use of com.android.org.bouncycastle.asn1.x509.GeneralName in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesDNS.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the DNS subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type DNS </li>
* </ul>
*/
@Test
public void testServerIdentitiesDNS() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameDNS = "MySubjectAltNameDNS";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final GeneralNames generalNames = new GeneralNames(new GeneralName(GeneralName.dNSName, subjectAltNameDNS));
builder.addExtension(Extension.subjectAlternativeName, false, generalNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameDNS));
assertFalse(serverIdentities.contains(subjectCommonName));
}
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project oxAuth by GluuFederation.
the class CRLCertificateVerifier method getCrlUri.
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class X509CertSelectorTest method test_getPathToNames.
/**
* java.security.cert.X509CertSelector#getPathToNames()
*/
public void test_getPathToNames() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setPathToNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setPathToNames(sans);
selector.getPathToNames();
}
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class X509CertSelectorTest method test_getSubjectAlternativeNames.
/**
* java.security.cert.X509CertSelector#getSubjectAlternativeNames()
*/
public void test_getSubjectAlternativeNames() throws Exception {
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralNames sans = new GeneralNames();
sans.addName(san1);
sans.addName(san2);
TestCert cert_1 = new TestCert(sans);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getSubjectAlternativeNames());
selector.setSubjectAlternativeNames(sans.getPairsList());
assertTrue("The certificate should match the selection criteria.", selector.match(cert_1));
selector.getSubjectAlternativeNames().clear();
assertTrue("The modification of initialization object " + "should not affect the modification " + "of internal object.", selector.match(cert_1));
}
use of com.android.org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class X509CertSelectorTest method test_addSubjectAlternativeNameLintLbyte_array2.
/**
* java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[])
*/
public void test_addSubjectAlternativeNameLintLbyte_array2() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
X509CertSelector selector = new X509CertSelector();
selector.addSubjectAlternativeName(0, san0.getEncodedName());
selector.addSubjectAlternativeName(1, san1.getEncodedName());
selector.addSubjectAlternativeName(2, san2.getEncodedName());
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
assertTrue(selector.match(cert1));
assertFalse(selector.match(cert2));
selector.setSubjectAlternativeNames(null);
GeneralName name = new GeneralName(new Name("O=Android"));
try {
selector.addSubjectAlternativeName(0, name.getEncodedName());
} catch (IOException e) {
// ok
}
}
Aggregations