Examples with NetscapeCertTypeExtension sun.security.x509.NetscapeCertTypeExtension used on opensource projects

Example 1 with NetscapeCertTypeExtension

use of sun.security.x509.NetscapeCertTypeExtension in project otertool by wuntee.

the class JarSigner method checkCertUsage.

/**
     * Check if userCert is designed to be a code signer
     * @param userCert the certificate to be examined
     * @param bad 3 booleans to show if the KeyUsage, ExtendedKeyUsage,
     *            NetscapeCertType has codeSigning flag turned on.
     *            If null, the class field badKeyUsage, badExtendedKeyUsage,
     *            badNetscapeCertType will be set.
     */
void checkCertUsage(X509Certificate userCert, boolean[] bad) {
    if (bad != null) {
        bad[0] = bad[1] = bad[2] = false;
    }
    boolean[] keyUsage = userCert.getKeyUsage();
    if (keyUsage != null) {
        if (keyUsage.length < 1 || !keyUsage[0]) {
            if (bad != null) {
                bad[0] = true;
            } else {
                badKeyUsage = true;
            }
        }
    }
    try {
        List<String> xKeyUsage = userCert.getExtendedKeyUsage();
        if (xKeyUsage != null) {
            if (// anyExtendedKeyUsage
            !xKeyUsage.contains("2.5.29.37.0") && !xKeyUsage.contains("1.3.6.1.5.5.7.3.3")) {
                // codeSigning
                if (bad != null) {
                    bad[1] = true;
                } else {
                    badExtendedKeyUsage = true;
                }
            }
        }
    } catch (java.security.cert.CertificateParsingException e) {
    // shouldn't happen
    }
    try {
        // OID_NETSCAPE_CERT_TYPE
        byte[] netscapeEx = userCert.getExtensionValue("2.16.840.1.113730.1.1");
        if (netscapeEx != null) {
            DerInputStream in = new DerInputStream(netscapeEx);
            byte[] encoded = in.getOctetString();
            encoded = new DerValue(encoded).getUnalignedBitString().toByteArray();
            NetscapeCertTypeExtension extn = new NetscapeCertTypeExtension(encoded);
            Boolean val = (Boolean) extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING);
            if (!val) {
                if (bad != null) {
                    bad[2] = true;
                } else {
                    badNetscapeCertType = true;
                }
            }
        }
    } catch (IOException e) {
    // 
    }
}

Example 2 with NetscapeCertTypeExtension

use of sun.security.x509.NetscapeCertTypeExtension in project jdk8u_jdk by JetBrains.

the class SimpleValidator method getNetscapeCertTypeBit.

/**
     * Get the value of the specified bit in the Netscape certificate type
     * extension. If the extension is not present at all, we return true.
     */
static boolean getNetscapeCertTypeBit(X509Certificate cert, String type) {
    try {
        NetscapeCertTypeExtension ext;
        if (cert instanceof X509CertImpl) {
            X509CertImpl certImpl = (X509CertImpl) cert;
            ObjectIdentifier oid = OBJID_NETSCAPE_CERT_TYPE;
            ext = (NetscapeCertTypeExtension) certImpl.getExtension(oid);
            if (ext == null) {
                return true;
            }
        } else {
            byte[] extVal = cert.getExtensionValue(OID_NETSCAPE_CERT_TYPE);
            if (extVal == null) {
                return true;
            }
            DerInputStream in = new DerInputStream(extVal);
            byte[] encoded = in.getOctetString();
            encoded = new DerValue(encoded).getUnalignedBitString().toByteArray();
            ext = new NetscapeCertTypeExtension(encoded);
        }
        Boolean val = ext.get(type);
        return val.booleanValue();
    } catch (IOException e) {
        return false;
    }
}

Example 3 with NetscapeCertTypeExtension

use of sun.security.x509.NetscapeCertTypeExtension in project jdk8u_jdk by JetBrains.

the class NamedBitList method main.

public static void main(String[] args) throws Exception {
    boolean[] bb = (new boolean[] { true, false, true, false, false, false });
    GeneralNames gns = new GeneralNames();
    gns.add(new GeneralName(new DNSName("dns")));
    DerOutputStream out;
    // length should be 5 since only {T,F,T} should be encoded
    KeyUsageExtension x1 = new KeyUsageExtension(bb);
    check(new DerValue(x1.getExtensionValue()).getUnalignedBitString().length(), 3);
    NetscapeCertTypeExtension x2 = new NetscapeCertTypeExtension(bb);
    check(new DerValue(x2.getExtensionValue()).getUnalignedBitString().length(), 3);
    ReasonFlags r = new ReasonFlags(bb);
    out = new DerOutputStream();
    r.encode(out);
    check(new DerValue(out.toByteArray()).getUnalignedBitString().length(), 3);
    // Read sun.security.x509.DistributionPoint for ASN.1 definition
    DistributionPoint dp = new DistributionPoint(gns, bb, gns);
    out = new DerOutputStream();
    dp.encode(out);
    DerValue v = new DerValue(out.toByteArray());
    // skip distributionPoint
    v.data.getDerValue();
    // read reasons
    DerValue v2 = v.data.getDerValue();
    // reset to BitString since it's context-specfic[1] encoded
    v2.resetTag(DerValue.tag_BitString);
    // length should be 5 since only {T,F,T} should be encoded
    check(v2.getUnalignedBitString().length(), 3);
    BitArray ba;
    ba = new BitArray(new boolean[] { false, false, false });
    check(ba.length(), 3);
    ba = ba.truncate();
    check(ba.length(), 1);
    ba = new BitArray(new boolean[] { true, true, true, true, true, true, true, true, false, false });
    check(ba.length(), 10);
    check(ba.toByteArray().length, 2);
    ba = ba.truncate();
    check(ba.length(), 8);
    check(ba.toByteArray().length, 1);
    ba = new BitArray(new boolean[] { true, true, true, true, true, true, true, true, true, false });
    check(ba.length(), 10);
    check(ba.toByteArray().length, 2);
    ba = ba.truncate();
    check(ba.length(), 9);
    check(ba.toByteArray().length, 2);
}