@Override @SuppressWarnings( "SetReplaceableByEnumSet" ) public Set<ExtendedKeyUsage> getExtendedKeyUsages( X509Certificate cert ) { try { byte[] value = cert.getExtensionValue( X509Extensions.ExtendedKeyUsage.getId() ); if ( value == null ) { return Collections.emptySet(); } byte[] asn1octets = ( ( ASN1OctetString ) ASN1Object.fromByteArray( value ) ).getOctets(); org.bouncycastle.asn1.x509.ExtendedKeyUsage usages = org.bouncycastle.asn1.x509.ExtendedKeyUsage.getInstance( ( ASN1Sequence ) ASN1Sequence.fromByteArray( asn1octets ) ); Set<ExtendedKeyUsage> keyUsages = new LinkedHashSet<ExtendedKeyUsage>(); for ( ExtendedKeyUsage eachPossible : ExtendedKeyUsage.values() ) { if ( usages.hasKeyPurposeId( eachPossible.getKeyPurposeId() ) ) { keyUsages.add( eachPossible ); } } return keyUsages; } catch ( IOException ex ) { throw new CryptoFailure( "Unable to extract ExtendedKeyUsages from X509Certificate extensions", ex ); } }
private static void addRequestedExtKeyusage(List<ASN1ObjectIdentifier> usages, Extensions requestedExtensions, Set<ExtKeyUsageControl> usageOccs) { Extension extension = requestedExtensions.getExtension(Extension.extendedKeyUsage); if (extension == null) { return; } ExtendedKeyUsage reqKeyUsage = ExtendedKeyUsage.getInstance(extension.getParsedValue()); for (ExtKeyUsageControl k : usageOccs) { if (k.isRequired()) { continue; } if (reqKeyUsage.hasKeyPurposeId(KeyPurposeId.getInstance(k.getExtKeyUsage()))) { usages.add(k.getExtKeyUsage()); } } } // method addRequestedExtKeyusage
extension.getParsedValue()); for (ExtKeyUsageControl k : optionalExtKeyusage) { if (reqKeyUsage.hasKeyPurposeId(KeyPurposeId.getInstance(k.extKeyUsage()))) { expectedUsages.add(k.extKeyUsage().getId());
.getInstance(asn1InputStream.readObject()); if (false == extendedKeyUsage .hasKeyPurposeId(KeyPurposeId.id_kp_codeSigning)) { throw new TrustLinkerResultException( TrustLinkerResultReason.CONSTRAINT_VIOLATION,
if (!ExtendedKeyUsage.fromExtensions(certHolder.getExtensions()).hasKeyPurposeId(KeyPurposeId.id_kp_OCSPSigning)){ throw new OCSPValidationException("Certificado não contém extensão necessária (id_kp_OCSPSigning)");