Example 11 with NameConstraints
use of com.github.zhenwei.core.asn1.x509.NameConstraints in project keystore-explorer by kaikramer.
the class X509Ext method getNameConstraintsStringValue.
private static String getNameConstraintsStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* NameConstraints ::= ASN1Sequence { permittedSubtrees [0]
* GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees
* OPTIONAL }
*
* GeneralSubtrees ::= ASN1Sequence SIZE (1..MAX) OF GeneralSubtree
*
* GeneralSubtree ::= ASN1Sequence { base GeneralName, minimum [0]
* BaseDistance DEFAULT nodistance, maximum [1] BaseDistance OPTIONAL }
*
* BaseDistance ::= ASN1Integer {nodistance(0) } (0..MAX)
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
NameConstraints nameConstraints = NameConstraints.getInstance(value);
GeneralSubtrees permittedSubtrees = null;
if (nameConstraints.getPermittedSubtrees() != null && nameConstraints.getPermittedSubtrees().length != 0) {
permittedSubtrees = new GeneralSubtrees(nameConstraints.getPermittedSubtrees());
}
sb.append(res.getString("PermittedSubtrees"));
if (permittedSubtrees == null) {
sb.append(" ").append(res.getString("NoValue"));
sb.append(NEWLINE);
} else {
sb.append(NEWLINE);
int permitted = 0;
for (GeneralSubtree permittedSubtree : permittedSubtrees.getGeneralSubtrees()) {
permitted++;
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("PermittedSubtree"), permitted));
sb.append(NEWLINE);
sb.append(INDENT);
sb.append(INDENT);
sb.append(res.getString("Base"));
sb.append(NEWLINE);
GeneralName base = permittedSubtree.getBase();
sb.append(INDENT);
sb.append(INDENT);
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(base));
sb.append(NEWLINE);
BigInteger minimum = permittedSubtree.getMinimum();
// Default 'nodistance' value
int minimumInt = 0;
if (minimum != null) {
minimumInt = minimum.intValue();
}
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Minimum"), minimumInt));
sb.append(NEWLINE);
BigInteger maximum = permittedSubtree.getMaximum();
if (maximum != null) {
int maximumInt = maximum.intValue();
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Maximum"), maximumInt));
sb.append(NEWLINE);
}
}
}
GeneralSubtree[] excludedSubtreeArray = nameConstraints.getExcludedSubtrees();
sb.append(res.getString("ExcludedSubtrees"));
if (excludedSubtreeArray == null) {
// Optional
sb.append(" ").append(res.getString("NoValue"));
sb.append(NEWLINE);
} else {
GeneralSubtrees excludedSubtrees = new GeneralSubtrees(excludedSubtreeArray);
sb.append(NEWLINE);
int excluded = 0;
for (GeneralSubtree excludedSubtree : excludedSubtrees.getGeneralSubtrees()) {
excluded++;
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("ExcludedSubtree"), excluded));
sb.append(NEWLINE);
sb.append(INDENT);
sb.append(INDENT);
sb.append(res.getString("Base"));
sb.append(NEWLINE);
GeneralName base = excludedSubtree.getBase();
sb.append(INDENT);
sb.append(INDENT);
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(base));
sb.append(NEWLINE);
BigInteger minimum = excludedSubtree.getMinimum();
int minimumInt = minimum.intValue();
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Minimum"), minimumInt));
sb.append(NEWLINE);
BigInteger maximum = excludedSubtree.getMaximum();
if (maximum != null) {
int maximumInt = maximum.intValue();
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Maximum"), maximumInt));
sb.append(NEWLINE);
}
}
}
return sb.toString();
}
Also used :
NameConstraints(org.bouncycastle.asn1.x509.NameConstraints)
BigInteger(java.math.BigInteger)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 12 with NameConstraints
use of com.github.zhenwei.core.asn1.x509.NameConstraints in project keystore-explorer by kaikramer.
the class DNameConstraints method okPressed.
private void okPressed() {
List<GeneralSubtree> permittedSubtrees = jgsPermittedSubtrees.getGeneralSubtrees().getGeneralSubtrees();
List<GeneralSubtree> excludedSubtrees = jgsExcludedSubtrees.getGeneralSubtrees().getGeneralSubtrees();
GeneralSubtree[] permittedSubtreesArray = permittedSubtrees.toArray(new GeneralSubtree[permittedSubtrees.size()]);
GeneralSubtree[] excludedSubtreesArray = excludedSubtrees.toArray(new GeneralSubtree[excludedSubtrees.size()]);
NameConstraints nameConstraints = new NameConstraints(permittedSubtreesArray, excludedSubtreesArray);
try {
value = nameConstraints.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
DError.displayError(this, e);
return;
}
closeDialog();
}
Also used :
NameConstraints(org.bouncycastle.asn1.x509.NameConstraints)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
IOException(java.io.IOException)
Example 13 with NameConstraints
use of com.github.zhenwei.core.asn1.x509.NameConstraints in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method prepareNextCertG.
protected static void prepareNextCertG(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (g) handle the name constraints extension
//
NameConstraints nc = null;
try {
ASN1Sequence ncSeq = ASN1Sequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.NAME_CONSTRAINTS));
if (ncSeq != null) {
nc = NameConstraints.getInstance(ncSeq);
}
} catch (Exception e) {
throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath, index);
}
if (nc != null) {
//
// (g) (1) permitted subtrees
//
GeneralSubtree[] permitted = nc.getPermittedSubtrees();
if (permitted != null) {
try {
nameConstraintValidator.intersectPermittedSubtree(permitted);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
//
// (g) (2) excluded subtrees
//
GeneralSubtree[] excluded = nc.getExcludedSubtrees();
if (excluded != null) {
for (int i = 0; i != excluded.length; i++) {
try {
nameConstraintValidator.addExcludedSubtree(excluded[i]);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
}
}
}
Also used :
NameConstraints(com.github.zhenwei.core.asn1.x509.NameConstraints)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralSubtree(com.github.zhenwei.core.asn1.x509.GeneralSubtree)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
Aggregations
IOException (java.io.IOException)7
ArrayList (java.util.ArrayList)6
List (java.util.List)6
GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)6
NameConstraints (org.bouncycastle.asn1.x509.NameConstraints)6
X509Certificate (java.security.cert.X509Certificate)5
Date (java.util.Date)4
GeneralSecurityException (java.security.GeneralSecurityException)3
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)2
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)2
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)2
GeneralSubtree (com.github.zhenwei.core.asn1.x509.GeneralSubtree)2
IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)2
NameConstraints (com.github.zhenwei.core.asn1.x509.NameConstraints)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
BigInteger (java.math.BigInteger)2
CertPathBuilderException (java.security.cert.CertPathBuilderException)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
CertificateExpiredException (java.security.cert.CertificateExpiredException)2
