/** * Add a given extension. * * @param extension the full extension value. */ public void addExtension( Extension extension) { if (extensions.containsKey(extension.getExtnId())) { throw new IllegalArgumentException("extension " + extension.getExtnId() + " already added"); } extOrdering.addElement(extension.getExtnId()); extensions.put(extension.getExtnId(), extension); }
/** * Constructor from ASN1Sequence. * <p> * The extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) * </p> */ private Extensions( ASN1Sequence seq) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { Extension ext = Extension.getInstance(e.nextElement()); if (extensions.containsKey(ext.getExtnId())) { throw new IllegalArgumentException("repeated extension found: " + ext.getExtnId()); } extensions.put(ext.getExtnId(), ext); ordering.addElement(ext.getExtnId()); } }
/** * Constructor from ASN1Sequence. * <p> * The extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) * </p> */ private Extensions( ASN1Sequence seq) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { Extension ext = Extension.getInstance(e.nextElement()); extensions.put(ext.getExtnId(), ext); ordering.addElement(ext.getExtnId()); } }
private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), issuerCert, serialNumber)); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); gen.setRequestExtensions(new Extensions(new Extension[]{ext})); sentNonce = ext.getExtnId().getEncoded(); return gen.build(); }
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate) throws CertificateEncodingException, NoSuchAlgorithmException, IOException { List<ExtensionHolder> extensions = new ArrayList<>(); // SSO forces us to allow data encipherment extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth))); Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false, new DEROctetString(new JcaX509ExtensionUtils() .createAuthorityKeyIdentifier(issuerCertificate))); extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(), authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue())); return extensions; }
if(ext != null) { if(m_logger.isDebugEnabled()) m_logger.debug("Ext: " + ext.getExtnId() + " val-len: " + ((ext.getExtnValue() != null) ? ext.getExtnValue().getOctets().length : 0)); if(ext.getExtnValue() != null && ext.getExtnValue().getOctets() != null && ext.getExtnValue().getOctets().length == 20) { nonce2 = ext.getExtnValue().getOctets();
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); byte[] receivedNonce = basicResponse.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce).getExtnId().getEncoded(); if (!Arrays.equals(receivedNonce, sentNonce)) { throw new OCSPValidationException("Nonce na resposta ocsp não coincide com nonce do pedido ocsp"); if (null == certHolder.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck).getExtnId()) { throw new OCSPValidationException("Extensão id_pkix_ocsp_nocheck não encontrada no certificado (Politica de Certificados do SCEE)");
/** * Creates an X509ExtensionSet object from the extensions in the ASN1 sequence. * * @param extensions Sequence with extensions. */ public X509ExtensionSet(ASN1Sequence extensions) { ASN1Encodable[] asn1Encodables = extensions.toArray(); for (int i = 0; i < asn1Encodables.length; i++) { ASN1Encodable asn1Encodable = asn1Encodables[i]; Extension ext = Extension.getInstance(asn1Encodable); if (ext != null) { try { addExtension(ext.getExtnId().toString(), ext.isCritical(), ext.getExtnValue().getEncoded()); } catch (IOException e) { // ignore exception from getEncoded() } } } }
@Override public X509ExtensionBuilder addExtensions(X509Extensions extensionSet) throws IOException { if (extensionSet == null) { return this; } // Optimisation if (extensionSet instanceof BcX509Extensions) { Extensions exts = ((BcX509Extensions) extensionSet).getExtensions(); @SuppressWarnings("unchecked") Enumeration<ASN1ObjectIdentifier> oids = exts.oids(); while (oids.hasMoreElements()) { ASN1ObjectIdentifier oid = oids.nextElement(); Extension ext = exts.getExtension(oid); this.extensions.addExtension(ext.getExtnId(), ext.isCritical(), ext.getParsedValue()); } } else { // Fallback for (String oid : extensionSet.getExtensionOID()) { this.extensions.addExtension(new ASN1ObjectIdentifier(oid), extensionSet.isCritical(oid), extensionSet.getExtensionValue(oid)); } } return this; }