Examples with GeneralName com.android.org.bouncycastle.asn1.x509.GeneralName used on opensource projects

Example 81 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project Openfire by igniterealtime.

the class CertificateManagerTest method testServerIdentitiesXmppAddr.

/**
 * {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
 * <ul>
 *     <li>the 'xmppAddr' subjectAltName value</li>
 *     <li>explicitly not the Common Name</li>
 * </ul>
 *
 * when a certificate contains:
 * <ul>
 *     <li>a subjectAltName entry of type otherName with an ASN.1 Object Identifier of "id-on-xmppAddr"</li>
 * </ul>
 */
@Test
public void testServerIdentitiesXmppAddr() throws Exception {
    // Setup fixture.
    final String subjectCommonName = "MySubjectCommonName";
    final String subjectAltNameXmppAddr = "MySubjectAltNameXmppAddr";
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
    new X500Name("CN=MyIssuer"), // Random serial number
    BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
    new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
    new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
    new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
    final DERSequence otherName = new DERSequence(new ASN1Encodable[] { XMPP_ADDR_OID, new DERUTF8String(subjectAltNameXmppAddr) });
    final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.otherName, otherName));
    builder.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
    final X509CertificateHolder certificateHolder = builder.build(contentSigner);
    final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
    // Execute system under test
    final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
    // Verify result
    assertEquals(1, serverIdentities.size());
    assertTrue(serverIdentities.contains(subjectAltNameXmppAddr));
    assertFalse(serverIdentities.contains(subjectCommonName));
}

Example 82 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project Openfire by igniterealtime.

the class CertificateManagerTest method testServerIdentitiesDNS.

/**
 * {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
 * <ul>
 *     <li>the DNS subjectAltName value</li>
 *     <li>explicitly not the Common Name</li>
 * </ul>
 *
 * when a certificate contains:
 * <ul>
 *     <li>a subjectAltName entry of type DNS </li>
 * </ul>
 */
@Test
public void testServerIdentitiesDNS() throws Exception {
    // Setup fixture.
    final String subjectCommonName = "MySubjectCommonName";
    final String subjectAltNameDNS = "MySubjectAltNameDNS";
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
    new X500Name("CN=MyIssuer"), // Random serial number
    BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
    new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
    new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
    new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
    final GeneralNames generalNames = new GeneralNames(new GeneralName(GeneralName.dNSName, subjectAltNameDNS));
    builder.addExtension(Extension.subjectAlternativeName, false, generalNames);
    final X509CertificateHolder certificateHolder = builder.build(contentSigner);
    final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
    // Execute system under test
    final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
    // Verify result
    assertEquals(1, serverIdentities.size());
    assertTrue(serverIdentities.contains(subjectAltNameDNS));
    assertFalse(serverIdentities.contains(subjectCommonName));
}

Example 83 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project ddf by codice.

the class OcspChecker method getOcspUrlsFromCert.

/**
 * Attempts to grab additional OCSP server urls off of the given {@param cert}.
 *
 * @param - the {@link X509Certificate} to check.
 * @return {@link List} of additional OCSP server urls found on the given {@param cert}.
 */
private List<URI> getOcspUrlsFromCert(X509Certificate cert) {
    List<URI> ocspUrls = new ArrayList<>();
    try {
        byte[] authorityInfoAccess = cert.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (authorityInfoAccess == null) {
            return ocspUrls;
        }
        AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(X509ExtensionUtil.fromExtensionValue(authorityInfoAccess));
        if (authorityInformationAccess == null) {
            return ocspUrls;
        }
        for (AccessDescription description : authorityInformationAccess.getAccessDescriptions()) {
            GeneralName accessLocation = description.getAccessLocation();
            if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier)
                try {
                    ocspUrls.add(new URI(((DERIA5String) accessLocation.getName()).getString()));
                } catch (URISyntaxException e) {
                    LOGGER.debug("Location is not a URI.", e);
                }
        }
    } catch (IOException e) {
        LOGGER.debug("Problem retrieving the OCSP server url(s) from the certificate." + CONTINUING_MSG, e);
    }
    return ocspUrls;
}

Example 84 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project ddf by codice.

the class CertificateSigningRequestTest method testNewCertificateBuilderWithSan.

@Test
public void testNewCertificateBuilderWithSan() throws Exception {
    final DateTime start = DateTime.now().minusDays(1);
    final DateTime end = start.plusYears(100);
    final KeyPair kp = makeKeyPair();
    csr.setSerialNumber(1);
    csr.setNotBefore(start);
    csr.setNotAfter(end);
    csr.setCommonName("A");
    csr.setSubjectKeyPair(kp);
    csr.addSubjectAlternativeNames("IP:1.2.3.4", "DNS:A");
    final X509Certificate issuerCert = mock(X509Certificate.class);
    doReturn(new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US")).when(issuerCert).getSubjectX500Principal();
    final JcaX509v3CertificateBuilder builder = csr.newCertificateBuilder(issuerCert);
    final X509CertificateHolder holder = builder.build(new DemoCertificateAuthority().getContentSigner());
    assertThat(holder.getSerialNumber(), equalTo(BigInteger.ONE));
    assertThat(holder.getNotBefore(), equalTo(new Time(start.toDate()).getDate()));
    assertThat(holder.getNotAfter(), equalTo(new Time(end.toDate()).getDate()));
    assertThat(holder.getSubject().toString(), equalTo("cn=A"));
    assertThat("Unable to validate public key", holder.getSubjectPublicKeyInfo(), equalTo(SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded())));
    final org.bouncycastle.asn1.x509.Extension csn = holder.getExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName);
    assertThat(csn.getParsedValue().toASN1Primitive().getEncoded(ASN1Encoding.DER), equalTo(new GeneralNamesBuilder().addName(new GeneralName(GeneralName.iPAddress, "1.2.3.4")).addName(new GeneralName(GeneralName.dNSName, "A")).build().getEncoded(ASN1Encoding.DER)));
}

Example 85 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project ddf by codice.

the class PkiToolsTest method testMakeGeneralNameForEmail.

@Test
public void testMakeGeneralNameForEmail() {
    final String value = "a@host.com";
    final GeneralName gname = PkiTools.makeGeneralName("email:" + value);
    assertThat(gname.getTagNo(), equalTo(GeneralName.rfc822Name));
    assertThat(gname.getName().toString(), equalTo(value));
}