markscottwright · November 27, 2018 14:50
diff --git a/AIAFetcher.java b/AIAFetcher.java
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;

 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.x509.AccessDescription;
 import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
 import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;

 public class AIAFetcher {

    public static void main(String[] args) throws IOException,
            CertificateException {
        try (InputStream certContents = AIAFetcher.class
                .getResourceAsStream("/somecert.cer")) {
            X509Certificate cert = (X509Certificate) CertificateFactory
                    .getInstance("X509").generateCertificate(certContents);

            List<String> caIssuers = getCaIssuers(cert);

            System.out.println(caIssuers);
        }
    }

    private static List<String> getCaIssuers(X509Certificate cert)
            throws IOException {
        List<String> caIssuers = new ArrayList<>();
        ASN1Primitive aiaDer = JcaX509ExtensionUtils.parseExtensionValue(
                cert.getExtensionValue(Extension.authorityInfoAccess.getId()));
        AuthorityInformationAccess aia = AuthorityInformationAccess
                .getInstance(aiaDer);
        for (AccessDescription desc : aia.getAccessDescriptions()) {
            if (desc.getAccessMethod()
                    .equals(AccessDescription.id_ad_caIssuers)) {
                GeneralName loc = desc.getAccessLocation();
                if (loc.getTagNo() == GeneralName.uniformResourceIdentifier)
                    caIssuers.add(loc.getName().toString());
            }
        }
        return caIssuers;
    }
 }
	import java.io.IOException;
	import java.io.InputStream;
	import java.security.cert.CertificateException;
	import java.security.cert.CertificateFactory;
	import java.security.cert.X509Certificate;
	import java.util.ArrayList;
	import java.util.List;

	import org.bouncycastle.asn1.ASN1Primitive;
	import org.bouncycastle.asn1.x509.AccessDescription;
	import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
	import org.bouncycastle.asn1.x509.Extension;
	import org.bouncycastle.asn1.x509.GeneralName;
	import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;

	public class AIAFetcher {

	public static void main(String[] args) throws IOException,
	CertificateException {
	try (InputStream certContents = AIAFetcher.class
	.getResourceAsStream("/somecert.cer")) {
	X509Certificate cert = (X509Certificate) CertificateFactory
	.getInstance("X509").generateCertificate(certContents);

	List<String> caIssuers = getCaIssuers(cert);

	System.out.println(caIssuers);
	}
	}

	private static List<String> getCaIssuers(X509Certificate cert)
	throws IOException {
	List<String> caIssuers = new ArrayList<>();
	ASN1Primitive aiaDer = JcaX509ExtensionUtils.parseExtensionValue(
	cert.getExtensionValue(Extension.authorityInfoAccess.getId()));
	AuthorityInformationAccess aia = AuthorityInformationAccess
	.getInstance(aiaDer);
	for (AccessDescription desc : aia.getAccessDescriptions()) {
	if (desc.getAccessMethod()
	.equals(AccessDescription.id_ad_caIssuers)) {
	GeneralName loc = desc.getAccessLocation();
	if (loc.getTagNo() == GeneralName.uniformResourceIdentifier)
	caIssuers.add(loc.getName().toString());
	}
	}
	return caIssuers;
	}
	}