Example 11 with X509Name
use of org.bouncycastle.asn1.x509.X509Name in project robovm by robovm.
the class X509Name method equals.
/**
* @param inOrder if true the order of both X509 names must be the same,
* as well as the values associated with each element.
*/
public boolean equals(Object obj, boolean inOrder) {
if (!inOrder) {
return this.equals(obj);
}
if (obj == this) {
return true;
}
if (!(obj instanceof X509Name || obj instanceof ASN1Sequence)) {
return false;
}
ASN1Primitive derO = ((ASN1Encodable) obj).toASN1Primitive();
if (this.toASN1Primitive().equals(derO)) {
return true;
}
X509Name other;
try {
other = X509Name.getInstance(obj);
} catch (IllegalArgumentException e) {
return false;
}
int orderingSize = ordering.size();
if (orderingSize != other.ordering.size()) {
return false;
}
for (int i = 0; i < orderingSize; i++) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ordering.elementAt(i);
ASN1ObjectIdentifier oOid = (ASN1ObjectIdentifier) other.ordering.elementAt(i);
if (oid.equals(oOid)) {
String value = (String) values.elementAt(i);
String oValue = (String) other.values.elementAt(i);
if (!equivalentStrings(value, oValue)) {
return false;
}
} else {
return false;
}
}
return true;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 12 with X509Name
use of org.bouncycastle.asn1.x509.X509Name in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCRLB2.
/**
* If the complete CRL includes an issuing distribution point (IDP) CRL
* extension check the following:
* <p/>
* (i) If the distribution point name is present in the IDP CRL extension
* and the distribution field is present in the DP, then verify that one of
* the names in the IDP matches one of the names in the DP. If the
* distribution point name is present in the IDP CRL extension and the
* distribution field is omitted from the DP, then verify that one of the
* names in the IDP matches one of the names in the cRLIssuer field of the
* DP.
* </p>
* <p/>
* (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
* extension, verify that the certificate does not include the basic
* constraints extension with the cA boolean asserted.
* </p>
* <p/>
* (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
* extension, verify that the certificate includes the basic constraints
* extension with the cA boolean asserted.
* </p>
* <p/>
* (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
* </p>
*
* @param dp The distribution point.
* @param cert The certificate.
* @param crl The CRL.
* @throws AnnotatedException if one of the conditions is not met or an error occurs.
*/
protected static void processCRLB2(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
IssuingDistributionPoint idp = null;
try {
idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
}
// distribution point name is present
if (idp != null) {
if (idp.getDistributionPoint() != null) {
// make list of names
DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
List names = new ArrayList();
if (dpName.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
names.add(genNames[j]);
}
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
ASN1EncodableVector vec = new ASN1EncodableVector();
try {
Enumeration e = ASN1Sequence.getInstance(ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded())).getObjects();
while (e.hasMoreElements()) {
vec.add((DEREncodable) e.nextElement());
}
} catch (IOException e) {
throw new AnnotatedException("Could not read CRL issuer.", e);
}
vec.add(dpName.getName());
names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec))));
}
boolean matches = false;
// of the names in the DP.
if (dp.getDistributionPoint() != null) {
dpName = dp.getDistributionPoint();
GeneralName[] genNames = null;
if (dpName.getType() == DistributionPointName.FULL_NAME) {
genNames = GeneralNames.getInstance(dpName.getName()).getNames();
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
if (dp.getCRLIssuer() != null) {
genNames = dp.getCRLIssuer().getNames();
} else {
genNames = new GeneralName[1];
try {
genNames[0] = new GeneralName(new X509Name((ASN1Sequence) ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded())));
} catch (IOException e) {
throw new AnnotatedException("Could not read certificate issuer.", e);
}
}
for (int j = 0; j < genNames.length; j++) {
Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().getDERObject()).getObjects();
ASN1EncodableVector vec = new ASN1EncodableVector();
while (e.hasMoreElements()) {
vec.add((DEREncodable) e.nextElement());
}
vec.add(dpName.getName());
genNames[j] = new GeneralName(new X509Name(new DERSequence(vec)));
}
}
if (genNames != null) {
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
} else // verify that one of the names in
// the IDP matches one of the names in the cRLIssuer field of
// the DP
{
if (dp.getCRLIssuer() == null) {
throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must " + "be contained in DistributionPoint.");
}
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
}
}
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension) cert, BASIC_CONSTRAINTS));
} catch (Exception e) {
throw new AnnotatedException("Basic constraints extension could not be decoded.", e);
}
if (cert instanceof X509Certificate) {
// (b) (2) (ii)
if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA())) {
throw new AnnotatedException("CA Cert CRL only contains user certificates.");
}
// (b) (2) (iii)
if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA())) {
throw new AnnotatedException("End CRL only contains CA certificates.");
}
}
// (b) (2) (iv)
if (idp.onlyContainsAttributeCerts()) {
throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
}
}
}
Also used :
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
Enumeration(java.util.Enumeration)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
X509Certificate(java.security.cert.X509Certificate)
DERSequence(org.bouncycastle.asn1.DERSequence)
X509Name(org.bouncycastle.asn1.x509.X509Name)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 13 with X509Name
use of org.bouncycastle.asn1.x509.X509Name in project nhin-d by DirectProject.
the class IssuerAttributeField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
if (rdnAttributeId.equals(RDNAttributeIdentifier.DISTINGUISHED_NAME)) {
final Collection<String> str = Arrays.asList(certificate.getIssuerX500Principal().getName(X500Principal.RFC2253));
this.policyValue = PolicyValueFactory.getInstance(str);
return;
}
DERObject tbsValue = null;
try {
tbsValue = this.getDERObject(certificate.getTBSCertificate());
}///CLOVER:OFF
catch (Exception e) {
throw new PolicyProcessException("Exception parsing TBS certificate fields.", e);
}
///CLOVER:ON
final TBSCertificateStructure tbsStruct = TBSCertificateStructure.getInstance(tbsValue);
final X509Name x509Name = getX509Name(tbsStruct);
@SuppressWarnings("unchecked") final Vector<String> values = x509Name.getValues(new DERObjectIdentifier(getRDNAttributeFieldId().getId()));
if (values.isEmpty() && this.isRequired())
throw new PolicyRequiredException(getFieldName() + " field attribute " + rdnAttributeId.getName() + " is marked as required but is not present.");
final Collection<String> retVal = values;
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
DERObject(org.bouncycastle.asn1.DERObject)
X509Name(org.bouncycastle.asn1.x509.X509Name)
TBSCertificateStructure(org.bouncycastle.asn1.x509.TBSCertificateStructure)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
Example 14 with X509Name
use of org.bouncycastle.asn1.x509.X509Name in project jruby-openssl by jruby.
the class X509Name method cmp.
@JRubyMethod(name = { "cmp", "<=>" })
public RubyFixnum cmp(IRubyObject other) {
if (equals(other)) {
return RubyFixnum.zero(getRuntime());
}
// TODO: do we really need cmp - if so what order huh?
if (other instanceof X509Name) {
final X509Name that = (X509Name) other;
final X500Name thisName = this.getX500Name();
final X500Name thatName = that.getX500Name();
int cmp = thisName.toString().compareTo(thatName.toString());
return RubyFixnum.newFixnum(getRuntime(), cmp);
}
return RubyFixnum.one(getRuntime());
}
Also used :
X500Name(org.bouncycastle.asn1.x500.X500Name)
JRubyMethod(org.jruby.anno.JRubyMethod)
Aggregations
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
IOException (java.io.IOException)6
GeneralSecurityException (java.security.GeneralSecurityException)5
X509Certificate (java.security.cert.X509Certificate)5
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)5
X509Name (org.bouncycastle.asn1.x509.X509Name)5
CertPathBuilderException (java.security.cert.CertPathBuilderException)4
CertPathValidatorException (java.security.cert.CertPathValidatorException)4
CertificateExpiredException (java.security.cert.CertificateExpiredException)4
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)4
ArrayList (java.util.ArrayList)4
Enumeration (java.util.Enumeration)4
List (java.util.List)4
DERUniversalString (org.bouncycastle.asn1.DERUniversalString)4
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)4
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)4
GeneralName (org.bouncycastle.asn1.x509.GeneralName)4
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)4
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)4
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3
