Skip to content
Normal view History Permalink
CertificateUtil.java 5.09 KiB
Newer Older
Jacob Lund Mogensen's avatar
Many small updates
Jacob Lund Mogensen committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 
package dk.gov.oiosi.security.oces;

import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.i18n.ErrorBundle;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import sun.security.x509.URIName;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: jlm0578
 * Date: 22-03-12
 * Time: 14:15
 * To change this template use File | Settings | File Templates.
 */
public class CertificateUtil
{
     private static final String AUTH_INFO_ACCESS = Extension.authorityInfoAccess.getId();

    public CertificateUtil()
    { }

    public List<URL> getOcspUrls(X509Certificate cert) throws MalformedURLException, Exception
    {
        List<URL> urls = new LinkedList<URL>();

                   AuthorityInformationAccess authInfoAccess = null;
            try
            {
                ASN1Primitive auth_info_acc = getExtensionValue(cert, Extension.authorityInfoAccess.getId());
                if (auth_info_acc != null)
                {
                    authInfoAccess = AuthorityInformationAccess.getInstance(auth_info_acc);
                }
            }
            catch (AnnotatedException ae)
            {
                //throw new  Exception();
                //ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlAuthInfoAccError");
                //addError(msg,index);
            }

        if (authInfoAccess != null)
        {
            AccessDescription[] ads = authInfoAccess.getAccessDescriptions();
            for (int i = 0; i < ads.length; i++)
            {
                if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp))
                {
                    GeneralName name = ads[i].getAccessLocation();
                    if (name.getTagNo() == GeneralName.uniformResourceIdentifier)
                    {
                        String url = ((DERIA5String) name.getName()).getString();
                        urls.add(new URL(url));
                    }
                }
            }
        }

        return urls;
    }

    public List<URL> getCrlURLs(X509Certificate cert) {
        List<URL> urls = new LinkedList<URL>();

        // Retrieves the raw ASN1 data of the CRL Dist Points X509 extension
        byte[] cdp = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (cdp != null) {
            try {
                // Wraps the raw data in a container class
                CRLDistPoint crldp = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(cdp));

                DistributionPoint[] distPoints = crldp.getDistributionPoints();

                for (DistributionPoint dp : distPoints) {
                    // Only use the "General name" data in the distribution point entry.
                    GeneralNames gns = (GeneralNames) dp.getDistributionPoint().getName();
Jacob Lund Mogensen's avatar
fix error  
Jacob Lund Mogensen committed
86 
                    DERIA5String uri;
Jacob Lund Mogensen's avatar
Many small updates
Jacob Lund Mogensen committed
87 88 89 
                    for (GeneralName name : gns.getNames()) {
                        // Only retrieve URLs
                        if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
Jacob Lund Mogensen's avatar
fix error  
Jacob Lund Mogensen committed
90 91 
                            uri = (DERIA5String) name.getName();
                            urls.add(new URL( uri.getString()));
Jacob Lund Mogensen's avatar
Many small updates
Jacob Lund Mogensen committed
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 
                        }
                    }
                }
            } catch (IOException e) {
                // Could not retrieve the CRLDistPoint object. Just return empty url list.
            	/*
            	 * Hmm... So there is no possibility to see what happened when certificate is checked against CRL - such error is just hidden.
            	 *
            	 * TODO DLK: Think at least about logging such exception, throwing excpetion is preferred.
            	 */
            }
        }

        return urls;
    }

     /**
     * Extract the value of the given extension, if it exists.
     *
     * @param ext The extension object.
     * @param oid The object identifier to obtain.
     * @throws AnnotatedException if the extension cannot be read.
     */
    protected static ASN1Primitive getExtensionValue(
        java.security.cert.X509Extension ext,
        String oid)
            throws Exception
    {
        byte[] bytes = ext.getExtensionValue(oid);
        if (bytes == null)
        {
            return null;
        }

        return getObject(oid, bytes);
    }

    private static ASN1Primitive getObject(
        String oid,
        byte[] ext)
            throws Exception
    {
        try
        {
            ASN1InputStream aIn = new ASN1InputStream(ext);
            ASN1OctetString octs = (ASN1OctetString)aIn.readObject();

            aIn = new ASN1InputStream(octs.getOctets());
            return aIn.readObject();
        }
        catch (Exception e)
        {
            throw new Exception("exception processing extension " + oid, e);
        }
    }
}