public byte[] getTBSCertificate() throws CertificateEncodingException { try { return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new CertificateEncodingException(e.toString()); } }
private byte[] getExtensionBytes(String oid) { Extensions exts = c.getTBSCertificate().getExtensions(); if (exts != null) { Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { return ext.getExtnValue().getOctets(); } } return null; }
public boolean[] getSubjectUniqueID() { DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); if (id != null) { byte[] bytes = id.getBytes(); boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; for (int i = 0; i != boolId.length; i++) { boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; } return boolId; } return null; }
public byte[] getExtensionValue(String oid) { Extensions exts = c.getTBSCertificate().getExtensions(); if (exts != null) { Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { return ext.getExtnValue().getEncoded(); } catch (Exception e) { throw new IllegalStateException("error parsing " + e.toString()); } } } return null; }
private void checkSignature(PublicKey key, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) { throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); } ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); // TODO This should go after the initVerify? X509SignatureUtil.setSignatureParameters(signature, params); signature.initVerify(key); signature.update(this.getTBSCertificate()); if (!signature.verify(this.getSignature())) { throw new SignatureException("certificate does not verify with supplied key"); } }
public Set getNonCriticalExtensionOIDs() { if (this.getVersion() == 3) { Set set = new HashSet(); Extensions extensions = c.getTBSCertificate().getExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); Extension ext = extensions.getExtension(oid); if (!ext.isCritical()) { set.add(oid.getId()); } } return set; } } return null; }
public boolean hasUnsupportedCriticalExtension() { if (this.getVersion() == 3) { Extensions extensions = c.getTBSCertificate().getExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); String oidId = oid.getId(); if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE) || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES) || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS) || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY) || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS) || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT) || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR) || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS) || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS) || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME) || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS)) { continue; } Extension ext = extensions.getExtension(oid); if (ext.isCritical()) { return true; } } } } return false; }
public String toString() { StringBuffer buf = new StringBuffer(); String nl = Strings.lineSeparator(); buf.append(" [0] Version: ").append(this.getVersion()).append(nl); buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl); buf.append(" Start Date: ").append(this.getNotBefore()).append(nl); buf.append(" Final Date: ").append(this.getNotAfter()).append(nl); buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl); buf.append(" Public Key: ").append(this.getPublicKey()).append(nl); buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl); byte[] sig = this.getSignature(); buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl); for (int i = 20; i < sig.length; i += 20) { if (i < sig.length - 20) { buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl); } else { buf.append(" ") .append(new String(Hex.encode(sig, i, sig.length - i))) .append(nl); } } Extensions extensions = c.getTBSCertificate().getExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); if (e.hasMoreElements()) { buf.append(" Extensions: \n"); } while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); Extension ext = extensions.getExtension(oid); if (ext.getExtnValue() != null) { byte[] octs = ext.getExtnValue().getOctets(); ASN1InputStream dIn = new ASN1InputStream(octs); buf.append(" critical(").append(ext.isCritical()).append(") "); try { if (oid.equals(Extension.basicConstraints)) { buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl); } else if (oid.equals(Extension.keyUsage)) { buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl); } else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) { buf.append(new NetscapeCertType((DERBitString) dIn.readObject())).append(nl); } else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) { buf.append(new NetscapeRevocationURL((DERIA5String) dIn.readObject())).append(nl); } else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) { buf.append(new VerisignCzagExtension((DERIA5String) dIn.readObject())).append(nl); } else { buf.append(oid.getId()); buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); // buf.append(" value = ").append("*****").append(nl); } } catch (Exception ex) { buf.append(oid.getId()); // buf.append(" value = ").append(new // String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl); buf.append(" value = ").append("*****").append(nl); } } else { buf.append(nl); } } } return buf.toString(); }