Search in sources :

Example 16 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project Openfire by igniterealtime.

the class CertificateManagerTest method testServerIdentitiesDNS.

/**
     * {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
     * <ul>
     *     <li>the DNS subjectAltName value</li>
     *     <li>explicitly not the Common Name</li>
     * </ul>
     *
     * when a certificate contains:
     * <ul>
     *     <li>a subjectAltName entry of type DNS </li>
     * </ul>
     */
@Test
public void testServerIdentitiesDNS() throws Exception {
    // Setup fixture.
    final String subjectCommonName = "MySubjectCommonName";
    final String subjectAltNameDNS = "MySubjectAltNameDNS";
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
    new X500Name("CN=MyIssuer"), // Random serial number
    BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
    new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
    new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
    new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
    final GeneralNames generalNames = new GeneralNames(new GeneralName(GeneralName.dNSName, subjectAltNameDNS));
    builder.addExtension(Extension.subjectAlternativeName, false, generalNames);
    final X509CertificateHolder certificateHolder = builder.build(contentSigner);
    final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
    // Execute system under test
    final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
    // Verify result
    assertEquals(1, serverIdentities.size());
    assertTrue(serverIdentities.contains(subjectAltNameDNS));
    assertFalse(serverIdentities.contains(subjectCommonName));
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) SecureRandom(java.security.SecureRandom) X500Name(org.bouncycastle.asn1.x500.X500Name) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 17 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project oxAuth by GluuFederation.

the class CRLCertificateVerifier method getCrlUri.

public String getCrlUri(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
    } catch (IOException ex) {
        log.error("Failed to get CRL URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
    DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
        if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
            continue;
        }
        GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
        GeneralName[] names = generalNames.getNames();
        for (GeneralName name : names) {
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                continue;
            }
            DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
            return derStr.getString();
        }
    }
    return null;
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) IOException(java.io.IOException) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 18 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class X509CertSelectorTest method test_getPathToNames.

/**
     * java.security.cert.X509CertSelector#getPathToNames()
     */
public void test_getPathToNames() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralName san3 = new GeneralName(new ORAddress());
    GeneralName san4 = new GeneralName(new Name("O=Organization"));
    GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
    GeneralName san7 = new GeneralName(7, "1.1.1.1");
    GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    sans1.addName(san3);
    sans1.addName(san4);
    sans1.addName(san6);
    sans1.addName(san7);
    sans1.addName(san8);
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    X509CertSelector selector = new X509CertSelector();
    selector.setMatchAllSubjectAltNames(true);
    selector.setPathToNames(null);
    assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
    Collection<List<?>> sans = sans1.getPairsList();
    selector.setPathToNames(sans);
    selector.getPathToNames();
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.apache.harmony.security.x509.GeneralName) ORAddress(org.apache.harmony.security.x509.ORAddress) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 19 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class X509CertSelectorTest method test_getSubjectAlternativeNames.

/**
     * java.security.cert.X509CertSelector#getSubjectAlternativeNames()
     */
public void test_getSubjectAlternativeNames() throws Exception {
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans = new GeneralNames();
    sans.addName(san1);
    sans.addName(san2);
    TestCert cert_1 = new TestCert(sans);
    X509CertSelector selector = new X509CertSelector();
    assertNull("Selector should return null", selector.getSubjectAlternativeNames());
    selector.setSubjectAlternativeNames(sans.getPairsList());
    assertTrue("The certificate should match the selection criteria.", selector.match(cert_1));
    selector.getSubjectAlternativeNames().clear();
    assertTrue("The modification of initialization object " + "should not affect the modification " + "of internal object.", selector.match(cert_1));
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName)

Example 20 with GeneralName

use of com.android.org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class X509CertSelectorTest method test_addSubjectAlternativeNameLintLbyte_array2.

/**
     * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[])
     */
public void test_addSubjectAlternativeNameLintLbyte_array2() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    X509CertSelector selector = new X509CertSelector();
    selector.addSubjectAlternativeName(0, san0.getEncodedName());
    selector.addSubjectAlternativeName(1, san1.getEncodedName());
    selector.addSubjectAlternativeName(2, san2.getEncodedName());
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    assertTrue(selector.match(cert1));
    assertFalse(selector.match(cert2));
    selector.setSubjectAlternativeNames(null);
    GeneralName name = new GeneralName(new Name("O=Android"));
    try {
        selector.addSubjectAlternativeName(0, name.getEncodedName());
    } catch (IOException e) {
    // ok
    }
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName) IOException(java.io.IOException) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)50 IOException (java.io.IOException)34 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)29 ArrayList (java.util.ArrayList)27 List (java.util.List)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)19 GeneralName (org.apache.harmony.security.x509.GeneralName)18 X509Certificate (java.security.cert.X509Certificate)17 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)16 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)15 Date (java.util.Date)12 X500Name (org.bouncycastle.asn1.x500.X500Name)10 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)10 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)10 GeneralName (sun.security.x509.GeneralName)10 GeneralSecurityException (java.security.GeneralSecurityException)9 CertPathValidatorException (java.security.cert.CertPathValidatorException)9 Enumeration (java.util.Enumeration)9 X500Principal (javax.security.auth.x500.X500Principal)9 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)9