Example 56 with CertificateParsingException
use of java.security.cert.CertificateParsingException in project robovm by robovm.
the class X509CertificateObject method getAlternativeNames.
private static Collection getAlternativeNames(byte[] extVal) throws CertificateParsingException {
if (extVal == null) {
return null;
}
try {
Collection temp = new ArrayList();
Enumeration it = ASN1Sequence.getInstance(extVal).getObjects();
while (it.hasMoreElements()) {
GeneralName genName = GeneralName.getInstance(it.nextElement());
List list = new ArrayList();
list.add(Integers.valueOf(genName.getTagNo()));
switch(genName.getTagNo()) {
case GeneralName.ediPartyName:
case GeneralName.x400Address:
case GeneralName.otherName:
list.add(genName.getEncoded());
break;
case GeneralName.directoryName:
// BEGIN android-changed
list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
// END android-changed
break;
case GeneralName.dNSName:
case GeneralName.rfc822Name:
case GeneralName.uniformResourceIdentifier:
list.add(((ASN1String) genName.getName()).getString());
break;
case GeneralName.registeredID:
list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId());
break;
case GeneralName.iPAddress:
byte[] addrBytes = DEROctetString.getInstance(genName.getName()).getOctets();
final String addr;
try {
addr = InetAddress.getByAddress(addrBytes).getHostAddress();
} catch (UnknownHostException e) {
continue;
}
list.add(addr);
break;
default:
throw new IOException("Bad tag number: " + genName.getTagNo());
}
temp.add(Collections.unmodifiableList(list));
}
if (temp.size() == 0) {
return null;
}
return Collections.unmodifiableCollection(temp);
} catch (Exception e) {
throw new CertificateParsingException(e.getMessage());
}
}
Also used :
Enumeration(java.util.Enumeration)
CertificateParsingException(java.security.cert.CertificateParsingException)
UnknownHostException(java.net.UnknownHostException)
ArrayList(java.util.ArrayList)
Collection(java.util.Collection)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
DERBitString(org.bouncycastle.asn1.DERBitString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
IOException(java.io.IOException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 57 with CertificateParsingException
use of java.security.cert.CertificateParsingException in project jdk8u_jdk by JetBrains.
the class ClientHandshaker method isIdentityEquivalent.
/*
* Whether the certificates can represent the same identity?
*
* The certificates can be used to represent the same identity:
* 1. If the subject alternative names of IP address are present in
* both certificates, they should be identical; otherwise,
* 2. if the subject alternative names of DNS name are present in
* both certificates, they should be identical; otherwise,
* 3. if the subject fields are present in both certificates, the
* certificate subjects and issuers should be identical.
*/
private static boolean isIdentityEquivalent(X509Certificate thisCert, X509Certificate prevCert) {
if (thisCert.equals(prevCert)) {
return true;
}
// check subject alternative names
Collection<List<?>> thisSubjectAltNames = null;
try {
thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Attempt to obtain subjectAltNames extension failed!");
}
}
Collection<List<?>> prevSubjectAltNames = null;
try {
prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Attempt to obtain subjectAltNames extension failed!");
}
}
if ((thisSubjectAltNames != null) && (prevSubjectAltNames != null)) {
// check the iPAddress field in subjectAltName extension
Collection<String> thisSubAltIPAddrs = getSubjectAltNames(thisSubjectAltNames, ALTNAME_IP);
Collection<String> prevSubAltIPAddrs = getSubjectAltNames(prevSubjectAltNames, ALTNAME_IP);
if ((thisSubAltIPAddrs != null) && (prevSubAltIPAddrs != null) && (isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs))) {
return true;
}
// check the dNSName field in subjectAltName extension
Collection<String> thisSubAltDnsNames = getSubjectAltNames(thisSubjectAltNames, ALTNAME_DNS);
Collection<String> prevSubAltDnsNames = getSubjectAltNames(prevSubjectAltNames, ALTNAME_DNS);
if ((thisSubAltDnsNames != null) && (prevSubAltDnsNames != null) && (isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames))) {
return true;
}
}
// check the certificate subject and issuer
X500Principal thisSubject = thisCert.getSubjectX500Principal();
X500Principal prevSubject = prevCert.getSubjectX500Principal();
X500Principal thisIssuer = thisCert.getIssuerX500Principal();
X500Principal prevIssuer = prevCert.getIssuerX500Principal();
if (!thisSubject.getName().isEmpty() && !prevSubject.getName().isEmpty() && thisSubject.equals(prevSubject) && thisIssuer.equals(prevIssuer)) {
return true;
}
return false;
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
X500Principal(javax.security.auth.x500.X500Principal)
Example 58 with CertificateParsingException
use of java.security.cert.CertificateParsingException in project nhin-d by DirectProject.
the class CertUtils method getOwner.
/**
* Gets the owner of the certificate with is the email address of domain bound to the certificate.
* The subject alt name is checked first, then the legacy email field, and lastsly the common name field.
* @param certificate The certificate of the to get the owner of.
* @return The owner of the certificate
*/
public static String getOwner(X509Certificate certificate) {
String address = "";
// check alternative names first
Collection<List<?>> altNames = null;
try {
altNames = certificate.getSubjectAlternativeNames();
} catch (CertificateParsingException ex) {
/* no -op */
}
if (altNames != null) {
for (List<?> entries : altNames) {
if (// should always be the case according the altNames spec, but checking to be defensive
entries.size() >= 2) {
Integer nameType = (Integer) entries.get(0);
// prefer email over over domain?
if (nameType == RFC822Name_TYPE)
address = (String) entries.get(1);
else if (nameType == DNSName_TYPE && address.isEmpty())
address = (String) entries.get(1);
}
}
}
if (!address.isEmpty())
return address;
// can't find subject address in alt names... try the principal
X500Principal issuerPrin = certificate.getSubjectX500Principal();
// get the domain name
Map<String, String> oidMap = new HashMap<String, String>();
// OID for email address
oidMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS");
String prinName = issuerPrin.getName(X500Principal.RFC1779, oidMap);
// see if there is an email address first in the DN
String searchString = "EMAILADDRESS=";
int index = prinName.indexOf(searchString);
if (index == -1) {
searchString = "CN=";
// no Email.. check the CN
index = prinName.indexOf(searchString);
if (index == -1)
// no CN... nothing else that can be done from here
return "";
}
// look for a "," to find the end of this attribute
int endIndex = prinName.indexOf(",", index);
if (endIndex > -1)
address = prinName.substring(index + searchString.length(), endIndex);
else
address = prinName.substring(index + searchString.length());
return address;
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
X500Principal(javax.security.auth.x500.X500Principal)
List(java.util.List)
Example 59 with CertificateParsingException
use of java.security.cert.CertificateParsingException in project athenz by yahoo.
the class Crypto method extractX509CertEmails.
public static List<String> extractX509CertEmails(X509Certificate x509Cert) {
Collection<List<?>> altNames = null;
try {
altNames = x509Cert.getSubjectAlternativeNames();
} catch (CertificateParsingException ex) {
LOG.error("extractX509IPAddresses: Caught CertificateParsingException when parsing certificate: " + ex.getMessage());
}
if (altNames == null) {
return Collections.emptyList();
}
List<String> emails = new ArrayList<>();
for (@SuppressWarnings("rawtypes") List item : altNames) {
Integer type = (Integer) item.get(0);
if (type == GeneralName.rfc822Name) {
emails.add((String) item.get(1));
}
}
return emails;
}
Also used :
BigInteger(java.math.BigInteger)
CertificateParsingException(java.security.cert.CertificateParsingException)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
Example 60 with CertificateParsingException
use of java.security.cert.CertificateParsingException in project webofneeds by researchstudio-sat.
the class TrustWebIdStrategy method isTrusted.
public boolean isTrusted(final X509Certificate[] x509Certificates, final String authType) throws CertificateException {
if (x509Certificates == null || x509Certificates.length < 1) {
return false;
}
// extract certificate and key
X509Certificate cert = x509Certificates[0];
PublicKey publicKey = cert.getPublicKey();
// extract webID (can be several)
List<URI> webIDs = null;
try {
webIDs = CertificateService.getWebIdFromSubjectAlternativeNames(cert);
} catch (CertificateParsingException e) {
logger.warn("error extracting WebIDs from subject alternative names", e);
return false;
}
if (webIDs == null || webIDs.isEmpty()) {
logger.warn("no WebIDs found in subject alternative names");
return false;
}
// verify
List<String> verified = null;
try {
verified = verificationAgent.verify(publicKey, webIDs);
} catch (Exception e) {
logger.warn("Error during WebIDs verification " + webIDs.toString());
return false;
}
if (verified == null || verified.isEmpty()) {
logger.warn("WebIDs do not pass verification " + webIDs.toString());
return false;
} else {
return true;
}
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
PublicKey(java.security.PublicKey)
URI(java.net.URI)
X509Certificate(java.security.cert.X509Certificate)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertificateException(java.security.cert.CertificateException)
Aggregations
CertificateParsingException (java.security.cert.CertificateParsingException)75
List (java.util.List)27
IOException (java.io.IOException)18
ArrayList (java.util.ArrayList)18
X509Certificate (java.security.cert.X509Certificate)16
CertificateException (java.security.cert.CertificateException)14
Collection (java.util.Collection)13
X500Principal (javax.security.auth.x500.X500Principal)13
BigInteger (java.math.BigInteger)8
InvalidKeyException (java.security.InvalidKeyException)7
HashMap (java.util.HashMap)7
DERIA5String (org.bouncycastle.asn1.DERIA5String)7
DEROctetString (org.bouncycastle.asn1.DEROctetString)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
NoSuchProviderException (java.security.NoSuchProviderException)6
SignatureException (java.security.SignatureException)6
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
CertificateExpiredException (java.security.cert.CertificateExpiredException)6
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)6
GeneralName (org.bouncycastle.asn1.x509.GeneralName)6
