Search in sources :

Example 26 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project jdk8u_jdk by JetBrains.

the class ForwardState method updateState.

/**
     * Update the state with the next certificate added to the path.
     *
     * @param cert the certificate which is used to update the state
     */
@Override
public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException {
    if (cert == null)
        return;
    X509CertImpl icert = X509CertImpl.toImpl(cert);
    /* see if certificate key has null parameters */
    if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) {
        keyParamsNeededFlag = true;
    }
    /* update certificate */
    this.cert = icert;
    /* update issuer DN */
    issuerDN = cert.getIssuerX500Principal();
    if (!X509CertImpl.isSelfIssued(cert)) {
        /*
             * update traversedCACerts only if this is a non-self-issued
             * intermediate CA cert
             */
        if (!init && cert.getBasicConstraints() != -1) {
            traversedCACerts++;
        }
    }
    /* update subjectNamesTraversed only if this is the EE cert or if
           this cert is not self-issued */
    if (init || !X509CertImpl.isSelfIssued(cert)) {
        X500Principal subjName = cert.getSubjectX500Principal();
        subjectNamesTraversed.add(X500Name.asX500Name(subjName));
        try {
            SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension();
            if (subjAltNameExt != null) {
                GeneralNames gNames = subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
                for (GeneralName gName : gNames.names()) {
                    subjectNamesTraversed.add(gName.getName());
                }
            }
        } catch (IOException e) {
            if (debug != null) {
                debug.println("ForwardState.updateState() unexpected " + "exception");
                e.printStackTrace();
            }
            throw new CertPathValidatorException(e);
        }
    }
    init = false;
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) GeneralNames(sun.security.x509.GeneralNames) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) X509CertImpl(sun.security.x509.X509CertImpl) X500Principal(javax.security.auth.x500.X500Principal) GeneralName(sun.security.x509.GeneralName) IOException(java.io.IOException)

Example 27 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testSubjectAltName.

/*
     * Tests matching on the subject alternative name extension contained in the
     * certificate.
     */
private void testSubjectAltName() throws IOException {
    System.out.println("X.509 Certificate Match on subjectAltName");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    GeneralNameInterface dnsName = new DNSName("foo.com");
    DerOutputStream tmp = new DerOutputStream();
    dnsName.encode(tmp);
    selector.addSubjectAlternativeName(2, tmp.toByteArray());
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
    byte[] encoded = in.getOctetString();
    SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
    GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
    GeneralName name = (GeneralName) names.get(0);
    selector.setSubjectAlternativeNames(null);
    DerOutputStream tmp2 = new DerOutputStream();
    name.getName().encode(tmp2);
    selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
    checkMatch(selector, cert, true);
    // good match 2 (matches at least one)
    selector.setMatchAllSubjectAltNames(false);
    selector.addSubjectAlternativeName(2, "foo.com");
    checkMatch(selector, cert, true);
}
Also used : GeneralNameInterface(sun.security.x509.GeneralNameInterface) GeneralNames(sun.security.x509.GeneralNames) DerOutputStream(sun.security.util.DerOutputStream) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) X509CertSelector(java.security.cert.X509CertSelector) DerInputStream(sun.security.util.DerInputStream) GeneralName(sun.security.x509.GeneralName) DNSName(sun.security.x509.DNSName)

Example 28 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project athenz by yahoo.

the class Crypto method extractX509CSREmail.

public static String extractX509CSREmail(PKCS10CertificationRequest certReq) {
    String rfc822 = null;
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.rfc822Name) {
                    rfc822 = (((DERIA5String) name.getName()).getString());
                    break;
                }
            }
        }
    }
    return rfc822;
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 29 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project athenz by yahoo.

the class Crypto method extractX509CSRDnsNames.

public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
    List<String> dnsNames = new ArrayList<>();
    Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    for (Attribute attribute : attributes) {
        for (ASN1Encodable value : attribute.getAttributeValues()) {
            Extensions extensions = Extensions.getInstance(value);
            GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            for (GeneralName name : gns.getNames()) {
                if (name.getTagNo() == GeneralName.dNSName) {
                    dnsNames.add(((DERIA5String) name.getName()).getString());
                }
            }
        }
    }
    return dnsNames;
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ArrayList(java.util.ArrayList) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Extensions(org.bouncycastle.asn1.x509.Extensions)

Example 30 with GeneralNames

use of de.carne.certmgr.certs.x509.GeneralNames in project fdroidclient by f-droid.

the class LocalRepoKeyStore method generateSelfSignedCertChain.

private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
    SecureRandom rand = new SecureRandom();
    PrivateKey privKey = kp.getPrivate();
    PublicKey pubKey = kp.getPublic();
    ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
    SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
    // now
    Date now = new Date();
    /* force it to use a English/Gregorian dates for the cert, hardly anyone
           ever looks at the cert metadata anyway, and its very likely that they
           understand English/Gregorian dates */
    Calendar c = new GregorianCalendar(Locale.ENGLISH);
    c.setTime(now);
    c.add(Calendar.YEAR, 1);
    Time startTime = new Time(now, Locale.ENGLISH);
    Time endTime = new Time(c.getTime(), Locale.ENGLISH);
    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
    if (hostname != null) {
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
        v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
    }
    X509CertificateHolder certHolder = v3CertGen.build(sigGen);
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.spongycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ContentSigner(org.spongycastle.operator.ContentSigner) GregorianCalendar(java.util.GregorianCalendar) SecureRandom(java.security.SecureRandom) Time(org.spongycastle.asn1.x509.Time) SubjectPublicKeyInfo(org.spongycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) GeneralNames(org.spongycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.spongycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder) GeneralName(org.spongycastle.asn1.x509.GeneralName)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72 GeneralName (org.bouncycastle.asn1.x509.GeneralName)58 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)22 ArrayList (java.util.ArrayList)19 X500Name (org.bouncycastle.asn1.x500.X500Name)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)14 Date (java.util.Date)13 List (java.util.List)13 DEROctetString (org.bouncycastle.asn1.DEROctetString)13 X500Principal (javax.security.auth.x500.X500Principal)12 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)12 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)12 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12 GeneralNames (sun.security.x509.GeneralNames)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)11 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11 Test (org.junit.Test)11 BigInteger (java.math.BigInteger)10