Example 1 with PrivateKeyUsagePeriod
use of org.apache.harmony.security.x509.PrivateKeyUsagePeriod in project XobotOS by xamarin.
the class X509CertSelector method match.
/**
* Returns whether the specified certificate matches all the criteria
* collected in this instance.
*
* @param certificate
* the certificate to check.
* @return {@code true} if the certificate matches all the criteria,
* otherwise {@code false}.
*/
public boolean match(Certificate certificate) {
if (!(certificate instanceof X509Certificate)) {
return false;
}
X509Certificate cert = (X509Certificate) certificate;
if ((certificateEquals != null) && !certificateEquals.equals(cert)) {
return false;
}
if ((serialNumber != null) && !serialNumber.equals(cert.getSerialNumber())) {
return false;
}
if ((issuer != null) && !issuer.equals(cert.getIssuerX500Principal())) {
return false;
}
if ((subject != null) && !subject.equals(cert.getSubjectX500Principal())) {
return false;
}
if ((subjectKeyIdentifier != null) && !Arrays.equals(subjectKeyIdentifier, // are taken from rfc 3280 (http://www.ietf.org/rfc/rfc3280.txt)
getExtensionValue(cert, "2.5.29.14"))) {
return false;
}
if ((authorityKeyIdentifier != null) && !Arrays.equals(authorityKeyIdentifier, getExtensionValue(cert, "2.5.29.35"))) {
return false;
}
if (certificateValid != null) {
try {
cert.checkValidity(certificateValid);
} catch (CertificateExpiredException e) {
return false;
} catch (CertificateNotYetValidException e) {
return false;
}
}
if (privateKeyValid != null) {
try {
byte[] bytes = getExtensionValue(cert, "2.5.29.16");
if (bytes == null) {
return false;
}
PrivateKeyUsagePeriod pkup = (PrivateKeyUsagePeriod) PrivateKeyUsagePeriod.ASN1.decode(bytes);
Date notBefore = pkup.getNotBefore();
Date notAfter = pkup.getNotAfter();
if ((notBefore == null) && (notAfter == null)) {
return false;
}
if ((notBefore != null) && notBefore.compareTo(privateKeyValid) > 0) {
return false;
}
if ((notAfter != null) && notAfter.compareTo(privateKeyValid) < 0) {
return false;
}
} catch (IOException e) {
return false;
}
}
if (subjectPublicKeyAlgID != null) {
try {
byte[] encoding = cert.getPublicKey().getEncoded();
AlgorithmIdentifier ai = ((SubjectPublicKeyInfo) SubjectPublicKeyInfo.ASN1.decode(encoding)).getAlgorithmIdentifier();
if (!subjectPublicKeyAlgID.equals(ai.getAlgorithm())) {
return false;
}
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
if (subjectPublicKey != null) {
if (!Arrays.equals(subjectPublicKey, cert.getPublicKey().getEncoded())) {
return false;
}
}
if (keyUsage != null) {
boolean[] ku = cert.getKeyUsage();
if (ku != null) {
int i = 0;
int min_length = (ku.length < keyUsage.length) ? ku.length : keyUsage.length;
for (; i < min_length; i++) {
if (keyUsage[i] && !ku[i]) {
// but certificate does not.
return false;
}
}
for (; i < keyUsage.length; i++) {
if (keyUsage[i]) {
return false;
}
}
}
}
if (extendedKeyUsage != null) {
try {
List keyUsage = cert.getExtendedKeyUsage();
if (keyUsage != null) {
if (!keyUsage.containsAll(extendedKeyUsage)) {
return false;
}
}
} catch (CertificateParsingException e) {
return false;
}
}
if (pathLen != -1) {
int p_len = cert.getBasicConstraints();
if ((pathLen < 0) && (p_len >= 0)) {
// need end-entity but got CA
return false;
}
if ((pathLen > 0) && (pathLen > p_len)) {
// allowed _pathLen is small
return false;
}
}
if (subjectAltNames != null) {
PASSED: try {
byte[] bytes = getExtensionValue(cert, "2.5.29.17");
if (bytes == null) {
return false;
}
List<GeneralName> sans = ((GeneralNames) GeneralNames.ASN1.decode(bytes)).getNames();
if ((sans == null) || (sans.size() == 0)) {
return false;
}
boolean[][] map = new boolean[9][];
// initialize the check map
for (int i = 0; i < 9; i++) {
map[i] = (subjectAltNames[i] == null) ? EmptyArray.BOOLEAN : new boolean[subjectAltNames[i].size()];
}
for (GeneralName name : sans) {
int tag = name.getTag();
for (int i = 0; i < map[tag].length; i++) {
if (subjectAltNames[tag].get(i).equals(name)) {
if (!matchAllNames) {
break PASSED;
}
map[tag][i] = true;
}
}
}
if (!matchAllNames) {
// there was not any match
return false;
}
// else check the map
for (int tag = 0; tag < 9; tag++) {
for (int name = 0; name < map[tag].length; name++) {
if (!map[tag][name]) {
return false;
}
}
}
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
if (nameConstraints != null) {
if (!nameConstraints.isAcceptable(cert)) {
return false;
}
}
if (policies != null) {
byte[] bytes = getExtensionValue(cert, "2.5.29.32");
if (bytes == null) {
return false;
}
if (policies.size() == 0) {
// one policy in it.
return true;
}
PASSED: try {
List<PolicyInformation> policyInformations = ((CertificatePolicies) CertificatePolicies.ASN1.decode(bytes)).getPolicyInformations();
for (PolicyInformation policyInformation : policyInformations) {
if (policies.contains(policyInformation.getPolicyIdentifier())) {
break PASSED;
}
}
return false;
} catch (IOException e) {
// the extension is invalid
return false;
}
}
if (pathToNames != null) {
byte[] bytes = getExtensionValue(cert, "2.5.29.30");
if (bytes != null) {
NameConstraints nameConstraints;
try {
nameConstraints = (NameConstraints) NameConstraints.ASN1.decode(bytes);
} catch (IOException e) {
// the extension is invalid;
return false;
}
if (!nameConstraints.isAcceptable(pathToNames)) {
return false;
}
}
}
return true;
}
Also used :
NameConstraints(org.apache.harmony.security.x509.NameConstraints)
PolicyInformation(org.apache.harmony.security.x509.PolicyInformation)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.apache.harmony.security.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
AlgorithmIdentifier(org.apache.harmony.security.x509.AlgorithmIdentifier)
ArrayList(java.util.ArrayList)
List(java.util.List)
GeneralName(org.apache.harmony.security.x509.GeneralName)
PrivateKeyUsagePeriod(org.apache.harmony.security.x509.PrivateKeyUsagePeriod)
Example 2 with PrivateKeyUsagePeriod
use of org.apache.harmony.security.x509.PrivateKeyUsagePeriod in project robovm by robovm.
the class X509CertSelector method match.
/**
* Returns whether the specified certificate matches all the criteria
* collected in this instance.
*
* @param certificate
* the certificate to check.
* @return {@code true} if the certificate matches all the criteria,
* otherwise {@code false}.
*/
public boolean match(Certificate certificate) {
if (!(certificate instanceof X509Certificate)) {
return false;
}
X509Certificate cert = (X509Certificate) certificate;
if ((certificateEquals != null) && !certificateEquals.equals(cert)) {
return false;
}
if ((serialNumber != null) && !serialNumber.equals(cert.getSerialNumber())) {
return false;
}
if ((issuer != null) && !issuer.equals(cert.getIssuerX500Principal())) {
return false;
}
if ((subject != null) && !subject.equals(cert.getSubjectX500Principal())) {
return false;
}
if ((subjectKeyIdentifier != null) && !Arrays.equals(subjectKeyIdentifier, // are taken from rfc 3280 (http://www.ietf.org/rfc/rfc3280.txt)
getExtensionValue(cert, "2.5.29.14"))) {
return false;
}
if ((authorityKeyIdentifier != null) && !Arrays.equals(authorityKeyIdentifier, getExtensionValue(cert, "2.5.29.35"))) {
return false;
}
if (certificateValid != null) {
try {
cert.checkValidity(certificateValid);
} catch (CertificateExpiredException e) {
return false;
} catch (CertificateNotYetValidException e) {
return false;
}
}
if (privateKeyValid != null) {
try {
byte[] bytes = getExtensionValue(cert, "2.5.29.16");
if (bytes == null) {
return false;
}
PrivateKeyUsagePeriod pkup = (PrivateKeyUsagePeriod) PrivateKeyUsagePeriod.ASN1.decode(bytes);
Date notBefore = pkup.getNotBefore();
Date notAfter = pkup.getNotAfter();
if ((notBefore == null) && (notAfter == null)) {
return false;
}
if ((notBefore != null) && notBefore.compareTo(privateKeyValid) > 0) {
return false;
}
if ((notAfter != null) && notAfter.compareTo(privateKeyValid) < 0) {
return false;
}
} catch (IOException e) {
return false;
}
}
if (subjectPublicKeyAlgID != null) {
try {
byte[] encoding = cert.getPublicKey().getEncoded();
AlgorithmIdentifier ai = ((SubjectPublicKeyInfo) SubjectPublicKeyInfo.ASN1.decode(encoding)).getAlgorithmIdentifier();
if (!subjectPublicKeyAlgID.equals(ai.getAlgorithm())) {
return false;
}
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
if (subjectPublicKey != null) {
if (!Arrays.equals(subjectPublicKey, cert.getPublicKey().getEncoded())) {
return false;
}
}
if (keyUsage != null) {
boolean[] ku = cert.getKeyUsage();
if (ku != null) {
int i = 0;
int min_length = (ku.length < keyUsage.length) ? ku.length : keyUsage.length;
for (; i < min_length; i++) {
if (keyUsage[i] && !ku[i]) {
// but certificate does not.
return false;
}
}
for (; i < keyUsage.length; i++) {
if (keyUsage[i]) {
return false;
}
}
}
}
if (extendedKeyUsage != null) {
try {
List keyUsage = cert.getExtendedKeyUsage();
if (keyUsage != null) {
if (!keyUsage.containsAll(extendedKeyUsage)) {
return false;
}
}
} catch (CertificateParsingException e) {
return false;
}
}
if (pathLen != -1) {
int p_len = cert.getBasicConstraints();
if ((pathLen < 0) && (p_len >= 0)) {
// need end-entity but got CA
return false;
}
if ((pathLen > 0) && (pathLen > p_len)) {
// allowed _pathLen is small
return false;
}
}
if (subjectAltNames != null) {
PASSED: try {
byte[] bytes = getExtensionValue(cert, "2.5.29.17");
if (bytes == null) {
return false;
}
List<GeneralName> sans = ((GeneralNames) GeneralNames.ASN1.decode(bytes)).getNames();
if ((sans == null) || (sans.size() == 0)) {
return false;
}
boolean[][] map = new boolean[9][];
// initialize the check map
for (int i = 0; i < 9; i++) {
map[i] = (subjectAltNames[i] == null) ? EmptyArray.BOOLEAN : new boolean[subjectAltNames[i].size()];
}
for (GeneralName name : sans) {
int tag = name.getTag();
for (int i = 0; i < map[tag].length; i++) {
if (subjectAltNames[tag].get(i).equals(name)) {
if (!matchAllNames) {
break PASSED;
}
map[tag][i] = true;
}
}
}
if (!matchAllNames) {
// there was not any match
return false;
}
// else check the map
for (int tag = 0; tag < 9; tag++) {
for (int name = 0; name < map[tag].length; name++) {
if (!map[tag][name]) {
return false;
}
}
}
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
if (nameConstraints != null) {
if (!nameConstraints.isAcceptable(cert)) {
return false;
}
}
if (policies != null) {
byte[] bytes = getExtensionValue(cert, "2.5.29.32");
if (bytes == null) {
return false;
}
if (policies.size() == 0) {
// one policy in it.
return true;
}
PASSED: try {
List<PolicyInformation> policyInformations = ((CertificatePolicies) CertificatePolicies.ASN1.decode(bytes)).getPolicyInformations();
for (PolicyInformation policyInformation : policyInformations) {
if (policies.contains(policyInformation.getPolicyIdentifier())) {
break PASSED;
}
}
return false;
} catch (IOException e) {
// the extension is invalid
return false;
}
}
if (pathToNames != null) {
byte[] bytes = getExtensionValue(cert, "2.5.29.30");
if (bytes != null) {
NameConstraints nameConstraints;
try {
nameConstraints = (NameConstraints) NameConstraints.ASN1.decode(bytes);
} catch (IOException e) {
// the extension is invalid;
return false;
}
if (!nameConstraints.isAcceptable(pathToNames)) {
return false;
}
}
}
return true;
}
Also used :
NameConstraints(org.apache.harmony.security.x509.NameConstraints)
PolicyInformation(org.apache.harmony.security.x509.PolicyInformation)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.apache.harmony.security.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
AlgorithmIdentifier(org.apache.harmony.security.x509.AlgorithmIdentifier)
ArrayList(java.util.ArrayList)
List(java.util.List)
GeneralName(org.apache.harmony.security.x509.GeneralName)
PrivateKeyUsagePeriod(org.apache.harmony.security.x509.PrivateKeyUsagePeriod)
Example 3 with PrivateKeyUsagePeriod
use of org.apache.harmony.security.x509.PrivateKeyUsagePeriod in project keystore-explorer by kaikramer.
the class DPrivateKeyUsagePeriod method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(value);
ASN1GeneralizedTime notBefore = privateKeyUsagePeriod.getNotBefore();
if (notBefore != null) {
try {
jdtNotBefore.setDateTime(notBefore.getDate());
} catch (ParseException e) {
throw new IOException(e);
}
}
ASN1GeneralizedTime notAfter = privateKeyUsagePeriod.getNotAfter();
if (notAfter != null) {
try {
jdtNotAfter.setDateTime(notAfter.getDate());
} catch (ParseException e) {
throw new IOException(e);
}
}
}
Also used :
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ParseException(java.text.ParseException)
IOException(java.io.IOException)
PrivateKeyUsagePeriod(org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod)
Example 4 with PrivateKeyUsagePeriod
use of org.apache.harmony.security.x509.PrivateKeyUsagePeriod in project keystore-explorer by kaikramer.
the class DPrivateKeyUsagePeriod method okPressed.
private void okPressed() {
Date notBefore = jdtNotBefore.getDateTime();
Date notAfter = jdtNotAfter.getDateTime();
if ((notBefore == null) && (notAfter == null)) {
JOptionPane.showMessageDialog(this, res.getString("DPrivateKeyUsagePeriod.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
// BC forgot the value constructor for PrivateKeyUsagePeriod...
ASN1EncodableVector v = new ASN1EncodableVector();
if (notBefore != null) {
DERGeneralizedTime notBeforeGenTime = new DERGeneralizedTime(notBefore);
v.add(new DERTaggedObject(false, 0, notBeforeGenTime));
}
if (notAfter != null) {
DERGeneralizedTime notAfterGenTime = new DERGeneralizedTime(notAfter);
v.add(new DERTaggedObject(false, 1, notAfterGenTime));
}
PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(new DERSequence(v));
try {
value = privateKeyUsagePeriod.getEncoded(ASN1Encoding.DER);
} catch (IOException ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
IOException(java.io.IOException)
Date(java.util.Date)
PrivateKeyUsagePeriod(org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod)
DError(org.kse.gui.error.DError)
Example 5 with PrivateKeyUsagePeriod
use of org.apache.harmony.security.x509.PrivateKeyUsagePeriod in project keystore-explorer by kaikramer.
the class X509Ext method getPrivateKeyUsagePeriodStringValue.
private String getPrivateKeyUsagePeriodStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* PrivateKeyUsagePeriod ::= ASN1Sequence { notBefore [0]
* ASN1GeneralizedTime OPTIONAL, notAfter [1] ASN1GeneralizedTime OPTIONAL }
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(value);
ASN1GeneralizedTime notBefore = privateKeyUsagePeriod.getNotBefore();
ASN1GeneralizedTime notAfter = privateKeyUsagePeriod.getNotAfter();
if (notBefore != null) {
sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), getGeneralizedTimeString(notBefore)));
} else {
sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), res.getString("NoValue")));
}
sb.append(NEWLINE);
if (notAfter != null) {
sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), getGeneralizedTimeString(notAfter)));
} else {
sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), res.getString("NoValue")));
}
sb.append(NEWLINE);
return sb.toString();
}
Also used :
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
PrivateKeyUsagePeriod(org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod)
Aggregations
IOException (java.io.IOException)4
Date (java.util.Date)3
PrivateKeyUsagePeriod (org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod)3
ArrayList (java.util.ArrayList)2
List (java.util.List)2
AlgorithmIdentifier (org.apache.harmony.security.x509.AlgorithmIdentifier)2
GeneralName (org.apache.harmony.security.x509.GeneralName)2
NameConstraints (org.apache.harmony.security.x509.NameConstraints)2
PolicyInformation (org.apache.harmony.security.x509.PolicyInformation)2
PrivateKeyUsagePeriod (org.apache.harmony.security.x509.PrivateKeyUsagePeriod)2
SubjectPublicKeyInfo (org.apache.harmony.security.x509.SubjectPublicKeyInfo)2
ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)2
ParseException (java.text.ParseException)1
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)1
DERGeneralizedTime (org.bouncycastle.asn1.DERGeneralizedTime)1
DERSequence (org.bouncycastle.asn1.DERSequence)1
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1
DError (org.kse.gui.error.DError)1
