Search in sources :

Example 81 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project xipki by xipki.

the class ExtensionsChecker method checkExtensionDeltaCrlDistributionPoints.

// method checkExtensionCrlDistributionPoints
private void checkExtensionDeltaCrlDistributionPoints(StringBuilder failureMsg, byte[] extensionValue, X509IssuerInfo issuerInfo) {
    CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
    DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
    if (isDistributionPoints == null) {
        addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
        return;
    } else {
        int len = isDistributionPoints.length;
        if (len != 1) {
            addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
            return;
        }
    }
    Set<String> isCrlUrls = new HashSet<>();
    for (DistributionPoint entry : isDistributionPoints) {
        int asn1Type = entry.getDistributionPoint().getType();
        if (asn1Type != DistributionPointName.FULL_NAME) {
            addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)", asn1Type, DistributionPointName.FULL_NAME);
            continue;
        }
        GeneralNames isDistributionPointNames = GeneralNames.getInstance(entry.getDistributionPoint().getName());
        GeneralName[] names = isDistributionPointNames.getNames();
        for (int i = 0; i < names.length; i++) {
            GeneralName name = names[i];
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(), GeneralName.uniformResourceIdentifier);
            } else {
                String uri = ((ASN1String) name.getName()).getString();
                isCrlUrls.add(uri);
            }
        }
        Set<String> expCrlUrls = issuerInfo.getCrlUrls();
        Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
        }
        diffs = strInBnotInA(isCrlUrls, expCrlUrls);
        if (CollectionUtil.isNonEmpty(diffs)) {
            failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
        }
    }
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1String(org.bouncycastle.asn1.ASN1String) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 82 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project xipki by xipki.

the class ExtensionsChecker method getRequestedSubjectAltNames.

// method checkExtensionSubjectAltName
private GeneralName[] getRequestedSubjectAltNames(X500Name requestedSubject, Extensions requestedExtensions) throws CertprofileException, BadCertTemplateException {
    ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
    Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes = certProfile.getSubjectToSubjectAltNameModes();
    if (extValue == null && subjectToSubjectAltNameModes == null) {
        return null;
    }
    GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
    Set<GeneralNameMode> subjectAltNameModes = certProfile.getSubjectAltNameModes();
    if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
        return (reqNames == null) ? null : reqNames.getNames();
    }
    List<GeneralName> grantedNames = new LinkedList<>();
    // copy the required attributes of Subject
    if (subjectToSubjectAltNameModes != null) {
        X500Name grantedSubject;
        try {
            grantedSubject = certProfile.getSubject(requestedSubject).getGrantedSubject();
        } catch (CertprofileException | BadCertTemplateException ex) {
            if (certProfile.getSpecialCertprofileBehavior() == null) {
                throw ex;
            }
            LogUtil.warn(LOG, ex, "could not derive granted subject from requested subject");
            grantedSubject = requestedSubject;
        }
        for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
            GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
            RDN[] rdns = grantedSubject.getRDNs(attrType);
            if (rdns == null) {
                rdns = requestedSubject.getRDNs(attrType);
            }
            if (rdns == null) {
                continue;
            }
            for (RDN rdn : rdns) {
                String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
                switch(tag) {
                    case rfc822Name:
                    case dNSName:
                    case uniformResourceIdentifier:
                    case iPAddress:
                    case directoryName:
                    case registeredID:
                        grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
                        break;
                    default:
                        throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
                }
            // end switch (tag)
            }
        }
    }
    // copy the requested SubjectAltName entries
    if (reqNames != null) {
        GeneralName[] reqL = reqNames.getNames();
        for (int i = 0; i < reqL.length; i++) {
            grantedNames.add(reqL[i]);
        }
    }
    return grantedNames.isEmpty() ? null : grantedNames.toArray(new GeneralName[0]);
}
Also used : GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) LinkedList(java.util.LinkedList) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) CertprofileException(org.xipki.ca.api.profile.CertprofileException) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 83 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.

the class ASN1DataTest method testDistributionPoint.

/**
 * Test encoding & decoding of {@link DistributionPoint} object.
 */
@Test
public void testDistributionPoint() {
    try {
        // DistributionPointName based
        GeneralNames in1FullName = new GeneralNames();
        StringName in1NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
        DirectoryName in1NameB = new DirectoryName(new X500Principal("CN=localhost"));
        in1FullName.addName(in1NameA);
        in1FullName.addName(in1NameB);
        DistributionPointName in1Name = new DistributionPointName(in1FullName);
        DistributionPoint in1 = new DistributionPoint(in1Name);
        byte[] in1Encoded = in1.getEncoded();
        DistributionPoint out1 = DistributionPoint.decode(decodeBytes(in1Encoded));
        byte[] out1Encoded = out1.getEncoded();
        Assert.assertArrayEquals(in1Encoded, out1Encoded);
        // GeneralName based
        GeneralNames in2CrlIssuers = new GeneralNames();
        StringName in2NameA = new StringName(GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER, "https://localhost/test.crl");
        DirectoryName in2NameB = new DirectoryName(new X500Principal("CN=localhost"));
        in1FullName.addName(in2NameA);
        in1FullName.addName(in2NameB);
        DistributionPoint in2 = new DistributionPoint(in2CrlIssuers);
        byte[] in2Encoded = in2.encode().toASN1Primitive().getEncoded();
        DistributionPoint out2 = DistributionPoint.decode(decodeBytes(in2Encoded));
        byte[] out2Encoded = out2.encode().toASN1Primitive().getEncoded();
        Assert.assertArrayEquals(in2Encoded, out2Encoded);
    } catch (IOException e) {
        e.printStackTrace();
        Assert.fail(e.getLocalizedMessage());
    }
}
Also used : GeneralNames(de.carne.certmgr.certs.x509.GeneralNames) StringName(de.carne.certmgr.certs.x509.StringName) DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName) X500Principal(javax.security.auth.x500.X500Principal) DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint) IOException(java.io.IOException) DirectoryName(de.carne.certmgr.certs.x509.DirectoryName) Test(org.junit.Test)

Example 84 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.

the class SubjectAlternativeNameController method onApply.

private void onApply(ActionEvent evt) {
    try {
        boolean critical = this.ctlCritical.isSelected();
        GeneralNames names = validateAndGetNames();
        this.extensionDataResult = new SubjectAlternativeNameExtensionData(critical, names);
    } catch (ValidationException e) {
        ValidationAlerts.error(e).showAndWait();
        evt.consume();
    }
}
Also used : ValidationException(de.carne.jfx.util.validation.ValidationException) GeneralNames(de.carne.certmgr.certs.x509.GeneralNames) SubjectAlternativeNameExtensionData(de.carne.certmgr.certs.x509.SubjectAlternativeNameExtensionData)

Example 85 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project certmgr by hdecarne.

the class SubjectAlternativeNameController method validateAndGetNames.

private GeneralNames validateAndGetNames() throws ValidationException {
    GeneralNames names = new GeneralNames();
    int nameCount = 0;
    for (GeneralName name : this.ctlNames.getItems()) {
        names.addName(name);
        nameCount++;
    }
    InputValidator.isTrue(nameCount > 0, SubjectAlternativeNameI18N::formatSTR_MESSAGE_NO_NAMES);
    return names;
}
Also used : GeneralNames(de.carne.certmgr.certs.x509.GeneralNames) GeneralName(de.carne.certmgr.certs.x509.GeneralName)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72 GeneralName (org.bouncycastle.asn1.x509.GeneralName)58 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)22 ArrayList (java.util.ArrayList)19 X500Name (org.bouncycastle.asn1.x500.X500Name)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)14 Date (java.util.Date)13 List (java.util.List)13 DEROctetString (org.bouncycastle.asn1.DEROctetString)13 X500Principal (javax.security.auth.x500.X500Principal)12 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)12 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)12 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12 GeneralNames (sun.security.x509.GeneralNames)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11 Test (org.junit.Test)11 BigInteger (java.math.BigInteger)10