Example 6 with DERUTF8String
use of org.bouncycastle.asn1.DERUTF8String in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesXmppAddrAndDNS.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the DNS subjectAltName value</li>
* <li>the 'xmppAddr' subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type DNS </li>
* <li>a subjectAltName entry of type otherName with an ASN.1 Object Identifier of "id-on-xmppAddr"</li>
* </ul>
*/
@Test
public void testServerIdentitiesXmppAddrAndDNS() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameXmppAddr = "MySubjectAltNameXmppAddr";
final String subjectAltNameDNS = "MySubjectAltNameDNS";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final DERSequence otherName = new DERSequence(new ASN1Encodable[] { XMPP_ADDR_OID, new DERUTF8String(subjectAltNameXmppAddr) });
final GeneralNames subjectAltNames = new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.otherName, otherName), new GeneralName(GeneralName.dNSName, subjectAltNameDNS) });
builder.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(2, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameXmppAddr));
assertFalse(serverIdentities.contains(subjectCommonName));
}
Also used :
SecureRandom(java.security.SecureRandom)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Test(org.junit.Test)
Example 7 with DERUTF8String
use of org.bouncycastle.asn1.DERUTF8String in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesDnsSrv.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the 'DNS SRV' subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type otherName with an ASN.1 Object Identifier of "id-on-dnsSRV"</li>
* </ul>
*/
@Test
public void testServerIdentitiesDnsSrv() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameDnsSrv = "MySubjectAltNameXmppAddr";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final DERSequence otherName = new DERSequence(new ASN1Encodable[] { DNS_SRV_OID, new DERUTF8String("_xmpp-server." + subjectAltNameDnsSrv) });
final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.otherName, otherName));
builder.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameDnsSrv));
assertFalse(serverIdentities.contains(subjectCommonName));
}
Also used :
SecureRandom(java.security.SecureRandom)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Test(org.junit.Test)
Example 8 with DERUTF8String
use of org.bouncycastle.asn1.DERUTF8String in project XobotOS by xamarin.
the class ASN1Dump method _dumpAsString.
/**
* dump a DER object as a formatted string with indentation
*
* @param obj the DERObject to be dumped out.
*/
static void _dumpAsString(String indent, boolean verbose, DERObject obj, StringBuffer buf) {
String nl = System.getProperty("line.separator");
if (obj instanceof ASN1Sequence) {
Enumeration e = ((ASN1Sequence) obj).getObjects();
String tab = indent + TAB;
buf.append(indent);
if (obj instanceof BERSequence) {
buf.append("BER Sequence");
} else if (obj instanceof DERSequence) {
buf.append("DER Sequence");
} else {
buf.append("Sequence");
}
buf.append(nl);
while (e.hasMoreElements()) {
Object o = e.nextElement();
// BEGIN android-changed
if (o == null || o.equals(DERNull.INSTANCE)) // END android-changed
{
buf.append(tab);
buf.append("NULL");
buf.append(nl);
} else if (o instanceof DERObject) {
_dumpAsString(tab, verbose, (DERObject) o, buf);
} else {
_dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
}
}
} else if (obj instanceof DERTaggedObject) {
String tab = indent + TAB;
buf.append(indent);
if (obj instanceof BERTaggedObject) {
buf.append("BER Tagged [");
} else {
buf.append("Tagged [");
}
DERTaggedObject o = (DERTaggedObject) obj;
buf.append(Integer.toString(o.getTagNo()));
buf.append(']');
if (!o.isExplicit()) {
buf.append(" IMPLICIT ");
}
buf.append(nl);
if (o.isEmpty()) {
buf.append(tab);
buf.append("EMPTY");
buf.append(nl);
} else {
_dumpAsString(tab, verbose, o.getObject(), buf);
}
} else if (obj instanceof BERSet) {
Enumeration e = ((ASN1Set) obj).getObjects();
String tab = indent + TAB;
buf.append(indent);
buf.append("BER Set");
buf.append(nl);
while (e.hasMoreElements()) {
Object o = e.nextElement();
if (o == null) {
buf.append(tab);
buf.append("NULL");
buf.append(nl);
} else if (o instanceof DERObject) {
_dumpAsString(tab, verbose, (DERObject) o, buf);
} else {
_dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
}
}
} else if (obj instanceof DERSet) {
Enumeration e = ((ASN1Set) obj).getObjects();
String tab = indent + TAB;
buf.append(indent);
buf.append("DER Set");
buf.append(nl);
while (e.hasMoreElements()) {
Object o = e.nextElement();
if (o == null) {
buf.append(tab);
buf.append("NULL");
buf.append(nl);
} else if (o instanceof DERObject) {
_dumpAsString(tab, verbose, (DERObject) o, buf);
} else {
_dumpAsString(tab, verbose, ((DEREncodable) o).getDERObject(), buf);
}
}
} else if (obj instanceof DERObjectIdentifier) {
buf.append(indent + "ObjectIdentifier(" + ((DERObjectIdentifier) obj).getId() + ")" + nl);
} else if (obj instanceof DERBoolean) {
buf.append(indent + "Boolean(" + ((DERBoolean) obj).isTrue() + ")" + nl);
} else if (obj instanceof DERInteger) {
buf.append(indent + "Integer(" + ((DERInteger) obj).getValue() + ")" + nl);
} else if (obj instanceof BERConstructedOctetString) {
ASN1OctetString oct = (ASN1OctetString) obj;
buf.append(indent + "BER Constructed Octet String" + "[" + oct.getOctets().length + "] ");
if (verbose) {
buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
} else {
buf.append(nl);
}
} else if (obj instanceof DEROctetString) {
ASN1OctetString oct = (ASN1OctetString) obj;
buf.append(indent + "DER Octet String" + "[" + oct.getOctets().length + "] ");
if (verbose) {
buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
} else {
buf.append(nl);
}
} else if (obj instanceof DERBitString) {
DERBitString bt = (DERBitString) obj;
buf.append(indent + "DER Bit String" + "[" + bt.getBytes().length + ", " + bt.getPadBits() + "] ");
if (verbose) {
buf.append(dumpBinaryDataAsString(indent, bt.getBytes()));
} else {
buf.append(nl);
}
} else if (obj instanceof DERIA5String) {
buf.append(indent + "IA5String(" + ((DERIA5String) obj).getString() + ") " + nl);
} else if (obj instanceof DERUTF8String) {
buf.append(indent + "UTF8String(" + ((DERUTF8String) obj).getString() + ") " + nl);
} else if (obj instanceof DERPrintableString) {
buf.append(indent + "PrintableString(" + ((DERPrintableString) obj).getString() + ") " + nl);
} else if (obj instanceof DERVisibleString) {
buf.append(indent + "VisibleString(" + ((DERVisibleString) obj).getString() + ") " + nl);
} else if (obj instanceof DERBMPString) {
buf.append(indent + "BMPString(" + ((DERBMPString) obj).getString() + ") " + nl);
} else if (obj instanceof DERT61String) {
buf.append(indent + "T61String(" + ((DERT61String) obj).getString() + ") " + nl);
} else if (obj instanceof DERUTCTime) {
buf.append(indent + "UTCTime(" + ((DERUTCTime) obj).getTime() + ") " + nl);
} else if (obj instanceof DERGeneralizedTime) {
buf.append(indent + "GeneralizedTime(" + ((DERGeneralizedTime) obj).getTime() + ") " + nl);
} else if (obj instanceof DERUnknownTag) {
buf.append(indent + "Unknown " + Integer.toString(((DERUnknownTag) obj).getTag(), 16) + " " + new String(Hex.encode(((DERUnknownTag) obj).getData())) + nl);
} else if (obj instanceof BERApplicationSpecific) {
buf.append(outputApplicationSpecific("BER", indent, verbose, obj, nl));
} else if (obj instanceof DERApplicationSpecific) {
buf.append(outputApplicationSpecific("DER", indent, verbose, obj, nl));
} else if (obj instanceof DEREnumerated) {
DEREnumerated en = (DEREnumerated) obj;
buf.append(indent + "DER Enumerated(" + en.getValue() + ")" + nl);
} else if (obj instanceof DERExternal) {
DERExternal ext = (DERExternal) obj;
buf.append(indent + "External " + nl);
String tab = indent + TAB;
if (ext.getDirectReference() != null) {
buf.append(tab + "Direct Reference: " + ext.getDirectReference().getId() + nl);
}
if (ext.getIndirectReference() != null) {
buf.append(tab + "Indirect Reference: " + ext.getIndirectReference().toString() + nl);
}
if (ext.getDataValueDescriptor() != null) {
_dumpAsString(tab, verbose, ext.getDataValueDescriptor(), buf);
}
buf.append(tab + "Encoding: " + ext.getEncoding() + nl);
_dumpAsString(tab, verbose, ext.getExternalContent(), buf);
} else {
buf.append(indent + obj.toString() + nl);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERApplicationSpecific(org.bouncycastle.asn1.DERApplicationSpecific)
DERBitString(org.bouncycastle.asn1.DERBitString)
BERConstructedOctetString(org.bouncycastle.asn1.BERConstructedOctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERT61String(org.bouncycastle.asn1.DERT61String)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERVisibleString(org.bouncycastle.asn1.DERVisibleString)
DERSet(org.bouncycastle.asn1.DERSet)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERInteger(org.bouncycastle.asn1.DERInteger)
DERSequence(org.bouncycastle.asn1.DERSequence)
DERObject(org.bouncycastle.asn1.DERObject)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
DERExternal(org.bouncycastle.asn1.DERExternal)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERVisibleString(org.bouncycastle.asn1.DERVisibleString)
BERTaggedObject(org.bouncycastle.asn1.BERTaggedObject)
BERApplicationSpecific(org.bouncycastle.asn1.BERApplicationSpecific)
BERConstructedOctetString(org.bouncycastle.asn1.BERConstructedOctetString)
DERBoolean(org.bouncycastle.asn1.DERBoolean)
BERSet(org.bouncycastle.asn1.BERSet)
Enumeration(java.util.Enumeration)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
BERSequence(org.bouncycastle.asn1.BERSequence)
DERBitString(org.bouncycastle.asn1.DERBitString)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
DERUnknownTag(org.bouncycastle.asn1.DERUnknownTag)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DEREnumerated(org.bouncycastle.asn1.DEREnumerated)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
DERT61String(org.bouncycastle.asn1.DERT61String)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
DERObject(org.bouncycastle.asn1.DERObject)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
BERTaggedObject(org.bouncycastle.asn1.BERTaggedObject)
Example 9 with DERUTF8String
use of org.bouncycastle.asn1.DERUTF8String in project zm-mailbox by Zimbra.
the class CertUtil method printSubjectAlternativeNames.
private void printSubjectAlternativeNames(PrintStream outStream) throws Exception {
final String UPN_DISPLAY = "Principal Name";
final String RFC822NAME_DISPLAY = "RFC822 Name";
final String DNSNAME_DISPLAY = "DNS Name";
outStream.format("X509v3 Subject Alternative Name: \n");
ASN1InputStream decoder = null;
try {
Collection<List<?>> generalNames = cert.getSubjectAlternativeNames();
// Check that the certificate includes the SubjectAltName extension
if (generalNames == null) {
return;
}
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
}
outStream.format(" [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value);
} else if (GeneralName.rfc822Name == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value);
} else if (GeneralName.dNSName == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value);
} else {
outStream.format(" [%d] - not yet supported\n", tag);
}
}
} catch (CertificateParsingException e) {
e.printStackTrace();
} finally {
ByteUtil.closeStream(decoder);
}
}
Also used :
BigInteger(java.math.BigInteger)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERSequence(org.bouncycastle.asn1.DERSequence)
CertificateParsingException(java.security.cert.CertificateParsingException)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
List(java.util.List)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
Example 10 with DERUTF8String
use of org.bouncycastle.asn1.DERUTF8String in project zm-mailbox by Zimbra.
the class CertUtil method getSubjectAltNameOtherNameUPN.
String getSubjectAltNameOtherNameUPN() {
Collection<List<?>> generalNames = null;
try {
generalNames = cert.getSubjectAlternativeNames();
} catch (CertificateParsingException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
}
if (generalNames == null) {
return null;
}
ASN1InputStream decoder = null;
try {
// Check that the certificate includes the SubjectAltName extension
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
return value;
}
}
}
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
} finally {
ByteUtil.closeStream(decoder);
}
return null;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
CertificateParsingException(java.security.cert.CertificateParsingException)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
IOException(java.io.IOException)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
BigInteger(java.math.BigInteger)
DERSequence(org.bouncycastle.asn1.DERSequence)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
List(java.util.List)
Aggregations
DERIA5String (org.bouncycastle.asn1.DERIA5String)6
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)6
SecureRandom (java.security.SecureRandom)4
Date (java.util.Date)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
GeneralName (org.bouncycastle.asn1.x509.GeneralName)4
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)4
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)4
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)4
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)4
IOException (java.io.IOException)3
BigInteger (java.math.BigInteger)3
X509Certificate (java.security.cert.X509Certificate)3
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)3
ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)3
DEREncodable (org.bouncycastle.asn1.DEREncodable)3
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)3
DEROctetString (org.bouncycastle.asn1.DEROctetString)3
DERSequence (org.bouncycastle.asn1.DERSequence)3
Pair (android.util.Pair)2
