Search in sources :

Example 11 with NameConstraints

use of com.github.zhenwei.core.asn1.x509.NameConstraints in project keystore-explorer by kaikramer.

the class X509Ext method getNameConstraintsStringValue.

private static String getNameConstraintsStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * NameConstraints ::= ASN1Sequence { permittedSubtrees [0]
		 * GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees
		 * OPTIONAL }
		 *
		 * GeneralSubtrees ::= ASN1Sequence SIZE (1..MAX) OF GeneralSubtree
		 *
		 * GeneralSubtree ::= ASN1Sequence { base GeneralName, minimum [0]
		 * BaseDistance DEFAULT nodistance, maximum [1] BaseDistance OPTIONAL }
		 *
		 * BaseDistance ::= ASN1Integer {nodistance(0) } (0..MAX)
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    NameConstraints nameConstraints = NameConstraints.getInstance(value);
    GeneralSubtrees permittedSubtrees = null;
    if (nameConstraints.getPermittedSubtrees() != null && nameConstraints.getPermittedSubtrees().length != 0) {
        permittedSubtrees = new GeneralSubtrees(nameConstraints.getPermittedSubtrees());
    }
    sb.append(res.getString("PermittedSubtrees"));
    if (permittedSubtrees == null) {
        sb.append(" ").append(res.getString("NoValue"));
        sb.append(NEWLINE);
    } else {
        sb.append(NEWLINE);
        int permitted = 0;
        for (GeneralSubtree permittedSubtree : permittedSubtrees.getGeneralSubtrees()) {
            permitted++;
            sb.append(INDENT);
            sb.append(MessageFormat.format(res.getString("PermittedSubtree"), permitted));
            sb.append(NEWLINE);
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(res.getString("Base"));
            sb.append(NEWLINE);
            GeneralName base = permittedSubtree.getBase();
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(GeneralNameUtil.toString(base));
            sb.append(NEWLINE);
            BigInteger minimum = permittedSubtree.getMinimum();
            // Default 'nodistance' value
            int minimumInt = 0;
            if (minimum != null) {
                minimumInt = minimum.intValue();
            }
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(MessageFormat.format(res.getString("Minimum"), minimumInt));
            sb.append(NEWLINE);
            BigInteger maximum = permittedSubtree.getMaximum();
            if (maximum != null) {
                int maximumInt = maximum.intValue();
                sb.append(INDENT);
                sb.append(INDENT);
                sb.append(MessageFormat.format(res.getString("Maximum"), maximumInt));
                sb.append(NEWLINE);
            }
        }
    }
    GeneralSubtree[] excludedSubtreeArray = nameConstraints.getExcludedSubtrees();
    sb.append(res.getString("ExcludedSubtrees"));
    if (excludedSubtreeArray == null) {
        // Optional
        sb.append(" ").append(res.getString("NoValue"));
        sb.append(NEWLINE);
    } else {
        GeneralSubtrees excludedSubtrees = new GeneralSubtrees(excludedSubtreeArray);
        sb.append(NEWLINE);
        int excluded = 0;
        for (GeneralSubtree excludedSubtree : excludedSubtrees.getGeneralSubtrees()) {
            excluded++;
            sb.append(INDENT);
            sb.append(MessageFormat.format(res.getString("ExcludedSubtree"), excluded));
            sb.append(NEWLINE);
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(res.getString("Base"));
            sb.append(NEWLINE);
            GeneralName base = excludedSubtree.getBase();
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(GeneralNameUtil.toString(base));
            sb.append(NEWLINE);
            BigInteger minimum = excludedSubtree.getMinimum();
            int minimumInt = minimum.intValue();
            sb.append(INDENT);
            sb.append(INDENT);
            sb.append(MessageFormat.format(res.getString("Minimum"), minimumInt));
            sb.append(NEWLINE);
            BigInteger maximum = excludedSubtree.getMaximum();
            if (maximum != null) {
                int maximumInt = maximum.intValue();
                sb.append(INDENT);
                sb.append(INDENT);
                sb.append(MessageFormat.format(res.getString("Maximum"), maximumInt));
                sb.append(NEWLINE);
            }
        }
    }
    return sb.toString();
}
Also used : NameConstraints(org.bouncycastle.asn1.x509.NameConstraints) BigInteger(java.math.BigInteger) GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree) GeneralName(org.bouncycastle.asn1.x509.GeneralName) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 12 with NameConstraints

use of com.github.zhenwei.core.asn1.x509.NameConstraints in project keystore-explorer by kaikramer.

the class DNameConstraints method okPressed.

private void okPressed() {
    List<GeneralSubtree> permittedSubtrees = jgsPermittedSubtrees.getGeneralSubtrees().getGeneralSubtrees();
    List<GeneralSubtree> excludedSubtrees = jgsExcludedSubtrees.getGeneralSubtrees().getGeneralSubtrees();
    GeneralSubtree[] permittedSubtreesArray = permittedSubtrees.toArray(new GeneralSubtree[permittedSubtrees.size()]);
    GeneralSubtree[] excludedSubtreesArray = excludedSubtrees.toArray(new GeneralSubtree[excludedSubtrees.size()]);
    NameConstraints nameConstraints = new NameConstraints(permittedSubtreesArray, excludedSubtreesArray);
    try {
        value = nameConstraints.getEncoded(ASN1Encoding.DER);
    } catch (IOException e) {
        DError.displayError(this, e);
        return;
    }
    closeDialog();
}
Also used : NameConstraints(org.bouncycastle.asn1.x509.NameConstraints) GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree) IOException(java.io.IOException)

Example 13 with NameConstraints

use of com.github.zhenwei.core.asn1.x509.NameConstraints in project LinLong-Java by zhenwei1108.

the class RFC3280CertPathUtilities method prepareNextCertG.

protected static void prepareNextCertG(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    // 
    // (g) handle the name constraints extension
    // 
    NameConstraints nc = null;
    try {
        ASN1Sequence ncSeq = ASN1Sequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.NAME_CONSTRAINTS));
        if (ncSeq != null) {
            nc = NameConstraints.getInstance(ncSeq);
        }
    } catch (Exception e) {
        throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath, index);
    }
    if (nc != null) {
        // 
        // (g) (1) permitted subtrees
        // 
        GeneralSubtree[] permitted = nc.getPermittedSubtrees();
        if (permitted != null) {
            try {
                nameConstraintValidator.intersectPermittedSubtree(permitted);
            } catch (Exception ex) {
                throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index);
            }
        }
        // 
        // (g) (2) excluded subtrees
        // 
        GeneralSubtree[] excluded = nc.getExcludedSubtrees();
        if (excluded != null) {
            for (int i = 0; i != excluded.length; i++) {
                try {
                    nameConstraintValidator.addExcludedSubtree(excluded[i]);
                } catch (Exception ex) {
                    throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index);
                }
            }
        }
    }
}
Also used : NameConstraints(com.github.zhenwei.core.asn1.x509.NameConstraints) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) GeneralSubtree(com.github.zhenwei.core.asn1.x509.GeneralSubtree) X509Certificate(java.security.cert.X509Certificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)

Aggregations

IOException (java.io.IOException)7 ArrayList (java.util.ArrayList)6 List (java.util.List)6 GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)6 NameConstraints (org.bouncycastle.asn1.x509.NameConstraints)6 X509Certificate (java.security.cert.X509Certificate)5 Date (java.util.Date)4 GeneralSecurityException (java.security.GeneralSecurityException)3 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)2 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)2 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)2 GeneralSubtree (com.github.zhenwei.core.asn1.x509.GeneralSubtree)2 IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)2 NameConstraints (com.github.zhenwei.core.asn1.x509.NameConstraints)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 BigInteger (java.math.BigInteger)2 CertPathBuilderException (java.security.cert.CertPathBuilderException)2 CertPathValidatorException (java.security.cert.CertPathValidatorException)2 CertificateExpiredException (java.security.cert.CertificateExpiredException)2