Search in sources :

Example 81 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.

the class P12ComplexCsrGenCmd method createComplexGeneralNames.

private static GeneralNames createComplexGeneralNames(String prefix) {
    List<GeneralName> list = new LinkedList<>();
    // otherName
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.1"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.2"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    // rfc822Name
    list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org"));
    // dNSName
    list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org"));
    // directoryName
    list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE")));
    // ediPartyName
    vec = new ASN1EncodableVector();
    vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1")));
    vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1")));
    list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec)));
    // uniformResourceIdentifier
    list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org"));
    // iPAddress
    list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190"));
    // registeredID
    list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5"));
    return new GeneralNames(list.toArray(new GeneralName[0]));
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) LinkedList(java.util.LinkedList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 82 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.

the class CaUtil method createCrlDistributionPoints.

public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) {
    ParamUtil.requireNonEmpty("crlUris", crlUris);
    int size = crlUris.size();
    DistributionPoint[] points = new DistributionPoint[1];
    GeneralName[] names = new GeneralName[size];
    for (int i = 0; i < size; i++) {
        names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i));
    }
    // Distribution Point
    GeneralNames gns = new GeneralNames(names);
    DistributionPointName pointName = new DistributionPointName(gns);
    GeneralNames crlIssuer = null;
    if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) {
        GeneralName crlIssuerName = new GeneralName(crlSignerSubject);
        crlIssuer = new GeneralNames(crlIssuerName);
    }
    points[0] = new DistributionPoint(pointName, null, crlIssuer);
    return new CRLDistPoint(points);
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 83 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.

the class ExtensionsChecker method checkExtensionSubjectAltName.

// method checkExtensionSubjectDirectoryAttributes
private void checkExtensionSubjectAltName(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl, X500Name requestedSubject) {
    Set<GeneralNameMode> conf = certProfile.getSubjectAltNameModes();
    GeneralName[] requested;
    try {
        requested = getRequestedSubjectAltNames(requestedSubject, requestedExtensions);
    } catch (CertprofileException | BadCertTemplateException ex) {
        String msg = "error while derive grantedSubject from requestedSubject";
        LogUtil.warn(LOG, ex, msg);
        failureMsg.append(msg);
        return;
    }
    if (requested == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    GeneralName[] is = GeneralNames.getInstance(extensionValue).getNames();
    GeneralName[] expected = new GeneralName[requested.length];
    for (int i = 0; i < is.length; i++) {
        try {
            expected[i] = createGeneralName(is[i], conf);
        } catch (BadCertTemplateException ex) {
            failureMsg.append("could not process ").append(i + 1).append("-th name: ").append(ex.getMessage()).append("; ");
            return;
        }
    }
    if (is.length != expected.length) {
        addViolation(failureMsg, "size of GeneralNames", is.length, expected.length);
        return;
    }
    for (int i = 0; i < is.length; i++) {
        if (!is[i].equals(expected[i])) {
            failureMsg.append(i + 1).append("-th name does not match the requested one; ");
        }
    }
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) CertprofileException(org.xipki.ca.api.profile.CertprofileException) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 84 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.

the class ExtensionsChecker method checkExtensionCrlDistributionPoints.

// method checkExtensionIssuerAltNames
private void checkExtensionCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
    CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
    DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
    if (isDistributionPoints == null) {
        addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
        return;
    } else {
        int len = isDistributionPoints.length;
        if (len != 1) {
            addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
            return;
        }
    }
    Set<String> isCrlUrls = new HashSet<>();
    for (DistributionPoint entry : isDistributionPoints) {
        int asn1Type = entry.getDistributionPoint().getType();
        if (asn1Type != DistributionPointName.FULL_NAME) {
            addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints", asn1Type, DistributionPointName.FULL_NAME);
            continue;
        }
        GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
        GeneralName[] names = isDistributionPointNames.getNames();
        for (int i = 0; i < names.length; i++) {
            GeneralName name = names[i];
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                addViolation(failureMsg, "tag of CRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
            } else {
                String uri = ((ASN1String) name.getName()).getString();
                isCrlUrls.add(uri);
            }
        }
        Set<String> expCrlUrls = issuerInfo.getCrlUrls();
        Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(isCrlUrls, expCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
        }
    }
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1String(org.bouncycastle.asn1.ASN1String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 85 with GeneralNames

use of com.android.org.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.

the class ExtensionsChecker method checkExtensionDeltaCrlDistributionPoints.

// method checkExtensionCrlDistributionPoints
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
    CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
    DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
    if (isDistributionPoints == null) {
        addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
        return;
    } else {
        int len = isDistributionPoints.length;
        if (len != 1) {
            addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
            return;
        }
    }
    Set<String> isCrlUrls = new HashSet<>();
    for (DistributionPoint entry : isDistributionPoints) {
        int asn1Type = entry.getDistributionPoint().getType();
        if (asn1Type != DistributionPointName.FULL_NAME) {
            addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME);
            continue;
        }
        GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
        GeneralName[] names = isDistributionPointNames.getNames();
        for (int i = 0; i < names.length; i++) {
            GeneralName name = names[i];
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
            } else {
                String uri = ((ASN1String) name.getName()).getString();
                isCrlUrls.add(uri);
            }
        }
        Set<String> expCrlUrls = issuerInfo.getCrlUrls();
        Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(isCrlUrls, expCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
        }
    }
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1String(org.bouncycastle.asn1.ASN1String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)87 GeneralName (org.bouncycastle.asn1.x509.GeneralName)75 IOException (java.io.IOException)36 X509Certificate (java.security.cert.X509Certificate)27 X500Name (org.bouncycastle.asn1.x500.X500Name)25 ArrayList (java.util.ArrayList)21 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)21 ContentSigner (org.bouncycastle.operator.ContentSigner)20 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)19 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)18 BigInteger (java.math.BigInteger)17 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)17 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)17 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)16 DERIA5String (org.bouncycastle.asn1.DERIA5String)15 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)15 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)15 X500Principal (javax.security.auth.x500.X500Principal)14 GeneralNames (sun.security.x509.GeneralNames)14 List (java.util.List)13