Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package dk.gov.oiosi.security.oces;
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.i18n.ErrorBundle;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import sun.security.x509.URIName;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.List;
/**
* Created by IntelliJ IDEA.
* User: jlm0578
* Date: 22-03-12
* Time: 14:15
* To change this template use File | Settings | File Templates.
*/
public class CertificateUtil
{
private static final String AUTH_INFO_ACCESS = Extension.authorityInfoAccess.getId();
public CertificateUtil()
{ }
public List<URL> getOcspUrls(X509Certificate cert) throws MalformedURLException, Exception
{
List<URL> urls = new LinkedList<URL>();
AuthorityInformationAccess authInfoAccess = null;
try
{
ASN1Primitive auth_info_acc = getExtensionValue(cert, Extension.authorityInfoAccess.getId());
if (auth_info_acc != null)
{
authInfoAccess = AuthorityInformationAccess.getInstance(auth_info_acc);
}
}
catch (AnnotatedException ae)
{
//throw new Exception();
//ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlAuthInfoAccError");
//addError(msg,index);
}
if (authInfoAccess != null)
{
AccessDescription[] ads = authInfoAccess.getAccessDescriptions();
for (int i = 0; i < ads.length; i++)
{
if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp))
{
GeneralName name = ads[i].getAccessLocation();
if (name.getTagNo() == GeneralName.uniformResourceIdentifier)
{
String url = ((DERIA5String) name.getName()).getString();
urls.add(new URL(url));
}
}
}
}
return urls;
}
public List<URL> getCrlURLs(X509Certificate cert) {
List<URL> urls = new LinkedList<URL>();
// Retrieves the raw ASN1 data of the CRL Dist Points X509 extension
byte[] cdp = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
if (cdp != null) {
try {
// Wraps the raw data in a container class
CRLDistPoint crldp = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(cdp));
DistributionPoint[] distPoints = crldp.getDistributionPoints();
for (DistributionPoint dp : distPoints) {
// Only use the "General name" data in the distribution point entry.
GeneralNames gns = (GeneralNames) dp.getDistributionPoint().getName();
for (GeneralName name : gns.getNames()) {
// Only retrieve URLs
if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
uri = (DERIA5String) name.getName();
urls.add(new URL( uri.getString()));
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
}
}
}
} catch (IOException e) {
// Could not retrieve the CRLDistPoint object. Just return empty url list.
/*
* Hmm... So there is no possibility to see what happened when certificate is checked against CRL - such error is just hidden.
*
* TODO DLK: Think at least about logging such exception, throwing excpetion is preferred.
*/
}
}
return urls;
}
/**
* Extract the value of the given extension, if it exists.
*
* @param ext The extension object.
* @param oid The object identifier to obtain.
* @throws AnnotatedException if the extension cannot be read.
*/
protected static ASN1Primitive getExtensionValue(
java.security.cert.X509Extension ext,
String oid)
throws Exception
{
byte[] bytes = ext.getExtensionValue(oid);
if (bytes == null)
{
return null;
}
return getObject(oid, bytes);
}
private static ASN1Primitive getObject(
String oid,
byte[] ext)
throws Exception
{
try
{
ASN1InputStream aIn = new ASN1InputStream(ext);
ASN1OctetString octs = (ASN1OctetString)aIn.readObject();
aIn = new ASN1InputStream(octs.getOctets());
return aIn.readObject();
}
catch (Exception e)
{
throw new Exception("exception processing extension " + oid, e);
}
}
}