Examples with TrustedAuthority - org.wildfly.security.x500.TrustedAuthority

Example 1 with TrustedAuthority

use of org.wildfly.security.x500.TrustedAuthority in project wildfly-elytron by wildfly-security.

the class EntityUtil method encodeTrustedAuthorities.

/**
 * Encode an ASN.1 sequence of trusted authorities using the given DER encoder.
 *
 * @param encoder the DER encoder
 * @param trustedAuthorities the trusted authorities as a {@code List} where each entry must
 * be a {@link NameTrustedAuthority}, a {@link CertificateTrustedAuthority}, or a {@link HashTrustedAuthority}
 * @throws ASN1Exception if any of the trusted authorities are invalid
 */
public static void encodeTrustedAuthorities(final DEREncoder encoder, List<TrustedAuthority> trustedAuthorities) throws ASN1Exception {
    encoder.startSequence();
    for (TrustedAuthority trustedAuthority : trustedAuthorities) {
        trustedAuthority.encodeTo(encoder);
    }
    encoder.endSequence();
}

Also used : TrustedAuthority(org.wildfly.security.x500.TrustedAuthority)

Example 2 with TrustedAuthority

use of org.wildfly.security.x500.TrustedAuthority in project wildfly-elytron by wildfly-security.

the class EntityUtil method decodeTrustedAuthorities.

/**
 * Decode the next element from the given DER decoder as a trusted authorities element.
 *
 * @param decoder the DER decoder
 * @return the trusted authorities
 * @throws ASN1Exception if the next element from the given decoder is not a trusted authorities
 * element or if an error occurs while decoding the trusted authorities element
 */
public static List<TrustedAuthority> decodeTrustedAuthorities(final DERDecoder decoder) throws ASN1Exception {
    List<TrustedAuthority> trustedAuthorities = new ArrayList<TrustedAuthority>();
    TrustedAuthority trustedAuthority = null;
    decoder.startSequence();
    while (decoder.hasNextElement()) {
        out: {
            for (int trustedAuthorityType = 0; trustedAuthorityType <= 4; trustedAuthorityType++) {
                switch(trustedAuthorityType) {
                    case AUTHORITY_NAME:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, trustedAuthorityType, true)) {
                            byte[] encodedName = decoder.drainElementValue();
                            trustedAuthority = new NameTrustedAuthority((new X500Principal(encodedName)).getName(X500Principal.CANONICAL));
                            break out;
                        }
                        break;
                    case AUTHORITY_CERTIFICATE:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, trustedAuthorityType, true)) {
                            decoder.decodeImplicit(trustedAuthorityType);
                            byte[] cert = decoder.drainElement();
                            // Replace the trusted authority type tag with a DER SEQUENCE tag, as required by CertificateFactory#generateCertificate
                            cert[0] = SEQUENCE_TYPE;
                            try {
                                CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
                                trustedAuthority = new CertificateTrustedAuthority((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(cert)));
                            } catch (CertificateException e) {
                                throw new ASN1Exception(e);
                            }
                            break out;
                        }
                        break;
                    case ISSUER_NAME_HASH:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, trustedAuthorityType, false)) {
                            decoder.decodeImplicit(trustedAuthorityType);
                            trustedAuthority = new IssuerNameHashTrustedAuthority(decoder.decodeOctetString());
                            break out;
                        }
                        break;
                    case ISSUER_KEY_HASH:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, trustedAuthorityType, false)) {
                            decoder.decodeImplicit(trustedAuthorityType);
                            trustedAuthority = new IssuerKeyHashTrustedAuthority(decoder.decodeOctetString());
                            break out;
                        }
                        break;
                    case PKCS_15_KEY_HASH:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, trustedAuthorityType, false)) {
                            decoder.decodeImplicit(trustedAuthorityType);
                            trustedAuthority = new PKCS15KeyHashTrustedAuthority(decoder.decodeOctetString());
                            break out;
                        }
                        break;
                    default:
                        throw saslEntity.asnInvalidGeneralNameType();
                }
            }
        }
        trustedAuthorities.add(trustedAuthority);
    }
    decoder.endSequence();
    return trustedAuthorities;
}

Also used : ASN1Exception(org.wildfly.security.asn1.ASN1Exception) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) TrustedAuthority(org.wildfly.security.x500.TrustedAuthority) X500Principal(javax.security.auth.x500.X500Principal)

Aggregations

TrustedAuthority (org.wildfly.security.x500.TrustedAuthority)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 CertificateException (java.security.cert.CertificateException)1 CertificateFactory (java.security.cert.CertificateFactory)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 X500Principal (javax.security.auth.x500.X500Principal)1 ASN1Exception (org.wildfly.security.asn1.ASN1Exception)1