use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.
the class X509CertPathImpl method getCertPathFromContentInfo.
/**
* Extract a CertPath from a PKCS#7 {@code contentInfo} object.
*/
private static X509CertPathImpl getCertPathFromContentInfo(ContentInfo contentInfo) throws CertificateException {
final SignedData sd = contentInfo.getSignedData();
if (sd == null) {
throw new CertificateException("Incorrect PKCS7 encoded form: missing signed data");
}
List<Certificate> certs = sd.getCertificates();
if (certs == null) {
certs = Collections.emptyList();
}
final List<X509Certificate> result = new ArrayList<X509Certificate>(certs.size());
for (Certificate cert : certs) {
result.add(new X509CertImpl(cert));
}
return new X509CertPathImpl(result, Encoding.PKCS7);
}
use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.
the class X509CRLImpl method retrieveEntries.
/*
* Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
* from the TBSCertList structure and converts them to the
* X509CRLEntryImpl objects
*/
private void retrieveEntries() {
entriesRetrieved = true;
List rcerts = tbsCertList.getRevokedCertificates();
if (rcerts == null) {
return;
}
entriesSize = rcerts.size();
entries = new ArrayList(entriesSize);
// null means that revoked certificate issuer is the same as CRL issuer
X500Principal rcertIssuer = null;
for (int i = 0; i < entriesSize; i++) {
TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
X500Principal iss = rcert.getIssuer();
if (iss != null) {
// certificate issuer differs from CRL issuer
// and CRL is indirect.
rcertIssuer = iss;
isIndirectCRL = true;
// remember how many leading revoked certificates in the
// list are issued by the same issuer as issuer of CRL
// (these certificates are first in the list)
nonIndirectEntriesSize = i;
}
entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
}
}
use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.
the class X509CertSelectorTest method test_setSubjectAlternativeNamesLjava_util_Collection.
/**
* java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>)
*/
public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setSubjectAlternativeNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setSubjectAlternativeNames(sans);
selector.getSubjectAlternativeNames();
}
use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.
the class X509CertSelectorTest method test_setPathToNamesLjava_util_Collection.
/**
* java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>)
*/
public void test_setPathToNamesLjava_util_Collection() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setPathToNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setPathToNames(sans);
selector.getPathToNames();
}
use of org.apache.harmony.security.x509.Certificate in project xipki by xipki.
the class AbstractOcspRequestor method buildRequest.
// method ask
private OCSPRequest buildRequest(X509Certificate caCert, BigInteger[] serialNumbers, byte[] nonce, RequestOptions requestOptions) throws OcspRequestorException {
HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
if (hashAlgo == null) {
throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
}
List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
XiOCSPReqBuilder reqBuilder = new XiOCSPReqBuilder();
List<Extension> extensions = new LinkedList<>();
if (nonce != null) {
extensions.add(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)));
}
if (prefSigAlgs != null && prefSigAlgs.size() > 0) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (AlgorithmIdentifier algId : prefSigAlgs) {
vec.add(new DERSequence(algId));
}
ASN1Sequence extnValue = new DERSequence(vec);
Extension extn;
try {
extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
} catch (IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
extensions.add(extn);
}
if (CollectionUtil.isNonEmpty(extensions)) {
reqBuilder.setRequestExtensions(new Extensions(extensions.toArray(new Extension[0])));
}
try {
DEROctetString issuerNameHash = new DEROctetString(hashAlgo.hash(caCert.getSubjectX500Principal().getEncoded()));
TBSCertificate tbsCert;
try {
tbsCert = TBSCertificate.getInstance(caCert.getTBSCertificate());
} catch (CertificateEncodingException ex) {
throw new OcspRequestorException(ex);
}
DEROctetString issuerKeyHash = new DEROctetString(hashAlgo.hash(tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
for (BigInteger serialNumber : serialNumbers) {
CertID certId = new CertID(hashAlgo.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
reqBuilder.addRequest(certId);
}
if (requestOptions.isSignRequest()) {
synchronized (signerLock) {
if (signer == null) {
if (StringUtil.isBlank(signerType)) {
throw new OcspRequestorException("signerType is not configured");
}
if (StringUtil.isBlank(signerConf)) {
throw new OcspRequestorException("signerConf is not configured");
}
X509Certificate cert = null;
if (StringUtil.isNotBlank(signerCertFile)) {
try {
cert = X509Util.parseCert(signerCertFile);
} catch (CertificateException ex) {
throw new OcspRequestorException("could not parse certificate " + signerCertFile + ": " + ex.getMessage());
}
}
try {
signer = getSecurityFactory().createSigner(signerType, new SignerConf(signerConf), cert);
} catch (Exception ex) {
throw new OcspRequestorException("could not create signer: " + ex.getMessage());
}
}
// end if
}
// end synchronized
reqBuilder.setRequestorName(signer.getBcCertificate().getSubject());
X509CertificateHolder[] certChain0 = signer.getBcCertificateChain();
Certificate[] certChain = new Certificate[certChain0.length];
for (int i = 0; i < certChain.length; i++) {
certChain[i] = certChain0[i].toASN1Structure();
}
ConcurrentBagEntrySigner signer0;
try {
signer0 = signer.borrowSigner();
} catch (NoIdleSignerException ex) {
throw new OcspRequestorException("NoIdleSignerException: " + ex.getMessage());
}
try {
return reqBuilder.build(signer0.value(), certChain);
} finally {
signer.requiteSigner(signer0);
}
} else {
return reqBuilder.build();
}
// end if
} catch (OCSPException | IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
}
Aggregations