Examples with X500Name sun.security.x509.X500Name used on opensource projects

Example 36 with X500Name

use of sun.security.x509.X500Name in project jdk8u_jdk by JetBrains.

the class HostnameChecker method matchDNS.

/**
     * Check if the certificate allows use of the given DNS name.
     *
     * From RFC2818:
     * If a subjectAltName extension of type dNSName is present, that MUST
     * be used as the identity. Otherwise, the (most specific) Common Name
     * field in the Subject field of the certificate MUST be used. Although
     * the use of the Common Name is existing practice, it is deprecated and
     * Certification Authorities are encouraged to use the dNSName instead.
     *
     * Matching is performed using the matching rules specified by
     * [RFC2459].  If more than one identity of a given type is present in
     * the certificate (e.g., more than one dNSName name, a match in any one
     * of the set is considered acceptable.)
     */
private void matchDNS(String expectedName, X509Certificate cert) throws CertificateException {
    Collection<List<?>> subjAltNames = cert.getSubjectAlternativeNames();
    if (subjAltNames != null) {
        boolean foundDNS = false;
        for (List<?> next : subjAltNames) {
            if (((Integer) next.get(0)).intValue() == ALTNAME_DNS) {
                foundDNS = true;
                String dnsName = (String) next.get(1);
                if (isMatched(expectedName, dnsName)) {
                    return;
                }
            }
        }
        if (foundDNS) {
            // but none match, reject
            throw new CertificateException("No subject alternative DNS " + "name matching " + expectedName + " found.");
        }
    }
    X500Name subjectName = getSubjectX500Name(cert);
    DerValue derValue = subjectName.findMostSpecificAttribute(X500Name.commonName_oid);
    if (derValue != null) {
        try {
            if (isMatched(expectedName, derValue.getAsString())) {
                return;
            }
        } catch (IOException e) {
        // ignore
        }
    }
    String msg = "No name matching " + expectedName + " found";
    throw new CertificateException(msg);
}

Example 37 with X500Name

use of sun.security.x509.X500Name in project jdk8u_jdk by JetBrains.

the class VerifierWrapper method getServername.

/*
     * Extract the name of the SSL server from the certificate.
     *
     * Note this code is essentially a subset of the hostname extraction
     * code in HostnameChecker.
     */
private static String getServername(X509Certificate peerCert) {
    try {
        // compare to subjectAltNames if dnsName is present
        Collection<List<?>> subjAltNames = peerCert.getSubjectAlternativeNames();
        if (subjAltNames != null) {
            for (Iterator<List<?>> itr = subjAltNames.iterator(); itr.hasNext(); ) {
                List<?> next = itr.next();
                if (((Integer) next.get(0)).intValue() == 2) {
                    // compare dNSName with host in url
                    String dnsName = ((String) next.get(1));
                    return dnsName;
                }
            }
        }
        // else check against common name in the subject field
        X500Name subject = HostnameChecker.getSubjectX500Name(peerCert);
        DerValue derValue = subject.findMostSpecificAttribute(X500Name.commonName_oid);
        if (derValue != null) {
            try {
                String name = derValue.getAsString();
                return name;
            } catch (IOException e) {
            // ignore
            }
        }
    } catch (java.security.cert.CertificateException e) {
    // ignore
    }
    return null;
}

Example 38 with X500Name

use of sun.security.x509.X500Name in project jdk8u_jdk by JetBrains.

the class X500Principal method readObject.

/**
     * Reads this object from a stream (i.e., deserializes it)
     */
private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, java.io.NotActiveException, ClassNotFoundException {
    s.defaultReadObject();
    // re-create thisX500Name
    thisX500Name = new X500Name(name);
}

Example 39 with X500Name

use of sun.security.x509.X500Name in project tomee by apache.

the class SslTomEETest method test.

@Test
public void test() throws Exception {
    final File keystore = new File("target/keystore");
    {
        // generate keystore/trustore
        if (keystore.exists()) {
            Files.delete(keystore);
        }
        keystore.getParentFile().mkdirs();
        try (final FileOutputStream fos = new FileOutputStream(keystore)) {
            final KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
            keyGenerator.initialize(1024);
            final KeyPair pair = keyGenerator.generateKeyPair();
            final boolean addBc = Security.getProvider("BC") == null;
            if (addBc) {
                Security.addProvider(new BouncyCastleProvider());
            }
            try {
                final X509v1CertificateBuilder x509v1CertificateBuilder = new JcaX509v1CertificateBuilder(new X500Name("cn=serveralias"), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1)), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)), new X500Name("cn=serveralias"), pair.getPublic());
                final X509CertificateHolder certHldr = x509v1CertificateBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(pair.getPrivate()));
                final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHldr);
                final KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(null, "changeit".toCharArray());
                ks.setKeyEntry("serveralias", pair.getPrivate(), "changeit".toCharArray(), new Certificate[] { cert });
                ks.store(fos, "changeit".toCharArray());
            } finally {
                if (addBc) {
                    Security.removeProvider("BC");
                }
            }
        } catch (final Exception e) {
            Assert.fail(e.getMessage());
        }
    }
    final Configuration configuration = new Configuration();
    configuration.setSsl(true);
    configuration.setKeystoreFile(keystore.getAbsolutePath());
    configuration.setKeystorePass("changeit");
    configuration.setKeyAlias("serveralias");
    final Container container = new Container();
    container.setup(configuration);
    container.start();
    try {
        assertEquals(8443, ManagementFactory.getPlatformMBeanServer().getAttribute(new ObjectName("Tomcat:type=ProtocolHandler,port=8443"), "port"));
    } finally {
        container.stop();
    }
    // ensure it is not always started
    configuration.setSsl(false);
    container.setup(configuration);
    container.start();
    try {
        assertFalse(ManagementFactory.getPlatformMBeanServer().isRegistered(new ObjectName("Tomcat:type=ProtocolHandler,port=8443")));
    } finally {
        container.close();
    }
}

Example 40 with X500Name

use of sun.security.x509.X500Name in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testNameConstraints.

// Tests matching on the name constraints contained in the certificate.
private void testNameConstraints() throws IOException {
    System.out.println("X.509 Certificate Match on name constraints");
    // bad match
    GeneralSubtrees subjectTree = new GeneralSubtrees();
    subjectTree.add(getGeneralSubtree((X500Name) cert.getSubjectDN()));
    NameConstraintsExtension ext = new NameConstraintsExtension((GeneralSubtrees) null, subjectTree);
    X509CertSelector selector = new X509CertSelector();
    selector.setNameConstraints(ext.getExtensionValue());
    checkMatch(selector, cert, false);
    // good match
    ext = new NameConstraintsExtension(subjectTree, null);
    selector.setNameConstraints(ext.getExtensionValue());
    checkMatch(selector, cert, true);
}