Search in sources :

Example 71 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class X509CertSelectorTest method test_setSubjectAlternativeNamesLjava_util_Collection.

/**
     * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>)
     */
public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralName san3 = new GeneralName(new ORAddress());
    GeneralName san4 = new GeneralName(new Name("O=Organization"));
    GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
    GeneralName san7 = new GeneralName(7, "1.1.1.1");
    GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    sans1.addName(san3);
    sans1.addName(san4);
    sans1.addName(san6);
    sans1.addName(san7);
    sans1.addName(san8);
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    X509CertSelector selector = new X509CertSelector();
    selector.setMatchAllSubjectAltNames(true);
    selector.setSubjectAlternativeNames(null);
    assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
    Collection<List<?>> sans = sans1.getPairsList();
    selector.setSubjectAlternativeNames(sans);
    selector.getSubjectAlternativeNames();
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.apache.harmony.security.x509.GeneralName) ORAddress(org.apache.harmony.security.x509.ORAddress) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 72 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class X509CertSelectorTest method test_addSubjectAlternativeNameLintLjava_lang_String2.

/**
     * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String)
     */
public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception {
    GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san6);
    sans1.addName(san2);
    X509CertSelector selector = new X509CertSelector();
    selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id");
    selector.addSubjectAlternativeName(2, "dNSName");
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san2);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    assertTrue(selector.match(cert1));
    assertFalse(selector.match(cert2));
    selector.setSubjectAlternativeNames(null);
    GeneralName name = new GeneralName(new Name("O=Android"));
    try {
        selector.addSubjectAlternativeName(0, (name.toString()));
    } catch (IOException e) {
    // ok
    }
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName) IOException(java.io.IOException) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 73 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class X509CertSelectorTest method test_setPathToNamesLjava_util_Collection.

/**
     * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>)
     */
public void test_setPathToNamesLjava_util_Collection() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralName san3 = new GeneralName(new ORAddress());
    GeneralName san4 = new GeneralName(new Name("O=Organization"));
    GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
    GeneralName san7 = new GeneralName(7, "1.1.1.1");
    GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    sans1.addName(san3);
    sans1.addName(san4);
    sans1.addName(san6);
    sans1.addName(san7);
    sans1.addName(san8);
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    X509CertSelector selector = new X509CertSelector();
    selector.setMatchAllSubjectAltNames(true);
    selector.setPathToNames(null);
    assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
    Collection<List<?>> sans = sans1.getPairsList();
    selector.setPathToNames(sans);
    selector.getPathToNames();
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.apache.harmony.security.x509.GeneralName) ORAddress(org.apache.harmony.security.x509.ORAddress) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 74 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class RFC3280CertPathUtilities method checkCRLs.

/**
     * Checks a certificate if it is revoked.
     *
     * @param paramsPKIX       PKIX parameters.
     * @param cert             Certificate to check if it is revoked.
     * @param validDate        The date when the certificate revocation status should be
     *                         checked.
     * @param sign             The issuer certificate of the certificate <code>cert</code>.
     * @param workingPublicKey The public key of the issuer certificate <code>sign</code>.
     * @param certPathCerts    The certificates of the certification path.
     * @throws AnnotatedException if the certificate is revoked or the status cannot be checked
     *                            or some error occurs.
     */
protected static void checkCRLs(ExtendedPKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, List certPathCerts) throws AnnotatedException {
    AnnotatedException lastException = null;
    CRLDistPoint crldp = null;
    try {
        crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS));
    } catch (Exception e) {
        throw new AnnotatedException("CRL distribution point extension could not be read.", e);
    }
    try {
        CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX);
    } catch (AnnotatedException e) {
        throw new AnnotatedException("No additional CRL locations could be decoded from CRL distribution point extension.", e);
    }
    CertStatus certStatus = new CertStatus();
    ReasonsMask reasonsMask = new ReasonsMask();
    boolean validCrlFound = false;
    // for each distribution point
    if (crldp != null) {
        DistributionPoint[] dps = null;
        try {
            dps = crldp.getDistributionPoints();
        } catch (Exception e) {
            throw new AnnotatedException("Distribution points could not be read.", e);
        }
        if (dps != null) {
            for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++) {
                ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
                try {
                    checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
                    validCrlFound = true;
                } catch (AnnotatedException e) {
                    lastException = e;
                }
            }
        }
    }
    if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons()) {
        try {
            /*
                 * assume a DP with both the reasons and the cRLIssuer fields
                 * omitted and a distribution point name of the certificate
                 * issuer.
                 */
            ASN1Primitive issuer = null;
            try {
                issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()).readObject();
            } catch (Exception e) {
                throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e);
            }
            DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(GeneralName.directoryName, issuer))), null, null);
            ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
            checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
            validCrlFound = true;
        } catch (AnnotatedException e) {
            lastException = e;
        }
    }
    if (!validCrlFound) {
        if (lastException instanceof AnnotatedException) {
            throw lastException;
        }
        throw new AnnotatedException("No valid CRL found.", lastException);
    }
    if (certStatus.getCertStatus() != CertStatus.UNREVOKED) {
        String message = "Certificate revocation after " + certStatus.getRevocationDate();
        message += ", reason: " + crlReasons[certStatus.getCertStatus()];
        throw new AnnotatedException(message);
    }
    if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED) {
        certStatus.setCertStatus(CertStatus.UNDETERMINED);
    }
    if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) {
        throw new AnnotatedException("Certificate status could not be determined.");
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 75 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project jdk8u_jdk by JetBrains.

the class NamedBitList method main.

public static void main(String[] args) throws Exception {
    boolean[] bb = (new boolean[] { true, false, true, false, false, false });
    GeneralNames gns = new GeneralNames();
    gns.add(new GeneralName(new DNSName("dns")));
    DerOutputStream out;
    // length should be 5 since only {T,F,T} should be encoded
    KeyUsageExtension x1 = new KeyUsageExtension(bb);
    check(new DerValue(x1.getExtensionValue()).getUnalignedBitString().length(), 3);
    NetscapeCertTypeExtension x2 = new NetscapeCertTypeExtension(bb);
    check(new DerValue(x2.getExtensionValue()).getUnalignedBitString().length(), 3);
    ReasonFlags r = new ReasonFlags(bb);
    out = new DerOutputStream();
    r.encode(out);
    check(new DerValue(out.toByteArray()).getUnalignedBitString().length(), 3);
    // Read sun.security.x509.DistributionPoint for ASN.1 definition
    DistributionPoint dp = new DistributionPoint(gns, bb, gns);
    out = new DerOutputStream();
    dp.encode(out);
    DerValue v = new DerValue(out.toByteArray());
    // skip distributionPoint
    v.data.getDerValue();
    // read reasons
    DerValue v2 = v.data.getDerValue();
    // reset to BitString since it's context-specfic[1] encoded
    v2.resetTag(DerValue.tag_BitString);
    // length should be 5 since only {T,F,T} should be encoded
    check(v2.getUnalignedBitString().length(), 3);
    BitArray ba;
    ba = new BitArray(new boolean[] { false, false, false });
    check(ba.length(), 3);
    ba = ba.truncate();
    check(ba.length(), 1);
    ba = new BitArray(new boolean[] { true, true, true, true, true, true, true, true, false, false });
    check(ba.length(), 10);
    check(ba.toByteArray().length, 2);
    ba = ba.truncate();
    check(ba.length(), 8);
    check(ba.toByteArray().length, 1);
    ba = new BitArray(new boolean[] { true, true, true, true, true, true, true, true, true, false });
    check(ba.length(), 10);
    check(ba.toByteArray().length, 2);
    ba = ba.truncate();
    check(ba.length(), 9);
    check(ba.toByteArray().length, 2);
}
Also used : GeneralNames(sun.security.x509.GeneralNames) DerOutputStream(sun.security.util.DerOutputStream) ReasonFlags(sun.security.x509.ReasonFlags) DerValue(sun.security.util.DerValue) GeneralName(sun.security.x509.GeneralName) DistributionPoint(sun.security.x509.DistributionPoint) BitArray(sun.security.util.BitArray) DNSName(sun.security.x509.DNSName) NetscapeCertTypeExtension(sun.security.x509.NetscapeCertTypeExtension) KeyUsageExtension(sun.security.x509.KeyUsageExtension)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)87 GeneralName (org.bouncycastle.asn1.x509.GeneralName)75 IOException (java.io.IOException)36 X509Certificate (java.security.cert.X509Certificate)27 X500Name (org.bouncycastle.asn1.x500.X500Name)25 ArrayList (java.util.ArrayList)21 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)21 ContentSigner (org.bouncycastle.operator.ContentSigner)20 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)19 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)18 BigInteger (java.math.BigInteger)17 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)17 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)17 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)16 DERIA5String (org.bouncycastle.asn1.DERIA5String)15 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)15 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)15 X500Principal (javax.security.auth.x500.X500Principal)14 GeneralNames (sun.security.x509.GeneralNames)14 List (java.util.List)13