View Javadoc

1   /*
2    * The MIT License
3    *
4    * Original work sponsored and donated by National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
5    *
6    * Copyright (C) 2011 National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
7    *
8    * Permission is hereby granted, free of charge, to any person obtaining a copy of
9    * this software and associated documentation files (the "Software"), to deal in
10   * the Software without restriction, including without limitation the rights to
11   * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
12   * of the Software, and to permit persons to whom the Software is furnished to do
13   * so, subject to the following conditions:
14   *
15   * The above copyright notice and this permission notice shall be included in all
16   * copies or substantial portions of the Software.
17   *
18   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24   * SOFTWARE.
25   *
26   * $HeadURL: https://svn.softwareborsen.dk/sosi/trunk/modules/seal/src/main/java/dk/sosi/seal/pki/OCESUtil.java $
27   * $Id: OCESUtil.java 8697 2011-09-02 10:33:55Z chg@lakeside.dk $
28   */
29  package dk.sosi.seal.pki;
30  
31  import org.bouncycastle.asn1.*;
32  
33  import java.io.IOException;
34  import java.net.URI;
35  import java.net.URISyntaxException;
36  import java.security.InvalidKeyException;
37  import java.security.NoSuchAlgorithmException;
38  import java.security.NoSuchProviderException;
39  import java.security.SignatureException;
40  import java.security.cert.CertificateException;
41  import java.security.cert.X509Certificate;
42  import java.util.Properties;
43  
44  /**
45   * @author $LastChangedBy: chg@lakeside.dk $ $LastChangedDate: 2011-09-02 12:33:55 +0200 (Fri, 02 Sep 2011) $
46   * @version $Revision: 8697 $
47   */
48  public class OCESUtil {
49  
50      static URI retrieveIntermediateCertificateURI(X509Certificate certificate) throws PKIException {
51          try {
52              byte[] b1_3_6_1_5_5_7_1_1 = certificate.getExtensionValue("1.3.6.1.5.5.7.1.1");
53              if (b1_3_6_1_5_5_7_1_1 == null) {
54                  throw new PKIException("Invalid certificate - Authority Information Access (1.3.6.1.5.5.7.1.1) not found.");
55              }
56  
57              ASN1InputStream is1_3_6_1_5_5_7_1_1 = new ASN1InputStream(b1_3_6_1_5_5_7_1_1);
58  
59              DEROctetString osAuthorityInformationAccess = (DEROctetString) is1_3_6_1_5_5_7_1_1.readObject();
60              ASN1InputStream osAuthorityInformationAccessValue = new ASN1InputStream(
61                      osAuthorityInformationAccess.getOctets());
62              DERSequence seqAuthorityInformationAccessValue = (DERSequence) osAuthorityInformationAccessValue
63                      .readObject();
64  
65              if (seqAuthorityInformationAccessValue.size() < 2) {
66                  throw new PKIException("Invalid certificate - CA Issuers (1.3.6.1.5.5.7.48.2) not found under Authority Information Access.");
67              }
68              DERSequence seq1_3_6_1_5_5_7_48_2 = (DERSequence) seqAuthorityInformationAccessValue.getObjectAt(1);
69              DERTaggedObject seq1_3_6_1_5_5_7_48_2Value = (DERTaggedObject) seq1_3_6_1_5_5_7_48_2.getObjectAt(1);
70              DEROctetString osAlternativeName = (DEROctetString) ASN1OctetString.getInstance(seq1_3_6_1_5_5_7_48_2Value);
71  
72              return new URI(new String(osAlternativeName.getOctets()));
73          } catch (IOException ex) {
74              throw new PKIException(ex);
75          } catch (URISyntaxException ex) {
76              throw new PKIException(ex);
77          }
78      }
79  
80      static boolean isOCES1Certificate(X509Certificate certificate) {
81          return certificate.getIssuerX500Principal().getName().indexOf("TDC OCES") != -1;
82      }
83  
84      static boolean isOCES2Certificate(X509Certificate certificate) {
85          return certificate.getIssuerX500Principal().getName().indexOf("TRUST2408") != -1;
86      }
87  
88      static boolean isIntermediateCertificate(X509Certificate certificate) {
89          return isOCES2Certificate(certificate) && certificate.getIssuerX500Principal().getName().indexOf("Primary") != -1;
90      }
91  
92      static boolean isIssuerOf(X509Certificate certificate, X509Certificate verifyAgainst) throws PKIException {
93          try {
94              certificate.verify(verifyAgainst.getPublicKey());
95              return true; // NOPMD
96          } catch (InvalidKeyException e) {
97              return false; // NOPMD
98          } catch (CertificateException e) {
99              throw new PKIException("Failed to establish issuer of");
100         } catch (NoSuchAlgorithmException e) {
101             throw new PKIException("Failed to establish issuer of");
102         } catch (NoSuchProviderException e) {
103             throw new PKIException("Failed to establish issuer of");
104         } catch (SignatureException e) {
105             return false;
106         }
107     }
108 
109     public static String getPropertyNotNull(String propertyName, Properties props) {
110         String value = props.getProperty(propertyName);
111         if (value == null) {
112             throw new IllegalArgumentException("Property '" + propertyName + "' is not defined.");
113         }
114         return value;
115     }
116 }