use of de.carne.certmgr.certs.x509.GeneralNames in project nhin-d by DirectProject.
the class CRLDistributionPointNameExtentionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
final Collection<String> coll = Collections.emptyList();
this.policyValue = PolicyValueFactory.getInstance(coll);
return;
}
}
final CRLDistPoint distPoints = CRLDistPoint.getInstance(exValue);
final Collection<String> retVal = new ArrayList<String>();
for (DistributionPoint distPoint : distPoints.getDistributionPoints()) {
if (distPoint.getDistributionPoint() != null && distPoint.getDistributionPoint().getType() == DistributionPointName.FULL_NAME) {
final GeneralNames names = GeneralNames.getInstance(distPoint.getDistributionPoint().getName());
for (GeneralName name : names.getNames()) {
retVal.add(name.getName().toString());
}
}
}
if (retVal.isEmpty() && isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
use of de.carne.certmgr.certs.x509.GeneralNames in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesXmppAddr.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the 'xmppAddr' subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type otherName with an ASN.1 Object Identifier of "id-on-xmppAddr"</li>
* </ul>
*/
@Test
public void testServerIdentitiesXmppAddr() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameXmppAddr = "MySubjectAltNameXmppAddr";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final DERSequence otherName = new DERSequence(new ASN1Encodable[] { XMPP_ADDR_OID, new DERUTF8String(subjectAltNameXmppAddr) });
final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.otherName, otherName));
builder.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameXmppAddr));
assertFalse(serverIdentities.contains(subjectCommonName));
}
use of de.carne.certmgr.certs.x509.GeneralNames in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesDNS.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the DNS subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type DNS </li>
* </ul>
*/
@Test
public void testServerIdentitiesDNS() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameDNS = "MySubjectAltNameDNS";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final GeneralNames generalNames = new GeneralNames(new GeneralName(GeneralName.dNSName, subjectAltNameDNS));
builder.addExtension(Extension.subjectAlternativeName, false, generalNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameDNS));
assertFalse(serverIdentities.contains(subjectCommonName));
}
use of de.carne.certmgr.certs.x509.GeneralNames in project oxAuth by GluuFederation.
the class CRLCertificateVerifier method getCrlUri.
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
use of de.carne.certmgr.certs.x509.GeneralNames in project robovm by robovm.
the class X509CertSelectorTest method test_getPathToNames.
/**
* java.security.cert.X509CertSelector#getPathToNames()
*/
public void test_getPathToNames() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setPathToNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setPathToNames(sans);
selector.getPathToNames();
}
Aggregations