Example 16 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project robovm by robovm.
the class X509CRLObject method loadCRLEntries.
private Set loadCRLEntries() {
Set entrySet = new HashSet();
Enumeration certs = c.getRevokedCertificateEnumeration();
// the issuer
X500Name previousCertificateIssuer = null;
while (certs.hasMoreElements()) {
TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
entrySet.add(crlEntry);
if (isIndirect && entry.hasExtensions()) {
Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
if (currentCaName != null) {
previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
}
}
}
return entrySet;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
HashSet(java.util.HashSet)
Set(java.util.Set)
Enumeration(java.util.Enumeration)
TBSCertList(org.bouncycastle.asn1.x509.TBSCertList)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509CRLEntry(java.security.cert.X509CRLEntry)
HashSet(java.util.HashSet)
Example 17 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project robovm by robovm.
the class AttributeCertificateIssuer method getNames.
public X500Name[] getNames() {
GeneralNames name;
if (form instanceof V2Form) {
name = ((V2Form) form).getIssuerName();
} else {
name = (GeneralNames) form;
}
GeneralName[] names = name.getNames();
List l = new ArrayList(names.length);
for (int i = 0; i != names.length; i++) {
if (names[i].getTagNo() == GeneralName.directoryName) {
l.add(X500Name.getInstance(names[i].getName()));
}
}
return (X500Name[]) l.toArray(new X500Name[l.size()]);
}
Also used :
V2Form(org.bouncycastle.asn1.x509.V2Form)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Example 18 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project robovm by robovm.
the class X509CRLObject method isRevoked.
/**
* Checks whether the given certificate is on this CRL.
*
* @param cert the certificate to check for.
* @return true if the given certificate is on this CRL,
* false otherwise.
*/
public boolean isRevoked(Certificate cert) {
if (!cert.getType().equals("X.509")) {
throw new RuntimeException("X.509 CRL used with non X.509 Cert");
}
TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
X500Name caName = c.getIssuer();
if (certs != null) {
BigInteger serial = ((X509Certificate) cert).getSerialNumber();
for (int i = 0; i < certs.length; i++) {
if (isIndirect && certs[i].hasExtensions()) {
Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer);
if (currentCaName != null) {
caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
}
}
if (certs[i].getUserCertificate().getValue().equals(serial)) {
X500Name issuer;
if (cert instanceof X509Certificate) {
issuer = X500Name.getInstance(((X509Certificate) cert).getIssuerX500Principal().getEncoded());
} else {
try {
issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
} catch (CertificateEncodingException e) {
throw new RuntimeException("Cannot process certificate");
}
}
if (!caName.equals(issuer)) {
return false;
}
return true;
}
}
}
return false;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
BigInteger(java.math.BigInteger)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509CRLEntry(java.security.cert.X509CRLEntry)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 19 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project robovm by robovm.
the class X509CRLObject method getRevokedCertificate.
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
Enumeration certs = c.getRevokedCertificateEnumeration();
// the issuer
X500Name previousCertificateIssuer = null;
while (certs.hasMoreElements()) {
TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
if (serialNumber.equals(entry.getUserCertificate().getValue())) {
return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
}
if (isIndirect && entry.hasExtensions()) {
Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
if (currentCaName != null) {
previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
}
}
}
return null;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
Enumeration(java.util.Enumeration)
TBSCertList(org.bouncycastle.asn1.x509.TBSCertList)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509CRLEntry(java.security.cert.X509CRLEntry)
Example 20 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project Conversations by siacs.
the class XmppDomainVerifier method verify.
@Override
public boolean verify(String domain, SSLSession sslSession) {
try {
Certificate[] chain = sslSession.getPeerCertificates();
if (chain.length == 0 || !(chain[0] instanceof X509Certificate)) {
return false;
}
X509Certificate certificate = (X509Certificate) chain[0];
Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
List<String> xmppAddrs = new ArrayList<>();
List<String> srvNames = new ArrayList<>();
List<String> domains = new ArrayList<>();
if (alternativeNames != null) {
for (List<?> san : alternativeNames) {
Integer type = (Integer) san.get(0);
if (type == 0) {
Pair<String, String> otherName = parseOtherName((byte[]) san.get(1));
if (otherName != null) {
switch(otherName.first) {
case SRVName:
srvNames.add(otherName.second);
break;
case xmppAddr:
xmppAddrs.add(otherName.second);
break;
default:
Log.d(LOGTAG, "oid: " + otherName.first + " value: " + otherName.second);
}
}
} else if (type == 2) {
Object value = san.get(1);
if (value instanceof String) {
domains.add((String) value);
}
}
}
}
if (srvNames.size() == 0 && xmppAddrs.size() == 0 && domains.size() == 0) {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
}
Log.d(LOGTAG, "searching for " + domain + " in srvNames: " + srvNames + " xmppAddrs: " + xmppAddrs + " domains:" + domains);
return xmppAddrs.contains(domain) || srvNames.contains("_xmpp-client." + domain) || matchDomain(domain, domains);
} catch (Exception e) {
return false;
}
}
Also used :
ArrayList(java.util.ArrayList)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
ArrayList(java.util.ArrayList)
List(java.util.List)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
RDN(org.bouncycastle.asn1.x500.RDN)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)193
X509Certificate (java.security.cert.X509Certificate)88
Date (java.util.Date)71
BigInteger (java.math.BigInteger)63
X500Name (sun.security.x509.X500Name)53
IOException (java.io.IOException)49
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)47
ContentSigner (org.bouncycastle.operator.ContentSigner)45
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)44
RDN (org.bouncycastle.asn1.x500.RDN)43
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)42
KeyPair (java.security.KeyPair)41
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)41
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)36
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)33
PrivateKey (java.security.PrivateKey)32
KeyPairGenerator (java.security.KeyPairGenerator)31
GeneralName (org.bouncycastle.asn1.x509.GeneralName)31
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)28
SecureRandom (java.security.SecureRandom)27
