Examples with GeneralSubtree org.bouncycastle.asn1.x509.GeneralSubtree used on opensource projects

Example 11 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project XobotOS by xamarin.

the class NameConstraints method createSequence.

private DERSequence createSequence(Vector subtree) {
    ASN1EncodableVector vec = new ASN1EncodableVector();
    Enumeration e = subtree.elements();
    while (e.hasMoreElements()) {
        vec.add((GeneralSubtree) e.nextElement());
    }
    return new DERSequence(vec);
}

Example 12 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project robovm by robovm.

the class PKIXNameConstraintValidator method intersectPermittedSubtree.

/**
     * Updates the permitted set of these name constraints with the intersection
     * with the given subtree.
     *
     * @param permitted The permitted subtrees
     */
public void intersectPermittedSubtree(GeneralSubtree[] permitted) {
    Map subtreesMap = new HashMap();
    // group in sets in a map ordered by tag no.
    for (int i = 0; i != permitted.length; i++) {
        GeneralSubtree subtree = permitted[i];
        Integer tagNo = Integers.valueOf(subtree.getBase().getTagNo());
        if (subtreesMap.get(tagNo) == null) {
            subtreesMap.put(tagNo, new HashSet());
        }
        ((Set) subtreesMap.get(tagNo)).add(subtree);
    }
    for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext(); ) {
        Map.Entry entry = (Map.Entry) it.next();
        // go through all subtree groups
        switch(((Integer) entry.getKey()).intValue()) {
            case 1:
                permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, (Set) entry.getValue());
                break;
            case 2:
                permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (Set) entry.getValue());
                break;
            case 4:
                permittedSubtreesDN = intersectDN(permittedSubtreesDN, (Set) entry.getValue());
                break;
            case 6:
                permittedSubtreesURI = intersectURI(permittedSubtreesURI, (Set) entry.getValue());
                break;
            case 7:
                permittedSubtreesIP = intersectIP(permittedSubtreesIP, (Set) entry.getValue());
        }
    }
}

Example 13 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project robovm by robovm.

the class PKIXNameConstraintValidator method intersectURI.

private Set intersectURI(Set permitted, Set uris) {
    Set intersect = new HashSet();
    for (Iterator it = uris.iterator(); it.hasNext(); ) {
        String uri = extractNameAsString(((GeneralSubtree) it.next()).getBase());
        if (permitted == null) {
            if (uri != null) {
                intersect.add(uri);
            }
        } else {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext()) {
                String _permitted = (String) _iter.next();
                intersectURI(_permitted, uri, intersect);
            }
        }
    }
    return intersect;
}

Example 14 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPathToName.

/*
     * Tests matching on the name constraints extension contained in the
     * certificate.
     */
private void testPathToName() throws IOException {
    System.out.println("X.509 Certificate Match on pathToName");
    X509CertSelector selector = null;
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
    byte[] encoded = in.getOctetString();
    NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
    GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
    GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
    // bad matches on pathToName within excluded subtrees
    if (excluded != null) {
        Iterator<GeneralSubtree> e = excluded.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name excludedDN1 = new X500Name(tree.getName().toString());
                X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                excludedDN1.encode(derDN1);
                excludedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, false);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, false);
            }
        }
    }
    // good matches on pathToName within permitted subtrees
    if (permitted != null) {
        Iterator<GeneralSubtree> e = permitted.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name permittedDN1 = new X500Name(tree.getName().toString());
                X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                permittedDN1.encode(derDN1);
                permittedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, true);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, true);
            }
        }
    }
}