Examples with X500Principal javax.security.auth.x500.X500Principal used on opensource projects

Search in sources :

Example 71 with X500Principal

use of javax.security.auth.x500.X500Principal in project XobotOS by xamarin.

the class X509CertSelector method setIssuer.

/**
     * Sets the issuer that a certificate must match.
     *
     * @param issuerDN
     *            the distinguished issuer name in ASN.1 DER encoded format, or
     *            {@code null} to not check the issuer.
     * @throws IOException
     *             if decoding the issuer fail.
     */
public void setIssuer(byte[] issuerDN) throws IOException {
    if (issuerDN == null) {
        issuer = null;
        return;
    }
    try {
        issuer = new X500Principal(issuerDN);
        this.issuerName = null;
        this.issuerBytes = new byte[issuerDN.length];
        System.arraycopy(issuerDN, 0, this.issuerBytes, 0, issuerDN.length);
    } catch (IllegalArgumentException e) {
        throw new IOException(e.getMessage());
    }
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) IOException(java.io.IOException)

Example 72 with X500Principal

use of javax.security.auth.x500.X500Principal in project XobotOS by xamarin.

the class JarEntry method getCodeSigners.

private CodeSigner[] getCodeSigners(Certificate[] certs) {
    if (certs == null) {
        return null;
    }
    X500Principal prevIssuer = null;
    ArrayList<Certificate> list = new ArrayList<Certificate>(certs.length);
    ArrayList<CodeSigner> asigners = new ArrayList<CodeSigner>();
    for (Certificate element : certs) {
        if (!(element instanceof X509Certificate)) {
            // Only X509Certificate-s are taken into account - see API spec.
            continue;
        }
        X509Certificate x509 = (X509Certificate) element;
        if (prevIssuer != null) {
            X500Principal subj = x509.getSubjectX500Principal();
            if (!prevIssuer.equals(subj)) {
                // Ok, this ends the previous chain,
                // so transform this one into CertPath ...
                addCodeSigner(asigners, list);
                // ... and start a new one
                list.clear();
            }
        // else { it's still the same chain }
        }
        prevIssuer = x509.getIssuerX500Principal();
        list.add(x509);
    }
    if (!list.isEmpty()) {
        addCodeSigner(asigners, list);
    }
    if (asigners.isEmpty()) {
        // 'signers' is 'null' already
        return null;
    }
    CodeSigner[] tmp = new CodeSigner[asigners.size()];
    asigners.toArray(tmp);
    return tmp;
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) CodeSigner(java.security.CodeSigner) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 73 with X500Principal

use of javax.security.auth.x500.X500Principal in project XobotOS by xamarin.

the class PKIXCertPath method sortCerts.

/**
     * @param certs
     */
private List sortCerts(List certs) {
    if (certs.size() < 2) {
        return certs;
    }
    X500Principal issuer = ((X509Certificate) certs.get(0)).getIssuerX500Principal();
    boolean okay = true;
    for (int i = 1; i != certs.size(); i++) {
        X509Certificate cert = (X509Certificate) certs.get(i);
        if (issuer.equals(cert.getSubjectX500Principal())) {
            issuer = ((X509Certificate) certs.get(i)).getIssuerX500Principal();
        } else {
            okay = false;
            break;
        }
    }
    if (okay) {
        return certs;
    }
    // find end-entity cert
    List retList = new ArrayList(certs.size());
    List orig = new ArrayList(certs);
    for (int i = 0; i < certs.size(); i++) {
        X509Certificate cert = (X509Certificate) certs.get(i);
        boolean found = false;
        X500Principal subject = cert.getSubjectX500Principal();
        for (int j = 0; j != certs.size(); j++) {
            X509Certificate c = (X509Certificate) certs.get(j);
            if (c.getIssuerX500Principal().equals(subject)) {
                found = true;
                break;
            }
        }
        if (!found) {
            retList.add(cert);
            certs.remove(i);
        }
    }
    // can only have one end entity cert - something's wrong, give up.
    if (retList.size() > 1) {
        return orig;
    }
    for (int i = 0; i != retList.size(); i++) {
        issuer = ((X509Certificate) retList.get(i)).getIssuerX500Principal();
        for (int j = 0; j < certs.size(); j++) {
            X509Certificate c = (X509Certificate) certs.get(j);
            if (issuer.equals(c.getSubjectX500Principal())) {
                retList.add(c);
                certs.remove(j);
                break;
            }
        }
    }
    // make sure all certificates are accounted for.
    if (certs.size() > 0) {
        return orig;
    }
    return retList;
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ArrayList(java.util.ArrayList) List(java.util.List) X509Certificate(java.security.cert.X509Certificate)

Example 74 with X500Principal

use of javax.security.auth.x500.X500Principal in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method processCertBC.

protected static void processCertBC(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    int n = certs.size();
    // i as defined in the algorithm description
    int i = n - index;
    //
    if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) {
        X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
        ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
        ASN1Sequence dns;
        try {
            dns = DERSequence.getInstance(aIn.readObject());
        } catch (Exception e) {
            throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, certPath, index);
        }
        try {
            nameConstraintValidator.checkPermittedDN(dns);
            nameConstraintValidator.checkExcludedDN(dns);
        } catch (PKIXNameConstraintValidatorException e) {
            throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, index);
        }
        GeneralNames altName = null;
        try {
            altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME));
        } catch (Exception e) {
            throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, certPath, index);
        }
        Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
        for (Enumeration e = emails.elements(); e.hasMoreElements(); ) {
            String email = (String) e.nextElement();
            GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
            try {
                nameConstraintValidator.checkPermitted(emailAsGeneralName);
                nameConstraintValidator.checkExcluded(emailAsGeneralName);
            } catch (PKIXNameConstraintValidatorException ex) {
                throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", ex, certPath, index);
            }
        }
        if (altName != null) {
            GeneralName[] genNames = null;
            try {
                genNames = altName.getNames();
            } catch (Exception e) {
                throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, certPath, index);
            }
            for (int j = 0; j < genNames.length; j++) {
                try {
                    nameConstraintValidator.checkPermitted(genNames[j]);
                    nameConstraintValidator.checkExcluded(genNames[j]);
                } catch (PKIXNameConstraintValidatorException e) {
                    throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e, certPath, index);
                }
            }
        }
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) X509Name(org.bouncycastle.asn1.x509.X509Name) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X500Principal(javax.security.auth.x500.X500Principal) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Vector(java.util.Vector) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 75 with X500Principal

use of javax.security.auth.x500.X500Principal in project XobotOS by xamarin.

the class X509CRLImpl method retrieveEntries.

/*
     * Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
     * from the TBSCertList structure and converts them to the
     * X509CRLEntryImpl objects
     */
private void retrieveEntries() {
    entriesRetrieved = true;
    List rcerts = tbsCertList.getRevokedCertificates();
    if (rcerts == null) {
        return;
    }
    entriesSize = rcerts.size();
    entries = new ArrayList(entriesSize);
    // null means that revoked certificate issuer is the same as CRL issuer
    X500Principal rcertIssuer = null;
    for (int i = 0; i < entriesSize; i++) {
        TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
        X500Principal iss = rcert.getIssuer();
        if (iss != null) {
            // certificate issuer differs from CRL issuer
            // and CRL is indirect.
            rcertIssuer = iss;
            isIndirectCRL = true;
            // remember how many leading revoked certificates in the
            // list are issued by the same issuer as issuer of CRL
            // (these certificates are first in the list)
            nonIndirectEntriesSize = i;
        }
        entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
    }
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ArrayList(java.util.ArrayList) TBSCertList(org.apache.harmony.security.x509.TBSCertList) CertificateList(org.apache.harmony.security.x509.CertificateList) List(java.util.List) TBSCertList(org.apache.harmony.security.x509.TBSCertList)

Aggregations

X500Principal (javax.security.auth.x500.X500Principal)246 X509Certificate (java.security.cert.X509Certificate)68 IOException (java.io.IOException)52 ArrayList (java.util.ArrayList)39 List (java.util.List)25 Principal (java.security.Principal)21 PublicKey (java.security.PublicKey)21 TrustAnchor (java.security.cert.TrustAnchor)21 Certificate (java.security.cert.Certificate)20 X509CertSelector (java.security.cert.X509CertSelector)16 HashMap (java.util.HashMap)16 BigInteger (java.math.BigInteger)15 KeyPair (java.security.KeyPair)15 HashSet (java.util.HashSet)14 Test (org.junit.Test)14 KeyPairGenerator (java.security.KeyPairGenerator)13 CertPathValidatorException (java.security.cert.CertPathValidatorException)13 CertificateException (java.security.cert.CertificateException)13 GeneralSecurityException (java.security.GeneralSecurityException)12 CertificateParsingException (java.security.cert.CertificateParsingException)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial