Example 6 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.
the class IssuerSerial method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
* serial CertificateSerialNumber,
* issuerUID UniqueIdentifier OPTIONAL
* }
* </pre>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(issuer);
v.add(serial);
if (issuerUID != null) {
v.add(issuerUID);
}
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 7 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.
the class RFC3280CertPathUtilities method processCertBC.
protected static void processCertBC(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
int n = certs.size();
// i as defined in the algorithm description
int i = n - index;
//
if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) {
X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
ASN1Sequence dns;
try {
dns = DERSequence.getInstance(aIn.readObject());
} catch (Exception e) {
throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, certPath, index);
}
try {
nameConstraintValidator.checkPermittedDN(dns);
nameConstraintValidator.checkExcludedDN(dns);
} catch (PKIXNameConstraintValidatorException e) {
throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, index);
}
GeneralNames altName = null;
try {
altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME));
} catch (Exception e) {
throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, certPath, index);
}
Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
for (Enumeration e = emails.elements(); e.hasMoreElements(); ) {
String email = (String) e.nextElement();
GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
try {
nameConstraintValidator.checkPermitted(emailAsGeneralName);
nameConstraintValidator.checkExcluded(emailAsGeneralName);
} catch (PKIXNameConstraintValidatorException ex) {
throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", ex, certPath, index);
}
}
if (altName != null) {
GeneralName[] genNames = null;
try {
genNames = altName.getNames();
} catch (Exception e) {
throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, certPath, index);
}
for (int j = 0; j < genNames.length; j++) {
try {
nameConstraintValidator.checkPermitted(genNames[j]);
nameConstraintValidator.checkExcluded(genNames[j]);
} catch (PKIXNameConstraintValidatorException e) {
throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e, certPath, index);
}
}
}
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
Enumeration(java.util.Enumeration)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
X509Name(org.bouncycastle.asn1.x509.X509Name)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X500Principal(javax.security.auth.x500.X500Principal)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Vector(java.util.Vector)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 8 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.
the class AttributeCertificateIssuer method match.
public boolean match(Certificate cert) {
if (!(cert instanceof X509Certificate)) {
return false;
}
X509Certificate x509Cert = (X509Certificate) cert;
if (form instanceof V2Form) {
V2Form issuer = (V2Form) form;
if (issuer.getBaseCertificateID() != null) {
return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) && matchesDN(x509Cert.getIssuerX500Principal(), issuer.getBaseCertificateID().getIssuer());
}
GeneralNames name = issuer.getIssuerName();
if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
return true;
}
} else {
GeneralNames name = (GeneralNames) form;
if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
return true;
}
}
return false;
}
Also used :
V2Form(org.bouncycastle.asn1.x509.V2Form)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509Certificate(java.security.cert.X509Certificate)
Example 9 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.
the class AttributeCertificateIssuer method getNames.
private Object[] getNames() {
GeneralNames name;
if (form instanceof V2Form) {
name = ((V2Form) form).getIssuerName();
} else {
name = (GeneralNames) form;
}
GeneralName[] names = name.getNames();
List l = new ArrayList(names.length);
for (int i = 0; i != names.length; i++) {
if (names[i].getTagNo() == GeneralName.directoryName) {
try {
l.add(new X500Principal(((ASN1Encodable) names[i].getName()).toASN1Primitive().getEncoded()));
} catch (IOException e) {
throw new RuntimeException("badly formed Name object");
}
}
}
return l.toArray(new Object[l.size()]);
}
Also used :
V2Form(org.bouncycastle.asn1.x509.V2Form)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ArrayList(java.util.ArrayList)
X500Principal(javax.security.auth.x500.X500Principal)
ArrayList(java.util.ArrayList)
List(java.util.List)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IOException(java.io.IOException)
Example 10 with GeneralNames
use of org.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.
the class X509CertSelectorTest method test_getPathToNames.
/**
* java.security.cert.X509CertSelector#getPathToNames()
*/
public void test_getPathToNames() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setPathToNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setPathToNames(sans);
selector.getPathToNames();
}
Also used :
GeneralNames(org.apache.harmony.security.x509.GeneralNames)
OtherName(org.apache.harmony.security.x509.OtherName)
X509CertSelector(java.security.cert.X509CertSelector)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.apache.harmony.security.x509.GeneralName)
ORAddress(org.apache.harmony.security.x509.ORAddress)
GeneralName(org.apache.harmony.security.x509.GeneralName)
OtherName(org.apache.harmony.security.x509.OtherName)
Name(org.apache.harmony.security.x501.Name)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)29
GeneralName (org.bouncycastle.asn1.x509.GeneralName)24
IOException (java.io.IOException)16
X509Certificate (java.security.cert.X509Certificate)15
ArrayList (java.util.ArrayList)12
List (java.util.List)12
GeneralNames (sun.security.x509.GeneralNames)10
Date (java.util.Date)9
X500Name (org.bouncycastle.asn1.x500.X500Name)9
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)9
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)8
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)8
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)8
GeneralSecurityException (java.security.GeneralSecurityException)7
SecureRandom (java.security.SecureRandom)7
X509CertSelector (java.security.cert.X509CertSelector)7
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)7
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)7
GeneralName (sun.security.x509.GeneralName)7
