Example 51 with X500Principal
use of javax.security.auth.x500.X500Principal in project robovm by robovm.
the class X500PrincipalTest method testIA5StringEncoding.
private void testIA5StringEncoding(String name, byte[] expectedEncoded) {
X500Principal original = new X500Principal(name);
byte[] actualEncoded = original.getEncoded();
assertEquals(Arrays.toString(expectedEncoded), Arrays.toString(actualEncoded));
X500Principal decoded = new X500Principal(actualEncoded);
assertEquals(original, decoded);
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
Example 52 with X500Principal
use of javax.security.auth.x500.X500Principal in project robovm by robovm.
the class X500PrincipalTest method testSerialization.
public void testSerialization() {
String expected = "aced0005737200266a617661782e73656375726974792e617574682e7" + "83530302e583530305072696e636970616cf90dff3c88b877c703000078707572" + "00025b42acf317f8060854e002000078700000006a30683117301506035504031" + "30e7777772e676f6f676c652e636f6d31133011060355040a130a476f6f676c65" + "20496e63311630140603550407130d4d6f756e7461696e2056696577311330110" + "603550408130a43616c69666f726e6961310b300906035504061302555378";
X500Principal actual = new X500Principal("C=US, " + "ST=California, " + "L=Mountain View, " + "O=Google Inc, " + "CN=www.google.com");
new SerializationTester<X500Principal>(actual, expected).test();
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
Example 53 with X500Principal
use of javax.security.auth.x500.X500Principal in project robovm by robovm.
the class HostnameVerifierTest method testSubjectAlt.
public void testSubjectAlt() throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream(X509_MULTIPLE_SUBJECT_ALT);
X509Certificate x509 = (X509Certificate) cf.generateCertificate(in);
mySSLSession session = new mySSLSession(new X509Certificate[] { x509 });
HostnameVerifier verifier = HttpsURLConnection.getDefaultHostnameVerifier();
assertEquals(new X500Principal("CN=localhost"), x509.getSubjectX500Principal());
assertTrue(verifier.verify("localhost", session));
assertTrue(verifier.verify("localhost.localdomain", session));
assertFalse(verifier.verify("local.host", session));
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
X500Principal(javax.security.auth.x500.X500Principal)
org.apache.harmony.xnet.tests.support.mySSLSession(org.apache.harmony.xnet.tests.support.mySSLSession)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
Example 54 with X500Principal
use of javax.security.auth.x500.X500Principal in project platform_frameworks_base by android.
the class ESTHandler method buildCSR.
private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
//Security.addProvider(new BouncyCastleProvider());
Log.d(TAG, "/csrattrs:");
/*
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
for (byte b : octets) {
System.out.printf("%02x ", b & 0xff);
}
*/
Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : csrs) {
Log.d(TAG, asn1Object.toString());
}
if (csrs.size() != 1) {
throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
}
Asn1Object sequence = csrs.iterator().next();
if (sequence.getClass() != Asn1Constructed.class) {
throw new IOException("Unexpected CSR attribute container: " + sequence);
}
String keyAlgo = null;
Asn1Oid keyAlgoOID = null;
String sigAlgo = null;
String curveName = null;
Asn1Oid pubCrypto = null;
int keySize = -1;
Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
for (Asn1Object child : sequence.getChildren()) {
if (child.getTag() == Asn1Decoder.TAG_OID) {
Asn1Oid oid = (Asn1Oid) child;
OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
if (sigEntry != null) {
sigAlgo = sigEntry.getSigAlgo();
keyAlgoOID = sigEntry.getKeyAlgo();
keyAlgo = OidMappings.getJCEName(keyAlgoOID);
} else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
byte[] tlsUnique = httpHandler.getTLSUnique();
if (tlsUnique != null) {
idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
} else {
Log.w(TAG, "Cannot retrieve TLS unique channel binding");
}
}
} else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
Asn1Oid oid = null;
Set<Asn1Oid> oidValues = new HashSet<>();
List<Asn1Object> values = new ArrayList<>();
for (Asn1Object attributeSeq : child.getChildren()) {
if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
oid = (Asn1Oid) attributeSeq;
} else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
for (Asn1Object value : attributeSeq.getChildren()) {
if (value.getTag() == Asn1Decoder.TAG_OID) {
oidValues.add((Asn1Oid) value);
} else {
values.add(value);
}
}
}
}
if (oid == null) {
throw new IOException("Invalid attribute, no OID");
}
if (oid.equals(OidMappings.sExtensionRequest)) {
for (Asn1Oid subOid : oidValues) {
if (OidMappings.isIDAttribute(subOid)) {
if (subOid.equals(OidMappings.sMAC)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
} else if (subOid.equals(OidMappings.sIMEI)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
} else if (subOid.equals(OidMappings.sMEID)) {
idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
} else if (subOid.equals(OidMappings.sDevID)) {
idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
}
}
}
} else if (OidMappings.getCryptoID(oid) != null) {
pubCrypto = oid;
if (!values.isEmpty()) {
for (Asn1Object value : values) {
if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
keySize = (int) ((Asn1Integer) value).getValue();
}
}
}
if (oid.equals(OidMappings.sAlgo_EC)) {
if (oidValues.isEmpty()) {
throw new IOException("No ECC curve name provided");
}
for (Asn1Oid value : oidValues) {
curveName = OidMappings.getJCEName(value);
if (curveName != null) {
break;
}
}
if (curveName == null) {
throw new IOException("Found no ECC curve for " + oidValues);
}
}
}
}
}
if (keyAlgoOID == null) {
throw new IOException("No public key algorithm specified");
}
if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
throw new IOException("Mismatching key algorithms");
}
if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
if (keySize < MinRSAKeySize) {
if (keySize >= 0) {
Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
}
keySize = MinRSAKeySize;
}
}
Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
/*
Ruckus:
SEQUENCE:
OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)
RFC-7030:
SEQUENCE:
OID=1.2.840.113549.1.9.7 (challengePassword)
SEQUENCE:
OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
SET:
OID=1.3.132.0.34 (secp384r1)
SEQUENCE:
OID=1.2.840.113549.1.9.14 (extensionRequest)
SET:
OID=1.3.6.1.1.1.1.22 (mac-address)
OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)
1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
*/
// ECC Does not appear to be supported currently
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
if (curveName != null) {
AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
} else {
kpg.initialize(keySize);
}
KeyPair kp = kpg.generateKeyPair();
X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
mClientKey = kp.getPrivate();
// !!! Map the idAttributes into an ASN1Set of values to pass to
// the PKCS10CertificationRequest - this code is using outdated BC classes and
// has *not* been tested.
ASN1Set attributes;
if (!idAttributes.isEmpty()) {
ASN1EncodableVector payload = new DEREncodableVector();
for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
ASN1Set values = new DERSet(entry.getValue());
Attribute attribute = new Attribute(type, values);
payload.add(attribute);
}
attributes = new DERSet(payload);
} else {
attributes = null;
}
return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used :
DERSet(com.android.org.bouncycastle.asn1.DERSet)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Attribute(com.android.org.bouncycastle.asn1.x509.Attribute)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
DERSet(com.android.org.bouncycastle.asn1.DERSet)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable)
PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest)
Asn1Oid(com.android.hotspot2.asn1.Asn1Oid)
KeyPair(java.security.KeyPair)
ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec)
DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
IOException(java.io.IOException)
KeyPairGenerator(java.security.KeyPairGenerator)
DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
OidMappings(com.android.hotspot2.asn1.OidMappings)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
X500Principal(javax.security.auth.x500.X500Principal)
Map(java.util.Map)
HashMap(java.util.HashMap)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 55 with X500Principal
use of javax.security.auth.x500.X500Principal in project platform_frameworks_base by android.
the class WiFiKeyManager method chooseClientAlias.
@Override
public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {
Map<String, Integer> keyPrefs = new HashMap<>(keyTypes.length);
int pref = 0;
for (String keyType : keyTypes) {
keyPrefs.put(keyType, pref++);
}
List<AliasEntry> aliases = new ArrayList<>();
if (issuers != null) {
for (Principal issuer : issuers) {
if (issuer instanceof X500Principal) {
String[] aliasAndKey = mAliases.get((X500Principal) issuer);
if (aliasAndKey != null) {
Integer preference = keyPrefs.get(aliasAndKey[1]);
if (preference != null) {
aliases.add(new AliasEntry(preference, aliasAndKey[0]));
}
}
}
}
} else {
for (String[] aliasAndKey : mAliases.values()) {
Integer preference = keyPrefs.get(aliasAndKey[1]);
if (preference != null) {
aliases.add(new AliasEntry(preference, aliasAndKey[0]));
}
}
}
Collections.sort(aliases);
return aliases.isEmpty() ? null : aliases.get(0).getAlias();
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
X500Principal(javax.security.auth.x500.X500Principal)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Aggregations
X500Principal (javax.security.auth.x500.X500Principal)246
X509Certificate (java.security.cert.X509Certificate)68
IOException (java.io.IOException)52
ArrayList (java.util.ArrayList)39
List (java.util.List)25
Principal (java.security.Principal)21
PublicKey (java.security.PublicKey)21
TrustAnchor (java.security.cert.TrustAnchor)21
Certificate (java.security.cert.Certificate)20
X509CertSelector (java.security.cert.X509CertSelector)16
HashMap (java.util.HashMap)16
BigInteger (java.math.BigInteger)15
KeyPair (java.security.KeyPair)15
HashSet (java.util.HashSet)14
Test (org.junit.Test)14
KeyPairGenerator (java.security.KeyPairGenerator)13
CertPathValidatorException (java.security.cert.CertPathValidatorException)13
CertificateException (java.security.cert.CertificateException)13
GeneralSecurityException (java.security.GeneralSecurityException)12
CertificateParsingException (java.security.cert.CertificateParsingException)12
