Example 1 with GeneralSubtree
use of sun.security.x509.GeneralSubtree in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertG.
protected static void prepareNextCertG(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (g) handle the name constraints extension
//
NameConstraints nc = null;
try {
ASN1Sequence ncSeq = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.NAME_CONSTRAINTS));
if (ncSeq != null) {
nc = NameConstraints.getInstance(ncSeq);
}
} catch (Exception e) {
throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath, index);
}
if (nc != null) {
//
// (g) (1) permitted subtrees
//
GeneralSubtree[] permitted = nc.getPermittedSubtrees();
if (permitted != null) {
try {
nameConstraintValidator.intersectPermittedSubtree(permitted);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
//
// (g) (2) excluded subtrees
//
GeneralSubtree[] excluded = nc.getExcludedSubtrees();
if (excluded != null) {
for (int i = 0; i != excluded.length; i++) try {
nameConstraintValidator.addExcludedSubtree(excluded[i]);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
}
}
Also used :
NameConstraints(org.bouncycastle.asn1.x509.NameConstraints)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 2 with GeneralSubtree
use of sun.security.x509.GeneralSubtree in project jdk8u_jdk by JetBrains.
the class X509CertSelectorTest method getGeneralSubtree.
private static GeneralSubtree getGeneralSubtree(GeneralNameInterface gni) {
// Create a new GeneralSubtree with the specified name, 0 base, and
// unlimited length
GeneralName gn = new GeneralName(gni);
GeneralSubtree subTree = new GeneralSubtree(gn, 0, -1);
return subTree;
}
Also used :
GeneralName(sun.security.x509.GeneralName)
GeneralSubtree(sun.security.x509.GeneralSubtree)
Example 3 with GeneralSubtree
use of sun.security.x509.GeneralSubtree in project robovm by robovm.
the class PKIXNameConstraintValidator method intersectPermittedSubtree.
/**
* Updates the permitted set of these name constraints with the intersection
* with the given subtree.
*
* @param permitted The permitted subtrees
*/
public void intersectPermittedSubtree(GeneralSubtree[] permitted) {
Map subtreesMap = new HashMap();
// group in sets in a map ordered by tag no.
for (int i = 0; i != permitted.length; i++) {
GeneralSubtree subtree = permitted[i];
Integer tagNo = Integers.valueOf(subtree.getBase().getTagNo());
if (subtreesMap.get(tagNo) == null) {
subtreesMap.put(tagNo, new HashSet());
}
((Set) subtreesMap.get(tagNo)).add(subtree);
}
for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext(); ) {
Map.Entry entry = (Map.Entry) it.next();
// go through all subtree groups
switch(((Integer) entry.getKey()).intValue()) {
case 1:
permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, (Set) entry.getValue());
break;
case 2:
permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (Set) entry.getValue());
break;
case 4:
permittedSubtreesDN = intersectDN(permittedSubtreesDN, (Set) entry.getValue());
break;
case 6:
permittedSubtreesURI = intersectURI(permittedSubtreesURI, (Set) entry.getValue());
break;
case 7:
permittedSubtreesIP = intersectIP(permittedSubtreesIP, (Set) entry.getValue());
}
}
}Example 4 with GeneralSubtree
use of sun.security.x509.GeneralSubtree in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method prepareNextCertG.
protected static void prepareNextCertG(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (g) handle the name constraints extension
//
NameConstraints nc = null;
try {
ASN1Sequence ncSeq = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.NAME_CONSTRAINTS));
if (ncSeq != null) {
nc = new NameConstraints(ncSeq);
}
} catch (Exception e) {
throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath, index);
}
if (nc != null) {
//
// (g) (1) permitted subtrees
//
ASN1Sequence permitted = nc.getPermittedSubtrees();
if (permitted != null) {
try {
nameConstraintValidator.intersectPermittedSubtree(permitted);
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
//
// (g) (2) excluded subtrees
//
ASN1Sequence excluded = nc.getExcludedSubtrees();
if (excluded != null) {
Enumeration e = excluded.getObjects();
try {
while (e.hasMoreElements()) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
nameConstraintValidator.addExcludedSubtree(subtree);
}
} catch (Exception ex) {
throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index);
}
}
}
}
Also used :
NameConstraints(org.bouncycastle.asn1.x509.NameConstraints)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Enumeration(java.util.Enumeration)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 5 with GeneralSubtree
use of sun.security.x509.GeneralSubtree in project XobotOS by xamarin.
the class PKIXNameConstraintValidator method intersectPermittedSubtree.
/**
* Updates the permitted set of these name constraints with the intersection
* with the given subtree.
*
* @param permitted The permitted subtrees
*/
public void intersectPermittedSubtree(ASN1Sequence permitted) {
Map subtreesMap = new HashMap();
// group in sets in a map ordered by tag no.
for (Enumeration e = permitted.getObjects(); e.hasMoreElements(); ) {
GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
// BEGIN android-changed
Integer tagNo = Integer.valueOf(subtree.getBase().getTagNo());
// END android-changed
if (subtreesMap.get(tagNo) == null) {
subtreesMap.put(tagNo, new HashSet());
}
((Set) subtreesMap.get(tagNo)).add(subtree);
}
for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext(); ) {
Map.Entry entry = (Map.Entry) it.next();
// go through all subtree groups
switch(((Integer) entry.getKey()).intValue()) {
case 1:
permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, (Set) entry.getValue());
break;
case 2:
permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (Set) entry.getValue());
break;
case 4:
permittedSubtreesDN = intersectDN(permittedSubtreesDN, (Set) entry.getValue());
break;
case 6:
permittedSubtreesURI = intersectURI(permittedSubtreesURI, (Set) entry.getValue());
break;
case 7:
permittedSubtreesIP = intersectIP(permittedSubtreesIP, (Set) entry.getValue());
}
}
}
Also used :
Enumeration(java.util.Enumeration)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)4
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
CertPathBuilderException (java.security.cert.CertPathBuilderException)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
CertificateExpiredException (java.security.cert.CertificateExpiredException)2
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
Enumeration (java.util.Enumeration)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
Iterator (java.util.Iterator)2
List (java.util.List)2
Map (java.util.Map)2
Set (java.util.Set)2
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2
NameConstraints (org.bouncycastle.asn1.x509.NameConstraints)2
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)2
GeneralSubtree (sun.security.x509.GeneralSubtree)2
