@Override public List<String> getExtendedKeyUsage() throws CertificateParsingException { return unwrap().getExtendedKeyUsage(); }
List keyUsage = cert.getExtendedKeyUsage(); if (keyUsage != null) { if (!keyUsage.containsAll(extendedKeyUsage)) {
private void checkCertForClientUsage(X509Certificate clientCert) { try { // We required that the extended key usage must be present if we are using // client cert authentication if (extendedClientCheck && (clientCert.getExtendedKeyUsage() == null || !clientCert.getExtendedKeyUsage().contains(CLIENTAUTH_OID))) { throw new SecurityException("No extended key usage available"); } } catch (CertificateParsingException e) { throw new SecurityException("Can't parse client cert"); } }
@Override public List<String> getExtendedKeyUsage() throws CertificateParsingException { return unwrap().getExtendedKeyUsage(); }
/** * Log if the certificate is not valid for responding. * * @param x509Certificate * @throws java.security.cert.CertificateParsingException */ public static void checkResponderCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException { List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage(); // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 if (extendedKeyUsage != null && !extendedKeyUsage.contains(KeyPurposeId.id_kp_OCSPSigning.toString())) { LOG.error("Certificate extended key usage does not include OCSP responding"); } }
/** * Log if the certificate is not valid for timestamping. * * @param x509Certificate * @throws java.security.cert.CertificateParsingException */ public static void checkTimeStampCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException { List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage(); // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 if (extendedKeyUsage != null && !extendedKeyUsage.contains(KeyPurposeId.id_kp_timeStamping.toString())) { LOG.error("Certificate extended key usage does not include timeStamping"); } }
"digitalSignature nor nonRepudiation"); List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage(); if (extendedKeyUsage != null && !extendedKeyUsage.contains(KeyPurposeId.id_kp_emailProtection.toString()) &&
@Override /** * {@inheritDoc} */ public List<String> getExtendedKeyUsage() throws CertificateParsingException { return internalCert.getExtendedKeyUsage(); }
@Override public List<String> getExtendedKeyUsage() throws CertificateParsingException { return mDelegate.getExtendedKeyUsage(); }
X509Certificate certificate =...; certificate .getExtendedKeyUsage();
private void checkCertForClientUsage(X509Certificate clientCert) { try { // We required that the extended key usage must be present if we are using // client cert authentication if (extendedClientCheck && (clientCert.getExtendedKeyUsage() == null || !clientCert.getExtendedKeyUsage().contains(CLIENTAUTH_OID))) { throw new SecurityException("No extended key usage available"); } } catch (CertificateParsingException e) { throw new SecurityException("Can't parse client cert"); } }
private String extendedKeyUsageExtractor(X509Certificate cert) throws CertificateParsingException { String value = ""; List<String> extKeyUsage = cert.getExtendedKeyUsage(); for (String use : extKeyUsage) { value += use + ": " + OIDTranslator.getDescription(use) + "\n"; } return value; }
@Override public List<String> getExtendedKeyUsage() throws CertificateParsingException { return delegate().getExtendedKeyUsage(); }
public List<String> getExtendedKeyUsage() { List<String> extendedKeyUsage = new LinkedList<>(); try { if (certificate.getExtendedKeyUsage() == null) { return extendedKeyUsage; } for (String i : certificate.getExtendedKeyUsage()) { extendedKeyUsage.add(ObjectIdentifier.getExtendedKeyUsage(i)); } } catch (CertificateParsingException e) { e.printStackTrace(); } return extendedKeyUsage; }
/** * Log if the certificate is not valid for responding. * * @param x509Certificate * @throws java.security.cert.CertificateParsingException */ public static void checkResponderCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException { List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage(); // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 if (extendedKeyUsage != null && !extendedKeyUsage.contains(KeyPurposeId.id_kp_OCSPSigning.toString())) { LOG.error("Certificate extended key usage does not include OCSP responding"); } }
private String getExtendedKeyUsage(X509Certificate cert, Translator tr, String pad, String indent, String eol) { LOGGER.debug("Extract extended key usage extension"); StringBuilder sb= new StringBuilder(); List<String> extendedKeyUsage; try { extendedKeyUsage= cert.getExtendedKeyUsage(); if (extendedKeyUsage != null) { sb.append(pad).append(tr.translate(EXT_KEY_USAGE)).append(eol); for (String oid : extendedKeyUsage) { sb.append(pad).append(indent).append(X509CertConstants.EXTENDED_KEY_USAGES.get(oid)).append(eol); } } } catch (CertificateParsingException e) { LOGGER.error("Unexpected error getting extended key usage", e); } return sb.toString(); }
/** * Log if the certificate is not valid for timestamping. * * @param x509Certificate * @throws java.security.cert.CertificateParsingException */ public static void checkTimeStampCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException { List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage(); // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 if (extendedKeyUsage != null && !extendedKeyUsage.contains(KeyPurposeId.id_kp_timeStamping.toString())) { LOG.error("Certificate extended key usage does not include timeStamping"); } }
public static boolean isExtendedKeyUsagePresent(CertificateToken certToken, ASN1ObjectIdentifier oid) { try { List<String> keyPurposes = certToken.getCertificate().getExtendedKeyUsage(); if ((keyPurposes != null) && keyPurposes.contains(oid.getId())) { return true; } } catch (CertificateParsingException e) { LOG.error("Unable to retrieve ExtendedKeyUsage from certificate", e); } return false; }
public static List<String> getExtendedKeyUsage(CertificateToken certToken) { try { return certToken.getCertificate().getExtendedKeyUsage(); } catch (CertificateParsingException e) { LOG.warn("Unable to retrieve ExtendedKeyUsage : {}", e.getMessage()); return Collections.emptyList(); } }
/** * Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses.<br> * http://www.ietf.org/rfc/rfc3280.txt <br> * http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2<br> * {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) * ocspSigning(9)}<br> * OID: 1.3.6.1.5.5.7.3.9 * * @return */ public boolean isOCSPSigning() { try { List<String> keyPurposes = x509Certificate.getExtendedKeyUsage(); if (keyPurposes != null && keyPurposes.contains(OID.id_kp_OCSPSigning.getId())) { return true; } } catch (CertificateParsingException e) { LOG.warn(e.getMessage()); } // Responder's certificate not valid for signing OCSP responses. return false; }