Search in sources :

Example 11 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class X509CertSelectorTest method test_getSubjectAlternativeNames.

/**
     * java.security.cert.X509CertSelector#getSubjectAlternativeNames()
     */
public void test_getSubjectAlternativeNames() throws Exception {
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans = new GeneralNames();
    sans.addName(san1);
    sans.addName(san2);
    TestCert cert_1 = new TestCert(sans);
    X509CertSelector selector = new X509CertSelector();
    assertNull("Selector should return null", selector.getSubjectAlternativeNames());
    selector.setSubjectAlternativeNames(sans.getPairsList());
    assertTrue("The certificate should match the selection criteria.", selector.match(cert_1));
    selector.getSubjectAlternativeNames().clear();
    assertTrue("The modification of initialization object " + "should not affect the modification " + "of internal object.", selector.match(cert_1));
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName)

Example 12 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class X509CertSelectorTest method test_addSubjectAlternativeNameLintLbyte_array2.

/**
     * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[])
     */
public void test_addSubjectAlternativeNameLintLbyte_array2() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    X509CertSelector selector = new X509CertSelector();
    selector.addSubjectAlternativeName(0, san0.getEncodedName());
    selector.addSubjectAlternativeName(1, san1.getEncodedName());
    selector.addSubjectAlternativeName(2, san2.getEncodedName());
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    assertTrue(selector.match(cert1));
    assertFalse(selector.match(cert2));
    selector.setSubjectAlternativeNames(null);
    GeneralName name = new GeneralName(new Name("O=Android"));
    try {
        selector.addSubjectAlternativeName(0, name.getEncodedName());
    } catch (IOException e) {
    // ok
    }
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName) IOException(java.io.IOException) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 13 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class AttributeCertificateIssuer method getNames.

public X500Name[] getNames() {
    GeneralNames name;
    if (form instanceof V2Form) {
        name = ((V2Form) form).getIssuerName();
    } else {
        name = (GeneralNames) form;
    }
    GeneralName[] names = name.getNames();
    List l = new ArrayList(names.length);
    for (int i = 0; i != names.length; i++) {
        if (names[i].getTagNo() == GeneralName.directoryName) {
            l.add(X500Name.getInstance(names[i].getName()));
        }
    }
    return (X500Name[]) l.toArray(new X500Name[l.size()]);
}
Also used : V2Form(org.bouncycastle.asn1.x509.V2Form) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 14 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class X509CertSelector method addPathToName.

/**
     * Adds a {@literal "pathToName"} to the respective criterion.
     *
     * @param type
     *            the type of the name
     * @param name
     *            the name in ASN.1 DER encoded form.
     * @throws IOException
     *             if decoding fails.
     * @see #setPathToNames
     */
public void addPathToName(int type, byte[] name) throws IOException {
    GeneralName path_name = new GeneralName(type, name);
    // create only if there was not any errors
    if (pathToNames == null) {
        pathToNames = new ArrayList<GeneralName>();
    }
    pathToNames.add(path_name);
}
Also used : GeneralName(org.apache.harmony.security.x509.GeneralName)

Example 15 with GeneralName

use of org.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.

the class X509CertSelector method match.

/**
     * Returns whether the specified certificate matches all the criteria
     * collected in this instance.
     *
     * @param certificate
     *            the certificate to check.
     * @return {@code true} if the certificate matches all the criteria,
     *         otherwise {@code false}.
     */
public boolean match(Certificate certificate) {
    if (!(certificate instanceof X509Certificate)) {
        return false;
    }
    X509Certificate cert = (X509Certificate) certificate;
    if ((certificateEquals != null) && !certificateEquals.equals(cert)) {
        return false;
    }
    if ((serialNumber != null) && !serialNumber.equals(cert.getSerialNumber())) {
        return false;
    }
    if ((issuer != null) && !issuer.equals(cert.getIssuerX500Principal())) {
        return false;
    }
    if ((subject != null) && !subject.equals(cert.getSubjectX500Principal())) {
        return false;
    }
    if ((subjectKeyIdentifier != null) && !Arrays.equals(subjectKeyIdentifier, // are taken from rfc 3280 (http://www.ietf.org/rfc/rfc3280.txt)
    getExtensionValue(cert, "2.5.29.14"))) {
        return false;
    }
    if ((authorityKeyIdentifier != null) && !Arrays.equals(authorityKeyIdentifier, getExtensionValue(cert, "2.5.29.35"))) {
        return false;
    }
    if (certificateValid != null) {
        try {
            cert.checkValidity(certificateValid);
        } catch (CertificateExpiredException e) {
            return false;
        } catch (CertificateNotYetValidException e) {
            return false;
        }
    }
    if (privateKeyValid != null) {
        try {
            byte[] bytes = getExtensionValue(cert, "2.5.29.16");
            if (bytes == null) {
                return false;
            }
            PrivateKeyUsagePeriod pkup = (PrivateKeyUsagePeriod) PrivateKeyUsagePeriod.ASN1.decode(bytes);
            Date notBefore = pkup.getNotBefore();
            Date notAfter = pkup.getNotAfter();
            if ((notBefore == null) && (notAfter == null)) {
                return false;
            }
            if ((notBefore != null) && notBefore.compareTo(privateKeyValid) > 0) {
                return false;
            }
            if ((notAfter != null) && notAfter.compareTo(privateKeyValid) < 0) {
                return false;
            }
        } catch (IOException e) {
            return false;
        }
    }
    if (subjectPublicKeyAlgID != null) {
        try {
            byte[] encoding = cert.getPublicKey().getEncoded();
            AlgorithmIdentifier ai = ((SubjectPublicKeyInfo) SubjectPublicKeyInfo.ASN1.decode(encoding)).getAlgorithmIdentifier();
            if (!subjectPublicKeyAlgID.equals(ai.getAlgorithm())) {
                return false;
            }
        } catch (IOException e) {
            e.printStackTrace();
            return false;
        }
    }
    if (subjectPublicKey != null) {
        if (!Arrays.equals(subjectPublicKey, cert.getPublicKey().getEncoded())) {
            return false;
        }
    }
    if (keyUsage != null) {
        boolean[] ku = cert.getKeyUsage();
        if (ku != null) {
            int i = 0;
            int min_length = (ku.length < keyUsage.length) ? ku.length : keyUsage.length;
            for (; i < min_length; i++) {
                if (keyUsage[i] && !ku[i]) {
                    // but certificate does not.
                    return false;
                }
            }
            for (; i < keyUsage.length; i++) {
                if (keyUsage[i]) {
                    return false;
                }
            }
        }
    }
    if (extendedKeyUsage != null) {
        try {
            List keyUsage = cert.getExtendedKeyUsage();
            if (keyUsage != null) {
                if (!keyUsage.containsAll(extendedKeyUsage)) {
                    return false;
                }
            }
        } catch (CertificateParsingException e) {
            return false;
        }
    }
    if (pathLen != -1) {
        int p_len = cert.getBasicConstraints();
        if ((pathLen < 0) && (p_len >= 0)) {
            // need end-entity but got CA
            return false;
        }
        if ((pathLen > 0) && (pathLen > p_len)) {
            // allowed _pathLen is small
            return false;
        }
    }
    if (subjectAltNames != null) {
        PASSED: try {
            byte[] bytes = getExtensionValue(cert, "2.5.29.17");
            if (bytes == null) {
                return false;
            }
            List<GeneralName> sans = ((GeneralNames) GeneralNames.ASN1.decode(bytes)).getNames();
            if ((sans == null) || (sans.size() == 0)) {
                return false;
            }
            boolean[][] map = new boolean[9][];
            // initialize the check map
            for (int i = 0; i < 9; i++) {
                map[i] = (subjectAltNames[i] == null) ? EmptyArray.BOOLEAN : new boolean[subjectAltNames[i].size()];
            }
            for (GeneralName name : sans) {
                int tag = name.getTag();
                for (int i = 0; i < map[tag].length; i++) {
                    if (subjectAltNames[tag].get(i).equals(name)) {
                        if (!matchAllNames) {
                            break PASSED;
                        }
                        map[tag][i] = true;
                    }
                }
            }
            if (!matchAllNames) {
                // there was not any match
                return false;
            }
            // else check the map
            for (int tag = 0; tag < 9; tag++) {
                for (int name = 0; name < map[tag].length; name++) {
                    if (!map[tag][name]) {
                        return false;
                    }
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
            return false;
        }
    }
    if (nameConstraints != null) {
        if (!nameConstraints.isAcceptable(cert)) {
            return false;
        }
    }
    if (policies != null) {
        byte[] bytes = getExtensionValue(cert, "2.5.29.32");
        if (bytes == null) {
            return false;
        }
        if (policies.size() == 0) {
            // one policy in it.
            return true;
        }
        PASSED: try {
            List<PolicyInformation> policyInformations = ((CertificatePolicies) CertificatePolicies.ASN1.decode(bytes)).getPolicyInformations();
            for (PolicyInformation policyInformation : policyInformations) {
                if (policies.contains(policyInformation.getPolicyIdentifier())) {
                    break PASSED;
                }
            }
            return false;
        } catch (IOException e) {
            // the extension is invalid
            return false;
        }
    }
    if (pathToNames != null) {
        byte[] bytes = getExtensionValue(cert, "2.5.29.30");
        if (bytes != null) {
            NameConstraints nameConstraints;
            try {
                nameConstraints = (NameConstraints) NameConstraints.ASN1.decode(bytes);
            } catch (IOException e) {
                // the extension is invalid;
                return false;
            }
            if (!nameConstraints.isAcceptable(pathToNames)) {
                return false;
            }
        }
    }
    return true;
}
Also used : NameConstraints(org.apache.harmony.security.x509.NameConstraints) PolicyInformation(org.apache.harmony.security.x509.PolicyInformation) IOException(java.io.IOException) SubjectPublicKeyInfo(org.apache.harmony.security.x509.SubjectPublicKeyInfo) Date(java.util.Date) AlgorithmIdentifier(org.apache.harmony.security.x509.AlgorithmIdentifier) ArrayList(java.util.ArrayList) List(java.util.List) GeneralName(org.apache.harmony.security.x509.GeneralName) PrivateKeyUsagePeriod(org.apache.harmony.security.x509.PrivateKeyUsagePeriod)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)144 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)68 IOException (java.io.IOException)59 DERIA5String (org.bouncycastle.asn1.DERIA5String)44 ArrayList (java.util.ArrayList)40 X500Name (org.bouncycastle.asn1.x500.X500Name)37 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)34 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)33 X509Certificate (java.security.cert.X509Certificate)32 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)31 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)31 DEROctetString (org.bouncycastle.asn1.DEROctetString)28 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)25 List (java.util.List)23 BigInteger (java.math.BigInteger)22 DERSequence (org.bouncycastle.asn1.DERSequence)22 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)21 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)20 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)19 GeneralName (org.apache.harmony.security.x509.GeneralName)18