectCRL(X509CRL crl) throws CRLException { byte[] idp = crl .getExtensionValue(X509Extensions.IssuingDistributionPoint .getId()); boolean isIndirect = false; try { if (idp != null) { isIndirect = IssuingDistributionPoint.getInstance( X509ExtensionUtil.fromExtensionValue(idp)) .isIndirectCRL(); } } catch (Exception e) { throw new CRLException( "Exception reading IssuingDistributionPoint", e); } return isIndirect; } }