protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess) { Vector urls = new Vector(); if (authInfoAccess != null) { AccessDescription[] ads = authInfoAccess.getAccessDescriptions(); for (int i = 0; i < ads.length; i++) { if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { GeneralName name = ads[i].getAccessLocation(); if (name.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = ((DERIA5String) name.getName()).getString(); urls.add(url); } } } } return urls; }
/** * Returns the AuthorityInfoAccess extension value on list format.<br> * Otherwise, returns <b>list empty</b>.<br> * @return List Authority info access list */ public List<String> getAuthorityInfoAccess() { List<String> address = new ArrayList<String>(); try { byte[] authorityInfoAccess = certificate.getExtensionValue(Extension.authorityInfoAccess.getId()); if (authorityInfoAccess != null && authorityInfoAccess.length > 0) { AuthorityInformationAccess infoAccess = AuthorityInformationAccess.getInstance(X509ExtensionUtil .fromExtensionValue(authorityInfoAccess)); for (AccessDescription desc : infoAccess.getAccessDescriptions()) if (desc.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) address.add(((DERIA5String) desc.getAccessLocation().getName()).getString()); } return address; } catch (IOException error) { logger.info(error.getMessage()); return address; } }
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, DERObject aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess .getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); DERObjectIdentifier acessMethod = accessDescription .getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName); } } }
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, ASN1Primitive aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess .getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); DERObjectIdentifier acessMethod = accessDescription .getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName); } } }
private static List<String> getAccessLocations(final CertificateToken certificate, ASN1ObjectIdentifier aiaType) { List<String> locationsUrls = new ArrayList<String>(); final byte[] authInfoAccessExtensionValue = certificate.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return locationsUrls; } try { ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue); AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(asn1Sequence); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (aiaType.equals(accessDescription.getAccessMethod())) { GeneralName gn = accessDescription.getAccessLocation(); String location = parseGn(gn); if (location != null) { locationsUrls.add(location); } } } } catch (Exception e) { LOG.error("Unable to parse authorityInfoAccess", e); } return locationsUrls; }
private void checkExtensionAuthorityInfoAccess(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) { AuthorityInfoAccessControl aiaControl = certProfile.aiaControl(); Set<String> expCaIssuerUris = (aiaControl == null || aiaControl.includesCaIssuers()) ? issuerInfo.caIssuerUrls() : Collections.emptySet(); Set<String> expOcspUris = (aiaControl == null || aiaControl.includesOcsp()) ? issuerInfo.ocspUrls() : Collections.emptySet(); if (CollectionUtil.isEmpty(expCaIssuerUris) && CollectionUtil.isEmpty(expOcspUris)) { failureMsg.append("AIA is present but expected is 'none'; "); return; } AuthorityInformationAccess isAia = AuthorityInformationAccess.getInstance(extensionValue); checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_caIssuers, expCaIssuerUris); checkAia(failureMsg, isAia, X509ObjectIdentifiers.id_ad_ocsp, expOcspUris); }
private ServiceLocator(ASN1Sequence sequence) { this.issuer = X500Name.getInstance(sequence.getObjectAt(0)); if (sequence.size() == 2) { this.locator = AuthorityInformationAccess.getInstance(sequence.getObjectAt(1)); } else { this.locator = null; } }
/** * Get Authority Information Access (1.3.6.1.5.5.7.1.1) or Subject Information Access (1.3.6.1.5.5.7.1.11) extension * value as a string. * * @param bValue The octet string value * @return Extension value as a string * @throws IOException If an I/O problem occurs */ private String getInformationAccessStringValue(byte[] bValue) throws IOException { AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(bValue); StringBuilder sb = new StringBuilder(); AccessDescription[] accDescs = access.getAccessDescriptions(); for (AccessDescription accDesc : accDescs) { if (sb.length() != 0) { sb.append("<br>"); } String accOid = accDesc.getAccessMethod().toString(); String accMeth = getRes(accOid, "UnrecognisedAccessMethod"); LinkClass linkClass = LinkClass.BROWSER; if (accOid.equals(AccessDescription.id_ad_ocsp.getId())) { linkClass = LinkClass.OCSP; } else if (accOid.equals(AccessDescription.id_ad_caIssuers.getId())) { linkClass = LinkClass.CERTIFICATE; } sb.append("<ul><li>"); sb.append(MessageFormat.format(accMeth, accOid)); sb.append(": <ul><li>"); sb.append(getGeneralNameString(accDesc.getAccessLocation(), linkClass)); sb.append("</li></ul></li></ul>"); } return sb.toString(); }
private void prepopulateWithValue(byte[] value) throws IOException { AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(value); List<AccessDescription> accessDescriptionList = new ArrayList<AccessDescription>(Arrays.asList(authorityInformationAccess.getAccessDescriptions())); jadAccessDescriptions.setAccessDescriptions(accessDescriptionList); }
private void okPressed() { List<AccessDescription> accessDescriptions = jadAccessDescriptions.getAccessDescriptions(); if (accessDescriptions.size() == 0) { JOptionPane.showMessageDialog(this, res.getString("DAuthorityInformationAccess.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } ASN1EncodableVector vec = new ASN1EncodableVector(); for (AccessDescription accessDescription : accessDescriptions) { vec.add(accessDescription); } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(new DERSequence(vec)); try { value = authorityInformationAccess.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }
public static void extractAuthorityInformationAccess(List<String> OCSPUrl, ASN1Primitive aiaExt) { AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(aiaExt); AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); DERObjectIdentifier OCSPOid = new DERObjectIdentifier( "1.3.6.1.5.5.7.48.1"); //$NON-NLS-1$ for (AccessDescription accessDescription : accessDescriptions) { GeneralName generalName = accessDescription.getAccessLocation(); String nextName = generalName.getName().toString(); ASN1ObjectIdentifier acessMethod = accessDescription.getAccessMethod(); if (acessMethod.equals(OCSPOid)) { OCSPUrl.add(nextName); } } }
public static String getCACertificateURL(X509Certificate certificate) throws IOException { byte[] bOctets = ((ASN1OctetString) ASN1Primitive.fromByteArray(certificate.getExtensionValue(Extension.authorityInfoAccess.getId()))).getOctets(); AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(ASN1Sequence.fromByteArray(bOctets)); for (AccessDescription ad:access.getAccessDescriptions()){ if (ad.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)){ return ad.getAccessLocation().getName().toString(); } } return null; }
private URI getAccessLocation(X509Certificate certificate, ASN1ObjectIdentifier accessMethod) throws IOException, URISyntaxException { byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } AuthorityInformationAccess authorityInformationAccess; DEROctetString oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)) .readObject()); authorityInformationAccess = AuthorityInformationAccess .getInstance(new ASN1InputStream(oct.getOctets()).readObject()); AccessDescription[] accessDescriptions = authorityInformationAccess .getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { LOG.debug("access method: " + accessDescription.getAccessMethod()); boolean correctAccessMethod = accessDescription.getAccessMethod() .equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String str = DERIA5String.getInstance(gn.getName()); String accessLocation = str.getString(); LOG.debug("access location: " + accessLocation); URI uri = toURI(accessLocation); LOG.debug("access location URI: " + uri); return uri; } return null; }
@SuppressWarnings({ "deprecation", "resource" }) private String getOCSPUrl(X509Certificate certificate) throws IOException { ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId()); } catch (IOException ex) { log.error("Failed to get OCSP URL", ex); return null; } if (obj == null) { return null; } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod); if (!correctAccessMethod) { continue; } GeneralName name = accessDescription.getAccessLocation(); if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { continue; } DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false); return derStr.getString(); } return null; }
public AuthorityInformationAccess getLocator() { return locator; }
private String getAuthorityInformationAccessStringValue(byte[] value) throws IOException { // @formatter:off /* * AuthorityInfoAccessSyntax ::= ASN1Sequence SIZE (1..MAX) OF * AccessDescription * * AccessDescription ::= ASN1Sequence { accessMethod OBJECT IDENTIFIER, * accessLocation GeneralName } */ // @formatter:on StringBuilder sb = new StringBuilder(); AuthorityInformationAccess authorityInfoAccess = AuthorityInformationAccess.getInstance(value); int accessDesc = 0; for (AccessDescription accessDescription : authorityInfoAccess.getAccessDescriptions()) { accessDesc++; // Convert OID to access method ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod(); AccessMethodType accessMethodType = AccessMethodType.resolveOid(accessMethod.getId()); String accessMethodStr = null; if (accessMethodType != null) { accessMethodStr = accessMethodType.friendly(); } else { // Unrecognised Access Method OID accessMethodStr = ObjectIdUtil.toString(accessMethod); } GeneralName accessLocation = accessDescription.getAccessLocation(); String accessLocationStr = GeneralNameUtil.toString(accessLocation); sb.append(MessageFormat.format(res.getString("AuthorityInformationAccess"), accessDesc)); sb.append(NEWLINE); sb.append(INDENT); sb.append(MessageFormat.format(res.getString("AccessMethod"), accessMethodStr)); sb.append(NEWLINE); sb.append(INDENT); sb.append(res.getString("AccessLocation")); sb.append(NEWLINE); sb.append(INDENT.toString(2)); sb.append(accessLocationStr); sb.append(NEWLINE); } return sb.toString(); }
private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia, ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) { String typeDesc; if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> isAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { isAccessDescriptions.add(accessDescription); } } int size = isAccessDescriptions.size(); if (size != expectedUris.size()) { addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size()); return; } Set<String> isUris = new HashSet<>(); for (int i = 0; i < size; i++) { GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation(); if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { addViolation(failureMsg, "tag of accessLocation of AIA ", isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier); } else { String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString(); isUris.add(isOcspUri); } } Set<String> diffs = strInBnotInA(expectedUris, isUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are present but not expected; "); } diffs = strInBnotInA(isUris, expectedUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are absent but are required; "); } }
