Example 6 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project robovm by robovm.
the class PKIXNameConstraintValidator method intersectPermittedSubtree.
/**
* Updates the permitted set of these name constraints with the intersection
* with the given subtree.
*
* @param permitted The permitted subtrees
*/
public void intersectPermittedSubtree(GeneralSubtree[] permitted) {
Map subtreesMap = new HashMap();
// group in sets in a map ordered by tag no.
for (int i = 0; i != permitted.length; i++) {
GeneralSubtree subtree = permitted[i];
Integer tagNo = Integers.valueOf(subtree.getBase().getTagNo());
if (subtreesMap.get(tagNo) == null) {
subtreesMap.put(tagNo, new HashSet());
}
((Set) subtreesMap.get(tagNo)).add(subtree);
}
for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext(); ) {
Map.Entry entry = (Map.Entry) it.next();
// go through all subtree groups
switch(((Integer) entry.getKey()).intValue()) {
case 1:
permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, (Set) entry.getValue());
break;
case 2:
permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (Set) entry.getValue());
break;
case 4:
permittedSubtreesDN = intersectDN(permittedSubtreesDN, (Set) entry.getValue());
break;
case 6:
permittedSubtreesURI = intersectURI(permittedSubtreesURI, (Set) entry.getValue());
break;
case 7:
permittedSubtreesIP = intersectIP(permittedSubtreesIP, (Set) entry.getValue());
}
}
}Example 7 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project robovm by robovm.
the class PKIXNameConstraintValidator method intersectURI.
private Set intersectURI(Set permitted, Set uris) {
Set intersect = new HashSet();
for (Iterator it = uris.iterator(); it.hasNext(); ) {
String uri = extractNameAsString(((GeneralSubtree) it.next()).getBase());
if (permitted == null) {
if (uri != null) {
intersect.add(uri);
}
} else {
Iterator _iter = permitted.iterator();
while (_iter.hasNext()) {
String _permitted = (String) _iter.next();
intersectURI(_permitted, uri, intersect);
}
}
}
return intersect;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
HashSet(java.util.HashSet)
Example 8 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project robovm by robovm.
the class GeneralSubtree method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
*
* Returns:
*
* <pre>
* GeneralSubtree ::= SEQUENCE
* {
* base GeneralName,
* minimum [0] BaseDistance DEFAULT 0,
* maximum [1] BaseDistance OPTIONAL
* }
* </pre>
*
* @return a ASN1Primitive
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(base);
if (minimum != null && !minimum.getValue().equals(ZERO)) {
v.add(new DERTaggedObject(false, 0, minimum));
}
if (maximum != null) {
v.add(new DERTaggedObject(false, 1, maximum));
}
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 9 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method prepareNextCertG.
protected static void prepareNextCertG(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (g) handle the name constraints extension
//
NameConstraints nc = null;
try {
ASN1Sequence ncSeq = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.NAME_CONSTRAINTS));
if (ncSeq != null) {
nc = new NameConstraints(ncSeq);
}
} catch (Exception e) {
throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath, index);
}
if (nc != null) {
//
// (g) (1) permitted subtrees
//
ASN1Sequence permitted = nc.getPermittedSubtrees();
if (permitted != null) {
try {
nameConstraintValidator.intersectPermittedSubtree(permitted);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
//
// (g) (2) excluded subtrees
//
ASN1Sequence excluded = nc.getExcludedSubtrees();
if (excluded != null) {
Enumeration e = excluded.getObjects();
try {
while (e.hasMoreElements()) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
nameConstraintValidator.addExcludedSubtree(subtree);
}
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
}
}
Also used :
NameConstraints(org.bouncycastle.asn1.x509.NameConstraints)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Enumeration(java.util.Enumeration)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 10 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project XobotOS by xamarin.
the class NameConstraints method createSequence.
private DERSequence createSequence(Vector subtree) {
ASN1EncodableVector vec = new ASN1EncodableVector();
Enumeration e = subtree.elements();
while (e.hasMoreElements()) {
vec.add((GeneralSubtree) e.nextElement());
}
return new DERSequence(vec);
}
Also used :
Enumeration(java.util.Enumeration)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Aggregations
HashSet (java.util.HashSet)6
Iterator (java.util.Iterator)6
Set (java.util.Set)6
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4
DERIA5String (org.bouncycastle.asn1.DERIA5String)4
GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)4
X509Certificate (java.security.cert.X509Certificate)3
Enumeration (java.util.Enumeration)3
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)3
DERSequence (org.bouncycastle.asn1.DERSequence)3
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
CertPathBuilderException (java.security.cert.CertPathBuilderException)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
CertificateExpiredException (java.security.cert.CertificateExpiredException)2
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
List (java.util.List)2
Map (java.util.Map)2
