Package org.apache.geronimo.util.asn1.x509

Examples of org.apache.geronimo.util.asn1.x509.GeneralName

2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
        certGen.addExtension("2.5.29.15", true,
            new X509KeyUsage(X509KeyUsage.encipherOnly));
        certGen.addExtension("2.5.29.37", true,
            new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
        certGen.addExtension("2.5.29.17", true,
            new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));

        X509Certificate baseCert = certGen.generate(privKey, "BC");

        baseCert.verify(pubKey);
    }
View Full Code Here
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
    {
        for (int i = 0; i < testNameIsConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, testNameIsConstraint[i]))));
            constraintValidator.checkPermitted(new GeneralName(nameType, testName));
        }
        for (int i = 0; i < testNameIsNotConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, testNameIsNotConstraint[i]))));
            try
            {
                constraintValidator.checkPermitted(new GeneralName(nameType, testName));
                fail("not permitted name allowed: " + nameType);
            }
            catch (PKIXNameConstraintValidatorException e)
            {
                // expected
            }
        }
        for (int i = 0; i < testNameIsConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, testNameIsConstraint[i])));
            try
            {
                constraintValidator.checkExcluded(new GeneralName(nameType, testName));
                fail("excluded name missed: " + nameType);
            }
            catch (PKIXNameConstraintValidatorException e)
            {
                // expected
            }
        }
        for (int i = 0; i < testNameIsNotConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, testNameIsNotConstraint[i])));
            constraintValidator.checkExcluded(new GeneralName(nameType, testName));
        }
        for (int i = 0; i < testNames1.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, testNames1[i])));
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, testNames2[i])));
            PKIXNameConstraintValidator constraints2 = new PKIXNameConstraintValidator();
            for (int j = 0; j < testUnion[i].length; j++)
            {
                constraints2.addExcludedSubtree(new GeneralSubtree(
                    new GeneralName(nameType, testUnion[i][j])));
            }
            if (!constraints2.equals(constraintValidator))
            {
                fail("union wrong: " + nameType);
            }
            constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, testNames1[i]))));
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, testNames2[i]))));
            constraints2 = new PKIXNameConstraintValidator();
            if (testInterSection[i] != null)
            {
                constraints2.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                    new GeneralName(nameType, testInterSection[i]))));
            }
            else
            {
                constraints2.intersectEmptyPermittedSubtree(nameType);
            }
View Full Code Here
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
    {
        for (int i = 0; i < testNameIsConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, new DEROctetString(
                    testNameIsConstraint[i])))));
            constraintValidator.checkPermitted(new GeneralName(nameType,
                new DEROctetString(testName)));
        }
        for (int i = 0; i < testNameIsNotConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, new DEROctetString(
                    testNameIsNotConstraint[i])))));
            try
            {
                constraintValidator.checkPermitted(new GeneralName(nameType,
                    new DEROctetString(testName)));
                fail("not permitted name allowed: " + nameType);
            }
            catch (PKIXNameConstraintValidatorException e)
            {
                // expected
            }
        }
        for (int i = 0; i < testNameIsConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, new DEROctetString(testNameIsConstraint[i]))));
            try
            {
                constraintValidator.checkExcluded(new GeneralName(nameType,
                    new DEROctetString(testName)));
                fail("excluded name missed: " + nameType);
            }
            catch (PKIXNameConstraintValidatorException e)
            {
                // expected
            }
        }
        for (int i = 0; i < testNameIsNotConstraint.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, new DEROctetString(testNameIsNotConstraint[i]))));
            constraintValidator.checkExcluded(new GeneralName(nameType,
                new DEROctetString(testName)));
        }
        for (int i = 0; i < testNames1.length; i++)
        {
            PKIXNameConstraintValidator constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, new DEROctetString(testNames1[i]))));
            constraintValidator.addExcludedSubtree(new GeneralSubtree(new GeneralName(
                nameType, new DEROctetString(testNames2[i]))));
            PKIXNameConstraintValidator constraints2 = new PKIXNameConstraintValidator();
            for (int j = 0; j < testUnion[i].length; j++)
            {
                constraints2.addExcludedSubtree(new GeneralSubtree(
                    new GeneralName(nameType, new DEROctetString(
                        testUnion[i][j]))));
            }
            if (!constraints2.equals(constraintValidator))
            {
                fail("union wrong: " + nameType);
            }
            constraintValidator = new PKIXNameConstraintValidator();
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, new DEROctetString(testNames1[i])))));
            constraintValidator.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, new DEROctetString(testNames2[i])))));
            constraints2 = new PKIXNameConstraintValidator();
            if (testInterSection[i] != null)
            {
                constraints2.intersectPermittedSubtree(new DERSequence(new GeneralSubtree(
                new GeneralName(nameType, new DEROctetString(
                    testInterSection[i])))));
            }
            else
            {
                constraints2.intersectEmptyPermittedSubtree(nameType);
View Full Code Here
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
        pubKey = kFact.generatePublic(pubKeySpec);
       
        X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
       
        // the actual attributes
        GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
        roleSyntax.add(roleName);

        // roleSyntax OID: 2.5.24.72
        X509Attribute attributes = new X509Attribute("2.5.24.72",
                new DERSequence(roleSyntax));

        gen.addAttribute(attributes);
        gen.setHolder(new AttributeCertificateHolder(iCert));
        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test")));
        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        gen.setSerialNumber(BigInteger.ONE);
        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
       
        X509AttributeCertificate aCert = gen.generate(privKey, "BC");
       
        aCert.checkValidity();
       
        aCert.verify(pubKey, "BC");
       
        AttributeCertificateHolder holder = aCert.getHolder();
       
        if (holder.getEntityNames() != null)
        {
            fail("entity names set when none expected");
        }
       
        if (!holder.getSerialNumber().equals(iCert.getSerialNumber()))
        {
            fail("holder serial number doesn't match");
        }

        if (!holder.getIssuer()[0].equals(iCert.getIssuerX500Principal()))
        {
            fail("holder issuer doesn't match");
        }
       
        if (!holder.match(iCert))
        {
            fail("generated holder not matching holder certificate");
        }
       
        X509Attribute[] attrs = aCert.getAttributes("2.5.24.72");
       
        if (attrs == null)
        {
            fail("attributes related to 2.5.24.72 not found");
        }
       
        X509Attribute attr = attrs[0];
       
        if (!attr.getOID().equals("2.5.24.72"))
        {
            fail("attribute oid mismatch");
        }
       
        ASN1Encodable[] values = attr.getValues();
       
        GeneralName role = GeneralNames.getInstance(values[0]).getNames()[0];
       
        if (role.getTagNo() != GeneralName.rfc822Name)
        {
            fail("wrong general name type found in role");
        }
       
        if (!((DERString)role.getName()).getString().equals("DAU123456789"))
        {
            fail("wrong general name value found in role");
        }
       
        X509Certificate             sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
View Full Code Here
384
385
386
387
388
389
390
391
392
393
394
        pubKey = kFact.generatePublic(pubKeySpec);
       
        X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
       
        // the actual attributes
        GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
        roleSyntax.add(roleName);
   
        // roleSyntax OID: 2.5.24.72
        X509Attribute attributes = new X509Attribute("2.5.24.72",
View Full Code Here
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
     *
     * @param subtree A subtree with an excluded GeneralName.
     */
    public void addExcludedSubtree(GeneralSubtree subtree)
    {
        GeneralName base = subtree.getBase();

        switch (base.getTagNo())
        {
            case 1:
                excludedSubtreesEmail = unionEmail(excludedSubtreesEmail,
                    extractNameAsString(base));
                break;
            case 2:
                excludedSubtreesDNS = unionDNS(excludedSubtreesDNS,
                    extractNameAsString(base));
                break;
            case 4:
                excludedSubtreesDN = unionDN(excludedSubtreesDN,
                    (ASN1Sequence)base.getName().getDERObject());
                break;
            case 6:
                excludedSubtreesURI = unionURI(excludedSubtreesURI,
                    extractNameAsString(base));
                break;
            case 7:
                excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString
                    .getInstance(base.getName()).getOctets());
                break;
        }
    }
View Full Code Here
185
186
187
188
189
190
191
192
193
194
195
196
197
198
            if (!description.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod)) {
                continue;
            }

            // Look for an URL.
            GeneralName name = description.getAccessLocation();
            if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
                String url = DERIA5String.getInstance(
                    name.getName()).getString();
                list.add(url);
            }
        }

        // Return a list of URLs.
View Full Code Here
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
              if (gns == null) {
                  return null;
              }
              final StringBuilder strBuf = new StringBuilder();
              for (int i = 0; i < gns.length; i++) {
                final GeneralName gn = gns[i];
                  if (strBuf.length() != 0) {
                      // Append comma so we get nice formatting if there are more than one authority
                      strBuf.append(", ");
                  }
                  final String str = getGeneralNameString(gn.getTagNo(), gn.getName());
                  if (str != null) {
                      strBuf.append(str);
                  }
              }
              if (strBuf.length() > 0) {
View Full Code Here
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
      try {
        obj = aIn.readObject();
        GeneralNames gan = GeneralNames.getInstance(obj);
        GeneralName[] gns = gan.getNames();
        for (int i = 0; i < gns.length; i++) {
          GeneralName gn = gns[i];
          int tag = gn.getTagNo();
          DEREncodable name = gn.getName();
          String str = CertTools.getGeneralNameString(tag, name);
          if (altName == null) {
            altName = str;
          } else {
            altName += ", "+str;
View Full Code Here
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
        ArrayList<String> emails = CertTools.getEmailFromDN(altName);
        if (!emails.isEmpty()) {
            Iterator<String> iter = emails.iterator();
            while (iter.hasNext()) {
              GeneralName gn = new GeneralName(1, new DERIA5String((String)iter.next()));
              vec.add(gn);
            }
        }
       
        ArrayList<String> dns = CertTools.getPartsFromDN(altName, CertTools.DNS);
        if (!dns.isEmpty()) {           
            Iterator<String> iter = dns.iterator();
            while (iter.hasNext()) {
                GeneralName gn = new GeneralName(2, new DERIA5String((String)iter.next()));
                vec.add(gn);
            }
        }
       
        String directoryName = getDirectoryStringFromAltName(altName);
        if (directoryName != null) {
          X509Name x509DirectoryName = new X509Name(directoryName);
          GeneralName gn = new GeneralName(4, x509DirectoryName);
          vec.add(gn);
        }
                               
        ArrayList<String> uri = CertTools.getPartsFromDN(altName, CertTools.URI);
        if (!uri.isEmpty()) {           
            Iterator<String> iter = uri.iterator();
            while (iter.hasNext()) {
                GeneralName gn = new GeneralName(6, new DERIA5String((String)iter.next()));
                vec.add(gn);
            }
        }
        uri = CertTools.getPartsFromDN(altName, CertTools.URI1);
        if (!uri.isEmpty()) {           
            Iterator<String> iter = uri.iterator();
            while (iter.hasNext()) {
                GeneralName gn = new GeneralName(6, new DERIA5String((String)iter.next()));
                vec.add(gn);
            }
        }
        uri = CertTools.getPartsFromDN(altName, CertTools.URI2);
        if (!uri.isEmpty()) {           
            Iterator<String> iter = uri.iterator();
            while (iter.hasNext()) {
                GeneralName gn = new GeneralName(6, new DERIA5String((String)iter.next()));
                vec.add(gn);
            }
        }
       
               
        ArrayList<String> ipstr = CertTools.getPartsFromDN(altName, CertTools.IPADDR);
        if (!ipstr.isEmpty()) {           
            Iterator<String> iter = ipstr.iterator();
            while (iter.hasNext()) {
                byte[] ipoctets = StringTools.ipStringToOctets((String)iter.next());
                GeneralName gn = new GeneralName(7, new DEROctetString(ipoctets));
                vec.add(gn);
            }
        }
                   
        // UPN is an OtherName see method getUpn... for asn.1 definition
View Full Code Here
TOP

Related Classes of org.apache.geronimo.util.asn1.x509.GeneralName

  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateBuilder
  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateGenerator
  • br.net.woodstock.rockframework.security.cert.impl.OCSPCertificateValidator
  • codec.asn1.ASN1IA5String
  • codec.asn1.ASN1ObjectIdentifier
  • codec.asn1.ASN1TaggedType
  • codec.x501.Name
  • com.gitblit.utils.X509Utils
  • com.intel.mtwilson.crypto.X509Builder
  • org.apache.geronimo.console.ca.ConfirmClientCertHandler
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.