protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess) { Vector urls = new Vector(); if (authInfoAccess != null) { AccessDescription[] ads = authInfoAccess.getAccessDescriptions(); for (int i = 0; i < ads.length; i++) { if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { GeneralName name = ads[i].getAccessLocation(); if (name.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = ((DERIA5String) name.getName()).getString(); urls.add(url); } } } } return urls; }
public static AccessDescription createAccessDescription(String accessMethodAndLocation) throws BadInputException { ParamUtil.requireNonNull("accessMethodAndLocation", accessMethodAndLocation); ConfPairs pairs; try { pairs = new ConfPairs(accessMethodAndLocation); } catch (IllegalArgumentException ex) { throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation); } Set<String> oids = pairs.names(); if (oids == null || oids.size() != 1) { throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation); } String accessMethodS = oids.iterator().next(); String taggedValue = pairs.value(accessMethodS); ASN1ObjectIdentifier accessMethod = new ASN1ObjectIdentifier(accessMethodS); GeneralName location = createGeneralName(taggedValue); return new AccessDescription(accessMethod, location); }
/** * Returns the AuthorityInfoAccess extension value on list format.<br> * Otherwise, returns <b>list empty</b>.<br> * @return List Authority info access list */ public List<String> getAuthorityInfoAccess() { List<String> address = new ArrayList<String>(); try { byte[] authorityInfoAccess = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (authorityInfoAccess != null && authorityInfoAccess.length > 0) { AuthorityInformationAccess infoAccess = AuthorityInformationAccess.getInstance(X509ExtensionUtil .fromExtensionValue(authorityInfoAccess)); for (AccessDescription desc : infoAccess.getAccessDescriptions()) if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) address.add(((DERIA5String) desc.getAccessLocation().getName()).getString()); } return address; } catch (IOException error) { logger.info(error.getMessage()); return address; } }
private void okPressed() { List<AccessDescription> accessDescriptions = jadAccessDescriptions.getAccessDescriptions(); if (accessDescriptions.size() == 0) { JOptionPane.showMessageDialog(this, res.getString("DSubjectInformationAccess.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } SubjectInfoAccess subjectInformationAccess = new SubjectInfoAccess(accessDescriptions); try { value = subjectInformationAccess.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }
/** * Returns the rendered cell. * * @param jtAccessDescriptions * The JTable * @param value * The value to assign to the cell * @param isSelected * True if cell is selected * @param row * The row of the cell to render * @param col * The column of the cell to render * @param hasFocus * If true, render cell appropriately * @return The renderered cell */ @Override public Component getTableCellRendererComponent(JTable jtAccessDescriptions, Object value, boolean isSelected, boolean hasFocus, int row, int col) { JLabel cell = (JLabel) super.getTableCellRendererComponent(jtAccessDescriptions, value, isSelected, hasFocus, row, col); AccessDescription accessDescription = (AccessDescription) value; if (col == 0) { cell.setText(accessDescription.getAccessMethod().getId()); } else { cell.setText(GeneralNameUtil.safeToString(accessDescription.getAccessLocation(), false)); } cell.setHorizontalAlignment(LEFT); cell.setBorder(new EmptyBorder(0, 5, 0, 5)); return cell; }
private void addPressed() { Container container = getTopLevelAncestor(); DAccessDescriptionChooser dAccessDescriptionChooser = null; if (container instanceof JDialog) { dAccessDescriptionChooser = new DAccessDescriptionChooser((JDialog) container, title, null); dAccessDescriptionChooser.setLocationRelativeTo(container); dAccessDescriptionChooser.setVisible(true); } else if (container instanceof JFrame) { dAccessDescriptionChooser = new DAccessDescriptionChooser((JFrame) container, title, null); dAccessDescriptionChooser.setLocationRelativeTo(container); dAccessDescriptionChooser.setVisible(true); } AccessDescription newAccessDescription = dAccessDescriptionChooser.getAccessDescription(); if (newAccessDescription == null) { return; } accessDescriptions.add(newAccessDescription); populate(); selectAccessDescriptionInTable(newAccessDescription); }
/** * Load the AccessDescriptionsTableModel with access descriptions. * * @param accessDescriptions * The access descriptions */ public void load(List<AccessDescription> accessDescriptions) { AccessDescription[] accessDescriptionsArray = accessDescriptions .toArray(new AccessDescription[accessDescriptions.size()]); Arrays.sort(accessDescriptionsArray, new AccessDescriptionMethodComparator()); data = new Object[accessDescriptionsArray.length][2]; int i = 0; for (AccessDescription accessDescription : accessDescriptionsArray) { data[i][0] = accessDescription; data[i][1] = accessDescription; i++; } fireTableDataChanged(); }
private void okPressed() { ASN1ObjectIdentifier accessMethod = joiAccessMethod.getObjectId(); if (accessMethod == null) { JOptionPane.showMessageDialog(this, res.getString("DAccessDescriptionChooser.AccessMethodValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } GeneralName accessLocation = jgnAccessLocation.getGeneralName(); if (accessLocation == null) { JOptionPane.showMessageDialog(this, res.getString("DAccessDescriptionChooser.AccessLocationValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } accessDescription = new AccessDescription(accessMethod, accessLocation); closeDialog(); }
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, DERObject aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess .getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); DERObjectIdentifier acessMethod = accessDescription .getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName); } } }
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, ASN1Primitive aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess .getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); DERObjectIdentifier acessMethod = accessDescription .getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName); } } }
private static List<String> getAccessLocations(final CertificateToken certificate, ASN1ObjectIdentifier aiaType) { List<String> locationsUrls = new ArrayList<String>(); final byte[] authInfoAccessExtensionValue = certificate.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return locationsUrls; } try { ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue); AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(asn1Sequence); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (aiaType.equals(accessDescription.getAccessMethod())) { GeneralName gn = accessDescription.getAccessLocation(); String location = parseGn(gn); if (location != null) { locationsUrls.add(location); } } } } catch (Exception e) { LOG.error("Unable to parse authorityInfoAccess", e); } return locationsUrls; }
/** * Get Authority Information Access (1.3.6.1.5.5.7.1.1) or Subject Information Access (1.3.6.1.5.5.7.1.11) extension * value as a string. * * @param bValue The octet string value * @return Extension value as a string * @throws IOException If an I/O problem occurs */ private String getInformationAccessStringValue(byte[] bValue) throws IOException { AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(bValue); StringBuilder sb = new StringBuilder(); AccessDescription[] accDescs = access.getAccessDescriptions(); for (AccessDescription accDesc : accDescs) { if (sb.length() != 0) { sb.append("<br>"); } String accOid = accDesc.getAccessMethod().toString(); String accMeth = getRes(accOid, "UnrecognisedAccessMethod"); LinkClass linkClass = LinkClass.BROWSER; if (accOid.equals(AccessDescription.id_ad_ocsp.getId())) { linkClass = LinkClass.OCSP; } else if (accOid.equals(AccessDescription.id_ad_caIssuers.getId())) { linkClass = LinkClass.CERTIFICATE; } sb.append("<ul><li>"); sb.append(MessageFormat.format(accMeth, accOid)); sb.append(": <ul><li>"); sb.append(getGeneralNameString(accDesc.getAccessLocation(), linkClass)); sb.append("</li></ul></li></ul>"); } return sb.toString(); }
private void addAuthorityInformationAccess(String issuerName, X509v3CertificateBuilder v3CertGen) throws CertIOException { AccessDescription caIssuers = new AccessDescription(AccessDescription.id_ad_caIssuers, new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(SERVER_BASE_REST_PKI_URL + issuerName + AIA_URL))); ASN1EncodableVector aia_ASN = new ASN1EncodableVector(); aia_ASN.add(caIssuers); v3CertGen.addExtension(Extension.authorityInfoAccess, false, new DERSequence(aia_ASN)); }
private SubjectInfoAccess(ASN1Sequence seq) { accessDescriptions = new Vector<AccessDescription>(); for (int i = 0; i != seq.size(); i++) { accessDescriptions.add(AccessDescription.getInstance(seq.getObjectAt(i))); } }
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(); Iterator<AccessDescription> it = accessDescriptions.iterator(); while (it.hasNext()) { vec.add(it.next().toASN1Primitive()); } return new DERSequence(vec); }
private void prepopulateWithValue(byte[] value) throws IOException { AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(value); List<AccessDescription> accessDescriptionList = new ArrayList<AccessDescription>(Arrays.asList(authorityInformationAccess.getAccessDescriptions())); jadAccessDescriptions.setAccessDescriptions(accessDescriptionList); }
private void okPressed() { List<AccessDescription> accessDescriptions = jadAccessDescriptions.getAccessDescriptions(); if (accessDescriptions.size() == 0) { JOptionPane.showMessageDialog(this, res.getString("DAuthorityInformationAccess.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } ASN1EncodableVector vec = new ASN1EncodableVector(); for (AccessDescription accessDescription : accessDescriptions) { vec.add(accessDescription); } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(new DERSequence(vec)); try { value = authorityInformationAccess.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }
private void populate() { if (accessDescriptions == null) { accessDescriptions = new ArrayList<AccessDescription>(); } reloadAccessDescriptionsTable(); selectFirstAccessDescriptionInTable(); updateButtonControls(); }
private void removeSelectedAccessDescription() { int selectedRow = jtAccessDescriptions.getSelectedRow(); if (selectedRow != -1) { AccessDescription accessDescription = (AccessDescription) jtAccessDescriptions.getValueAt(selectedRow, 0); accessDescriptions.remove(accessDescription); reloadAccessDescriptionsTable(); selectFirstAccessDescriptionInTable(); updateButtonControls(); } }
private void editSelectedAccessDescription() { int selectedRow = jtAccessDescriptions.getSelectedRow(); if (selectedRow != -1) { AccessDescription accessDescription = (AccessDescription) jtAccessDescriptions.getValueAt(selectedRow, 0); Container container = getTopLevelAncestor(); DAccessDescriptionChooser dAccessDescriptionChooser = null; if (container instanceof JDialog) { dAccessDescriptionChooser = new DAccessDescriptionChooser((JDialog) container, title, accessDescription); dAccessDescriptionChooser.setLocationRelativeTo(container); dAccessDescriptionChooser.setVisible(true); } else if (container instanceof JFrame) { dAccessDescriptionChooser = new DAccessDescriptionChooser((JFrame) container, title, accessDescription); dAccessDescriptionChooser.setLocationRelativeTo(container); dAccessDescriptionChooser.setVisible(true); } AccessDescription newAccessDescription = dAccessDescriptionChooser.getAccessDescription(); if (newAccessDescription == null) { return; } accessDescriptions.remove(accessDescription); accessDescriptions.add(newAccessDescription); populate(); selectAccessDescriptionInTable(newAccessDescription); } }
private void selectAccessDescriptionInTable(AccessDescription accessDescription) { for (int i = 0; i < jtAccessDescriptions.getRowCount(); i++) { if (accessDescription.equals(jtAccessDescriptions.getValueAt(i, 0))) { jtAccessDescriptions.changeSelection(i, 0, false, false); return; } } }
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, ASN1Primitive aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); ASN1ObjectIdentifier acessMethod = accessDescription.getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName); } } }
public static String getCACertificateURL(X509Certificate certificate) throws IOException { byte[] bOctets = ((ASN1OctetString) ASN1Primitive.fromByteArray(certificate.getExtensionValue(Extension.authorityInfoAccess.getId()))).getOctets(); AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(ASN1Sequence.fromByteArray(bOctets)); for (AccessDescription ad:access.getAccessDescriptions()){ if (ad.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)){ return ad.getAccessLocation().getName().toString(); } } return null; }
private URI getAccessLocation(X509Certificate certificate, ASN1ObjectIdentifier accessMethod) throws IOException, URISyntaxException { byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } AuthorityInformationAccess authorityInformationAccess; DEROctetString oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)) .readObject()); authorityInformationAccess = AuthorityInformationAccess .getInstance(new ASN1InputStream(oct.getOctets()).readObject()); AccessDescription[] accessDescriptions = authorityInformationAccess .getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { LOG.debug("access method: " + accessDescription.getAccessMethod()); boolean correctAccessMethod = accessDescription.getAccessMethod() .equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); LOG.debug("access location: " + accessLocation); URI uri = toURI(accessLocation); LOG.debug("access location URI: " + uri); return uri; } return null; }
@SuppressWarnings({ "deprecation", "resource" }) private String getOCSPUrl(X509Certificate certificate) throws IOException { ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId()); } catch (IOException ex) { log.error("Failed to get OCSP URL", ex); return null; } if (obj == null) { return null; } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod); if (!correctAccessMethod) { continue; } GeneralName name = accessDescription.getAccessLocation(); if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { continue; } DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false); return derStr.getString(); } return null; }
private static ASN1Sequence createSubjectInfoAccess(Extensions requestedExtensions, Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException { if (modes == null) { return null; } ASN1Encodable extValue = requestedExtensions.getExtensionParsedValue( Extension.subjectInfoAccess); if (extValue == null) { return null; } ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue); int size = reqSeq.size(); ASN1EncodableVector vec = new ASN1EncodableVector(); for (int i = 0; i < size; i++) { AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); Set<GeneralNameMode> generalNameModes = modes.get(accessMethod); if (generalNameModes == null) { throw new BadCertTemplateException("subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed"); } GeneralName accessLocation = X509CertprofileUtil.createGeneralName( ad.getAccessLocation(), generalNameModes); vec.add(new AccessDescription(accessMethod, accessLocation)); } // end for return vec.size() > 0 ? new DERSequence(vec) : null; }
/** * Creates a new instance with the given list of accessDescription. */ public SubjectInfoAccess(List<AccessDescription> accessDescriptions) { this.accessDescriptions = accessDescriptions; }
/** * Returns a list with the AccessDescription objects. */ public List<AccessDescription> getAccessDescriptionList() { return accessDescriptions; }
private String getAuthorityInformationAccessStringValue(byte[] value) throws IOException { // @formatter:off /* * AuthorityInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF * AccessDescription * * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER, * accessLocation GeneralName } */ // @formatter:on StringBuilder sb = new StringBuilder(); AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(value); int accessDesc = 0; for (AccessDescription accessDescription : authorityInfoAccess.getAccessDescriptions()) { accessDesc++; // Convert OID to access method ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod(); AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId()); String accessMethodStr = null; if (accessMethodType != null) { accessMethodStr = accessMethodType.friendly(); } else { // Unrecognised Access Method OID accessMethodStr = ObjectIdUtil.toString(accessMethod); } GeneralName accessLocation = accessDescription.getAccessLocation(); String accessLocationStr = GeneralNameUtil.toString(accessLocation); sb.append(MessageFormat.format(res.getString("AuthorityInformationAccess"), accessDesc)); sb.append(NEWLINE); sb.append(INDENT); sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr)); sb.append(NEWLINE); sb.append(INDENT); sb.append(res.getString("AccessLocation")); sb.append(NEWLINE); sb.append(INDENT.toString(2)); sb.append(accessLocationStr); sb.append(NEWLINE); } return sb.toString(); }
private String getSubjectInformationAccessStringValue(byte[] value) throws IOException { // @formatter:off /* * SubjectInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF * AccessDescription * * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER, * accessLocation GeneralName } */ // @formatter:on StringBuilder sb = new StringBuilder(); SubjectInfoAccess subjectInfoAccess = SubjectInfoAccess.getInstance(value); int accessDesc = 0; for (AccessDescription accessDescription : subjectInfoAccess.getAccessDescriptionList()) { accessDesc++; // Convert OID to access method ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod(); AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId()); String accessMethodStr = null; if (accessMethodType != null) { accessMethodStr = accessMethodType.friendly(); } // Unrecognised Access Method OID else { accessMethodStr = ObjectIdUtil.toString(accessMethod); } GeneralName accessLocation = accessDescription.getAccessLocation(); String accessLocationStr = GeneralNameUtil.toString(accessLocation); sb.append(MessageFormat.format(res.getString("SubjectInformationAccess"), accessDesc)); sb.append(NEWLINE); sb.append(INDENT); sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr)); sb.append(NEWLINE); sb.append(INDENT); sb.append(res.getString("AccessLocation")); sb.append(NEWLINE); sb.append(INDENT); sb.append(INDENT); sb.append(accessLocationStr); sb.append(NEWLINE); } return sb.toString(); }
@Override public int compare(AccessDescription description1, AccessDescription description2) { return objectIdComparator.compare(description1.getAccessMethod(), description2.getAccessMethod()); }
@Override public int compare(AccessDescription description1, AccessDescription description2) { return GeneralNameUtil.safeToString(description1.getAccessLocation(), false).compareToIgnoreCase( GeneralNameUtil.safeToString(description2.getAccessLocation(), false)); }
private void populate(AccessDescription accessDescription) { if (accessDescription != null) { joiAccessMethod.setObjectId(accessDescription.getAccessMethod()); jgnAccessLocation.setGeneralName(accessDescription.getAccessLocation()); } }
private void checkExtensionSubjectInfoAccess(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) { Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> conf = certProfile.subjectInfoAccessModes(); if (conf == null) { failureMsg.append("extension is present but not expected; "); return; } ASN1Encodable requestExtValue = null; if (requestedExtensions != null) { requestExtValue = requestedExtensions.getExtensionParsedValue( Extension.subjectInfoAccess); } if (requestExtValue == null) { failureMsg.append("extension is present but not expected; "); return; } ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue); ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue); int size = requestSeq.size(); if (certSeq.size() != size) { addViolation(failureMsg, "size of GeneralNames", certSeq.size(), size); return; } for (int i = 0; i < size; i++) { AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i)); ASN1ObjectIdentifier accessMethod = ad.getAccessMethod(); Set<GeneralNameMode> generalNameModes = conf.get(accessMethod); if (generalNameModes == null) { failureMsg.append("accessMethod in requestedExtension "); failureMsg.append(accessMethod.getId()).append(" is not allowed; "); continue; } AccessDescription certAccessDesc = AccessDescription.getInstance( certSeq.getObjectAt(i)); ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod(); boolean bo = (accessMethod == null) ? (certAccessMethod == null) : accessMethod.equals(certAccessMethod); if (!bo) { addViolation(failureMsg, "accessMethod", (certAccessMethod == null) ? "null" : certAccessMethod.getId(), (accessMethod == null) ? "null" : accessMethod.getId()); continue; } GeneralName accessLocation; try { accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes); } catch (BadCertTemplateException ex) { failureMsg.append("invalid requestedExtension: ").append(ex.getMessage()); failureMsg.append("; "); continue; } GeneralName certAccessLocation = certAccessDesc.getAccessLocation(); if (!certAccessLocation.equals(accessLocation)) { failureMsg.append("accessLocation does not match the requested one; "); } } }
private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia, ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) { String typeDesc; if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> isAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { isAccessDescriptions.add(accessDescription); } } int size = isAccessDescriptions.size(); if (size != expectedUris.size()) { addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size()); return; } Set<String> isUris = new HashSet<>(); for (int i = 0; i < size; i++) { GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation(); if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { addViolation(failureMsg, "tag of accessLocation of AIA ", isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier); } else { String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString(); isUris.add(isOcspUri); } } Set<String> diffs = strInBnotInA(expectedUris, isUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are present but not expected; "); } diffs = strInBnotInA(isUris, expectedUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are absent but are required; "); } }
/** * Get access descriptions. * * @return Access descriptions */ public List<AccessDescription> getAccessDescriptions() { return accessDescriptions; }
