Search in sources :

Example 11 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class X509CertSelectorTest method test_getSubjectAlternativeNames.

/**
     * java.security.cert.X509CertSelector#getSubjectAlternativeNames()
     */
public void test_getSubjectAlternativeNames() throws Exception {
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans = new GeneralNames();
    sans.addName(san1);
    sans.addName(san2);
    TestCert cert_1 = new TestCert(sans);
    X509CertSelector selector = new X509CertSelector();
    assertNull("Selector should return null", selector.getSubjectAlternativeNames());
    selector.setSubjectAlternativeNames(sans.getPairsList());
    assertTrue("The certificate should match the selection criteria.", selector.match(cert_1));
    selector.getSubjectAlternativeNames().clear();
    assertTrue("The modification of initialization object " + "should not affect the modification " + "of internal object.", selector.match(cert_1));
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName)

Example 12 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class X509CertSelectorTest method test_addSubjectAlternativeNameLintLbyte_array2.

/**
     * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[])
     */
public void test_addSubjectAlternativeNameLintLbyte_array2() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    X509CertSelector selector = new X509CertSelector();
    selector.addSubjectAlternativeName(0, san0.getEncodedName());
    selector.addSubjectAlternativeName(1, san1.getEncodedName());
    selector.addSubjectAlternativeName(2, san2.getEncodedName());
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    assertTrue(selector.match(cert1));
    assertFalse(selector.match(cert2));
    selector.setSubjectAlternativeNames(null);
    GeneralName name = new GeneralName(new Name("O=Android"));
    try {
        selector.addSubjectAlternativeName(0, name.getEncodedName());
    } catch (IOException e) {
    // ok
    }
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) GeneralName(org.apache.harmony.security.x509.GeneralName) IOException(java.io.IOException) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 13 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class X509CRLHolder method getRevokedCertificates.

/**
     * Return a collection of X509CRLEntryHolder objects, giving the details of the
     * revoked certificates that appear on this CRL.
     *
     * @return the revoked certificates as a collection of X509CRLEntryHolder objects.
     */
public Collection getRevokedCertificates() {
    TBSCertList.CRLEntry[] entries = x509CRL.getRevokedCertificates();
    List l = new ArrayList(entries.length);
    GeneralNames currentCA = issuerName;
    for (Enumeration en = x509CRL.getRevokedCertificateEnumeration(); en.hasMoreElements(); ) {
        TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) en.nextElement();
        X509CRLEntryHolder crlEntry = new X509CRLEntryHolder(entry, isIndirect, currentCA);
        l.add(crlEntry);
        currentCA = crlEntry.getCertificateIssuer();
    }
    return l;
}
Also used : Enumeration(java.util.Enumeration) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) CertificateList(org.bouncycastle.asn1.x509.CertificateList) ArrayList(java.util.ArrayList) List(java.util.List) TBSCertList(org.bouncycastle.asn1.x509.TBSCertList) TBSCertList(org.bouncycastle.asn1.x509.TBSCertList)

Example 14 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class AttributeCertificateIssuer method getNames.

public X500Name[] getNames() {
    GeneralNames name;
    if (form instanceof V2Form) {
        name = ((V2Form) form).getIssuerName();
    } else {
        name = (GeneralNames) form;
    }
    GeneralName[] names = name.getNames();
    List l = new ArrayList(names.length);
    for (int i = 0; i != names.length; i++) {
        if (names[i].getTagNo() == GeneralName.directoryName) {
            l.add(X500Name.getInstance(names[i].getName()));
        }
    }
    return (X500Name[]) l.toArray(new X500Name[l.size()]);
}
Also used : V2Form(org.bouncycastle.asn1.x509.V2Form) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 15 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project robovm by robovm.

the class RFC3280CertPathUtilities method processCertBC.

protected static void processCertBC(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    int n = certs.size();
    // i as defined in the algorithm description
    int i = n - index;
    //
    if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) {
        X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
        ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
        ASN1Sequence dns;
        try {
            dns = DERSequence.getInstance(aIn.readObject());
        } catch (Exception e) {
            throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, certPath, index);
        }
        try {
            nameConstraintValidator.checkPermittedDN(dns);
            nameConstraintValidator.checkExcludedDN(dns);
        } catch (PKIXNameConstraintValidatorException e) {
            throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, index);
        }
        GeneralNames altName = null;
        try {
            altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME));
        } catch (Exception e) {
            throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, certPath, index);
        }
        Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
        for (Enumeration e = emails.elements(); e.hasMoreElements(); ) {
            String email = (String) e.nextElement();
            GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
            try {
                nameConstraintValidator.checkPermitted(emailAsGeneralName);
                nameConstraintValidator.checkExcluded(emailAsGeneralName);
            } catch (PKIXNameConstraintValidatorException ex) {
                throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", ex, certPath, index);
            }
        }
        if (altName != null) {
            GeneralName[] genNames = null;
            try {
                genNames = altName.getNames();
            } catch (Exception e) {
                throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, certPath, index);
            }
            for (int j = 0; j < genNames.length; j++) {
                try {
                    nameConstraintValidator.checkPermitted(genNames[j]);
                    nameConstraintValidator.checkExcluded(genNames[j]);
                } catch (PKIXNameConstraintValidatorException e) {
                    throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e, certPath, index);
                }
            }
        }
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) X509Name(org.bouncycastle.asn1.x509.X509Name) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X500Principal(javax.security.auth.x500.X500Principal) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Vector(java.util.Vector) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72 GeneralName (org.bouncycastle.asn1.x509.GeneralName)61 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)22 ArrayList (java.util.ArrayList)19 X500Name (org.bouncycastle.asn1.x500.X500Name)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)15 DEROctetString (org.bouncycastle.asn1.DEROctetString)14 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)14 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)14 Date (java.util.Date)13 List (java.util.List)13 X500Principal (javax.security.auth.x500.X500Principal)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12 GeneralNames (sun.security.x509.GeneralNames)12 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)11 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11 Test (org.junit.Test)11