Examples with GeneralNames - de.carne.certmgr.certs.x509.GeneralNames

Example 96 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project keystore-explorer by kaikramer.

the class DIssuerAlternativeName method okPressed.

private void okPressed() {
    GeneralNames issuerAlternativeName = jgnAlternativeName.getGeneralNames();
    if (issuerAlternativeName.getNames().length == 0) {
        JOptionPane.showMessageDialog(this, res.getString("DIssuerAlternativeName.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return;
    }
    try {
        value = issuerAlternativeName.getEncoded(ASN1Encoding.DER);
    } catch (IOException ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(this);
        dError.setVisible(true);
        return;
    }
    closeDialog();
}

Also used : JGeneralNames(org.kse.gui.crypto.generalname.JGeneralNames) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) IOException(java.io.IOException) DError(org.kse.gui.error.DError)

Example 97 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project dcos-commons by mesosphere.

the class CertificateNamesGeneratorTest method testDiscoveryNameAddedAsSan.

@Test
public void testDiscoveryNameAddedAsSan() {
    Mockito.when(mockTaskSpec.getDiscovery()).thenReturn(Optional.of(mockDiscoverySpec));
    Mockito.when(mockDiscoverySpec.getPrefix()).thenReturn(Optional.of("custom-name"));
    CertificateNamesGenerator certificateNamesGenerator = new CertificateNamesGenerator(TestConstants.SERVICE_NAME, mockTaskSpec, mockPodInstance, mockSchedulerConfig);
    GeneralNames sans = certificateNamesGenerator.getSANs();
    Assert.assertEquals(1, sans.getNames().length);
    List<String> names = Arrays.stream(sans.getNames()).map(name -> name.getName().toString()).collect(Collectors.toList());
    Assert.assertEquals(1, names.size());
    Assert.assertTrue(names.contains(String.format("custom-name-0.%s.%s", TestConstants.SERVICE_NAME, Constants.DNS_TLD)));
    // echo -n "custom-name-0.service-name.autoip.dcos.thisdcos.directory" | sha1sum
    Assert.assertEquals("6ce3490a694a0917beec2bd5f7ac978be7a59ef0", certificateNamesGenerator.getSANsHash());
}

Also used : SchedulerConfig(com.mesosphere.sdk.scheduler.SchedulerConfig) java.util(java.util) TestConstants(com.mesosphere.sdk.testutils.TestConstants) RDN(org.bouncycastle.asn1.x500.RDN) Mock(org.mockito.Mock) TaskSpec(com.mesosphere.sdk.specification.TaskSpec) Test(org.junit.Test) DiscoverySpec(com.mesosphere.sdk.specification.DiscoverySpec) BCStyle(org.bouncycastle.asn1.x500.style.BCStyle) Collectors(java.util.stream.Collectors) ResourceSet(com.mesosphere.sdk.specification.ResourceSet) Mockito(org.mockito.Mockito) MockitoAnnotations(org.mockito.MockitoAnnotations) NamedVIPSpec(com.mesosphere.sdk.specification.NamedVIPSpec) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) PodInstance(com.mesosphere.sdk.specification.PodInstance) Constants(com.mesosphere.sdk.offer.Constants) Assert(org.junit.Assert) Before(org.junit.Before) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Test(org.junit.Test)

Example 98 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project dcos-commons by mesosphere.

the class CertificateNamesGeneratorTest method testVipsAddedAsSans.

@Test
public void testVipsAddedAsSans() {
    Mockito.when(mockResourceSet.getResources()).thenReturn(Collections.singletonList(mockVIPSpec));
    Mockito.when(mockVIPSpec.getVipName()).thenReturn("test-vip");
    Mockito.when(mockVIPSpec.getPort()).thenReturn(8000L);
    CertificateNamesGenerator certificateNamesGenerator = new CertificateNamesGenerator(TestConstants.SERVICE_NAME, mockTaskSpec, mockPodInstance, mockSchedulerConfig);
    GeneralNames sans = certificateNamesGenerator.getSANs();
    Assert.assertEquals(2, sans.getNames().length);
    List<String> names = Arrays.stream(sans.getNames()).map(name -> name.getName().toString()).collect(Collectors.toList());
    Assert.assertEquals(2, names.size());
    Assert.assertTrue(names.contains(taskDnsName(TestConstants.TASK_NAME, TestConstants.SERVICE_NAME)));
    Assert.assertTrue(names.contains(taskVipName("test-vip", TestConstants.SERVICE_NAME)));
    // echo -n "some-pod-test-task-name.service-name.autoip.dcos.thisdcos.directory;test-vip.service-name.l4lb.thisdcos.directory" | sha1sum
    Assert.assertEquals("99f8ec48101c439ce41eb62662056dc0ff5d227a", certificateNamesGenerator.getSANsHash());
}

Example 99 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project open-ecard by ecsec.

the class HostnameVerifier method validInt.

private void validInt(Certificate cert, String hostOrIp) throws CertificateVerificationException {
    boolean success = false;
    boolean isIPAddr = IPAddress.isValid(hostOrIp);
    // check hostname against Subject CN
    if (!isIPAddr) {
        RDN[] cn = cert.getSubject().getRDNs(BCStrictStyle.CN);
        if (cn.length != 0) {
            // CN is always a string type
            String hostNameReference = cn[0].getFirst().getValue().toString();
            success = checkWildcardName(hostOrIp, hostNameReference);
        } else {
            LOG.debug("No CN entry in certificate's Subject.");
        }
    } else {
        LOG.debug("Given name is an IP Address. Validation relies solely on the SubjectAlternativeName.");
    }
    // stop execution when we found a valid name
    if (success) {
        return;
    }
    // evaluate subject alternative name
    Extensions ext = cert.getTBSCertificate().getExtensions();
    Extension subjAltExt = ext.getExtension(Extension.subjectAlternativeName);
    if (subjAltExt != null) {
        // extract SubjAltName from Extensions
        GeneralNames gns = GeneralNames.fromExtensions(ext, Extension.subjectAlternativeName);
        GeneralName[] names = gns.getNames();
        for (GeneralName name : names) {
            ASN1Encodable reference = name.getName();
            switch(name.getTagNo()) {
                case GeneralName.dNSName:
                    if (!isIPAddr) {
                        success = checkWildcardName(hostOrIp, reference.toString());
                    }
                    break;
                case GeneralName.iPAddress:
                    if (isIPAddr) {
                        // TODO: validate IP Addresses
                        LOG.warn("IP Address verification not supported.");
                    }
                    break;
                default:
                    LOG.debug("Unsupported GeneralName ({}) tag in SubjectAlternativeName.", name.getTagNo());
            }
            // stop execution when we found a valid name
            if (success) {
                return;
            }
        }
    }
    // evaluate result
    if (!success) {
        String errorMsg = "Hostname in certificate differs from actually requested host.";
        throw new CertificateVerificationException(errorMsg);
    }
}

Also used : Extension(org.openecard.bouncycastle.asn1.x509.Extension) GeneralNames(org.openecard.bouncycastle.asn1.x509.GeneralNames) CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException) GeneralName(org.openecard.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.openecard.bouncycastle.asn1.ASN1Encodable) Extensions(org.openecard.bouncycastle.asn1.x509.Extensions) RDN(org.openecard.bouncycastle.asn1.x500.RDN)

Example 100 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project jruby-openssl by jruby.

the class X509ExtensionFactory method parseAuthorityKeyIdentifier.

private ASN1Sequence parseAuthorityKeyIdentifier(final ThreadContext context, final String valuex) {
    final ASN1EncodableVector vec = new ASN1EncodableVector();
    for (String value : valuex.split(",")) {
        // e.g. "keyid:always,issuer:always"
        if (value.startsWith("keyid:")) {
            // keyid:always
            ASN1Encodable publicKeyIdentifier = new DEROctetString(publicKeyIdentifier(context));
            vec.add(new DERTaggedObject(false, 0, publicKeyIdentifier));
        } else if (value.startsWith("issuer:")) {
            // issuer:always
            GeneralName issuerName = new GeneralName(authorityCertIssuer(context));
            vec.add(new DERTaggedObject(false, 1, new GeneralNames(issuerName)));
            BigInteger issuerSerial = getIssuerSerialNumber(context);
            if (issuerSerial != null) {
                vec.add(new DERTaggedObject(false, 2, new ASN1Integer(issuerSerial)));
            }
        }
    }
    return new DERSequence(vec);
}

Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) BigInteger(java.math.BigInteger) RubyString(org.jruby.RubyString) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72 GeneralName (org.bouncycastle.asn1.x509.GeneralName)58 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)22 ArrayList (java.util.ArrayList)19 X500Name (org.bouncycastle.asn1.x500.X500Name)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)14 Date (java.util.Date)13 List (java.util.List)13 DEROctetString (org.bouncycastle.asn1.DEROctetString)13 X500Principal (javax.security.auth.x500.X500Principal)12 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)12 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)12 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12 GeneralNames (sun.security.x509.GeneralNames)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11 Test (org.junit.Test)11 BigInteger (java.math.BigInteger)10