/** {@inheritDoc} */ @Override @SuppressWarnings("unchecked") public Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert) throws CertificateParsingException { return X509ExtensionUtil.getSubjectAlternativeNames(cert); }
/** * Constructor which will take the byte[] returned from getExtensionValue() * * @param encodedValue a DER octet encoded string with the extension structure in it. * @throws IOException on parsing errors. */ public AuthorityKeyIdentifierStructure( byte[] encodedValue) throws IOException { super((ASN1Sequence)X509ExtensionUtil.fromExtensionValue(encodedValue)); }
/** * Create an AuthorityKeyIdentifier using the passed in certificate's public * key, issuer and serial number. * * @param certificate the certificate providing the information. * @throws CertificateParsingException if there is a problem processing the certificate */ public AuthorityKeyIdentifierStructure( X509Certificate certificate) throws CertificateParsingException { super(fromCertificate(certificate)); }
new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(key));
@SuppressWarnings("deprecation") public FluentKeySigner authorityCertificate(X509Certificate certificate) { try { authorityKeyIdentifier(new org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure(certificate)); this.authorityCertificate = certificate; return this; } catch (CertificateParsingException e) { throw Exceptions.propagate(e); } }
/** * Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if * present. * * @param certificate an X.509 certificate possibly containing a subject key identifier * @return the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate * does not contain the extension * @throws IOException */ public static byte[] getSubjectKeyIdentifier(X509Certificate certificate) { byte[] derValue = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); if (derValue == null || derValue.length == 0) { return null; } SubjectKeyIdentifier ski = null; try { ski = new SubjectKeyIdentifierStructure(derValue); } catch (IOException e) { log.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e); return null; } if (ski != null) { return ski.getKeyIdentifier(); } else { return null; } }
/** * Create an AuthorityKeyIdentifier using just the hash of the * public key. * * @param pubKey the key to generate the hash from. * @throws InvalidKeyException if there is a problem using the key. */ public AuthorityKeyIdentifierStructure( PublicKey pubKey) throws InvalidKeyException { super(fromKey(pubKey)); } }
/** * @deprecated use org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils.getIssuerAlternativeNames() */ public static Collection getIssuerAlternativeNames(X509Certificate cert) throws CertificateParsingException { byte[] extVal = cert.getExtensionValue(Extension.issuerAlternativeName.getId()); return getAlternativeNames(extVal); }
/** * Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if * present. * * @param certificate an X.509 certificate possibly containing a subject key identifier * @return the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate * does not contain the extension * @throws IOException */ public static byte[] getSubjectKeyIdentifier(X509Certificate certificate) { Logger log = getLogger(); byte[] derValue = certificate.getExtensionValue(SKI_OID); if (derValue == null || derValue.length == 0) { return null; } try { final ASN1Primitive ski = X509ExtensionUtil.fromExtensionValue(derValue); return ((DEROctetString) ski).getOctets(); } catch (IOException e) { log.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e); return null; } }
public FluentKeySigner authorityCertificate(X509Certificate certificate) { try { authorityKeyIdentifier(new AuthorityKeyIdentifierStructure(certificate)); this.authorityCertificate = certificate; return this; } catch (CertificateParsingException e) { throw Exceptions.propagate(e); } }
/** * Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if * present. * * @param certificate an X.509 certificate possibly containing a subject key identifier * @return the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate * does not contain the extension * @throws IOException */ public static byte[] getSubjectKeyIdentifier(X509Certificate certificate) { byte[] derValue = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); if (derValue == null || derValue.length == 0) { return null; } SubjectKeyIdentifier ski = null; try { ski = new SubjectKeyIdentifierStructure(derValue); } catch (IOException e) { log.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e); return null; } if (ski != null) { return ski.getKeyIdentifier(); } else { return null; } }
/** * @deprecated use org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils.getSubjectAlternativeNames() */ public static Collection getSubjectAlternativeNames(X509Certificate cert) throws CertificateParsingException { byte[] extVal = cert.getExtensionValue(Extension.subjectAlternativeName.getId()); return getAlternativeNames(extVal); }
public static Collection<List<?>> getSubjectAlternativeNames( X509Certificate cert) throws CertificateParsingException { return X509ExtensionUtil.getSubjectAlternativeNames(cert);
private boolean isCa(X509Certificate certificate) { byte[] basicConstraintsValue = certificate.getExtensionValue(Extension.basicConstraints.getId()); if (null == basicConstraintsValue) { return false; } ASN1Encodable basicConstraintsDecoded; try { basicConstraintsDecoded = X509ExtensionUtil.fromExtensionValue(basicConstraintsValue); } catch (IOException e) { LOG.error("IO error", e); return false; } if (false == basicConstraintsDecoded instanceof ASN1Sequence) { LOG.debug("basic constraints extension is not an ASN1 sequence"); return false; } ASN1Sequence basicConstraintsSequence = (ASN1Sequence) basicConstraintsDecoded; BasicConstraints basicConstraints = BasicConstraints.getInstance(basicConstraintsSequence); return basicConstraints.isCA(); } }
@Override public X509CRL generateX509CRL( X509Certificate caCertificate, PrivateKey caPrivateKey ) { try { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); crlGen.setIssuerDN( caCertificate.getSubjectX500Principal() ); crlGen.setThisUpdate( new DateTime().minus( Time.CLOCK_SKEW ).toDate() ); crlGen.setNextUpdate( new DateTime().minus( Time.CLOCK_SKEW ).plusHours( 12 ).toDate() ); crlGen.setSignatureAlgorithm( SignatureAlgorithm.SHA256withRSA.jcaString() ); crlGen.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure( caCertificate ) ); crlGen.addExtension( X509Extensions.CRLNumber, false, new CRLNumber( BigInteger.ONE ) ); return crlGen.generate( caPrivateKey, BouncyCastleProvider.PROVIDER_NAME ); } catch ( GeneralSecurityException ex ) { throw new CryptoFailure( "Unable to generate CRL", ex ); } }
public static BigInteger getCrlNumber(X509CRL crl) throws IOException { byte[] crlNumEnc = crl.getExtensionValue(X509Extension.cRLNumber.getId()); BigInteger crlNum = null; // XAdES 7.4.2: "The 'number' element is an optional hint ..." if (crlNumEnc != null) { ASN1Object derCrlNum = X509ExtensionUtil.fromExtensionValue(crlNumEnc); crlNum = CRLNumber.getInstance(derCrlNum).getCRLNumber(); } return crlNum; } }
/** * add a given extension field for the standard extensions tag (tag 3) * copying the extension value from another certificate. * @throws CertificateParsingException if the extension cannot be extracted. */ public void copyAndAddExtension( String oid, boolean critical, X509Certificate cert) throws CertificateParsingException { byte[] extValue = cert.getExtensionValue(oid); if (extValue == null) { throw new CertificateParsingException("extension " + oid + " not present"); } try { ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue); this.addExtension(oid, critical, value); } catch (IOException e) { throw new CertificateParsingException(e.toString()); } }
@Override public DistributionPoint[] getCRLDistributionPoints( X509Certificate cert ) { try { byte[] value = cert.getExtensionValue( X509Extensions.CRLDistributionPoints.getId() ); if ( value == null ) { return null; } CRLDistPoint crlDistPoints = CRLDistPoint.getInstance( X509ExtensionUtil.fromExtensionValue( value ) ); return crlDistPoints.getDistributionPoints(); } catch ( IOException ex ) { throw new CryptoFailure( "Unable to extract CRLDistributionPoints from X509Certificate extensions", ex ); } }
/** * Returns if the specified CRL is indirect. * * @param crl * the CRL * @return true or false * @throws CRLException * something went wrong reading the * {@link org.bouncycastle.asn1.x509.IssuingDistributionPoint}. */ private boolean isIndirectCRL(X509CRL crl) throws CRLException { byte[] idp = crl .getExtensionValue(X509Extensions.IssuingDistributionPoint .getId()); boolean isIndirect = false; try { if (idp != null) { isIndirect = IssuingDistributionPoint.getInstance( X509ExtensionUtil.fromExtensionValue(idp)) .isIndirectCRL(); } } catch (Exception e) { throw new CRLException( "Exception reading IssuingDistributionPoint", e); } return isIndirect; } }
/** * This method returns the reason of the revocation of the certificate extracted from the given CRL. * * @param crlEntry An object for a revoked certificate in a CRL (Certificate Revocation List). * @return * @throws DSSException */ public static String getRevocationReason(final X509CRLEntry crlEntry) throws DSSException { final String reasonId = Extension.reasonCode.getId(); final byte[] extensionBytes = crlEntry.getExtensionValue(reasonId); try { final ASN1Primitive asn1Primitive = X509ExtensionUtil.fromExtensionValue(extensionBytes); final ASN1Enumerated asn1Enumerated = ASN1Enumerated.getInstance(asn1Primitive); final CRLReason reason = CRLReason.getInstance(asn1Enumerated); return reason.toString(); } catch (IOException e) { throw new DSSException(e); } }