/**
   * Add a given extension field for the standard extensions tag (tag 3) copying the extension value
   * from another certificate.
   *
   * @param oid the OID defining the extension type.
   * @param isCritical true if the copied extension is to be marked as critical, false otherwise.
   * @param certHolder the holder for the certificate that the extension is to be copied from.
   * @return this builder object.
   */
  public X509v3CertificateBuilder copyAndAddExtension(
      ASN1ObjectIdentifier oid, boolean isCritical, X509CertificateHolder certHolder) {
    X509CertificateStructure cert = certHolder.toASN1Structure();

    X509Extension extension = cert.getTBSCertificate().getExtensions().getExtension(oid);

    if (extension == null) {
      throw new NullPointerException("extension " + oid + " not present");
    }

    extGenerator.addExtension(oid, isCritical, extension.getValue().getOctets());

    return this;
  }
 private static boolean certHasPolicy(X509Certificate cert, String sOid) {
   try {
     if (m_logger.isDebugEnabled())
       m_logger.debug("Read cert policies: " + cert.getSerialNumber().toString());
     ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
     ASN1InputStream aIn = new ASN1InputStream(bIn);
     ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
     X509CertificateStructure obj = new X509CertificateStructure(seq);
     TBSCertificateStructure tbsCert = obj.getTBSCertificate();
     if (tbsCert.getVersion() == 3) {
       X509Extensions ext = tbsCert.getExtensions();
       if (ext != null) {
         Enumeration en = ext.oids();
         while (en.hasMoreElements()) {
           DERObjectIdentifier oid = (DERObjectIdentifier) en.nextElement();
           X509Extension extVal = ext.getExtension(oid);
           ASN1OctetString oct = extVal.getValue();
           ASN1InputStream extIn = new ASN1InputStream(new ByteArrayInputStream(oct.getOctets()));
           // if (oid.equals(X509Extensions.CertificatePolicies)) { // bc 146 ja jdk 1.6 puhul -
           // X509Extension.certificatePolicies
           if (oid.equals(X509Extension.certificatePolicies)) { // bc 146 ja jdk 1.6 puhul -
             // X509Extension.certificatePolicies
             ASN1Sequence cp = (ASN1Sequence) extIn.readObject();
             for (int i = 0; i != cp.size(); i++) {
               PolicyInformation pol = PolicyInformation.getInstance(cp.getObjectAt(i));
               DERObjectIdentifier dOid = pol.getPolicyIdentifier();
               String soid2 = dOid.getId();
               if (m_logger.isDebugEnabled()) m_logger.debug("Policy: " + soid2);
               if (soid2.startsWith(sOid)) return true;
             }
           }
         }
       }
     }
   } catch (Exception ex) {
     m_logger.error("Error reading cert policies: " + ex);
   }
   return false;
 }
  public byte[] getExtensionValue(String oid) {
    X509Extensions extensions = cert.getAcinfo().getExtensions();

    if (extensions != null) {
      X509Extension ext = extensions.getExtension(new DERObjectIdentifier(oid));

      if (ext != null) {
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        DEROutputStream dOut = new DEROutputStream(bOut);

        try {
          dOut.writeObject(ext.getValue());

          return bOut.toByteArray();
        } catch (Exception e) {
          throw new RuntimeException("error encoding " + e.toString());
        }
      }
    }

    return null;
  }
Beispiel #4
0
 /**
  * Extracts the value of a certificate extension.
  *
  * @param ext the certificate extension to extract the value from.
  * @throws IOException if extraction fails.
  */
 public static DERObject getExtensionObject(X509Extension ext) throws IOException {
   return toDERObject(ext.getValue().getOctets());
 }