Package org.bouncycastle.x509.extension

Examples of org.bouncycastle.x509.extension.X509ExtensionUtil


    {
        X509AttributeCertificate attrCert = new X509V2AttributeCertificate(certWithBaseCertificateID);
        CertificateFactory       fact = CertificateFactory.getInstance("X.509", "BC");  
        X509Certificate          cert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
       
        AttributeCertificateHolder holder = attrCert.getHolder();
       
        if (holder.getEntityNames() != null)
        {
            fail("entity names set when none expected");
        }
       
        if (!holder.getSerialNumber().equals(cert.getSerialNumber()))
        {
            fail("holder serial number doesn't match");
        }

        if (!holder.getIssuer()[0].equals(cert.getIssuerX500Principal()))
        {
            fail("holder issuer doesn't match");
        }
       
        if (!holder.match(cert))
        {
            fail("holder not matching holder certificate");
        }

        if (!holder.equals(holder.clone()))
        {
            fail("holder clone test failed");
        }

        if (!attrCert.getIssuer().equals(attrCert.getIssuer().clone()))
View Full Code Here


        // roleSyntax OID: 2.5.24.72
        X509Attribute attributes = new X509Attribute("2.5.24.72",
                new DERSequence(roleSyntax));

        gen.addAttribute(attributes);
        gen.setHolder(new AttributeCertificateHolder(iCert));
        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test")));
        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        gen.setSerialNumber(BigInteger.ONE);
        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
       
        X509AttributeCertificate aCert = gen.generate(privKey, "BC");
       
        aCert.checkValidity();
       
        aCert.verify(pubKey, "BC");
       
        AttributeCertificateHolder holder = aCert.getHolder();
       
        if (holder.getEntityNames() != null)
        {
            fail("entity names set when none expected");
        }
       
        if (!holder.getSerialNumber().equals(iCert.getSerialNumber()))
        {
            fail("holder serial number doesn't match");
        }

        if (!holder.getIssuer()[0].equals(iCert.getIssuerX500Principal()))
        {
            fail("holder issuer doesn't match");
        }
       
        if (!holder.match(iCert))
        {
            fail("generated holder not matching holder certificate");
        }
       
        X509Attribute[] attrs = aCert.getAttributes("2.5.24.72");
       
        if (attrs == null)
        {
            fail("attributes related to 2.5.24.72 not found");
        }
       
        X509Attribute attr = attrs[0];
       
        if (!attr.getOID().equals("2.5.24.72"))
        {
            fail("attribute oid mismatch");
        }
       
        ASN1Encodable[] values = attr.getValues();
       
        GeneralName role = GeneralNames.getInstance(values[0]).getNames()[0];
       
        if (role.getTagNo() != GeneralName.rfc822Name)
        {
            fail("wrong general name type found in role");
        }
       
        if (!((ASN1String)role.getName()).getString().equals("DAU123456789"))
        {
            fail("wrong general name value found in role");
        }
       
        X509Certificate             sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
       
        if (holder.match(sCert))
        {
            fail("generated holder matching wrong certificate");
        }

        equalityAndHashCodeTest(aCert, aCert.getEncoded());
View Full Code Here

        // roleSyntax OID: 2.5.24.72
        X509Attribute attributes = new X509Attribute("2.5.24.72",
                new DERSequence(roleSyntax));
   
        gen.addAttribute(attributes);
        gen.setHolder(new AttributeCertificateHolder(iCert.getSubjectX500Principal()));
        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test")));
        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        gen.setSerialNumber(BigInteger.ONE);
        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
       
        X509AttributeCertificate aCert = gen.generate(privKey, "BC");
       
        aCert.checkValidity();
       
        aCert.verify(pubKey, "BC");
       
        AttributeCertificateHolder holder = aCert.getHolder();
       
        if (holder.getEntityNames() == null)
        {
            fail("entity names not set when expected");
        }
       
        if (holder.getSerialNumber() != null)
        {
            fail("holder serial number found when none expected");
        }
   
        if (holder.getIssuer() != null)
        {
            fail("holder issuer found when none expected");
        }
       
        if (!holder.match(iCert))
        {
            fail("generated holder not matching holder certificate");
        }
       
        X509Certificate             sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
       
        if (holder.match(sCert))
        {
            fail("principal generated holder matching wrong certificate");
        }

        equalityAndHashCodeTest(aCert, aCert.getEncoded());
View Full Code Here

        Principal[] principals = issuer.getPrincipals();
       
        //
        // test holder
        //
        AttributeCertificateHolder holder = aCert.getHolder();
       
        if (holder.getEntityNames() == null)
        {
            fail("entity names not set");
        }
       
        if (holder.getSerialNumber() != null)
        {
            fail("holder serial number set when none expected");
        }

        if (holder.getIssuer() != null)
        {
            fail("holder issuer set when none expected");
        }
       
        principals = holder.getEntityNames();
       
        if (!principals[0].toString().equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), EMAILADDRESS=mlorch@vt.edu"))
        {
            fail("principal[0] for entity names don't match");
        }
View Full Code Here

        X509Attribute attributes = new X509Attribute("2.5.24.72",
                new DERSequence(roleSyntax));

        gen.addAttribute(attributes);
        gen.setHolder(new AttributeCertificateHolder(iCert));
        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test")));
        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        gen.setSerialNumber(BigInteger.ONE);
        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
       
View Full Code Here

        X509Attribute attributes = new X509Attribute("2.5.24.72",
                new DERSequence(roleSyntax));
   
        gen.addAttribute(attributes);
        gen.setHolder(new AttributeCertificateHolder(iCert.getSubjectX500Principal()));
        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test")));
        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
        gen.setSerialNumber(BigInteger.ONE);
        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
       
View Full Code Here

        //
        aCert = new X509V2AttributeCertificate(aCert.getEncoded());
       
        aCert.verify(pubKey, "BC");
       
        AttributeCertificateIssuer  issuer = aCert.getIssuer();
       
        Principal[] principals = issuer.getPrincipals();
       
        //
        // test holder
        //
        AttributeCertificateHolder holder = aCert.getHolder();
View Full Code Here

                            + PKIXBuilderParameters.class.getName() + " or "
                            + ExtendedPKIXBuilderParameters.class.getName()
                            + ".");
        }

        ExtendedPKIXBuilderParameters pkixParams;
        if (params instanceof ExtendedPKIXBuilderParameters)
        {
            pkixParams = (ExtendedPKIXBuilderParameters) params;
        }
        else
        {
            pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
                    .getInstance((PKIXBuilderParameters) params);
        }

        Collection targets;
        Iterator targetIter;
        List certPathList = new ArrayList();
        X509AttributeCertificate cert;

        // search target certificates

        Selector certSelect = pkixParams.getTargetConstraints();
        if (!(certSelect instanceof X509AttributeCertStoreSelector))
        {
            throw new CertPathBuilderException(
                    "TargetConstraints must be an instance of "
                            + X509AttributeCertStoreSelector.class.getName()
                            + " for "+this.getClass().getName()+" class.");
        }

        try
        {
            targets = CertPathValidatorUtilities.findCertificates((X509AttributeCertStoreSelector)certSelect, pkixParams.getStores());
        }
        catch (AnnotatedException e)
        {
            throw new ExtCertPathBuilderException("Error finding target attribute certificate.", e);
        }

        if (targets.isEmpty())
        {
            throw new CertPathBuilderException(
                    "No attribute certificate found matching targetContraints.");
        }

        CertPathBuilderResult result = null;

        // check all potential target certificates
        targetIter = targets.iterator();
        while (targetIter.hasNext() && result == null)
        {
            cert = (X509AttributeCertificate) targetIter.next();
           
            X509CertStoreSelector selector = new X509CertStoreSelector();
            Principal[] principals = cert.getIssuer().getPrincipals();
            Set issuers = new HashSet();
            for (int i = 0; i < principals.length; i++)
            {
                try
                {
                    if (principals[i] instanceof X500Principal)
                    {
                        selector.setSubject(((X500Principal)principals[i]).getEncoded());
                    }
                    issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getStores()));
                    issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getCertStores()));
                }
                catch (AnnotatedException e)
                {
                    throw new ExtCertPathBuilderException(
                        "Public key certificate for attribute certificate cannot be searched.",
View Full Code Here

                "Parameters must be an instance of "
                    + PKIXBuilderParameters.class.getName() + " or "
                    + ExtendedPKIXBuilderParameters.class.getName() + ".");
        }

        ExtendedPKIXBuilderParameters pkixParams = null;
        if (params instanceof ExtendedPKIXBuilderParameters)
        {
            pkixParams = (ExtendedPKIXBuilderParameters) params;
        }
        else
        {
            pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
                .getInstance((PKIXBuilderParameters) params);
        }

        Collection targets;
        Iterator targetIter;
        List certPathList = new ArrayList();
        X509Certificate cert;

        // search target certificates

        Selector certSelect = pkixParams.getTargetConstraints();
        if (!(certSelect instanceof X509CertStoreSelector))
        {
            throw new CertPathBuilderException(
                "TargetConstraints must be an instance of "
                    + X509CertStoreSelector.class.getName() + " for "
                    + this.getClass().getName() + " class.");
        }

        try
        {
            targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getStores());
            targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getCertStores()));
        }
        catch (AnnotatedException e)
        {
            throw new ExtCertPathBuilderException(
                "Error finding target certificate.", e);
View Full Code Here

                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
                selector = new X509CertStoreSelector();
                selector.setCertificate(signingCert);
                ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
                temp.setTargetCertConstraints(selector);
                ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters)ExtendedPKIXBuilderParameters
                    .getInstance(temp);
                /*
                 * if signingCert is placed not higher on the cert path a
                 * dependency loop results. CRL for cert is checked, but
                 * signingCert is needed for checking the CRL which is dependent
                 * on checking cert because it is higher in the cert path and so
                 * signing signingCert transitively. so, revocation is disabled,
                 * forgery attacks of the CRL are detected in this outer loop
                 * for all other it must be enabled to prevent forgery attacks
                 */
                if (certPathCerts.contains(signingCert))
                {
                    params.setRevocationEnabled(false);
                }
                else
                {
                    params.setRevocationEnabled(true);
                }
                List certs = builder.build(params).getCertPath().getCertificates();
                validCerts.add(signingCert);
                validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
            }
View Full Code Here

TOP

Related Classes of org.bouncycastle.x509.extension.X509ExtensionUtil

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.