Example 26 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project xipki by xipki.
the class XmlX509CertprofileUtil method buildGeneralSubtree.
// method buildGeneralSubtrees
private static GeneralSubtree buildGeneralSubtree(GeneralSubtreeBaseType type) throws CertprofileException {
ParamUtil.requireNonNull("type", type);
GeneralName base = null;
if (type.getDirectoryName() != null) {
base = new GeneralName(X509Util.reverse(new X500Name(type.getDirectoryName())));
} else if (type.getDnsName() != null) {
base = new GeneralName(GeneralName.dNSName, type.getDnsName());
} else if (type.getIpAddress() != null) {
base = new GeneralName(GeneralName.iPAddress, type.getIpAddress());
} else if (type.getRfc822Name() != null) {
base = new GeneralName(GeneralName.rfc822Name, type.getRfc822Name());
} else if (type.getUri() != null) {
base = new GeneralName(GeneralName.uniformResourceIdentifier, type.getUri());
} else {
throw new RuntimeException("should not reach here, unknown child of GeneralSubtreeBaseType");
}
Integer min = type.getMinimum();
if (min != null && min < 0) {
throw new CertprofileException("negative minimum is not allowed: " + min);
}
BigInteger minimum = (min == null) ? null : BigInteger.valueOf(min.intValue());
Integer max = type.getMaximum();
if (max != null && max < 0) {
throw new CertprofileException("negative maximum is not allowed: " + max);
}
BigInteger maximum = (max == null) ? null : BigInteger.valueOf(max.intValue());
return new GeneralSubtree(base, minimum, maximum);
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
Example 27 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project keystore-explorer by kaikramer.
the class DNameConstraints method okPressed.
private void okPressed() {
List<GeneralSubtree> permittedSubtrees = jgsPermittedSubtrees.getGeneralSubtrees().getGeneralSubtrees();
List<GeneralSubtree> excludedSubtrees = jgsExcludedSubtrees.getGeneralSubtrees().getGeneralSubtrees();
GeneralSubtree[] permittedSubtreesArray = permittedSubtrees.toArray(new GeneralSubtree[permittedSubtrees.size()]);
GeneralSubtree[] excludedSubtreesArray = excludedSubtrees.toArray(new GeneralSubtree[excludedSubtrees.size()]);
NameConstraints nameConstraints = new NameConstraints(permittedSubtreesArray, excludedSubtreesArray);
try {
value = nameConstraints.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
DError.displayError(this, e);
return;
}
closeDialog();
}
Also used :
NameConstraints(org.bouncycastle.asn1.x509.NameConstraints)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
IOException(java.io.IOException)
Example 28 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project keystore-explorer by kaikramer.
the class JGeneralSubtrees method removeSelectedGeneralSubtree.
private void removeSelectedGeneralSubtree() {
int selectedRow = jtGeneralSubtrees.getSelectedRow();
if (selectedRow != -1) {
GeneralSubtree generalSubtree = (GeneralSubtree) jtGeneralSubtrees.getValueAt(selectedRow, 0);
generalSubtrees.getGeneralSubtrees().remove(generalSubtree);
reloadGeneralSubtreesTable();
selectFirstGeneralSubtreeInTable();
updateButtonControls();
}
}
Also used :
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
Point(java.awt.Point)
Example 29 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project keystore-explorer by kaikramer.
the class X509Ext method getNameConstraintsStringValue.
private static String getNameConstraintsStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* NameConstraints ::= ASN1Sequence { permittedSubtrees [0]
* GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees
* OPTIONAL }
*
* GeneralSubtrees ::= ASN1Sequence SIZE (1..MAX) OF GeneralSubtree
*
* GeneralSubtree ::= ASN1Sequence { base GeneralName, minimum [0]
* BaseDistance DEFAULT nodistance, maximum [1] BaseDistance OPTIONAL }
*
* BaseDistance ::= ASN1Integer {nodistance(0) } (0..MAX)
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
NameConstraints nameConstraints = NameConstraints.getInstance(value);
GeneralSubtrees permittedSubtrees = null;
if (nameConstraints.getPermittedSubtrees() != null && nameConstraints.getPermittedSubtrees().length != 0) {
permittedSubtrees = new GeneralSubtrees(nameConstraints.getPermittedSubtrees());
}
sb.append(res.getString("PermittedSubtrees"));
if (permittedSubtrees == null) {
sb.append(" ").append(res.getString("NoValue"));
sb.append(NEWLINE);
} else {
sb.append(NEWLINE);
int permitted = 0;
for (GeneralSubtree permittedSubtree : permittedSubtrees.getGeneralSubtrees()) {
permitted++;
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("PermittedSubtree"), permitted));
sb.append(NEWLINE);
sb.append(INDENT);
sb.append(INDENT);
sb.append(res.getString("Base"));
sb.append(NEWLINE);
GeneralName base = permittedSubtree.getBase();
sb.append(INDENT);
sb.append(INDENT);
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(base));
sb.append(NEWLINE);
BigInteger minimum = permittedSubtree.getMinimum();
// Default 'nodistance' value
int minimumInt = 0;
if (minimum != null) {
minimumInt = minimum.intValue();
}
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Minimum"), minimumInt));
sb.append(NEWLINE);
BigInteger maximum = permittedSubtree.getMaximum();
if (maximum != null) {
int maximumInt = maximum.intValue();
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Maximum"), maximumInt));
sb.append(NEWLINE);
}
}
}
GeneralSubtree[] excludedSubtreeArray = nameConstraints.getExcludedSubtrees();
sb.append(res.getString("ExcludedSubtrees"));
if (excludedSubtreeArray == null) {
// Optional
sb.append(" ").append(res.getString("NoValue"));
sb.append(NEWLINE);
} else {
GeneralSubtrees excludedSubtrees = new GeneralSubtrees(excludedSubtreeArray);
sb.append(NEWLINE);
int excluded = 0;
for (GeneralSubtree excludedSubtree : excludedSubtrees.getGeneralSubtrees()) {
excluded++;
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("ExcludedSubtree"), excluded));
sb.append(NEWLINE);
sb.append(INDENT);
sb.append(INDENT);
sb.append(res.getString("Base"));
sb.append(NEWLINE);
GeneralName base = excludedSubtree.getBase();
sb.append(INDENT);
sb.append(INDENT);
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(base));
sb.append(NEWLINE);
BigInteger minimum = excludedSubtree.getMinimum();
int minimumInt = minimum.intValue();
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Minimum"), minimumInt));
sb.append(NEWLINE);
BigInteger maximum = excludedSubtree.getMaximum();
if (maximum != null) {
int maximumInt = maximum.intValue();
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format(res.getString("Maximum"), maximumInt));
sb.append(NEWLINE);
}
}
}
return sb.toString();
}
Also used :
NameConstraints(org.bouncycastle.asn1.x509.NameConstraints)
BigInteger(java.math.BigInteger)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 30 with GeneralSubtree
use of org.bouncycastle.asn1.x509.GeneralSubtree in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method prepareNextCertG.
protected static void prepareNextCertG(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (g) handle the name constraints extension
//
NameConstraints nc = null;
try {
ASN1Sequence ncSeq = ASN1Sequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.NAME_CONSTRAINTS));
if (ncSeq != null) {
nc = NameConstraints.getInstance(ncSeq);
}
} catch (Exception e) {
throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath, index);
}
if (nc != null) {
//
// (g) (1) permitted subtrees
//
GeneralSubtree[] permitted = nc.getPermittedSubtrees();
if (permitted != null) {
try {
nameConstraintValidator.intersectPermittedSubtree(permitted);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
//
// (g) (2) excluded subtrees
//
GeneralSubtree[] excluded = nc.getExcludedSubtrees();
if (excluded != null) {
for (int i = 0; i != excluded.length; i++) {
try {
nameConstraintValidator.addExcludedSubtree(excluded[i]);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
}
}
}
Also used :
NameConstraints(com.github.zhenwei.core.asn1.x509.NameConstraints)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralSubtree(com.github.zhenwei.core.asn1.x509.GeneralSubtree)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
Aggregations
GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)18
BigInteger (java.math.BigInteger)7
GeneralName (org.bouncycastle.asn1.x509.GeneralName)6
NameConstraints (org.bouncycastle.asn1.x509.NameConstraints)6
IOException (java.io.IOException)5
X509Certificate (java.security.cert.X509Certificate)5
HashSet (java.util.HashSet)5
Iterator (java.util.Iterator)5
Set (java.util.Set)5
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
DERIA5String (org.bouncycastle.asn1.DERIA5String)5
X500Name (org.bouncycastle.asn1.x500.X500Name)4
Enumeration (java.util.Enumeration)3
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)3
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)3
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)2
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)2
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)2
GeneralSubtree (com.github.zhenwei.core.asn1.x509.GeneralSubtree)2
