Search in sources :

Example 6 with GeneralNames

use of org.apache.harmony.security.x509.GeneralNames in project OpenAM by OpenRock.

the class Cert method getTokenFromSubjectAltExt.

private void getTokenFromSubjectAltExt(X509Certificate cert) throws AuthLoginException {
    try {
        X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
        X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
        CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
        SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
        if (altNameExt != null) {
            GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
            GeneralName generalname = null;
            ObjectIdentifier upnoid = new ObjectIdentifier(UPNOID);
            Iterator itr = (Iterator) names.iterator();
            while ((userTokenId == null) && itr.hasNext()) {
                generalname = (GeneralName) itr.next();
                if (generalname != null) {
                    if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("UPN") && (generalname.getType() == GeneralNameInterface.NAME_ANY)) {
                        OtherName othername = (OtherName) generalname.getName();
                        if (upnoid.equals((Object) (othername.getOID()))) {
                            byte[] nval = othername.getNameValue();
                            DerValue derValue = new DerValue(nval);
                            userTokenId = derValue.getData().getUTF8String();
                        }
                    } else if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("RFC822Name") && (generalname.getType() == GeneralNameInterface.NAME_RFC822)) {
                        RFC822Name email = (RFC822Name) generalname.getName();
                        userTokenId = email.getName();
                    }
                }
            }
        }
    } catch (Exception e) {
        debug.error("Certificate - " + "Error in getTokenFromSubjectAltExt = ", e);
        throw new AuthLoginException(amAuthCert, "CertNoReg", null);
    }
}
Also used : X509CertInfo(sun.security.x509.X509CertInfo) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) OtherName(sun.security.x509.OtherName) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) CertificateExtensions(sun.security.x509.CertificateExtensions) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) GeneralNames(sun.security.x509.GeneralNames) RFC822Name(sun.security.x509.RFC822Name) X509CertImpl(sun.security.x509.X509CertImpl) DerValue(sun.security.util.DerValue) Iterator(java.util.Iterator) GeneralName(sun.security.x509.GeneralName) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 7 with GeneralNames

use of org.apache.harmony.security.x509.GeneralNames in project nhin-d by DirectProject.

the class CRLDistributionPointNameExtentionField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    final DERObject exValue = getExtensionValue(value);
    if (exValue == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            final Collection<String> coll = Collections.emptyList();
            this.policyValue = PolicyValueFactory.getInstance(coll);
            return;
        }
    }
    final CRLDistPoint distPoints = CRLDistPoint.getInstance(exValue);
    final Collection<String> retVal = new ArrayList<String>();
    for (DistributionPoint distPoint : distPoints.getDistributionPoints()) {
        if (distPoint.getDistributionPoint() != null && distPoint.getDistributionPoint().getType() == DistributionPointName.FULL_NAME) {
            final GeneralNames names = GeneralNames.getInstance(distPoint.getDistributionPoint().getName());
            for (GeneralName name : names.getNames()) {
                retVal.add(name.getName().toString());
            }
        }
    }
    if (retVal.isEmpty() && isRequired())
        throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
    this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) DERObject(org.bouncycastle.asn1.DERObject) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 8 with GeneralNames

use of org.apache.harmony.security.x509.GeneralNames in project oxAuth by GluuFederation.

the class CRLCertificateVerifier method getCrlUri.

public String getCrlUri(X509Certificate certificate) throws IOException {
    ASN1Primitive obj;
    try {
        obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
    } catch (IOException ex) {
        log.error("Failed to get CRL URL", ex);
        return null;
    }
    if (obj == null) {
        return null;
    }
    CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
    DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
    for (DistributionPoint distributionPoint : distributionPoints) {
        DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
        if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
            continue;
        }
        GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
        GeneralName[] names = generalNames.getNames();
        for (GeneralName name : names) {
            if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
                continue;
            }
            DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
            return derStr.getString();
        }
    }
    return null;
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) IOException(java.io.IOException) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 9 with GeneralNames

use of org.apache.harmony.security.x509.GeneralNames in project robovm by robovm.

the class X509CertSelectorTest method test_getPathToNames.

/**
     * java.security.cert.X509CertSelector#getPathToNames()
     */
public void test_getPathToNames() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralName san3 = new GeneralName(new ORAddress());
    GeneralName san4 = new GeneralName(new Name("O=Organization"));
    GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
    GeneralName san7 = new GeneralName(7, "1.1.1.1");
    GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    sans1.addName(san3);
    sans1.addName(san4);
    sans1.addName(san6);
    sans1.addName(san7);
    sans1.addName(san8);
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    X509CertSelector selector = new X509CertSelector();
    selector.setMatchAllSubjectAltNames(true);
    selector.setPathToNames(null);
    assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
    Collection<List<?>> sans = sans1.getPairsList();
    selector.setPathToNames(sans);
    selector.getPathToNames();
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.apache.harmony.security.x509.GeneralName) ORAddress(org.apache.harmony.security.x509.ORAddress) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 10 with GeneralNames

use of org.apache.harmony.security.x509.GeneralNames in project robovm by robovm.

the class X509CertSelectorTest method test_getSubjectAlternativeNames.

/**
     * java.security.cert.X509CertSelector#getSubjectAlternativeNames()
     */
public void test_getSubjectAlternativeNames() throws Exception {
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans = new GeneralNames();
    sans.addName(san1);
    sans.addName(san2);
    TestCert cert_1 = new TestCert(sans);
    X509CertSelector selector = new X509CertSelector();
    assertNull("Selector should return null", selector.getSubjectAlternativeNames());
    selector.setSubjectAlternativeNames(sans.getPairsList());
    assertTrue("The certificate should match the selection criteria.", selector.match(cert_1));
    selector.getSubjectAlternativeNames().clear();
    assertTrue("The modification of initialization object " + "should not affect the modification " + "of internal object.", selector.match(cert_1));
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)86 GeneralName (org.bouncycastle.asn1.x509.GeneralName)71 IOException (java.io.IOException)37 X509Certificate (java.security.cert.X509Certificate)27 X500Name (org.bouncycastle.asn1.x500.X500Name)24 ArrayList (java.util.ArrayList)23 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)19 ContentSigner (org.bouncycastle.operator.ContentSigner)18 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)18 BigInteger (java.math.BigInteger)16 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)16 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)16 List (java.util.List)15 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)15 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)15 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)15 X500Principal (javax.security.auth.x500.X500Principal)14 DERIA5String (org.bouncycastle.asn1.DERIA5String)14 GeneralNames (sun.security.x509.GeneralNames)14 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)13