Example 61 with GeneralName
use of sun.security.x509.GeneralName in project robovm by robovm.
the class X509CertSelector method addPathToName.
/**
* Adds a {@literal "pathToName"} to the respective criterion.
*
* @param type
* the type of the name.
* @param name
* the name in string format.
* @throws IOException
* if parsing fails.
* @see #setPathToNames
*/
public void addPathToName(int type, String name) throws IOException {
GeneralName path_name = new GeneralName(type, name);
// create only if there was not any errors
if (pathToNames == null) {
pathToNames = new ArrayList<GeneralName>();
}
pathToNames.add(path_name);
}
Also used :
GeneralName(org.apache.harmony.security.x509.GeneralName)
Example 62 with GeneralName
use of sun.security.x509.GeneralName in project robovm by robovm.
the class X509CertSelector method addSubjectAlternativeName.
/**
* Adds a subject alternative name to the respective criterion.
*
* @param tag
* the type of the name.
* @param name
* the name in ASN.1 DER encoded form.
* @throws IOException
* if the decoding of the name fails.
*/
public void addSubjectAlternativeName(int tag, byte[] name) throws IOException {
GeneralName alt_name = new GeneralName(tag, name);
// create only if there was not any errors
if (subjectAltNames == null) {
subjectAltNames = new ArrayList[9];
}
if (subjectAltNames[tag] == null) {
subjectAltNames[tag] = new ArrayList<GeneralName>();
}
subjectAltNames[tag].add(alt_name);
}
Also used :
GeneralName(org.apache.harmony.security.x509.GeneralName)
Example 63 with GeneralName
use of sun.security.x509.GeneralName in project robovm by robovm.
the class X509CertificateObject method getAlternativeNames.
private static Collection getAlternativeNames(byte[] extVal) throws CertificateParsingException {
if (extVal == null) {
return null;
}
try {
Collection temp = new ArrayList();
Enumeration it = ASN1Sequence.getInstance(extVal).getObjects();
while (it.hasMoreElements()) {
GeneralName genName = GeneralName.getInstance(it.nextElement());
List list = new ArrayList();
list.add(Integers.valueOf(genName.getTagNo()));
switch(genName.getTagNo()) {
case GeneralName.ediPartyName:
case GeneralName.x400Address:
case GeneralName.otherName:
list.add(genName.getEncoded());
break;
case GeneralName.directoryName:
// BEGIN android-changed
list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
// END android-changed
break;
case GeneralName.dNSName:
case GeneralName.rfc822Name:
case GeneralName.uniformResourceIdentifier:
list.add(((ASN1String) genName.getName()).getString());
break;
case GeneralName.registeredID:
list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId());
break;
case GeneralName.iPAddress:
byte[] addrBytes = DEROctetString.getInstance(genName.getName()).getOctets();
final String addr;
try {
addr = InetAddress.getByAddress(addrBytes).getHostAddress();
} catch (UnknownHostException e) {
continue;
}
list.add(addr);
break;
default:
throw new IOException("Bad tag number: " + genName.getTagNo());
}
temp.add(Collections.unmodifiableList(list));
}
if (temp.size() == 0) {
return null;
}
return Collections.unmodifiableCollection(temp);
} catch (Exception e) {
throw new CertificateParsingException(e.getMessage());
}
}
Also used :
Enumeration(java.util.Enumeration)
CertificateParsingException(java.security.cert.CertificateParsingException)
UnknownHostException(java.net.UnknownHostException)
ArrayList(java.util.ArrayList)
Collection(java.util.Collection)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
DERBitString(org.bouncycastle.asn1.DERBitString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
IOException(java.io.IOException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 64 with GeneralName
use of sun.security.x509.GeneralName in project robovm by robovm.
the class RFC3280CertPathUtilities method processCRLB1.
/**
* If the DP includes cRLIssuer, then verify that the issuer field in the
* complete CRL matches cRLIssuer in the DP and that the complete CRL
* contains an issuing distribution point extension with the indirectCRL
* boolean asserted. Otherwise, verify that the CRL issuer matches the
* certificate issuer.
*
* @param dp The distribution point.
* @param cert The certificate ot attribute certificate.
* @param crl The CRL for <code>cert</code>.
* @throws AnnotatedException if one of the above conditions does not apply or an error
* occurs.
*/
protected static void processCRLB1(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
ASN1Primitive idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
boolean isIndirect = false;
if (idp != null) {
if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) {
isIndirect = true;
}
}
byte[] issuerBytes = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
boolean matchIssuer = false;
if (dp.getCRLIssuer() != null) {
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) {
matchIssuer = true;
}
} catch (IOException e) {
throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
if (matchIssuer && !isIndirect) {
throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
}
if (!matchIssuer) {
throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
}
} else {
if (CertPathValidatorUtilities.getIssuerPrincipal(crl).equals(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert))) {
matchIssuer = true;
}
}
if (!matchIssuer) {
throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
}
}
Also used :
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IOException(java.io.IOException)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 65 with GeneralName
use of sun.security.x509.GeneralName in project robovm by robovm.
the class RFC3280CertPathUtilities method checkCRLs.
/**
* Checks a certificate if it is revoked.
*
* @param paramsPKIX PKIX parameters.
* @param cert Certificate to check if it is revoked.
* @param validDate The date when the certificate revocation status should be
* checked.
* @param sign The issuer certificate of the certificate <code>cert</code>.
* @param workingPublicKey The public key of the issuer certificate <code>sign</code>.
* @param certPathCerts The certificates of the certification path.
* @throws AnnotatedException if the certificate is revoked or the status cannot be checked
* or some error occurs.
*/
protected static void checkCRLs(ExtendedPKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, List certPathCerts) throws AnnotatedException {
AnnotatedException lastException = null;
CRLDistPoint crldp = null;
try {
crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS));
} catch (Exception e) {
throw new AnnotatedException("CRL distribution point extension could not be read.", e);
}
try {
CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX);
} catch (AnnotatedException e) {
throw new AnnotatedException("No additional CRL locations could be decoded from CRL distribution point extension.", e);
}
CertStatus certStatus = new CertStatus();
ReasonsMask reasonsMask = new ReasonsMask();
boolean validCrlFound = false;
// for each distribution point
if (crldp != null) {
DistributionPoint[] dps = null;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("Distribution points could not be read.", e);
}
if (dps != null) {
for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++) {
ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
try {
checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
validCrlFound = true;
} catch (AnnotatedException e) {
lastException = e;
}
}
}
}
if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons()) {
try {
/*
* assume a DP with both the reasons and the cRLIssuer fields
* omitted and a distribution point name of the certificate
* issuer.
*/
ASN1Primitive issuer = null;
try {
issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()).readObject();
} catch (Exception e) {
throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e);
}
DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(GeneralName.directoryName, issuer))), null, null);
ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
validCrlFound = true;
} catch (AnnotatedException e) {
lastException = e;
}
}
if (!validCrlFound) {
if (lastException instanceof AnnotatedException) {
throw lastException;
}
throw new AnnotatedException("No valid CRL found.", lastException);
}
if (certStatus.getCertStatus() != CertStatus.UNREVOKED) {
String message = "Certificate revocation after " + certStatus.getRevocationDate();
message += ", reason: " + crlReasons[certStatus.getCertStatus()];
throw new AnnotatedException(message);
}
if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED) {
certStatus.setCertStatus(CertStatus.UNDETERMINED);
}
if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) {
throw new AnnotatedException("Certificate status could not be determined.");
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Aggregations
GeneralName (org.bouncycastle.asn1.x509.GeneralName)50
IOException (java.io.IOException)34
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)28
ArrayList (java.util.ArrayList)27
List (java.util.List)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)19
GeneralName (org.apache.harmony.security.x509.GeneralName)18
X509Certificate (java.security.cert.X509Certificate)17
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)16
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)15
Date (java.util.Date)12
X500Name (org.bouncycastle.asn1.x500.X500Name)10
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)10
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)10
GeneralName (sun.security.x509.GeneralName)10
GeneralSecurityException (java.security.GeneralSecurityException)9
CertPathValidatorException (java.security.cert.CertPathValidatorException)9
Enumeration (java.util.Enumeration)9
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)9
CertificateExpiredException (java.security.cert.CertificateExpiredException)8
