Java 类java.security.cert.CertificateParsingException 实例源码

/**
 * Retrieves Subject Alternative Name UPN extension as a principal id String.
 *
 * @param certificate X.509 certificate credential.
 *
 * @return Resolved principal ID or null if no SAN UPN extension is available in provided certificate.
 *
 * @see AbstractX509PrincipalResolver#resolvePrincipalInternal(java.security.cert.X509Certificate)
 * @see java.security.cert.X509Certificate#getSubjectAlternativeNames()
 */
@Override
protected String resolvePrincipalInternal(final X509Certificate certificate) {
    logger.debug("Resolving principal from Subject Alternative Name UPN for {}", certificate);
    try {
        final Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames != null) {
            for (final List<?> sanItem : subjectAltNames) {
                final ASN1Sequence seq = getAltnameSequence(sanItem);
                final String upnString = getUPNStringFromSequence(seq);
                if (upnString != null) {
                    return upnString;
                }
            }
        }
    } catch (final CertificateParsingException e) {
        logger.error("Error is encountered while trying to retrieve subject alternative names collection from certificate", e);
        logger.debug("Returning null principal id...");
        return null;
    }
    logger.debug("Returning null principal id...");
    return null;
}

/**
 * Retrieves Subject Alternative Name UPN extension as a principal id String.
 *
 * @param certificate X.509 certificate credential.
 *
 * @return Resolved principal ID or null if no SAN UPN extension is available in provided certificate.
 *
 * @see AbstractX509PrincipalResolver#resolvePrincipalInternal(java.security.cert.X509Certificate)
 * @see java.security.cert.X509Certificate#getSubjectAlternativeNames()
 */
@Override
protected String resolvePrincipalInternal(final X509Certificate certificate) {
    logger.debug("Resolving principal from Subject Alternative Name UPN for {}", certificate);
    try {
        final Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames != null) {
            for (final List<?> sanItem : subjectAltNames) {
                final ASN1Sequence seq = getAltnameSequence(sanItem);
                final String upnString = getUPNStringFromSequence(seq);
                if (upnString != null) {
                    return upnString;
                }
            }
        }
    } catch (final CertificateParsingException e) {
        logger.error("Error is encountered while trying to retrieve subject alternative names collection from certificate", e);
        logger.debug("Returning null principal id...");
        return null;
    }
    logger.debug("Returning null principal id...");
    return null;
}

/**
 * Retrieves Subject Alternative Name UPN extension as a principal id String.
 *
 * @param certificate X.509 certificate credential.
 * @return Resolved principal ID or null if no SAN UPN extension is available in provided certificate.
 * @see AbstractX509PrincipalResolver#resolvePrincipalInternal(java.security.cert.X509Certificate)
 * @see java.security.cert.X509Certificate#getSubjectAlternativeNames()
 */
@Override
protected String resolvePrincipalInternal(final X509Certificate certificate) {
    LOGGER.debug("Resolving principal from Subject Alternative Name UPN for [{}]", certificate);
    try {
        final Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames != null) {
            for (final List<?> sanItem : subjectAltNames) {
                final ASN1Sequence seq = getAltnameSequence(sanItem);
                final String upnString = getUPNStringFromSequence(seq);
                if (upnString != null) {
                    return upnString;
                }
            }
        }
    } catch (final CertificateParsingException e) {
        LOGGER.error("Error is encountered while trying to retrieve subject alternative names collection from certificate", e);
        LOGGER.debug("Returning null principal...");
        return null;
    }
    LOGGER.debug("Returning null principal id...");
    return null;
}

public AttributeCertificateHolder(X509Certificate cert)
    throws CertificateParsingException
{
    X509Principal name;

    try
    {
        name = PrincipalUtil.getIssuerX509Principal(cert);
    }
    catch (Exception e)
    {
        throw new CertificateParsingException(e.getMessage());
    }

    holder = new Holder(new IssuerSerial(generateGeneralNames(name),
        new ASN1Integer(cert.getSerialNumber())));
}

private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature)
    throws CertificateEncodingException
{
    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));

    try
    {
        return new X509CertificateObject(Certificate.getInstance(new DERSequence(v)));
    }
    catch (CertificateParsingException e)
    {
        throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
}

/**
 * add a given extension field for the standard extensions tag (tag 3)
 * copying the extension value from another certificate.
 * @throws CertificateParsingException if the extension cannot be extracted.
 */
public void copyAndAddExtension(
    String          oid,
    boolean         critical,
    X509Certificate cert) 
    throws CertificateParsingException
{
    byte[] extValue = cert.getExtensionValue(oid);

    if (extValue == null)
    {
        throw new CertificateParsingException("extension " + oid + " not present");
    }

    try
    {
        ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue);

        this.addExtension(oid, critical, value);
    }
    catch (IOException e)
    {
        throw new CertificateParsingException(e.toString());
    }
}

protected static void addAdditionalStoresFromAltNames(
    X509Certificate cert,
    ExtendedPKIXParameters pkixParams)
    throws CertificateParsingException
{
    // if in the IssuerAltName extension an URI
    // is given, add an additinal X.509 store
    if (cert.getIssuerAlternativeNames() != null)
    {
        Iterator it = cert.getIssuerAlternativeNames().iterator();
        while (it.hasNext())
        {
            // look for URI
            List list = (List)it.next();
            if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier)))
            {
                // found
                String temp = (String)list.get(1);
                CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams);
            }
        }
    }
}

private Certificate readDERCertificate(
    InputStream in)
    throws IOException, CertificateParsingException
{
    ASN1InputStream dIn = new ASN1InputStream(in);
    ASN1Sequence seq = (ASN1Sequence)dIn.readObject();

    if (seq.size() > 1
            && seq.getObjectAt(0) instanceof DERObjectIdentifier)
    {
        if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
        {
            sData = new SignedData(ASN1Sequence.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();

            return getCertificate();
        }
    }

    return new X509CertificateObject(
                        org.bouncycastle.asn1.x509.Certificate.getInstance(seq));
}

private Certificate getCertificate()
    throws CertificateParsingException
{
    if (sData != null)
    {
        while (sDataObjectCount < sData.size())
        {
            Object obj = sData.getObjectAt(sDataObjectCount++);

            if (obj instanceof ASN1Sequence)
            {
               return new X509CertificateObject(
                                org.bouncycastle.asn1.x509.Certificate.getInstance(obj));
            }
        }
    }

    return null;
}

private java.security.cert.Certificate readDERCertificate(
    ASN1InputStream dIn)
    throws IOException, CertificateParsingException
{
    ASN1Sequence seq = (ASN1Sequence)dIn.readObject();

    if (seq.size() > 1
            && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
    {
        if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
        {
            sData = SignedData.getInstance(ASN1Sequence.getInstance(
                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();

            return getCertificate();
        }
    }

    return new X509CertificateObject(
                        Certificate.getInstance(seq));
}

private java.security.cert.Certificate getCertificate()
    throws CertificateParsingException
{
    if (sData != null)
    {
        while (sDataObjectCount < sData.size())
        {
            Object obj = sData.getObjectAt(sDataObjectCount++);

            if (obj instanceof ASN1Sequence)
            {
               return new X509CertificateObject(
                                Certificate.getInstance(obj));
            }
        }
    }

    return null;
}

/**
 * Process response data and, if applicable, HTTPS information. The {@link org.symphonyoss.symphony.jcurl.JCurl.Response} object returned can be printed
 * out with response.print().
 *
 * @param con a {@link java.net.HttpURLConnection} object.
 * @return a {@link org.symphonyoss.symphony.jcurl.JCurl.Response} object.
 * @throws java.io.IOException if any.
 * @throws java.security.cert.CertificateParsingException if any.
 */
public Response processResponse(HttpURLConnection con) throws IOException, CertificateParsingException {
  Response response = new Response();

  long startTime = System.nanoTime();
  con.connect();
  long endTime = System.nanoTime();

  response.timeTaken = endTime - startTime;

  processResponseHeaders(con, response);
  processResponseCode(con, response);
  processResponseCertificates(con, response);
  processResponseOutput(con, response);
  processResponseTags(response);

  return response;
}

/**
 * Retrieves Subject Alternative Name UPN extension as a principal id String.
 *
 * @param certificate X.509 certificate credential.
 *
 * @return Resolved principal ID or null if no SAN UPN extension is available in provided certificate.
 *
 * @see AbstractX509PrincipalResolver#resolvePrincipalInternal(java.security.cert.X509Certificate)
 * @see java.security.cert.X509Certificate#getSubjectAlternativeNames()
 */
@Override
protected String resolvePrincipalInternal(final X509Certificate certificate) {
    logger.debug("Resolving principal from Subject Alternative Name UPN for {}", certificate);
    try {
        final Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames != null) {
            for (final List<?> sanItem : subjectAltNames) {
                final ASN1Sequence seq = getAltnameSequence(sanItem);
                final String upnString = getUPNStringFromSequence(seq);
                if (upnString != null) {
                    return upnString;
                }
            }
        }
    } catch (final CertificateParsingException e) {
        logger.error("Error is encountered while trying to retrieve subject alternative names collection from certificate", e);
        logger.debug("Returning null principal id...");
        return null;
    }
    logger.debug("Returning null principal id...");
    return null;
}

private static Object getSubjectAltName(X509Certificate cert, int type) {
    Collection<List<?>> subjectAltNames;

    try {
        subjectAltNames = cert.getSubjectAlternativeNames();
    } catch (CertificateParsingException cpe) {
        if (debug != null && Debug.isOn("handshake")) {
            System.out.println(
                    "Attempt to obtain subjectAltNames extension failed!");
        }
        return null;
    }

    if (subjectAltNames != null) {
        for (List<?> subjectAltName : subjectAltNames) {
            int subjectAltNameType = (Integer)subjectAltName.get(0);
            if (subjectAltNameType == type) {
                return subjectAltName.get(1);
            }
        }
    }

    return null;
}

public static String buildCertAppliesToString(X509Certificate cert) {
    List<String> elements = new ArrayList<>();
    try {
        Collection<List<?>> altNames = cert.getSubjectAlternativeNames();
        if (altNames != null) {
            for (List<?> altName : altNames) {
                Integer altNameType = (Integer) altName.get(0);
                if (altNameType != 2 && altNameType != 7) // dns or ip
                    continue;
                elements.add((String) altName.get(1));
            }
        }
    } catch (CertificateParsingException ignored) {
    }

    if (elements.size() == 0)
        return "none";
    return TextUtils.join(",", elements.toArray());
}

private static List<String> getSubjectAltNames(X509Certificate certificate, int type) {
    List<String> result = new ArrayList();
    try {
        Collection<?> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames == null) {
            return Collections.emptyList();
        }
        Iterator it = subjectAltNames.iterator();
        while (it.hasNext()) {
            List<?> entry = (List) it.next();
            if (entry != null && entry.size() >= 2) {
                Integer altNameType = (Integer) entry.get(0);
                if (altNameType != null && altNameType.intValue() == type) {
                    String altName = (String) entry.get(1);
                    if (altName != null) {
                        result.add(altName);
                    }
                }
            }
        }
        return result;
    } catch (CertificateParsingException e) {
        return Collections.emptyList();
    }
}

/**
 * Returns a list of subject alternative names. Any name that is represented as a String by X509Certificate.getSubjectAlternativeNames() is converted to lowercase and returned.
 *
 * @param certificate a certificate
 * @return a list of subject alternative names; list is never null
 * @throws CertificateParsingException if parsing the certificate failed
 */
public static List<String> getSubjectAlternativeNames(final X509Certificate certificate) throws CertificateParsingException {

    final Collection<List<?>> altNames = certificate.getSubjectAlternativeNames();
    if (altNames == null) {
        return new ArrayList<>();
    }

    final List<String> result = new ArrayList<>();
    for (final List<?> generalName : altNames) {
        /**
         * generalName has the name type as the first element a String or byte array for the second element. We return any general names that are String types.
         *
         * We don't inspect the numeric name type because some certificates incorrectly put IPs and DNS names under the wrong name types.
         */
        final Object value = generalName.get(1);
        if (value instanceof String) {
            result.add(((String) value).toLowerCase());
        }

    }

    return result;
}

public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
    Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
    List<String> emails = new ArrayList<>();
    if (alternativeNames != null) {
        for(List<?> san : alternativeNames) {
            Integer type = (Integer) san.get(0);
            if (type == 1) {
                emails.add((String) san.get(1));
            }
        }
    }
    X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
    if (emails.size() == 0) {
        emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
    }
    String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
    if (emails.size() >= 1) {
        return new Pair<>(Jid.fromString(emails.get(0)), name);
    } else {
        return null;
    }
}

public static boolean validateSubjectAltNameField(X509Certificate certificate, int field,
                                                  Predicate<Object> fieldValidator) throws UaException {

    try {
        Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames == null) subjectAltNames = Collections.emptyList();

        for (List<?> idAndValue : subjectAltNames) {
            if (idAndValue != null && idAndValue.size() == 2) {
                if (idAndValue.get(0).equals(field)) {
                    if (fieldValidator.test(idAndValue.get(1))) {
                        return true;
                    }
                }
            }
        }

        return false;
    } catch (CertificateParsingException e) {
        throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
    }
}

public static String getSubjectAltNameUri(X509Certificate certificate) throws UaException {
    try {
        Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames == null) subjectAltNames = Collections.emptyList();

        for (List<?> idAndValue : subjectAltNames) {
            if (idAndValue != null && idAndValue.size() == 2) {
                if (idAndValue.get(0).equals(SUBJECT_ALT_NAME_URI)) {
                    Object uri = idAndValue.get(1);
                    return uri != null ? uri.toString() : null;
                }
            }
        }

        return null;
    } catch (CertificateParsingException e) {
        throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
    }
}

/**
 * Extract the value of a given SubjectAltName field from a {@link X509Certificate}.
 *
 * @param certificate the certificate.
 * @param field       the field number.
 * @return an {@link Optional} containing the value in the field.
 * @see #SUBJECT_ALT_NAME_IP_ADDRESS
 * @see #SUBJECT_ALT_NAME_DNS_NAME
 * @see #SUBJECT_ALT_NAME_URI
 */
public static Optional<Object> getSubjectAltNameField(X509Certificate certificate, int field) {
    try {
        Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames == null) subjectAltNames = Collections.emptyList();

        for (List<?> idAndValue : subjectAltNames) {
            if (idAndValue != null && idAndValue.size() == 2) {
                if (idAndValue.get(0).equals(field)) {
                    return Optional.ofNullable(idAndValue.get(1));
                }
            }
        }

        return Optional.empty();
    } catch (CertificateParsingException e) {
        return Optional.empty();
    }
}

/**
 * Retrieves Subject Alternative Name UPN extension as a principal id String.
 *
 * @param certificate X.509 certificate credential.
 *
 * @return Resolved principal ID or null if no SAN UPN extension is available in provided certificate.
 *
 * @see AbstractX509PrincipalResolver#resolvePrincipalInternal(java.security.cert.X509Certificate)
 * @see java.security.cert.X509Certificate#getSubjectAlternativeNames()
 */
@Override
protected String resolvePrincipalInternal(final X509Certificate certificate) {
    logger.debug("Resolving principal from Subject Alternative Name UPN for {}", certificate);
    try {
        final Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
        if (subjectAltNames != null) {
            for (final List<?> sanItem : subjectAltNames) {
                final ASN1Sequence seq = getAltnameSequence(sanItem);
                final String upnString = getUPNStringFromSequence(seq);
                if (upnString != null) {
                    return upnString;
                }
            }
        }
    } catch (final CertificateParsingException e) {
        logger.error("Error is encountered while trying to retrieve subject alternative names collection from certificate", e);
        logger.debug("Returning null principal id...");
        return null;
    }
    logger.debug("Returning null principal id...");
    return null;
}

protected static void addAdditionalStoresFromAltNames(
    X509Certificate cert,
    ExtendedPKIXParameters pkixParams)
    throws CertificateParsingException
{
    // if in the IssuerAltName extension an URI
    // is given, add an additional X.509 store
    if (cert.getIssuerAlternativeNames() != null)
    {
        Iterator it = cert.getIssuerAlternativeNames().iterator();
        while (it.hasNext())
        {
            // look for URI
            List list = (List)it.next();
            if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier)))
            {
                // found
                String temp = (String)list.get(1);
                CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams);
            }
        }
    }
}

public AttributeCertificateHolder(X509Certificate cert)
    throws CertificateParsingException
{
    X509Principal name;

    try
    {
        name = PrincipalUtil.getIssuerX509Principal(cert);
    }
    catch (Exception e)
    {
        throw new CertificateParsingException(e.getMessage());
    }

    holder = new Holder(new IssuerSerial(generateGeneralNames(name),
        new ASN1Integer(cert.getSerialNumber())));
}

private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature)
    throws CertificateEncodingException
{
    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));

    try
    {
        return new X509CertificateObject(Certificate.getInstance(new DERSequence(v)));
    }
    catch (CertificateParsingException e)
    {
        throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
}

/**
 * add a given extension field for the standard extensions tag (tag 3)
 * copying the extension value from another certificate.
 * @throws CertificateParsingException if the extension cannot be extracted.
 */
public void copyAndAddExtension(
    String          oid,
    boolean         critical,
    X509Certificate cert) 
    throws CertificateParsingException
{
    byte[] extValue = cert.getExtensionValue(oid);

    if (extValue == null)
    {
        throw new CertificateParsingException("extension " + oid + " not present");
    }

    try
    {
        ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue);

        this.addExtension(oid, critical, value);
    }
    catch (IOException e)
    {
        throw new CertificateParsingException(e.toString());
    }
}

private Certificate readDERCertificate(
    InputStream in)
    throws IOException, CertificateParsingException
{
    ASN1InputStream dIn = new ASN1InputStream(in);
    ASN1Sequence seq = (ASN1Sequence)dIn.readObject();

    if (seq.size() > 1
            && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
    {
        if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
        {
            sData = new SignedData(ASN1Sequence.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();

            return getCertificate();
        }
    }

    return new X509CertificateObject(
                        org.bouncycastle.asn1.x509.Certificate.getInstance(seq));
}

private Certificate getCertificate()
    throws CertificateParsingException
{
    if (sData != null)
    {
        while (sDataObjectCount < sData.size())
        {
            Object obj = sData.getObjectAt(sDataObjectCount++);

            if (obj instanceof ASN1Sequence)
            {
               return new X509CertificateObject(
                                org.bouncycastle.asn1.x509.Certificate.getInstance(obj));
            }
        }
    }

    return null;
}

private java.security.cert.Certificate readDERCertificate(
    ASN1InputStream dIn)
    throws IOException, CertificateParsingException
{
    ASN1Sequence seq = (ASN1Sequence)dIn.readObject();

    if (seq.size() > 1
            && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
    {
        if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
        {
            sData = SignedData.getInstance(ASN1Sequence.getInstance(
                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();

            return getCertificate();
        }
    }

    return new X509CertificateObject(bcHelper,
                        Certificate.getInstance(seq));
}

private java.security.cert.Certificate getCertificate()
    throws CertificateParsingException
{
    if (sData != null)
    {
        while (sDataObjectCount < sData.size())
        {
            Object obj = sData.getObjectAt(sDataObjectCount++);

            if (obj instanceof ASN1Sequence)
            {
               return new X509CertificateObject(bcHelper,
                                Certificate.getInstance(obj));
            }
        }
    }

    return null;
}

public Collection<List<?>> getSubjectAlternativeNames()
  throws CertificateParsingException
{
  Extension e = getExtension(SubjectAlternativeNames.ID);
  if (e != null)
    {
      List<GeneralName> names
        = ((SubjectAlternativeNames) e.getValue()).getNames();
      List<List<?>> list = new ArrayList<List<?>>(names.size());
      for (GeneralName name : names)
        {
          List<Object> n = new ArrayList<Object>(2);
          n.add(name.kind().tag());
          n.add(name.name());
          list.add(n);
        }
      return list;
    }
  return null;
}

public Collection<List<?>> getIssuerAlternativeNames()
  throws CertificateParsingException
{
  Extension e = getExtension(IssuerAlternativeNames.ID);
  if (e != null)
    {
      List<GeneralName> names
        = ((IssuerAlternativeNames) e.getValue()).getNames();
      List<List<?>> list = new ArrayList<List<?>>(names.size());
      for (GeneralName name : names)
        {
          List<Object> n = new ArrayList<Object>(2);
          n.add(name.kind().tag());
          n.add(name.name());
          list.add(n);
        }
      return list;
    }
  return null;
}

private boolean hasNomadAgentAltName(final SSLSession session) {
    try {
        final X509Certificate certificate = (X509Certificate) session.getPeerCertificates()[0];
        final Collection<List<?>> entries = certificate.getSubjectAlternativeNames();
        if (entries == null) {
            return false;
        }
        for (List<?> entry : entries) {
            if (entry.size() >= 2 && (Integer) entry.get(0) == 2) {
                final String name = (String) entry.get(1);
                if (NOMAD_ALT_NAME_PATTERN.matcher(name).matches()) {
                    return true;
                }
            }
        }
    } catch (final SSLException | CertificateParsingException ignored) {
    }
    return false;
}

static List<String> extractSubjectAlts(final X509Certificate cert, final int subjectType) {
    Collection<List<?>> c = null;
    try {
        c = cert.getSubjectAlternativeNames();
    } catch(final CertificateParsingException ignore) {
    }
    List<String> subjectAltList = null;
    if (c != null) {
        for (final List<?> aC : c) {
            final List<?> list = aC;
            final int type = ((Integer) list.get(0)).intValue();
            if (type == subjectType) {
                final String s = (String) list.get(1);
                if (subjectAltList == null) {
                    subjectAltList = new ArrayList<String>();
                }
                subjectAltList.add(s);
            }
        }
    }
    return subjectAltList;
}

static List<String> extractSubjectAlts(final X509Certificate cert, final int subjectType) {
    Collection<List<?>> c = null;
    try {
        c = cert.getSubjectAlternativeNames();
    } catch(final CertificateParsingException ignore) {
    }
    List<String> subjectAltList = null;
    if (c != null) {
        for (final List<?> aC : c) {
            final List<?> list = aC;
            final int type = ((Integer) list.get(0)).intValue();
            if (type == subjectType) {
                final String s = (String) list.get(1);
                if (subjectAltList == null) {
                    subjectAltList = new ArrayList<String>();
                }
                subjectAltList.add(s);
            }
        }
    }
    return subjectAltList;
}

/**
 * Extract a {@link ASN1OctetString} that represents the value of a given extension
 *
 * @param cert is X509 certificate out of which an extension should be extracted
 * @param Oid is the Object IDentifier for the extension
 * @return a {@link ASN1OctetString} that represents an extension or {@code null} if no such
 * extension is found.
 * @throws CertificateParsingException if a parsing error occurs
 */
public static ASN1OctetString extractExtensionValue(X509Certificate cert, String Oid)
    throws CertificateParsingException {
  byte[] extensionValue = cert.getExtensionValue(Oid);

  if (extensionValue == null || extensionValue.length == 0) {
    // Did not find extension
    return null;
  }

  ASN1Object asn1Object = getAsn1Object(extensionValue);
  if (asn1Object == null || !(asn1Object instanceof ASN1OctetString)) {
    throw new CertificateParsingException("Expected ASN1OctetString.");
  }

  return (ASN1OctetString) asn1Object;
}

private static ASN1Sequence getKeyDescriptionSequence(ASN1OctetString octet)
    throws CertificateParsingException {
  // Read out the Sequence
  ASN1Object asn1Object = X509ExtensionParsingUtil.getAsn1Object(octet.getOctets());
  if (asn1Object == null || !(asn1Object instanceof ASN1Sequence)) {
    throw new CertificateParsingException("Expected KeyDescription Sequence.");
  }
  ASN1Sequence sequence = (ASN1Sequence) asn1Object;

  if (sequence.size() != DESCRIPTION_LENGTH) {
    throw new CertificateParsingException("KeyDescription Sequence has " + sequence.size()
        + " elements.  Expected " + DESCRIPTION_LENGTH + " elements ");
  }

  return sequence;
}

private static <T> List<T> getListFromTaggedObjectSet(
    HashMap<Integer, ASN1Primitive> taggedObjects, int tag, Class<T> type)
    throws CertificateParsingException {
  ASN1Primitive asn1Primitive = taggedObjects.get(tag);
  if (asn1Primitive == null) {
    // No tagged object mode found
    return null;
  }

  if (!(asn1Primitive instanceof ASN1Set)) {
    throw new CertificateParsingException("Expected ASN1Set");
  }

  ASN1Set set = (ASN1Set) asn1Primitive;
  List<T> list = new ArrayList<T>();
  for (ASN1Encodable asn1Encodable : set.toArray()) {
    list.add(buildTypeFromInt(X509ExtensionParsingUtil.getInt(asn1Encodable), type));
  }

  return list;
}

public List<String> getSubjectAlternativeNames() {
    List<String> subjectAlternativeNames = new LinkedList<String>();

    try {
        if (certificate.getSubjectAlternativeNames() == null) {
            return subjectAlternativeNames;
        }

        for (List<?> i : certificate.getSubjectAlternativeNames()) {
            subjectAlternativeNames.add(i.get(1) + " (" + ObjectIdentifier.getSubjectAlternativeNames((Integer) i.get(0)) + ")");
        }
    } catch (CertificateParsingException e) {
        e.printStackTrace();
    }

    return subjectAlternativeNames;
}

public List<String> getIssuerAlternativeNames() {
    List<String> issuerAlternativeNames = new LinkedList<String>();

    try {
        if (certificate.getIssuerAlternativeNames() == null) {
            return issuerAlternativeNames;
        }

        for (List<?> i : certificate.getIssuerAlternativeNames()) {
            issuerAlternativeNames.add(i.get(1) + " (" + ObjectIdentifier.getSubjectAlternativeNames((Integer) i.get(0)) + ")");
        }
    } catch (CertificateParsingException e) {
        e.printStackTrace();
    }

    return issuerAlternativeNames;
}