Examples with DistributionPointName com.github.zhenwei.core.asn1.x509.DistributionPointName used on opensource projects

Search in sources :

Example 31 with DistributionPointName

use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project xipki by xipki.

the class ExtensionsChecker method checkExtensionCrlDistributionPoints.

// method checkExtensionIssuerAltNames
private void checkExtensionCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
    CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
    DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
    if (isDistributionPoints == null) {
        addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
        return;
    } else {
        int len = isDistributionPoints.length;
        if (len != 1) {
            addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
            return;
        }
    }
    Set<String> isCrlUrls = new HashSet<>();
    for (DistributionPoint entry : isDistributionPoints) {
        int asn1Type = entry.getDistributionPoint().getType();
        if (asn1Type != DistributionPointName.FULL_NAME) {
            addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints", asn1Type, DistributionPointName.FULL_NAME);
            continue;
        }
        GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
        GeneralName[] names = isDistributionPointNames.getNames();
        for (int i = 0; i < names.length; i++) {
            GeneralName name = names[i];
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                addViolation(failureMsg, "tag of CRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
            } else {
                String uri = ((ASN1String) name.getName()).getString();
                isCrlUrls.add(uri);
            }
        }
        Set<String> expCrlUrls = issuerInfo.getCrlUrls();
        Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(isCrlUrls, expCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
        }
    }
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1String(org.bouncycastle.asn1.ASN1String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 32 with DistributionPointName

use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project xipki by xipki.

the class ExtensionsChecker method checkExtensionDeltaCrlDistributionPoints.

// method checkExtensionCrlDistributionPoints
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
    CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
    DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
    if (isDistributionPoints == null) {
        addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
        return;
    } else {
        int len = isDistributionPoints.length;
        if (len != 1) {
            addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
            return;
        }
    }
    Set<String> isCrlUrls = new HashSet<>();
    for (DistributionPoint entry : isDistributionPoints) {
        int asn1Type = entry.getDistributionPoint().getType();
        if (asn1Type != DistributionPointName.FULL_NAME) {
            addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME);
            continue;
        }
        GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
        GeneralName[] names = isDistributionPointNames.getNames();
        for (int i = 0; i < names.length; i++) {
            GeneralName name = names[i];
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
            } else {
                String uri = ((ASN1String) name.getName()).getString();
                isCrlUrls.add(uri);
            }
        }
        Set<String> expCrlUrls = issuerInfo.getCrlUrls();
        Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(isCrlUrls, expCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
        }
    }
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1String(org.bouncycastle.asn1.ASN1String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 33 with DistributionPointName

use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project certmgr by hdecarne.

the class ASN1DataTest method testDistributionPoint.

/**
 * Test encoding & decoding of {@link DistributionPoint} object.
 */
@Test
public void testDistributionPoint() {
    try {
        // DistributionPointName based
        GeneralNames in1FullName = new GeneralNames();
        StringName in1NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
        DirectoryName in1NameB = new DirectoryName(new X500Principal("CN=localhost"));
        in1FullName.addName(in1NameA);
        in1FullName.addName(in1NameB);
        DistributionPointName in1Name = new DistributionPointName(in1FullName);
        DistributionPoint in1 = new DistributionPoint(in1Name);
        byte[] in1Encoded = in1.getEncoded();
        DistributionPoint out1 = DistributionPoint.decode(decodeBytes(in1Encoded));
        byte[] out1Encoded = out1.getEncoded();
        Assert.assertArrayEquals(in1Encoded, out1Encoded);
        // GeneralName based
        GeneralNames in2CrlIssuers = new GeneralNames();
        StringName in2NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
        DirectoryName in2NameB = new DirectoryName(new X500Principal("CN=localhost"));
        in1FullName.addName(in2NameA);
        in1FullName.addName(in2NameB);
        DistributionPoint in2 = new DistributionPoint(in2CrlIssuers);
        byte[] in2Encoded = in2.encode().toASN1Primitive().getEncoded();
        DistributionPoint out2 = DistributionPoint.decode(decodeBytes(in2Encoded));
        byte[] out2Encoded = out2.encode().toASN1Primitive().getEncoded();
        Assert.assertArrayEquals(in2Encoded, out2Encoded);
    } catch (IOException e) {
        e.printStackTrace();
        Assert.fail(e.getLocalizedMessage());
    }
}
Also used : GeneralNames(de.carne.certmgr.certs.x509.GeneralNames) StringName(de.carne.certmgr.certs.x509.StringName) DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName) X500Principal(javax.security.auth.x500.X500Principal) DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint) IOException(java.io.IOException) DirectoryName(de.carne.certmgr.certs.x509.DirectoryName) Test(org.junit.Test)

Example 34 with DistributionPointName

use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project keystore-explorer by kaikramer.

the class X509Ext method getDistributionPointString.

private static String getDistributionPointString(DistributionPoint distributionPoint, String baseIndent) throws IOException {
    // @formatter:off
    /*
		 * DistributionPoint ::= ASN1Sequence {
		 * 		distributionPoint [0] DistributionPointName OPTIONAL,
		 * 		reasons [1] ReasonFlags OPTIONAL,
		 * 		cRLIssuer [2] GeneralNames OPTIONAL
		 * }
		 *
		 * GeneralNames ::= ASN1Sequence SIZE (1..MAX) OF GeneralName
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
    ReasonFlags reasons = distributionPoint.getReasons();
    GeneralNames crlIssuer = distributionPoint.getCRLIssuer();
    if (distributionPointName != null) {
        // Optional
        sb.append(getDistributionPointNameString(distributionPointName, baseIndent));
    }
    if (reasons != null) {
        // Optional
        sb.append(baseIndent);
        sb.append(res.getString("DistributionPointReasons"));
        sb.append(NEWLINE);
        String[] reasonFlags = getReasonFlagsStrings(reasons);
        for (String reasonFlag : reasonFlags) {
            sb.append(baseIndent);
            sb.append(INDENT);
            sb.append(reasonFlag);
            sb.append(NEWLINE);
        }
    }
    if (crlIssuer != null) {
        // Optional
        sb.append(baseIndent);
        sb.append(res.getString("DistributionPointCrlIssuer"));
        sb.append(NEWLINE);
        for (GeneralName generalName : crlIssuer.getNames()) {
            sb.append(baseIndent);
            sb.append(INDENT);
            sb.append(GeneralNameUtil.toString(generalName));
            sb.append(NEWLINE);
        }
    }
    return sb.toString();
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1BMPString(org.bouncycastle.asn1.ASN1BMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1PrintableString(org.bouncycastle.asn1.ASN1PrintableString) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 35 with DistributionPointName

use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project keystore-explorer by kaikramer.

the class X509Ext method getDistributionPointNameString.

private static String getDistributionPointNameString(DistributionPointName distributionPointName, String baseIndent) throws IOException {
    // @formatter:off
    /*
		 * DistributionPointName ::= CHOICE {
		 * 		fullname [0] GeneralNames,
		 * 		nameRelativeToCRLIssuer [1] RelativeDistinguishedName
		 * }
		 *
		 * RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF
		 * AttributeTypeAndValue
		 *
		 * AttributeTypeAndValue ::= ASN1Sequence { type AttributeType, value
		 * AttributeValue }
		 */
    // @formatter: on
    StringBuilder sb = new StringBuilder();
    sb.append(baseIndent);
    sb.append(res.getString("DistributionPointName"));
    sb.append(NEWLINE);
    if (distributionPointName.getType() == DistributionPointName.FULL_NAME) {
        sb.append(baseIndent);
        sb.append(INDENT);
        sb.append(res.getString("DistributionPointFullName"));
        sb.append(NEWLINE);
        GeneralNames generalNames = GeneralNames.getInstance(distributionPointName.getName());
        for (GeneralName generalName : generalNames.getNames()) {
            sb.append(baseIndent);
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(GeneralNameUtil.toString(generalName));
            sb.append(NEWLINE);
        }
    } else {
        // DistributionPointName.TAG_NAMERELATIVETOCRLISSUER
        sb.append(baseIndent);
        sb.append(INDENT);
        sb.append(res.getString("DistributionPointNameRelativeToCrlIssuer"));
        sb.append(NEWLINE);
        RDN rdn = RDN.getInstance(distributionPointName.getName());
        for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
            ASN1ObjectIdentifier attributeType = attributeTypeAndValue.getType();
            ASN1Encodable attributeValue = attributeTypeAndValue.getValue();
            String attributeTypeStr = getAttributeTypeString(attributeType);
            String attributeValueStr = getAttributeValueString(attributeType, attributeValue);
            sb.append(baseIndent);
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(MessageFormat.format("{0}={1}", attributeTypeStr, attributeValueStr));
            sb.append(NEWLINE);
        }
    }
    return sb.toString();
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERGeneralString(org.bouncycastle.asn1.DERGeneralString) ASN1IA5String(org.bouncycastle.asn1.ASN1IA5String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1BMPString(org.bouncycastle.asn1.ASN1BMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1PrintableString(org.bouncycastle.asn1.ASN1PrintableString) RDN(org.bouncycastle.asn1.x500.RDN) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)30 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)29 GeneralName (org.bouncycastle.asn1.x509.GeneralName)29 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)27 IOException (java.io.IOException)22 ArrayList (java.util.ArrayList)19 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)18 CertPathValidatorException (java.security.cert.CertPathValidatorException)16 GeneralSecurityException (java.security.GeneralSecurityException)13 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)11 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)11 DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)11 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11 DEROctetString (org.bouncycastle.asn1.DEROctetString)11 CertPathBuilderException (java.security.cert.CertPathBuilderException)10 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9 CertStoreException (java.security.cert.CertStoreException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial