Example 36 with GeneralName
use of sun.security.x509.GeneralName in project athenz by yahoo.
the class Crypto method extractX509CSRDnsNames.
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) {
List<String> dnsNames = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.dNSName) {
dnsNames.add(((DERIA5String) name.getName()).getString());
}
}
}
}
return dnsNames;
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
ArrayList(java.util.ArrayList)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Extensions(org.bouncycastle.asn1.x509.Extensions)
Example 37 with GeneralName
use of sun.security.x509.GeneralName in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesXmppAddrAndDNS.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the DNS subjectAltName value</li>
* <li>the 'xmppAddr' subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type DNS </li>
* <li>a subjectAltName entry of type otherName with an ASN.1 Object Identifier of "id-on-xmppAddr"</li>
* </ul>
*/
@Test
public void testServerIdentitiesXmppAddrAndDNS() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameXmppAddr = "MySubjectAltNameXmppAddr";
final String subjectAltNameDNS = "MySubjectAltNameDNS";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final DERSequence otherName = new DERSequence(new ASN1Encodable[] { XMPP_ADDR_OID, new DERUTF8String(subjectAltNameXmppAddr) });
final GeneralNames subjectAltNames = new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.otherName, otherName), new GeneralName(GeneralName.dNSName, subjectAltNameDNS) });
builder.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(2, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameXmppAddr));
assertFalse(serverIdentities.contains(subjectCommonName));
}
Also used :
SecureRandom(java.security.SecureRandom)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Test(org.junit.Test)
Example 38 with GeneralName
use of sun.security.x509.GeneralName in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesDnsSrv.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the 'DNS SRV' subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type otherName with an ASN.1 Object Identifier of "id-on-dnsSRV"</li>
* </ul>
*/
@Test
public void testServerIdentitiesDnsSrv() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameDnsSrv = "MySubjectAltNameXmppAddr";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final DERSequence otherName = new DERSequence(new ASN1Encodable[] { DNS_SRV_OID, new DERUTF8String("_xmpp-server." + subjectAltNameDnsSrv) });
final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.otherName, otherName));
builder.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameDnsSrv));
assertFalse(serverIdentities.contains(subjectCommonName));
}
Also used :
SecureRandom(java.security.SecureRandom)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Test(org.junit.Test)
Example 39 with GeneralName
use of sun.security.x509.GeneralName in project robovm by robovm.
the class AuthorityKeyIdentifierStructure method fromCertificate.
private static ASN1Sequence fromCertificate(X509Certificate certificate) throws CertificateParsingException {
try {
if (certificate.getVersion() != 3) {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
} else {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
byte[] ext = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
if (ext != null) {
ASN1OctetString str = (ASN1OctetString) X509ExtensionUtil.fromExtensionValue(ext);
return (ASN1Sequence) new AuthorityKeyIdentifier(str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
} else {
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
}
}
} catch (Exception e) {
throw new CertificateParsingException("Exception extracting certificate details: " + e.toString());
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
CertificateParsingException(java.security.cert.CertificateParsingException)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
Example 40 with GeneralName
use of sun.security.x509.GeneralName in project robovm by robovm.
the class X509ExtensionUtil method getAlternativeNames.
private static Collection getAlternativeNames(byte[] extVal) throws CertificateParsingException {
if (extVal == null) {
return Collections.EMPTY_LIST;
}
try {
Collection temp = new ArrayList();
Enumeration it = DERSequence.getInstance(fromExtensionValue(extVal)).getObjects();
while (it.hasMoreElements()) {
GeneralName genName = GeneralName.getInstance(it.nextElement());
List list = new ArrayList();
list.add(Integers.valueOf(genName.getTagNo()));
switch(genName.getTagNo()) {
case GeneralName.ediPartyName:
case GeneralName.x400Address:
case GeneralName.otherName:
list.add(genName.getName().toASN1Primitive());
break;
case GeneralName.directoryName:
list.add(X500Name.getInstance(genName.getName()).toString());
break;
case GeneralName.dNSName:
case GeneralName.rfc822Name:
case GeneralName.uniformResourceIdentifier:
list.add(((ASN1String) genName.getName()).getString());
break;
case GeneralName.registeredID:
list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId());
break;
case GeneralName.iPAddress:
list.add(DEROctetString.getInstance(genName.getName()).getOctets());
break;
default:
throw new IOException("Bad tag number: " + genName.getTagNo());
}
temp.add(list);
}
return Collections.unmodifiableCollection(temp);
} catch (Exception e) {
throw new CertificateParsingException(e.getMessage());
}
}
Also used :
Enumeration(java.util.Enumeration)
CertificateParsingException(java.security.cert.CertificateParsingException)
ArrayList(java.util.ArrayList)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
IOException(java.io.IOException)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
Aggregations
GeneralName (org.bouncycastle.asn1.x509.GeneralName)50
IOException (java.io.IOException)34
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)28
ArrayList (java.util.ArrayList)27
List (java.util.List)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)19
GeneralName (org.apache.harmony.security.x509.GeneralName)18
X509Certificate (java.security.cert.X509Certificate)17
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)16
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)15
Date (java.util.Date)12
X500Name (org.bouncycastle.asn1.x500.X500Name)10
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)10
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)10
GeneralName (sun.security.x509.GeneralName)10
GeneralSecurityException (java.security.GeneralSecurityException)9
CertPathValidatorException (java.security.cert.CertPathValidatorException)9
Enumeration (java.util.Enumeration)9
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)9
CertificateExpiredException (java.security.cert.CertificateExpiredException)8
