use of de.carne.certmgr.certs.x509.GeneralName in project XobotOS by xamarin.
the class X509CertSelector method addSubjectAlternativeName.
/**
* Adds a subject alternative name to the respective criterion.
*
* @param tag
* the type of the name
* @param name
* the name in string format.
* @throws IOException
* if parsing the name fails.
*/
public void addSubjectAlternativeName(int tag, String name) throws IOException {
GeneralName alt_name = new GeneralName(tag, name);
// create only if there was not any errors
if (subjectAltNames == null) {
subjectAltNames = new ArrayList[9];
}
if (subjectAltNames[tag] == null) {
subjectAltNames[tag] = new ArrayList<GeneralName>();
}
subjectAltNames[tag].add(alt_name);
}
use of de.carne.certmgr.certs.x509.GeneralName in project XobotOS by xamarin.
the class X509CertSelector method addPathToName.
/**
* Adds a {@literal "pathToName"} to the respective criterion.
*
* @param type
* the type of the name.
* @param name
* the name in string format.
* @throws IOException
* if parsing fails.
* @see #setPathToNames
*/
public void addPathToName(int type, String name) throws IOException {
GeneralName path_name = new GeneralName(type, name);
// create only if there was not any errors
if (pathToNames == null) {
pathToNames = new ArrayList<GeneralName>();
}
pathToNames.add(path_name);
}
use of de.carne.certmgr.certs.x509.GeneralName in project XobotOS by xamarin.
the class X509CertSelector method toString.
/**
* Returns a string representation of this {@code X509CertSelector}
* instance.
*
* @return a string representation of this {@code X509CertSelector}
* instance.
*/
public String toString() {
// For convenient reading of the string representation
// all of the fields named according to the rfc 3280
// (http://www.ietf.org/rfc/rfc3280.txt).
StringBuilder result = new StringBuilder();
result.append("X509CertSelector: \n[");
if (this.certificateEquals != null) {
result.append("\n certificateEquals: ").append(certificateEquals);
}
if (this.serialNumber != null) {
result.append("\n serialNumber: ").append(serialNumber);
}
if (this.issuer != null) {
result.append("\n issuer: ").append(issuer);
}
if (this.subject != null) {
result.append("\n subject: ").append(subject);
}
if (this.subjectKeyIdentifier != null) {
result.append("\n subjectKeyIdentifier: ").append(Array.getBytesAsString(subjectKeyIdentifier));
}
if (this.authorityKeyIdentifier != null) {
result.append("\n authorityKeyIdentifier: ").append(Array.getBytesAsString(authorityKeyIdentifier));
}
if (this.certificateValid != null) {
result.append("\n certificateValid: ").append(certificateValid);
}
if (this.subjectPublicKeyAlgID != null) {
result.append("\n subjectPublicKeyAlgID: ").append(subjectPublicKeyAlgID);
}
if (this.privateKeyValid != null) {
result.append("\n privateKeyValid: ").append(privateKeyValid);
}
if (this.subjectPublicKey != null) {
result.append("\n subjectPublicKey: ").append(Array.getBytesAsString(subjectPublicKey));
}
if (this.keyUsage != null) {
result.append("\n keyUsage: \n [");
String[] kuNames = new String[] { "digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly" };
for (int i = 0; i < 9; i++) {
if (keyUsage[i]) {
result.append("\n ").append(kuNames[i]);
}
}
result.append("\n ]");
}
if (this.extendedKeyUsage != null) {
result.append("\n extendedKeyUsage: ").append(extendedKeyUsage.toString());
}
result.append("\n matchAllNames: ").append(matchAllNames);
result.append("\n pathLen: ").append(pathLen);
if (this.subjectAltNames != null) {
result.append("\n subjectAltNames: \n [");
for (int i = 0; i < 9; i++) {
List<GeneralName> names = subjectAltNames[i];
if (names != null) {
int size = names.size();
for (GeneralName generalName : names) {
result.append("\n ").append(generalName.toString());
}
}
}
result.append("\n ]");
}
if (this.nameConstraints != null) {
}
if (this.policies != null) {
result.append("\n policies: ").append(policies.toString());
}
if (this.pathToNames != null) {
result.append("\n pathToNames: \n [");
for (GeneralName generalName : pathToNames) {
result.append("\n ").append(generalName.toString());
}
}
result.append("\n]");
return result.toString();
}
use of de.carne.certmgr.certs.x509.GeneralName in project OpenAM by OpenRock.
the class ApprovalCallback method approve.
/*
* Invoked by JSS protocol handler whenever ssl handshaking hits issue.
* It validates reported issue if it can be ignored.
*
* @return <code>true</code> if the reported issue can be ignored.
*/
public boolean approve(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status) {
ValidityItem item;
Enumeration errors = status.getReasons();
int reason;
if (trustAllServerCerts) {
return true;
}
if ((reqHost == null) && !errors.hasMoreElements()) {
return true;
}
boolean approve = true;
while (approve && errors.hasMoreElements()) {
item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
reason = item.getReason();
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: reason " + reason);
}
// bad domain -12276
if (reason != ValidityStatus.BAD_CERT_DOMAIN) {
approve = false;
} else {
String cn = null;
try {
String subjectDN = cert.getSubjectDN().getName();
cn = new X500Name(subjectDN).getCommonName();
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
if (cn == null) {
return false;
}
if (!sslTrustHosts.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: server cert CN : " + cn);
}
if (sslTrustHosts.contains(cn.toLowerCase())) {
return true;
}
}
if (resolveIPAddress) {
try {
approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(reqHost).getHostAddress());
} catch (UnknownHostException ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
} else
approve = false;
if (!approve && checkSubjectAltName) {
try {
X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
if (altNameExt != null) {
GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
Method meth = getMethod();
GeneralName generalname = null;
if (meth.getName().equals(OLD_METHOD_NAME)) {
// pre 1.4.2 implementation
Enumeration e = (Enumeration) meth.invoke(names, params);
for (; !approve && e.hasMoreElements(); ) {
approve = compareHosts((GeneralName) e.nextElement());
}
} else {
// post 1.4.2 implementation
Iterator i = (Iterator) meth.invoke(names, params);
for (; !approve && i.hasNext(); ) {
approve = compareHosts((GeneralName) i.next());
}
}
}
} catch (Exception ex) {
return false;
}
}
}
}
return approve;
}
use of de.carne.certmgr.certs.x509.GeneralName in project OpenAM by OpenRock.
the class AMHostnameVerifier method verify.
public boolean verify(String hostname, SSLSession session) {
if (trustAllServerCerts) {
return true;
}
boolean approve = true;
X509Certificate peercert = null;
String cn = null;
try {
X509Certificate[] peercerts = (X509Certificate[]) session.getPeerCertificates();
peercert = peercerts[0];
String subjectDN = peercert.getSubjectDN().getName();
cn = new X500Name(subjectDN).getCommonName();
} catch (Exception ex) {
debug.error("AMHostnameVerifier:" + ex.toString());
}
if (cn == null)
return false;
if (!sslTrustHosts.isEmpty()) {
if (sslTrustHosts.contains(cn.toLowerCase())) {
return true;
}
}
if (resolveIPAddress) {
try {
approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(hostname).getHostAddress());
} catch (UnknownHostException ex) {
if (debug.messageEnabled()) {
debug.message("AMHostnameVerifier:", ex);
}
approve = false;
}
} else {
approve = false;
}
if (checkSubjectAltName && !approve) {
try {
Iterator i = (Iterator) peercert.getSubjectAlternativeNames().iterator();
for (; !approve && i.hasNext(); ) {
approve = compareHosts((GeneralName) i.next(), hostname);
}
} catch (Exception ex) {
return false;
}
}
return approve;
}
Aggregations