Search in sources :

Example 11 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project XobotOS by xamarin.

the class NameConstraints method createSequence.

private DERSequence createSequence(Vector subtree) {
    ASN1EncodableVector vec = new ASN1EncodableVector();
    Enumeration e = subtree.elements();
    while (e.hasMoreElements()) {
        vec.add((GeneralSubtree) e.nextElement());
    }
    return new DERSequence(vec);
}
Also used : Enumeration(java.util.Enumeration) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 12 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project robovm by robovm.

the class PKIXNameConstraintValidator method intersectPermittedSubtree.

/**
     * Updates the permitted set of these name constraints with the intersection
     * with the given subtree.
     *
     * @param permitted The permitted subtrees
     */
public void intersectPermittedSubtree(GeneralSubtree[] permitted) {
    Map subtreesMap = new HashMap();
    // group in sets in a map ordered by tag no.
    for (int i = 0; i != permitted.length; i++) {
        GeneralSubtree subtree = permitted[i];
        Integer tagNo = Integers.valueOf(subtree.getBase().getTagNo());
        if (subtreesMap.get(tagNo) == null) {
            subtreesMap.put(tagNo, new HashSet());
        }
        ((Set) subtreesMap.get(tagNo)).add(subtree);
    }
    for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext(); ) {
        Map.Entry entry = (Map.Entry) it.next();
        // go through all subtree groups
        switch(((Integer) entry.getKey()).intValue()) {
            case 1:
                permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, (Set) entry.getValue());
                break;
            case 2:
                permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (Set) entry.getValue());
                break;
            case 4:
                permittedSubtreesDN = intersectDN(permittedSubtreesDN, (Set) entry.getValue());
                break;
            case 6:
                permittedSubtreesURI = intersectURI(permittedSubtreesURI, (Set) entry.getValue());
                break;
            case 7:
                permittedSubtreesIP = intersectIP(permittedSubtreesIP, (Set) entry.getValue());
        }
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Iterator(java.util.Iterator) GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 13 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project robovm by robovm.

the class PKIXNameConstraintValidator method intersectURI.

private Set intersectURI(Set permitted, Set uris) {
    Set intersect = new HashSet();
    for (Iterator it = uris.iterator(); it.hasNext(); ) {
        String uri = extractNameAsString(((GeneralSubtree) it.next()).getBase());
        if (permitted == null) {
            if (uri != null) {
                intersect.add(uri);
            }
        } else {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext()) {
                String _permitted = (String) _iter.next();
                intersectURI(_permitted, uri, intersect);
            }
        }
    }
    return intersect;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Iterator(java.util.Iterator) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) HashSet(java.util.HashSet)

Example 14 with GeneralSubtree

use of org.bouncycastle.asn1.x509.GeneralSubtree in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPathToName.

/*
     * Tests matching on the name constraints extension contained in the
     * certificate.
     */
private void testPathToName() throws IOException {
    System.out.println("X.509 Certificate Match on pathToName");
    X509CertSelector selector = null;
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
    byte[] encoded = in.getOctetString();
    NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
    GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
    GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
    // bad matches on pathToName within excluded subtrees
    if (excluded != null) {
        Iterator<GeneralSubtree> e = excluded.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name excludedDN1 = new X500Name(tree.getName().toString());
                X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                excludedDN1.encode(derDN1);
                excludedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, false);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, false);
            }
        }
    }
    // good matches on pathToName within permitted subtrees
    if (permitted != null) {
        Iterator<GeneralSubtree> e = permitted.iterator();
        while (e.hasNext()) {
            GeneralSubtree tree = e.next();
            if (tree.getName().getType() == NAME_DIRECTORY) {
                X500Name permittedDN1 = new X500Name(tree.getName().toString());
                X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
                DerOutputStream derDN1 = new DerOutputStream();
                DerOutputStream derDN2 = new DerOutputStream();
                permittedDN1.encode(derDN1);
                permittedDN2.encode(derDN2);
                selector = new X509CertSelector();
                selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
                checkMatch(selector, cert, true);
                selector.setPathToNames(null);
                selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
                checkMatch(selector, cert, true);
            }
        }
    }
}
Also used : DerOutputStream(sun.security.util.DerOutputStream) GeneralSubtrees(sun.security.x509.GeneralSubtrees) X509CertSelector(java.security.cert.X509CertSelector) DerInputStream(sun.security.util.DerInputStream) NameConstraintsExtension(sun.security.x509.NameConstraintsExtension) GeneralSubtree(sun.security.x509.GeneralSubtree) X500Name(sun.security.x509.X500Name)

Aggregations

HashSet (java.util.HashSet)6 Iterator (java.util.Iterator)6 Set (java.util.Set)6 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 DERIA5String (org.bouncycastle.asn1.DERIA5String)4 GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)4 X509Certificate (java.security.cert.X509Certificate)3 Enumeration (java.util.Enumeration)3 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)3 DERSequence (org.bouncycastle.asn1.DERSequence)3 IOException (java.io.IOException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 CertPathBuilderException (java.security.cert.CertPathBuilderException)2 CertPathValidatorException (java.security.cert.CertPathValidatorException)2 CertificateExpiredException (java.security.cert.CertificateExpiredException)2 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 List (java.util.List)2 Map (java.util.Map)2