Example 81 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method checkExtensionDeltaCrlDistributionPoints.
// method checkExtensionCrlDistributionPoints
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNonEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1String(org.bouncycastle.asn1.ASN1String)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
HashSet(java.util.HashSet)
Example 82 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project xipki by xipki.
the class ExtensionsChecker method getRequestedSubjectAltNames.
// method checkExtensionSubjectAltName
private GeneralName[] getRequestedSubjectAltNames(X500Name requestedSubject, Extensions requestedExtensions) throws CertprofileException, BadCertTemplateException {
ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes = certProfile.getSubjectToSubjectAltNameModes();
if (extValue == null && subjectToSubjectAltNameModes == null) {
return null;
}
GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
Set<GeneralNameMode> subjectAltNameModes = certProfile.getSubjectAltNameModes();
if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
return (reqNames == null) ? null : reqNames.getNames();
}
List<GeneralName> grantedNames = new LinkedList<>();
// copy the required attributes of Subject
if (subjectToSubjectAltNameModes != null) {
X500Name grantedSubject;
try {
grantedSubject = certProfile.getSubject(requestedSubject).getGrantedSubject();
} catch (CertprofileException | BadCertTemplateException ex) {
if (certProfile.getSpecialCertprofileBehavior() == null) {
throw ex;
}
LogUtil.warn(LOG, ex, "could not derive granted subject from requested subject");
grantedSubject = requestedSubject;
}
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
RDN[] rdns = grantedSubject.getRDNs(attrType);
if (rdns == null) {
rdns = requestedSubject.getRDNs(attrType);
}
if (rdns == null) {
continue;
}
for (RDN rdn : rdns) {
String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
switch(tag) {
case rfc822Name:
case dNSName:
case uniformResourceIdentifier:
case iPAddress:
case directoryName:
case registeredID:
grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
break;
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
}
}
// copy the requested SubjectAltName entries
if (reqNames != null) {
GeneralName[] reqL = reqNames.getNames();
for (int i = 0; i < reqL.length; i++) {
grantedNames.add(reqL[i]);
}
}
return grantedNames.isEmpty() ? null : grantedNames.toArray(new GeneralName[0]);
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
LinkedList(java.util.LinkedList)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 83 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.
the class ASN1DataTest method testDistributionPoint.
/**
* Test encoding & decoding of {@link DistributionPoint} object.
*/
@Test
public void testDistributionPoint() {
try {
// DistributionPointName based
GeneralNames in1FullName = new GeneralNames();
StringName in1NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
DirectoryName in1NameB = new DirectoryName(new X500Principal("CN=localhost"));
in1FullName.addName(in1NameA);
in1FullName.addName(in1NameB);
DistributionPointName in1Name = new DistributionPointName(in1FullName);
DistributionPoint in1 = new DistributionPoint(in1Name);
byte[] in1Encoded = in1.getEncoded();
DistributionPoint out1 = DistributionPoint.decode(decodeBytes(in1Encoded));
byte[] out1Encoded = out1.getEncoded();
Assert.assertArrayEquals(in1Encoded, out1Encoded);
// GeneralName based
GeneralNames in2CrlIssuers = new GeneralNames();
StringName in2NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
DirectoryName in2NameB = new DirectoryName(new X500Principal("CN=localhost"));
in1FullName.addName(in2NameA);
in1FullName.addName(in2NameB);
DistributionPoint in2 = new DistributionPoint(in2CrlIssuers);
byte[] in2Encoded = in2.encode().toASN1Primitive().getEncoded();
DistributionPoint out2 = DistributionPoint.decode(decodeBytes(in2Encoded));
byte[] out2Encoded = out2.encode().toASN1Primitive().getEncoded();
Assert.assertArrayEquals(in2Encoded, out2Encoded);
} catch (IOException e) {
e.printStackTrace();
Assert.fail(e.getLocalizedMessage());
}
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
StringName(de.carne.certmgr.certs.x509.StringName)
DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName)
X500Principal(javax.security.auth.x500.X500Principal)
DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)
IOException(java.io.IOException)
DirectoryName(de.carne.certmgr.certs.x509.DirectoryName)
Test(org.junit.Test)
Example 84 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.
the class SubjectAlternativeNameController method onApply.
private void onApply(ActionEvent evt) {
try {
boolean critical = this.ctlCritical.isSelected();
GeneralNames names = validateAndGetNames();
this.extensionDataResult = new SubjectAlternativeNameExtensionData(critical, names);
} catch (ValidationException e) {
ValidationAlerts.error(e).showAndWait();
evt.consume();
}
}
Also used :
ValidationException(de.carne.jfx.util.validation.ValidationException)
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
SubjectAlternativeNameExtensionData(de.carne.certmgr.certs.x509.SubjectAlternativeNameExtensionData)
Example 85 with GeneralNames
use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.
the class SubjectAlternativeNameController method validateAndGetNames.
private GeneralNames validateAndGetNames() throws ValidationException {
GeneralNames names = new GeneralNames();
int nameCount = 0;
for (GeneralName name : this.ctlNames.getItems()) {
names.addName(name);
nameCount++;
}
InputValidator.isTrue(nameCount > 0, SubjectAlternativeNameI18N::formatSTR_MESSAGE_NO_NAMES);
return names;
}
Also used :
GeneralNames(de.carne.certmgr.certs.x509.GeneralNames)
GeneralName(de.carne.certmgr.certs.x509.GeneralName)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72
GeneralName (org.bouncycastle.asn1.x509.GeneralName)58
IOException (java.io.IOException)31
X509Certificate (java.security.cert.X509Certificate)22
ArrayList (java.util.ArrayList)19
X500Name (org.bouncycastle.asn1.x500.X500Name)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)14
Date (java.util.Date)13
List (java.util.List)13
DEROctetString (org.bouncycastle.asn1.DEROctetString)13
X500Principal (javax.security.auth.x500.X500Principal)12
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)12
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)12
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12
GeneralNames (sun.security.x509.GeneralNames)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11
Test (org.junit.Test)11
BigInteger (java.math.BigInteger)10
