Search in sources :

Example 91 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project XobotOS by xamarin.

the class X509CertSelector method addSubjectAlternativeName.

/**
     * Adds a subject alternative name to the respective criterion.
     *
     * @param tag
     *            the type of the name
     * @param name
     *            the name in string format.
     * @throws IOException
     *             if parsing the name fails.
     */
public void addSubjectAlternativeName(int tag, String name) throws IOException {
    GeneralName alt_name = new GeneralName(tag, name);
    // create only if there was not any errors
    if (subjectAltNames == null) {
        subjectAltNames = new ArrayList[9];
    }
    if (subjectAltNames[tag] == null) {
        subjectAltNames[tag] = new ArrayList<GeneralName>();
    }
    subjectAltNames[tag].add(alt_name);
}
Also used : GeneralName(org.apache.harmony.security.x509.GeneralName)

Example 92 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project XobotOS by xamarin.

the class X509CertSelector method addPathToName.

/**
     * Adds a {@literal "pathToName"} to the respective criterion.
     *
     * @param type
     *            the type of the name.
     * @param name
     *            the name in string format.
     * @throws IOException
     *             if parsing fails.
     * @see #setPathToNames
     */
public void addPathToName(int type, String name) throws IOException {
    GeneralName path_name = new GeneralName(type, name);
    // create only if there was not any errors
    if (pathToNames == null) {
        pathToNames = new ArrayList<GeneralName>();
    }
    pathToNames.add(path_name);
}
Also used : GeneralName(org.apache.harmony.security.x509.GeneralName)

Example 93 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project XobotOS by xamarin.

the class X509CertSelector method toString.

/**
     * Returns a string representation of this {@code X509CertSelector}
     * instance.
     *
     * @return a string representation of this {@code X509CertSelector}
     *         instance.
     */
public String toString() {
    // For convenient reading of the string representation
    // all of the fields named according to the rfc 3280
    // (http://www.ietf.org/rfc/rfc3280.txt).
    StringBuilder result = new StringBuilder();
    result.append("X509CertSelector: \n[");
    if (this.certificateEquals != null) {
        result.append("\n  certificateEquals: ").append(certificateEquals);
    }
    if (this.serialNumber != null) {
        result.append("\n  serialNumber: ").append(serialNumber);
    }
    if (this.issuer != null) {
        result.append("\n  issuer: ").append(issuer);
    }
    if (this.subject != null) {
        result.append("\n  subject: ").append(subject);
    }
    if (this.subjectKeyIdentifier != null) {
        result.append("\n  subjectKeyIdentifier: ").append(Array.getBytesAsString(subjectKeyIdentifier));
    }
    if (this.authorityKeyIdentifier != null) {
        result.append("\n  authorityKeyIdentifier: ").append(Array.getBytesAsString(authorityKeyIdentifier));
    }
    if (this.certificateValid != null) {
        result.append("\n  certificateValid: ").append(certificateValid);
    }
    if (this.subjectPublicKeyAlgID != null) {
        result.append("\n  subjectPublicKeyAlgID: ").append(subjectPublicKeyAlgID);
    }
    if (this.privateKeyValid != null) {
        result.append("\n  privateKeyValid: ").append(privateKeyValid);
    }
    if (this.subjectPublicKey != null) {
        result.append("\n  subjectPublicKey: ").append(Array.getBytesAsString(subjectPublicKey));
    }
    if (this.keyUsage != null) {
        result.append("\n  keyUsage: \n  [");
        String[] kuNames = new String[] { "digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly" };
        for (int i = 0; i < 9; i++) {
            if (keyUsage[i]) {
                result.append("\n    ").append(kuNames[i]);
            }
        }
        result.append("\n  ]");
    }
    if (this.extendedKeyUsage != null) {
        result.append("\n  extendedKeyUsage: ").append(extendedKeyUsage.toString());
    }
    result.append("\n  matchAllNames: ").append(matchAllNames);
    result.append("\n  pathLen: ").append(pathLen);
    if (this.subjectAltNames != null) {
        result.append("\n  subjectAltNames:  \n  [");
        for (int i = 0; i < 9; i++) {
            List<GeneralName> names = subjectAltNames[i];
            if (names != null) {
                int size = names.size();
                for (GeneralName generalName : names) {
                    result.append("\n    ").append(generalName.toString());
                }
            }
        }
        result.append("\n  ]");
    }
    if (this.nameConstraints != null) {
    }
    if (this.policies != null) {
        result.append("\n  policies: ").append(policies.toString());
    }
    if (this.pathToNames != null) {
        result.append("\n  pathToNames:  \n  [");
        for (GeneralName generalName : pathToNames) {
            result.append("\n    ").append(generalName.toString());
        }
    }
    result.append("\n]");
    return result.toString();
}
Also used : ASN1OctetString(org.apache.harmony.security.asn1.ASN1OctetString) GeneralName(org.apache.harmony.security.x509.GeneralName)

Example 94 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project OpenAM by OpenRock.

the class ApprovalCallback method approve.

/*
    * Invoked by JSS protocol handler whenever ssl handshaking hits issue.
    * It validates reported issue if it can be ignored.
    *
    * @return <code>true</code> if the reported issue can be ignored.
    */
public boolean approve(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status) {
    ValidityItem item;
    Enumeration errors = status.getReasons();
    int reason;
    if (trustAllServerCerts) {
        return true;
    }
    if ((reqHost == null) && !errors.hasMoreElements()) {
        return true;
    }
    boolean approve = true;
    while (approve && errors.hasMoreElements()) {
        item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
        reason = item.getReason();
        if (debug.messageEnabled()) {
            debug.message("ApprovalCallback: reason " + reason);
        }
        // bad domain -12276
        if (reason != ValidityStatus.BAD_CERT_DOMAIN) {
            approve = false;
        } else {
            String cn = null;
            try {
                String subjectDN = cert.getSubjectDN().getName();
                cn = new X500Name(subjectDN).getCommonName();
            } catch (Exception ex) {
                if (debug.messageEnabled()) {
                    debug.message("ApprovalCallback:", ex);
                }
                approve = false;
            }
            if (cn == null) {
                return false;
            }
            if (!sslTrustHosts.isEmpty()) {
                if (debug.messageEnabled()) {
                    debug.message("ApprovalCallback: server cert CN : " + cn);
                }
                if (sslTrustHosts.contains(cn.toLowerCase())) {
                    return true;
                }
            }
            if (resolveIPAddress) {
                try {
                    approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(reqHost).getHostAddress());
                } catch (UnknownHostException ex) {
                    if (debug.messageEnabled()) {
                        debug.message("ApprovalCallback:", ex);
                    }
                    approve = false;
                }
            } else
                approve = false;
            if (!approve && checkSubjectAltName) {
                try {
                    X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
                    X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
                    CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
                    SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
                    if (altNameExt != null) {
                        GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
                        Method meth = getMethod();
                        GeneralName generalname = null;
                        if (meth.getName().equals(OLD_METHOD_NAME)) {
                            // pre 1.4.2 implementation
                            Enumeration e = (Enumeration) meth.invoke(names, params);
                            for (; !approve && e.hasMoreElements(); ) {
                                approve = compareHosts((GeneralName) e.nextElement());
                            }
                        } else {
                            // post 1.4.2 implementation
                            Iterator i = (Iterator) meth.invoke(names, params);
                            for (; !approve && i.hasNext(); ) {
                                approve = compareHosts((GeneralName) i.next());
                            }
                        }
                    }
                } catch (Exception ex) {
                    return false;
                }
            }
        }
    }
    return approve;
}
Also used : Enumeration(java.util.Enumeration) UnknownHostException(java.net.UnknownHostException) X509CertInfo(sun.security.x509.X509CertInfo) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) CertificateExtensions(sun.security.x509.CertificateExtensions) X500Name(sun.security.x509.X500Name) Method(java.lang.reflect.Method) UnknownHostException(java.net.UnknownHostException) SSLCertificateApprovalCallback(org.mozilla.jss.ssl.SSLCertificateApprovalCallback) GeneralNames(sun.security.x509.GeneralNames) X509CertImpl(sun.security.x509.X509CertImpl) Iterator(java.util.Iterator) GeneralName(sun.security.x509.GeneralName)

Example 95 with GeneralName

use of de.carne.certmgr.certs.x509.GeneralName in project OpenAM by OpenRock.

the class AMHostnameVerifier method verify.

public boolean verify(String hostname, SSLSession session) {
    if (trustAllServerCerts) {
        return true;
    }
    boolean approve = true;
    X509Certificate peercert = null;
    String cn = null;
    try {
        X509Certificate[] peercerts = (X509Certificate[]) session.getPeerCertificates();
        peercert = peercerts[0];
        String subjectDN = peercert.getSubjectDN().getName();
        cn = new X500Name(subjectDN).getCommonName();
    } catch (Exception ex) {
        debug.error("AMHostnameVerifier:" + ex.toString());
    }
    if (cn == null)
        return false;
    if (!sslTrustHosts.isEmpty()) {
        if (sslTrustHosts.contains(cn.toLowerCase())) {
            return true;
        }
    }
    if (resolveIPAddress) {
        try {
            approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(hostname).getHostAddress());
        } catch (UnknownHostException ex) {
            if (debug.messageEnabled()) {
                debug.message("AMHostnameVerifier:", ex);
            }
            approve = false;
        }
    } else {
        approve = false;
    }
    if (checkSubjectAltName && !approve) {
        try {
            Iterator i = (Iterator) peercert.getSubjectAlternativeNames().iterator();
            for (; !approve && i.hasNext(); ) {
                approve = compareHosts((GeneralName) i.next(), hostname);
            }
        } catch (Exception ex) {
            return false;
        }
    }
    return approve;
}
Also used : UnknownHostException(java.net.UnknownHostException) Iterator(java.util.Iterator) X500Name(sun.security.x509.X500Name) GeneralName(sun.security.x509.GeneralName) X509Certificate(java.security.cert.X509Certificate) UnknownHostException(java.net.UnknownHostException)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)125 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)58 IOException (java.io.IOException)50 DERIA5String (org.bouncycastle.asn1.DERIA5String)36 ArrayList (java.util.ArrayList)34 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)32 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)31 X500Name (org.bouncycastle.asn1.x500.X500Name)30 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)28 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)27 X509Certificate (java.security.cert.X509Certificate)25 DEROctetString (org.bouncycastle.asn1.DEROctetString)24 List (java.util.List)21 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)19 Date (java.util.Date)18 GeneralName (org.apache.harmony.security.x509.GeneralName)18 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)18 DERSequence (org.bouncycastle.asn1.DERSequence)17 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)16 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)16