Example 6 with GeneralSubtree
use of sun.security.x509.GeneralSubtree in project jdk8u_jdk by JetBrains.
the class X509CertSelectorTest method testPathToName.
/*
* Tests matching on the name constraints extension contained in the
* certificate.
*/
private void testPathToName() throws IOException {
System.out.println("X.509 Certificate Match on pathToName");
X509CertSelector selector = null;
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
byte[] encoded = in.getOctetString();
NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
// bad matches on pathToName within excluded subtrees
if (excluded != null) {
Iterator<GeneralSubtree> e = excluded.iterator();
while (e.hasNext()) {
GeneralSubtree tree = e.next();
if (tree.getName().getType() == NAME_DIRECTORY) {
X500Name excludedDN1 = new X500Name(tree.getName().toString());
X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
DerOutputStream derDN1 = new DerOutputStream();
DerOutputStream derDN2 = new DerOutputStream();
excludedDN1.encode(derDN1);
excludedDN2.encode(derDN2);
selector = new X509CertSelector();
selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
checkMatch(selector, cert, false);
selector.setPathToNames(null);
selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
checkMatch(selector, cert, false);
}
}
}
// good matches on pathToName within permitted subtrees
if (permitted != null) {
Iterator<GeneralSubtree> e = permitted.iterator();
while (e.hasNext()) {
GeneralSubtree tree = e.next();
if (tree.getName().getType() == NAME_DIRECTORY) {
X500Name permittedDN1 = new X500Name(tree.getName().toString());
X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
DerOutputStream derDN1 = new DerOutputStream();
DerOutputStream derDN2 = new DerOutputStream();
permittedDN1.encode(derDN1);
permittedDN2.encode(derDN2);
selector = new X509CertSelector();
selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
checkMatch(selector, cert, true);
selector.setPathToNames(null);
selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
checkMatch(selector, cert, true);
}
}
}
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
GeneralSubtrees(sun.security.x509.GeneralSubtrees)
X509CertSelector(java.security.cert.X509CertSelector)
DerInputStream(sun.security.util.DerInputStream)
NameConstraintsExtension(sun.security.x509.NameConstraintsExtension)
GeneralSubtree(sun.security.x509.GeneralSubtree)
X500Name(sun.security.x509.X500Name)
Aggregations
GeneralSubtree (org.bouncycastle.asn1.x509.GeneralSubtree)4
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
CertPathBuilderException (java.security.cert.CertPathBuilderException)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
CertificateExpiredException (java.security.cert.CertificateExpiredException)2
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
Enumeration (java.util.Enumeration)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
Iterator (java.util.Iterator)2
List (java.util.List)2
Map (java.util.Map)2
Set (java.util.Set)2
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2
NameConstraints (org.bouncycastle.asn1.x509.NameConstraints)2
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)2
GeneralSubtree (sun.security.x509.GeneralSubtree)2
