use of sun.security.x509.SubjectAlternativeNameExtension in project OpenAttestation by OpenAttestation.
the class X509Builder method ipAlternativeName.
public X509Builder ipAlternativeName(String ip) {
try {
v3();
String alternativeName = ip;
if (ip.startsWith("ip:")) {
alternativeName = ip.substring(3);
}
// InetAddress ipAddress = new InetAddress.getByName(alternativeName.substring(3));
// IPAddressName ipAddressName = new IPAddressName(ipAddress.getAddress());
IPAddressName ipAddressName = new IPAddressName(alternativeName);
if (alternativeNames == null) {
alternativeNames = new GeneralNames();
}
alternativeNames.add(new GeneralName(ipAddressName));
SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(alternativeNames);
if (certificateExtensions == null) {
certificateExtensions = new CertificateExtensions();
}
certificateExtensions.set(san.getExtensionId().toString(), san);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
// ObjectIdentifier("2.5.29.17") , false, "ipaddress".getBytes()
} catch (Exception e) {
fault(e, "ipAlternativeName(%s)", ip);
}
return this;
}
use of sun.security.x509.SubjectAlternativeNameExtension in project OpenAM by OpenRock.
the class ApprovalCallback method approve.
/*
* Invoked by JSS protocol handler whenever ssl handshaking hits issue.
* It validates reported issue if it can be ignored.
*
* @return <code>true</code> if the reported issue can be ignored.
*/
public boolean approve(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status) {
ValidityItem item;
Enumeration errors = status.getReasons();
int reason;
if (trustAllServerCerts) {
return true;
}
if ((reqHost == null) && !errors.hasMoreElements()) {
return true;
}
boolean approve = true;
while (approve && errors.hasMoreElements()) {
item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
reason = item.getReason();
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: reason " + reason);
}
// bad domain -12276
if (reason != ValidityStatus.BAD_CERT_DOMAIN) {
approve = false;
} else {
String cn = null;
try {
String subjectDN = cert.getSubjectDN().getName();
cn = new X500Name(subjectDN).getCommonName();
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
if (cn == null) {
return false;
}
if (!sslTrustHosts.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: server cert CN : " + cn);
}
if (sslTrustHosts.contains(cn.toLowerCase())) {
return true;
}
}
if (resolveIPAddress) {
try {
approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(reqHost).getHostAddress());
} catch (UnknownHostException ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
} else
approve = false;
if (!approve && checkSubjectAltName) {
try {
X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
if (altNameExt != null) {
GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
Method meth = getMethod();
GeneralName generalname = null;
if (meth.getName().equals(OLD_METHOD_NAME)) {
// pre 1.4.2 implementation
Enumeration e = (Enumeration) meth.invoke(names, params);
for (; !approve && e.hasMoreElements(); ) {
approve = compareHosts((GeneralName) e.nextElement());
}
} else {
// post 1.4.2 implementation
Iterator i = (Iterator) meth.invoke(names, params);
for (; !approve && i.hasNext(); ) {
approve = compareHosts((GeneralName) i.next());
}
}
}
} catch (Exception ex) {
return false;
}
}
}
}
return approve;
}
Aggregations