use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.
the class P12ComplexCsrGenCmd method createComplexGeneralNames.
private static GeneralNames createComplexGeneralNames(String prefix) {
List<GeneralName> list = new LinkedList<>();
// otherName
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1ObjectIdentifier("1.2.3.1"));
vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1")));
list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
vec = new ASN1EncodableVector();
vec.add(new ASN1ObjectIdentifier("1.2.3.2"));
vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2")));
list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
// rfc822Name
list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org"));
// dNSName
list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org"));
// directoryName
list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE")));
// ediPartyName
vec = new ASN1EncodableVector();
vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1")));
vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1")));
list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec)));
// uniformResourceIdentifier
list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org"));
// iPAddress
list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190"));
// registeredID
list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5"));
return new GeneralNames(list.toArray(new GeneralName[0]));
}
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.
the class CaUtil method createCrlDistributionPoints.
public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) {
ParamUtil.requireNonEmpty("crlUris", crlUris);
int size = crlUris.size();
DistributionPoint[] points = new DistributionPoint[1];
GeneralName[] names = new GeneralName[size];
for (int i = 0; i < size; i++) {
names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i));
}
// Distribution Point
GeneralNames gns = new GeneralNames(names);
DistributionPointName pointName = new DistributionPointName(gns);
GeneralNames crlIssuer = null;
if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) {
GeneralName crlIssuerName = new GeneralName(crlSignerSubject);
crlIssuer = new GeneralNames(crlIssuerName);
}
points[0] = new DistributionPoint(pointName, null, crlIssuer);
return new CRLDistPoint(points);
}
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method checkExtensionSubjectAltName.
// method checkExtensionSubjectDirectoryAttributes
private void checkExtensionSubjectAltName(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl, X500Name requestedSubject) {
Set<GeneralNameMode> conf = certProfile.getSubjectAltNameModes();
GeneralName[] requested;
try {
requested = getRequestedSubjectAltNames(requestedSubject, requestedExtensions);
} catch (CertprofileException | BadCertTemplateException ex) {
String msg = "error while derive grantedSubject from requestedSubject";
LogUtil.warn(LOG, ex, msg);
failureMsg.append(msg);
return;
}
if (requested == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
GeneralName[] is = GeneralNames.getInstance(extensionValue).getNames();
GeneralName[] expected = new GeneralName[requested.length];
for (int i = 0; i < is.length; i++) {
try {
expected[i] = createGeneralName(is[i], conf);
} catch (BadCertTemplateException ex) {
failureMsg.append("could not process ").append(i + 1).append("-th name: ").append(ex.getMessage()).append("; ");
return;
}
}
if (is.length != expected.length) {
addViolation(failureMsg, "size of GeneralNames", is.length, expected.length);
return;
}
for (int i = 0; i < is.length; i++) {
if (!is[i].equals(expected[i])) {
failureMsg.append(i + 1).append("-th name does not match the requested one; ");
}
}
}
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method checkExtensionCrlDistributionPoints.
// method checkExtensionIssuerAltNames
private void checkExtensionCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints", asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of CRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method checkExtensionDeltaCrlDistributionPoints.
// method checkExtensionCrlDistributionPoints
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
Aggregations