Newer
Older
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import java.io.IOException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.List;
public class CertificateUtil {
public CertificateUtil() {
}
public List<URL> getOcspUrls(X509Certificate cert) throws Exception {
AuthorityInformationAccess authInfoAccess = null;
try {
ASN1Primitive auth_info_acc = getExtensionValue(cert, Extension.authorityInfoAccess.getId());
if (auth_info_acc != null) {
authInfoAccess = AuthorityInformationAccess.getInstance(auth_info_acc);
} catch (AnnotatedException ae) {
//throw new Exception();
//ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlAuthInfoAccError");
//addError(msg,index);
}
AccessDescription[] ads = authInfoAccess.getAccessDescriptions();
for (AccessDescription ad : ads) {
if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
GeneralName name = ad.getAccessLocation();
if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = ((DERIA5String) name.getName()).getString();
urls.add(new URL(url));
}
}
}
}
return urls;
}
public List<URL> getCrlURLs(X509Certificate cert) {
List<URL> urls = new LinkedList<URL>();
// Retrieves the raw ASN1 data of the CRL Dist Points X509 extension
byte[] cdp = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
if (cdp != null) {
try {
// Wraps the raw data in a container class
CRLDistPoint crldp = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(cdp));
DistributionPoint[] distPoints = crldp.getDistributionPoints();
for (DistributionPoint dp : distPoints) {
// Only use the "General name" data in the distribution point entry.
GeneralNames gns = (GeneralNames) dp.getDistributionPoint().getName();
for (GeneralName name : gns.getNames()) {
// Only retrieve URLs
if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
urls.add(new URL(uri.getString()));
}
}
}
} catch (IOException e) {
// Could not retrieve the CRLDistPoint object. Just return empty url list.
/*
* Hmm... So there is no possibility to see what happened when certificate is checked against CRL - such error is just hidden.
*
* TODO DLK: Think at least about logging such exception, throwing excpetion is preferred.
*/
* Extract the value of the given extension, if it exists.
*
* @param ext The extension object.
* @param oid The object identifier to obtain.
* @throws AnnotatedException if the extension cannot be read.
*/
protected static ASN1Primitive getExtensionValue(
java.security.cert.X509Extension ext,
String oid)
throws Exception {
return null;
}
return getObject(oid, bytes);
}
private static ASN1Primitive getObject(
String oid,
byte[] ext)
throws Exception {
try {
ASN1InputStream aIn = new ASN1InputStream(ext);
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(octs.getOctets());
return aIn.readObject();
throw new Exception("exception processing extension " + oid, e);
}
}