protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints) { Vector urls = new Vector(); if (crlDistPoints != null) { DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints(); for (int i = 0; i < distPoints.length; i++) { DistributionPointName dp_name = distPoints[i].getDistributionPoint(); if (dp_name.getType() == DistributionPointName.FULL_NAME) { GeneralName[] generalNames = GeneralNames.getInstance(dp_name.getName()).getNames(); for (int j = 0; j < generalNames.length; j++) { if (generalNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = ((DERIA5String) generalNames[j].getName()).getString(); urls.add(url); } } } } } return urls; }
public CRLDistributionPointsImpl(X509Certificate cert) throws CertificateException, IOException { URINames = new ArrayList<>(); byte[] extVal = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (extVal == null) return; CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extVal)); DistributionPoint[] points = crlDistPoint.getDistributionPoints(); for (DistributionPoint p : points) { GeneralNames tmp = p.getCRLIssuer(); if (tmp != null) { GeneralName[] crlIssers = tmp.getNames(); for (int i = 0; i < crlIssers.length; i++) { if (crlIssers[i].getTagNo() == GeneralName.uniformResourceIdentifier) { String issuerUrl = crlIssers[i].toString(); URINames.add(issuerUrl); } } } } }
public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) { ParamUtil.requireNonEmpty("crlUris", crlUris); int size = crlUris.size(); DistributionPoint[] points = new DistributionPoint[1]; GeneralName[] names = new GeneralName[size]; for (int i = 0; i < size; i++) { names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i)); } // Distribution Point GeneralNames gns = new GeneralNames(names); DistributionPointName pointName = new DistributionPointName(gns); GeneralNames crlIssuer = null; if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) { GeneralName crlIssuerName = new GeneralName(crlSignerSubject); crlIssuer = new GeneralNames(crlIssuerName); } points[0] = new DistributionPoint(pointName, null, crlIssuer); return new CRLDistPoint(points); }
/** * * @return A list of ulrs that inform the location of the certificate revocation lists * @throws IOException exception */ public List<String> getCRLDistributionPoint() throws IOException { List<String> crlUrls = new ArrayList<>(); ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId()); if (primitive == null) { return null; } CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive); DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName dpn = distributionPoint.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url); logger.info("Adicionando a url {}", url); } } } } } return crlUrls; }
private void addCRLSitributionPoints(String issuerName, X509v3CertificateBuilder v3CertGen) throws CertIOException { DistributionPointName distributionPoint = new DistributionPointName(new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, SERVER_BASE_REST_PKI_URL + issuerName + CRL_URL))); DistributionPoint[] distPoints = new DistributionPoint[1]; distPoints[0] = new DistributionPoint(distributionPoint, null, null); v3CertGen.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(distPoints)); }
public static List<String> getCrlDistributionPoints(byte[] crldpExt) throws CertificateParsingException, IOException { if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream( new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream( new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames .getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance( genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
public static List<String> getCrlDistributionPoints(byte[] crldpExt) throws CertificateParsingException, IOException { if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream( new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream( new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames .getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance( genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; }
/** * Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate. * * @param certificateToken * the cert token certificate * @param checkInTrustAnchors * if true, the method will search in the ServiceSupplyPoint urls * @return the {@code List} of CRL URI, or empty list if the extension is not present */ public static List<String> getCrlUrls(final CertificateToken certificateToken, boolean checkInTrustAnchors) { final List<String> urls = new ArrayList<String>(); final byte[] crlDistributionPointsBytes = certificateToken.getCertificate().getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crlDistributionPointsBytes != null) { try { final ASN1Sequence asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes); final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { String location = parseGn(name); if (location != null) { urls.add(location); } } } } catch (Exception e) { LOG.error("Unable to parse cRLDistributionPoints", e); } } if (Utils.isCollectionEmpty(urls) && checkInTrustAnchors) { return getServiceSupplyPoints(certificateToken, "crl", "certificateRevocationList"); } return urls; }
/** * Retorna URL da Lista de Certificados Revogados (CRL). Pode haver mais de uma dependendo do * emissor do certificado<br> * Mesmo que a CRL possua mais que uma fonte, retorna apenas a URL.<br> * Caso essa informacao nao esteja no certificado, retorna <b>null</b>.<br> * * @return String * @throws IOException */ public List<String> getCRLDistributionPoint() throws IOException{ //TODO - Precisa validar este metodo com a RFC List<String> lcrS = new ArrayList<String>(); DERObject derObj = getExtensionValue(X509Extensions.CRLDistributionPoints.getId()); if(derObj == null) { return null; } CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(derObj); DistributionPoint[] dp = crlDistPoint.getDistributionPoints(); for(int i=0 ; i<dp.length ; i++) { DERSequence seq = (DERSequence)new ASN1InputStream(dp[i].getDistributionPoint().getName().getDEREncoded()).readObject(); DERTaggedObject tag = (DERTaggedObject) seq.getObjectAt(0); try{ ASN1OctetString oct = (DEROctetString)DEROctetString.getInstance(tag); lcrS.add( new String(oct.getOctets())); }catch (Exception e){ // N�o � um objeto com informa��o de DistributionPoint } // codifica��o antiga feita pelo Thiago, pegava apenas a primeira URL. //URL da WEB //if(tag.getTagNo() == 6) { // DEROctetString oct = (DEROctetString)DEROctetString.getInstance(tag); // return new String(oct.getOctets()); //} } return lcrS; }
public String getCrlUri(X509Certificate certificate) throws IOException { ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId()); } catch (IOException ex) { log.error("Failed to get CRL URL", ex); return null; } if (obj == null) { return null; } CRLDistPoint distPoint = CRLDistPoint.getInstance(obj); DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { continue; } DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false); return derStr.getString(); } } return null; }
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list. */ public static List<String> getCrlDistributionPoints( X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue( X509Extensions.CRLDistributionPoints.getId()); ASN1InputStream oAsnInStream = new ASN1InputStream( new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream( new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { System.out.println(dp); DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance( dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance( genNames[j].getName()).getString(); crlUrls.add(url); } } } } } return crlUrls; }
protected static void addAdditionalStoresFromCRLDistributionPoint( CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException { if (crldp != null) { DistributionPoint dps[] = null; try { dps = crldp.getDistributionPoints(); } catch (Exception e) { throw new AnnotatedException( "Distribution points could not be read.", e); } for (int i = 0; i < dps.length; i++) { DistributionPointName dpn = dps[i].getDistributionPoint(); // look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance( dpn.getName()).getNames(); // look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String location = DERIA5String.getInstance( genNames[j].getName()).getString(); CertPathValidatorUtilities .addAdditionalStoreFromLocation(location, pkixParams); } } } } } } }
/** * Get extension value for CRL Distribution Points as a string. * * @param bValue The octet string value * @return Extension value as a string * @throws IOException If an I/O problem occurs */ private String getCrlDistributionPointsStringValue(byte[] bValue) throws IOException { CRLDistPoint dps = CRLDistPoint.getInstance(bValue); DistributionPoint[] points = dps.getDistributionPoints(); StringBuilder sb = new StringBuilder(); sb.append("<ul>"); for (DistributionPoint point : points) { DistributionPointName dpn; if ((dpn = point.getDistributionPoint()) != null) { sb.append("<li>"); switch (dpn.getType()) { case DistributionPointName.FULL_NAME: sb.append(RB.getString("CrlDistributionPoint.0.0")); sb.append(": "); sb.append(getGeneralNamesString((GeneralNames) dpn.getName(), LinkClass.CRL)); break; case DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER: sb.append(RB.getString("CrlDistributionPoint.0.1")); sb.append(": "); // TODO: need better decode? sb.append(stringify(dpn.getName())); break; default: sb.append(RB.getString("UnknownCrlDistributionPointName")); sb.append(": "); sb.append(stringify(dpn.getName())); break; } sb.append("</li>"); } ReasonFlags flags; if ((flags = point.getReasons()) != null) { sb.append("<li>"); sb.append(RB.getString("CrlDistributionPoint.1")); sb.append(": "); // TODO: decode sb.append(stringify(flags)); sb.append("</li>"); } GeneralNames issuer; if ((issuer = point.getCRLIssuer()) != null) { sb.append("<li>"); sb.append(RB.getString("CrlDistributionPoint.2")); sb.append(": "); sb.append(getGeneralNamesString(issuer, LinkClass.CRL)); sb.append("</li>"); } } sb.append("</ul>"); return sb.toString(); }
static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, Map<GeneralName, PKIXCRLStore> namedCRLStoreMap) throws AnnotatedException { if (crldp != null) { DistributionPoint dps[] = null; try { dps = crldp.getDistributionPoints(); } catch (Exception e) { throw new AnnotatedException( "Distribution points could not be read.", e); } List<PKIXCRLStore> stores = new ArrayList<PKIXCRLStore>(); for (int i = 0; i < dps.length; i++) { DistributionPointName dpn = dps[i].getDistributionPoint(); // look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance( dpn.getName()).getNames(); for (int j = 0; j < genNames.length; j++) { PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]); if (store != null) { stores.add(store); } } } } } return stores; } else { return Collections.EMPTY_LIST; } }
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. */ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = null; ASN1InputStream oAsnInStream2 = null; try { oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); DERObject derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); DERObject derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } return crlUrls; } finally { if (oAsnInStream != null) { oAsnInStream.close(); } if (oAsnInStream2 != null) { oAsnInStream2.close(); } } }
/** * Extracts all CRL distribution point URLs from the * "CRL Distribution Point" extension in a X.509 certificate. If CRL * distribution point extension is unavailable, returns an empty list. */ public static List<String> getCrlDistributionPoints(X509Certificate cert) { ASN1InputStream oAsnInStream = null; ASN1InputStream oAsnInStream2 = null; try { byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { List<String> emptyList = new ArrayList<String>(); return emptyList; } oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } } return crlUrls; } catch (IOException ex) { throw new RuntimeException(ex); } finally { org.apache.commons.io.IOUtils.closeQuietly(oAsnInStream); org.apache.commons.io.IOUtils.closeQuietly(oAsnInStream2); } }
CrlDistPointExtension(final DistributionPoint... points) { super(Extension.cRLDistributionPoints, false, new CRLDistPoint(points)); }
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * * @param certificate * the X509 certificate. * @return the CRL URI, or <code>null</code> if the extension is not * present. */ public static URI getCrlUri(X509Certificate certificate) { byte[] crlDistributionPointsValue = certificate .getExtensionValue(Extension.cRLDistributionPoints.getId()); if (null == crlDistributionPointsValue) { return null; } ASN1Sequence seq; try { DEROctetString oct; oct = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(crlDistributionPointsValue)) .readObject()); seq = (ASN1Sequence) new ASN1InputStream(oct.getOctets()) .readObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); DistributionPoint[] distributionPoints = distPoint .getDistributionPoints(); for (DistributionPoint distributionPoint : distributionPoints) { DistributionPointName distributionPointName = distributionPoint .getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName .getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName .getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("not a uniform resource identifier"); continue; } DERIA5String derStr = DERIA5String.getInstance(name.getName()); String str = derStr.getString(); if (false == str.startsWith("http")) { /* * skip ldap:// protocols */ LOG.debug("not HTTP/HTTPS: " + str); continue; } URI uri = toURI(str); return uri; } } return null; }
private static List<String> getCrlDistPoints(X509Certificate cert) throws Exception { byte[] crlDistPointExt = cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId()); if (crlDistPointExt == null) { List<String> emptyList = new ArrayList<String>(); return emptyList; } ASN1InputStream asnInStream = new ASN1InputStream(new ByteArrayInputStream(crlDistPointExt)); ASN1Primitive derObjCrlDistPoint = asnInStream.readObject(); DEROctetString derOctStrCrlDistPoint = (DEROctetString) derObjCrlDistPoint; byte[] crlDistPointBytes = derOctStrCrlDistPoint.getOctets(); ASN1InputStream asnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crlDistPointBytes)); ASN1Primitive derObjCrlDistPoint2 = asnInStream2.readObject(); CRLDistPoint crlDistPoints = CRLDistPoint.getInstance(derObjCrlDistPoint2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dPoint: crlDistPoints.getDistributionPoints()) { DistributionPointName dPointName = dPoint.getDistributionPoint(); if (dPointName != null) { if (dPointName.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dPointName.getName()).getNames(); for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genNames[j].getName()).getString(); crlUrls.add(url); } } } } } asnInStream.close(); asnInStream2.close(); return crlUrls; }
private void checkExtensionCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) { CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue); DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints(); if (isDistributionPoints == null) { addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1); return; } else { int len = isDistributionPoints.length; if (len != 1) { addViolation(failureMsg, "size of CRLDistributionPoints", len, 1); return; } } Set<String> isCrlUrls = new HashSet<>(); for (DistributionPoint entry : isDistributionPoints) { int asn1Type = entry.getDistributionPoint().getType(); if (asn1Type != DistributionPointName.FULL_NAME) { addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints", asn1Type, DistributionPointName.FULL_NAME); continue; } GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName()); GeneralName[] names = isDistributionPointNames.getNames(); for (int i = 0; i < names.length; i++) { GeneralName name = names[i]; if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { addViolation(failureMsg, "tag of CRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier); } else { String uri = ((ASN1String) name.getName()).getString(); isCrlUrls.add(uri); } } Set<String> expCrlUrls = issuerInfo.crlUrls(); Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("CRL URLs ").append(diffs.toString()) .append(" are present but not expected; "); } diffs = strInBnotInA(isCrlUrls, expCrlUrls); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("CRL URLs ").append(diffs.toString()) .append(" are absent but are required; "); } } }
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) { CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue); DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints(); if (isDistributionPoints == null) { addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1); return; } else { int len = isDistributionPoints.length; if (len != 1) { addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1); return; } } Set<String> isCrlUrls = new HashSet<>(); for (DistributionPoint entry : isDistributionPoints) { int asn1Type = entry.getDistributionPoint().getType(); if (asn1Type != DistributionPointName.FULL_NAME) { addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME); continue; } GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName()); GeneralName[] names = isDistributionPointNames.getNames(); for (int i = 0; i < names.length; i++) { GeneralName name = names[i]; if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier); } else { String uri = ((ASN1String) name.getName()).getString(); isCrlUrls.add(uri); } } Set<String> expCrlUrls = issuerInfo.crlUrls(); Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("deltaCRL URLs ").append(diffs.toString()) .append(" are present but not expected; "); } diffs = strInBnotInA(isCrlUrls, expCrlUrls); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append("deltaCRL URLs ").append(diffs.toString()) .append(" are absent but are required; "); } } }
private String getCrlDistributionPointsStringValue(byte[] value) throws IOException { // @formatter:off /* * CRLDistPointSyntax ::= ASN1Sequence SIZE (1..MAX) OF * DistributionPoint */ // @formatter:on StringBuilder sb = new StringBuilder(); CRLDistPoint crlDistributionPoints = CRLDistPoint.getInstance(value); int distPoint = 0; for (DistributionPoint distributionPoint : crlDistributionPoints.getDistributionPoints()) { distPoint++; sb.append(MessageFormat.format(res.getString("CrlDistributionPoint"), distPoint)); sb.append(NEWLINE); sb.append(getDistributionPointString(distributionPoint, INDENT.toString(1))); } return sb.toString(); }
