use of de.carne.certmgr.certs.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method checkExtensionDeltaCrlDistributionPoints.
// method checkExtensionCrlDistributionPoints
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
use of de.carne.certmgr.certs.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method getRequestedSubjectAltNames.
// method checkExtensionSubjectAltName
private GeneralName[] getRequestedSubjectAltNames(X500Name requestedSubject, Extensions requestedExtensions) throws CertprofileException, BadCertTemplateException {
ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes = certProfile.getSubjectToSubjectAltNameModes();
if (extValue == null && subjectToSubjectAltNameModes == null) {
return null;
}
GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
Set<GeneralNameMode> subjectAltNameModes = certProfile.getSubjectAltNameModes();
if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
return (reqNames == null) ? null : reqNames.getNames();
}
List<GeneralName> grantedNames = new LinkedList<>();
// copy the required attributes of Subject
if (subjectToSubjectAltNameModes != null) {
X500Name grantedSubject;
try {
grantedSubject = certProfile.getSubject(requestedSubject).getGrantedSubject();
} catch (CertprofileException | BadCertTemplateException ex) {
if (certProfile.getSpecialCertprofileBehavior() == null) {
throw ex;
}
LogUtil.warn(LOG, ex, "could not derive granted subject from requested subject");
grantedSubject = requestedSubject;
}
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
RDN[] rdns = grantedSubject.getRDNs(attrType);
if (rdns == null) {
rdns = requestedSubject.getRDNs(attrType);
}
if (rdns == null) {
continue;
}
for (RDN rdn : rdns) {
String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
switch(tag) {
case rfc822Name:
case dNSName:
case uniformResourceIdentifier:
case iPAddress:
case directoryName:
case registeredID:
grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
break;
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
}
}
// copy the requested SubjectAltName entries
if (reqNames != null) {
GeneralName[] reqL = reqNames.getNames();
for (int i = 0; i < reqL.length; i++) {
grantedNames.add(reqL[i]);
}
}
return grantedNames.isEmpty() ? null : grantedNames.toArray(new GeneralName[0]);
}
use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.
the class ASN1DataTest method testDistributionPoint.
/**
* Test encoding & decoding of {@link DistributionPoint} object.
*/
@Test
public void testDistributionPoint() {
try {
// DistributionPointName based
GeneralNames in1FullName = new GeneralNames();
StringName in1NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
DirectoryName in1NameB = new DirectoryName(new X500Principal("CN=localhost"));
in1FullName.addName(in1NameA);
in1FullName.addName(in1NameB);
DistributionPointName in1Name = new DistributionPointName(in1FullName);
DistributionPoint in1 = new DistributionPoint(in1Name);
byte[] in1Encoded = in1.getEncoded();
DistributionPoint out1 = DistributionPoint.decode(decodeBytes(in1Encoded));
byte[] out1Encoded = out1.getEncoded();
Assert.assertArrayEquals(in1Encoded, out1Encoded);
// GeneralName based
GeneralNames in2CrlIssuers = new GeneralNames();
StringName in2NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
DirectoryName in2NameB = new DirectoryName(new X500Principal("CN=localhost"));
in1FullName.addName(in2NameA);
in1FullName.addName(in2NameB);
DistributionPoint in2 = new DistributionPoint(in2CrlIssuers);
byte[] in2Encoded = in2.encode().toASN1Primitive().getEncoded();
DistributionPoint out2 = DistributionPoint.decode(decodeBytes(in2Encoded));
byte[] out2Encoded = out2.encode().toASN1Primitive().getEncoded();
Assert.assertArrayEquals(in2Encoded, out2Encoded);
} catch (IOException e) {
e.printStackTrace();
Assert.fail(e.getLocalizedMessage());
}
}
use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.
the class SubjectAlternativeNameController method onApply.
private void onApply(ActionEvent evt) {
try {
boolean critical = this.ctlCritical.isSelected();
GeneralNames names = validateAndGetNames();
this.extensionDataResult = new SubjectAlternativeNameExtensionData(critical, names);
} catch (ValidationException e) {
ValidationAlerts.error(e).showAndWait();
evt.consume();
}
}
use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.
the class SubjectAlternativeNameController method validateAndGetNames.
private GeneralNames validateAndGetNames() throws ValidationException {
GeneralNames names = new GeneralNames();
int nameCount = 0;
for (GeneralName name : this.ctlNames.getItems()) {
names.addName(name);
nameCount++;
}
InputValidator.isTrue(nameCount > 0, SubjectAlternativeNameI18N::formatSTR_MESSAGE_NO_NAMES);
return names;
}
Aggregations