Example 11 with GeneralSubtree
use of com.github.zhenwei.core.asn1.x509.GeneralSubtree in project keystore-explorer by kaikramer.
the class JGeneralSubtrees method editSelectedGeneralSubtree.
private void editSelectedGeneralSubtree() {
int selectedRow = jtGeneralSubtrees.getSelectedRow();
if (selectedRow != -1) {
GeneralSubtree generalSubtree = (GeneralSubtree) jtGeneralSubtrees.getValueAt(selectedRow, 0);
Container container = getTopLevelAncestor();
DGeneralSubtreeChooser dGeneralSubtreeChooser = null;
if (container instanceof JDialog) {
dGeneralSubtreeChooser = new DGeneralSubtreeChooser((JDialog) container, title, generalSubtree);
} else {
dGeneralSubtreeChooser = new DGeneralSubtreeChooser((JFrame) container, title, generalSubtree);
}
dGeneralSubtreeChooser.setLocationRelativeTo(container);
dGeneralSubtreeChooser.setVisible(true);
GeneralSubtree newGeneralSubtree = dGeneralSubtreeChooser.getGeneralSubtree();
if (newGeneralSubtree == null) {
return;
}
generalSubtrees.getGeneralSubtrees().remove(generalSubtree);
generalSubtrees.getGeneralSubtrees().add(newGeneralSubtree);
populate();
selectGeneralSubtreeInTable(newGeneralSubtree);
}
}
Also used :
Container(java.awt.Container)
JFrame(javax.swing.JFrame)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
Point(java.awt.Point)
JDialog(javax.swing.JDialog)
Example 12 with GeneralSubtree
use of com.github.zhenwei.core.asn1.x509.GeneralSubtree in project xipki by xipki.
the class H2nChecker method checkExtnNameConstraintsSubtrees.
// method checkExtnNameConstraints
private void checkExtnNameConstraintsSubtrees(StringBuilder failureMsg, String description, GeneralSubtree[] subtrees, List<GeneralSubtreeType> expectedSubtrees) {
int isSize = (subtrees == null) ? 0 : subtrees.length;
int expSize = (expectedSubtrees == null) ? 0 : expectedSubtrees.size();
if (isSize != expSize) {
addViolation(failureMsg, "size of " + description, isSize, expSize);
return;
}
if (subtrees == null || expectedSubtrees == null) {
return;
}
for (int i = 0; i < isSize; i++) {
GeneralSubtree isSubtree = subtrees[i];
GeneralSubtreeType expSubtree = expectedSubtrees.get(i);
BigInteger bigInt = isSubtree.getMinimum();
int isMinimum = (bigInt == null) ? 0 : bigInt.intValue();
Integer minimum = expSubtree.getMinimum();
int expMinimum = (minimum == null) ? 0 : minimum.intValue();
String desc = description + " [" + i + "]";
if (isMinimum != expMinimum) {
addViolation(failureMsg, "minimum of " + desc, isMinimum, expMinimum);
}
bigInt = isSubtree.getMaximum();
Integer isMaximum = (bigInt == null) ? null : bigInt.intValue();
Integer expMaximum = expSubtree.getMaximum();
if (!CompareUtil.equalsObject(isMaximum, expMaximum)) {
addViolation(failureMsg, "maxmum of " + desc, isMaximum, expMaximum);
}
GeneralName isBase = isSubtree.getBase();
Base expBase0 = expSubtree.getBase();
GeneralName expBase;
if (expSubtree.getBase().getDirectoryName() != null) {
expBase = new GeneralName(X509Util.reverse(new X500Name(expBase0.getDirectoryName())));
} else if (expBase0.getDnsName() != null) {
expBase = new GeneralName(GeneralName.dNSName, expBase0.getDnsName());
} else if (expBase0.getIpAddress() != null) {
expBase = new GeneralName(GeneralName.iPAddress, expBase0.getIpAddress());
} else if (expBase0.getRfc822Name() != null) {
expBase = new GeneralName(GeneralName.rfc822Name, expBase0.getRfc822Name());
} else if (expBase0.getUri() != null) {
expBase = new GeneralName(GeneralName.uniformResourceIdentifier, expBase0.getUri());
} else {
throw new IllegalStateException("should not reach here, unknown child of GeneralName");
}
if (!isBase.equals(expBase)) {
addViolation(failureMsg, "base of " + desc, isBase, expBase);
}
}
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
BigInteger(java.math.BigInteger)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralSubtreeType(org.xipki.ca.certprofile.xijson.conf.GeneralSubtreeType)
Base(org.xipki.ca.certprofile.xijson.conf.GeneralSubtreeType.Base)
Example 13 with GeneralSubtree
use of com.github.zhenwei.core.asn1.x509.GeneralSubtree in project xipki by xipki.
the class NameConstraints method buildGeneralSubtree.
// method buildGeneralSubtrees
private static GeneralSubtree buildGeneralSubtree(GeneralSubtreeType type) throws CertprofileException {
Args.notNull(type, "type");
GeneralSubtreeType.Base baseType = type.getBase();
GeneralName base;
if (baseType.getDirectoryName() != null) {
base = new GeneralName(X509Util.reverse(new X500Name(baseType.getDirectoryName())));
} else if (baseType.getDnsName() != null) {
base = new GeneralName(GeneralName.dNSName, baseType.getDnsName());
} else if (baseType.getIpAddress() != null) {
base = new GeneralName(GeneralName.iPAddress, baseType.getIpAddress());
} else if (baseType.getRfc822Name() != null) {
base = new GeneralName(GeneralName.rfc822Name, baseType.getRfc822Name());
} else if (baseType.getUri() != null) {
base = new GeneralName(GeneralName.uniformResourceIdentifier, baseType.getUri());
} else {
throw new IllegalStateException("should not reach here, unknown child of GeneralSubtreeType");
}
Integer min = type.getMinimum();
if (min != null && min < 0) {
throw new CertprofileException("negative minimum is not allowed: " + min);
}
BigInteger minimum = (min == null) ? null : BigInteger.valueOf(min);
Integer max = type.getMaximum();
if (max != null && max < 0) {
throw new CertprofileException("negative maximum is not allowed: " + max);
}
BigInteger maximum = (max == null) ? null : BigInteger.valueOf(max);
return new GeneralSubtree(base, minimum, maximum);
}
Also used :
BigInteger(java.math.BigInteger)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
Example 14 with GeneralSubtree
use of com.github.zhenwei.core.asn1.x509.GeneralSubtree in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method checkNameConstraints.
private void checkNameConstraints() {
X509Certificate cert = null;
//
// Setup
//
// (b) and (c)
PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator();
//
// process each certificate except the last in the path
//
int index;
int i;
try {
for (index = certs.size() - 1; index > 0; index--) {
i = n - index;
//
// certificate processing
//
cert = (X509Certificate) certs.get(index);
if (!isSelfIssued(cert)) {
X500Principal principal = getSubjectPrincipal(cert);
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded()));
ASN1Sequence dns;
try {
dns = (ASN1Sequence) aIn.readObject();
} catch (IOException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncSubjectNameError", new Object[] { new UntrustedInput(principal) });
throw new CertPathReviewerException(msg, e, certPath, index);
}
try {
nameConstraintValidator.checkPermittedDN(dns);
} catch (PKIXNameConstraintValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[] { new UntrustedInput(principal.getName()) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
try {
nameConstraintValidator.checkExcludedDN(dns);
} catch (PKIXNameConstraintValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[] { new UntrustedInput(principal.getName()) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
ASN1Sequence altName;
try {
altName = (ASN1Sequence) getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.subjAltNameExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (altName != null) {
for (int j = 0; j < altName.size(); j++) {
GeneralName name = GeneralName.getInstance(altName.getObjectAt(j));
try {
nameConstraintValidator.checkPermitted(name);
nameConstraintValidator.checkExcluded(name);
} catch (PKIXNameConstraintValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedEmail", new Object[] { new UntrustedInput(name) });
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
// switch(o.getTagNo()) TODO - move resources to PKIXNameConstraints
// {
// case 1:
// String email = DERIA5String.getInstance(o, true).getString();
//
// try
// {
// checkPermittedEmail(permittedSubtreesEmail, email);
// }
// catch (CertPathValidatorException cpve)
// {
// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail",
// new Object[] {new UntrustedInput(email)});
// throw new CertPathReviewerException(msg,cpve,certPath,index);
// }
//
// try
// {
// checkExcludedEmail(excludedSubtreesEmail, email);
// }
// catch (CertPathValidatorException cpve)
// {
// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedEmail",
// new Object[] {new UntrustedInput(email)});
// throw new CertPathReviewerException(msg,cpve,certPath,index);
// }
//
// break;
// case 4:
// ASN1Sequence altDN = ASN1Sequence.getInstance(o, true);
//
// try
// {
// checkPermittedDN(permittedSubtreesDN, altDN);
// }
// catch (CertPathValidatorException cpve)
// {
// X509Name altDNName = new X509Name(altDN);
// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN",
// new Object[] {new UntrustedInput(altDNName)});
// throw new CertPathReviewerException(msg,cpve,certPath,index);
// }
//
// try
// {
// checkExcludedDN(excludedSubtreesDN, altDN);
// }
// catch (CertPathValidatorException cpve)
// {
// X509Name altDNName = new X509Name(altDN);
// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN",
// new Object[] {new UntrustedInput(altDNName)});
// throw new CertPathReviewerException(msg,cpve,certPath,index);
// }
//
// break;
// case 7:
// byte[] ip = ASN1OctetString.getInstance(o, true).getOctets();
//
// try
// {
// checkPermittedIP(permittedSubtreesIP, ip);
// }
// catch (CertPathValidatorException cpve)
// {
// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedIP",
// new Object[] {IPtoString(ip)});
// throw new CertPathReviewerException(msg,cpve,certPath,index);
// }
//
// try
// {
// checkExcludedIP(excludedSubtreesIP, ip);
// }
// catch (CertPathValidatorException cpve)
// {
// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedIP",
// new Object[] {IPtoString(ip)});
// throw new CertPathReviewerException(msg,cpve,certPath,index);
// }
// }
}
}
}
//
// prepare for next certificate
//
//
// (g) handle the name constraints extension
//
ASN1Sequence ncSeq;
try {
ncSeq = (ASN1Sequence) getExtensionValue(cert, NAME_CONSTRAINTS);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (ncSeq != null) {
NameConstraints nc = NameConstraints.getInstance(ncSeq);
//
// (g) (1) permitted subtrees
//
GeneralSubtree[] permitted = nc.getPermittedSubtrees();
if (permitted != null) {
nameConstraintValidator.intersectPermittedSubtree(permitted);
}
//
// (g) (2) excluded subtrees
//
GeneralSubtree[] excluded = nc.getExcludedSubtrees();
if (excluded != null) {
for (int c = 0; c != excluded.length; c++) {
nameConstraintValidator.addExcludedSubtree(excluded[c]);
}
}
}
}
// for
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage(), cpre.getIndex());
}
}
Also used :
ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream)
NameConstraints(com.github.zhenwei.core.asn1.x509.NameConstraints)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PKIXNameConstraintValidatorException(com.github.zhenwei.provider.jce.provider.PKIXNameConstraintValidatorException)
PKIXNameConstraintValidator(com.github.zhenwei.provider.jce.provider.PKIXNameConstraintValidator)
X500Principal(javax.security.auth.x500.X500Principal)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
GeneralSubtree(com.github.zhenwei.core.asn1.x509.GeneralSubtree)
UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 15 with GeneralSubtree
use of com.github.zhenwei.core.asn1.x509.GeneralSubtree in project XobotOS by xamarin.
the class PKIXNameConstraintValidator method intersectPermittedSubtree.
/**
* Updates the permitted set of these name constraints with the intersection
* with the given subtree.
*
* @param permitted The permitted subtrees
*/
public void intersectPermittedSubtree(ASN1Sequence permitted) {
Map subtreesMap = new HashMap();
// group in sets in a map ordered by tag no.
for (Enumeration e = permitted.getObjects(); e.hasMoreElements(); ) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
// BEGIN android-changed
Integer tagNo = Integer.valueOf(subtree.getBase().getTagNo());
// END android-changed
if (subtreesMap.get(tagNo) == null) {
subtreesMap.put(tagNo, new HashSet());
}
((Set) subtreesMap.get(tagNo)).add(subtree);
}
for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext(); ) {
Map.Entry entry = (Map.Entry) it.next();
// go through all subtree groups
switch(((Integer) entry.getKey()).intValue()) {
case 1:
permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, (Set) entry.getValue());
break;
case 2:
permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (Set) entry.getValue());
break;
case 4:
permittedSubtreesDN = intersectDN(permittedSubtreesDN, (Set) entry.getValue());
break;
case 6:
permittedSubtreesURI = intersectURI(permittedSubtreesURI, (Set) entry.getValue());
break;
case 7:
permittedSubtreesIP = intersectIP(permittedSubtreesIP, (Set) entry.getValue());
}
}
}
Also used :
Enumeration(java.util.Enumeration)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)18
BigInteger (java.math.BigInteger)7
GeneralName (org.bouncycastle.asn1.x509.GeneralName)6
NameConstraints (org.bouncycastle.asn1.x509.NameConstraints)6
IOException (java.io.IOException)5
X509Certificate (java.security.cert.X509Certificate)5
HashSet (java.util.HashSet)4
Iterator (java.util.Iterator)4
Set (java.util.Set)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
GeneralSecurityException (java.security.GeneralSecurityException)3
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)3
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)3
ASN1IA5String (com.github.zhenwei.core.asn1.ASN1IA5String)2
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)2
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)2
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)2
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)2
GeneralSubtree (com.github.zhenwei.core.asn1.x509.GeneralSubtree)2
