List of usage examples for org.bouncycastle.asn1.x509 GeneralName dNSName
int dNSName
To view the source code for org.bouncycastle.asn1.x509 GeneralName dNSName.
Click Source Link
From source file:org.xipki.ca.certprofile.XmlX509CertprofileUtil.java
License:Open Source License
private static GeneralSubtree buildGeneralSubtree(final GeneralSubtreeBaseType type) throws CertprofileException { GeneralName base = null;/* ww w .jav a 2s . c om*/ if (type.getDirectoryName() != null) { base = new GeneralName(X509Util.reverse(new X500Name(type.getDirectoryName()))); } else if (type.getDNSName() != null) { base = new GeneralName(GeneralName.dNSName, type.getDNSName()); } else if (type.getIpAddress() != null) { base = new GeneralName(GeneralName.iPAddress, type.getIpAddress()); } else if (type.getRfc822Name() != null) { base = new GeneralName(GeneralName.rfc822Name, type.getRfc822Name()); } else if (type.getUri() != null) { base = new GeneralName(GeneralName.uniformResourceIdentifier, type.getUri()); } else { throw new RuntimeException("should not reach here, unknown child of GeneralSubtreeBaseType"); } Integer i = type.getMinimum(); if (i != null && i < 0) { throw new CertprofileException("negative minimum is not allowed: " + i); } BigInteger minimum = (i == null) ? null : BigInteger.valueOf(i.intValue()); i = type.getMaximum(); if (i != null && i < 0) { throw new CertprofileException("negative maximum is not allowed: " + i); } BigInteger maximum = (i == null) ? null : BigInteger.valueOf(i.intValue()); return new GeneralSubtree(base, minimum, maximum); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionNameConstraintsSubtrees(final StringBuilder failureMsg, final String description, final GeneralSubtree[] subtrees, final List<QaGeneralSubtree> expectedSubtrees) { int iSize = subtrees == null ? 0 : subtrees.length; int eSize = expectedSubtrees == null ? 0 : expectedSubtrees.size(); if (iSize != eSize) { failureMsg.append("size of " + description + " is '" + iSize + "' but expected '" + eSize + "'"); failureMsg.append("; "); return;// w w w . j a v a 2s . c om } for (int i = 0; i < iSize; i++) { GeneralSubtree iSubtree = subtrees[i]; QaGeneralSubtree eSubtree = expectedSubtrees.get(i); BigInteger bigInt = iSubtree.getMinimum(); int iMinimum = bigInt == null ? 0 : bigInt.intValue(); Integer _int = eSubtree.getMinimum(); int eMinimum = _int == null ? 0 : _int.intValue(); String desc = description + " [" + i + "]"; if (iMinimum != eMinimum) { failureMsg.append("minimum of " + desc + " is '" + iMinimum + "' but expected '" + eMinimum + "'"); failureMsg.append("; "); } bigInt = iSubtree.getMaximum(); Integer iMaximum = bigInt == null ? null : bigInt.intValue(); Integer eMaximum = eSubtree.getMaximum(); if (iMaximum != eMaximum) { failureMsg.append("maxmum of " + desc + " is '" + iMaximum + "' but expected '" + eMaximum + "'"); failureMsg.append("; "); } GeneralName iBase = iSubtree.getBase(); GeneralName eBase; if (eSubtree.getDirectoryName() != null) { eBase = new GeneralName(X509Util.reverse(new X500Name(eSubtree.getDirectoryName()))); } else if (eSubtree.getDNSName() != null) { eBase = new GeneralName(GeneralName.dNSName, eSubtree.getDNSName()); } else if (eSubtree.getIpAddress() != null) { eBase = new GeneralName(GeneralName.iPAddress, eSubtree.getIpAddress()); } else if (eSubtree.getRfc822Name() != null) { eBase = new GeneralName(GeneralName.rfc822Name, eSubtree.getRfc822Name()); } else if (eSubtree.getUri() != null) { eBase = new GeneralName(GeneralName.uniformResourceIdentifier, eSubtree.getUri()); } else { throw new RuntimeException("should not reach here, unknown child of GeneralName"); } if (iBase.equals(eBase) == false) { failureMsg.append("base of " + desc + " is '" + iBase + "' but expected '" + eBase + "'"); failureMsg.append("; "); } } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;// w w w. ja v a2 s . com for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknwon GeneralName tag " + tag); } } // end switch }
From source file:org.xipki.ca.server.impl.IdentifiedX509Certprofile.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;/* w w w . j a v a2 s. c o m*/ for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } }// end switch(tag) }
From source file:org.xipki.commons.security.shell.p12.P12ComplexCertRequestGenCmd.java
License:Open Source License
private static GeneralNames createComplexGeneralNames(String prefix) { List<GeneralName> list = new LinkedList<>(); // otherName/*ww w. j a v a 2 s . co m*/ ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new ASN1ObjectIdentifier("1.2.3.1")); vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1"))); list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec))); vec = new ASN1EncodableVector(); vec.add(new ASN1ObjectIdentifier("1.2.3.2")); vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2"))); list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec))); // rfc822Name list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org")); // dNSName list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org")); // directoryName list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE"))); // ediPartyName vec = new ASN1EncodableVector(); vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1"))); vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1"))); list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec))); // uniformResourceIdentifier list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org")); // iPAddress list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190")); // registeredID list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5")); return new GeneralNames(list.toArray(new GeneralName[0])); }
From source file:org.xipki.commons.security.util.X509Util.java
License:Open Source License
/** * * @param taggedValue [tag]value, and the value for tags otherName and ediPartyName is * type=value./*from ww w . j a v a 2 s. c om*/ */ public static GeneralName createGeneralName(final String taggedValue) throws BadInputException { ParamUtil.requireNonBlank("taggedValue", taggedValue); int tag = -1; String value = null; if (taggedValue.charAt(0) == '[') { int idx = taggedValue.indexOf(']', 1); if (idx > 1 && idx < taggedValue.length() - 1) { String tagS = taggedValue.substring(1, idx); try { tag = Integer.parseInt(tagS); value = taggedValue.substring(idx + 1); } catch (NumberFormatException ex) { throw new BadInputException("invalid tag '" + tagS + "'"); } } } if (tag == -1) { throw new BadInputException("invalid taggedValue " + taggedValue); } switch (tag) { case GeneralName.otherName: if (value == null) { throw new BadInputException("invalid otherName: no value specified"); } int idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == 0 || idxSep == value.length() - 1) { throw new BadInputException("invalid otherName " + value); } String otherTypeOid = value.substring(0, idxSep); ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(otherTypeOid); String otherValue = value.substring(idxSep + 1); ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(otherValue))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.rfc822Name: return new GeneralName(tag, value); case GeneralName.dNSName: return new GeneralName(tag, value); case GeneralName.directoryName: X500Name x500Name = reverse(new X500Name(value)); return new GeneralName(GeneralName.directoryName, x500Name); case GeneralName.ediPartyName: if (value == null) { throw new BadInputException("invalid ediPartyName: no value specified"); } idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == value.length() - 1) { throw new BadInputException("invalid ediPartyName " + value); } String nameAssigner = (idxSep == 0) ? null : value.substring(0, idxSep); String partyName = value.substring(idxSep + 1); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); case GeneralName.uniformResourceIdentifier: return new GeneralName(tag, value); case GeneralName.iPAddress: return new GeneralName(tag, value); case GeneralName.registeredID: return new GeneralName(tag, value); default: throw new RuntimeException("unsupported tag " + tag); } // end switch (tag) }
From source file:org.xipki.pki.ca.api.profile.x509.X509CertprofileUtil.java
License:Open Source License
public static GeneralName createGeneralName(@NonNull final GeneralName requestedName, @NonNull final Set<GeneralNameMode> modes) throws BadCertTemplateException { ParamUtil.requireNonNull("requestedName", requestedName); int tag = requestedName.getTagNo(); GeneralNameMode mode = null;/*from ww w . j a va2 s . c o m*/ if (modes != null) { for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: return new GeneralName(tag, requestedName.getName()); case GeneralName.otherName: ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName()); int size = reqSeq.size(); if (size != 2) { throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size); } ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode != null && !mode.getAllowedTypes().contains(type)) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable asn1 = reqSeq.getObjectAt(1); if (!(asn1 instanceof ASN1TaggedObject)) { throw new BadCertTemplateException("otherName.value is not tagged Object"); } int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo(); if (tagNo != 0) { throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject())); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.ediPartyName: reqSeq = ASN1Sequence.getInstance(requestedName.getName()); size = reqSeq.size(); String nameAssigner = null; int idx = 0; if (size > 1) { DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch (tag) }
From source file:org.xipki.pki.ca.certprofile.XmlX509CertprofileUtil.java
License:Open Source License
private static GeneralSubtree buildGeneralSubtree(final GeneralSubtreeBaseType type) throws CertprofileException { ParamUtil.requireNonNull("type", type); GeneralName base = null;// ww w . j a va 2 s . co m if (type.getDirectoryName() != null) { base = new GeneralName(X509Util.reverse(new X500Name(type.getDirectoryName()))); } else if (type.getDnsName() != null) { base = new GeneralName(GeneralName.dNSName, type.getDnsName()); } else if (type.getIpAddress() != null) { base = new GeneralName(GeneralName.iPAddress, type.getIpAddress()); } else if (type.getRfc822Name() != null) { base = new GeneralName(GeneralName.rfc822Name, type.getRfc822Name()); } else if (type.getUri() != null) { base = new GeneralName(GeneralName.uniformResourceIdentifier, type.getUri()); } else { throw new RuntimeException("should not reach here, unknown child of GeneralSubtreeBaseType"); } Integer min = type.getMinimum(); if (min != null && min < 0) { throw new CertprofileException("negative minimum is not allowed: " + min); } BigInteger minimum = (min == null) ? null : BigInteger.valueOf(min.intValue()); Integer max = type.getMaximum(); if (max != null && max < 0) { throw new CertprofileException("negative maximum is not allowed: " + max); } BigInteger maximum = (max == null) ? null : BigInteger.valueOf(max.intValue()); return new GeneralSubtree(base, minimum, maximum); }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionNameConstraintsSubtrees(final StringBuilder failureMsg, final String description, final GeneralSubtree[] subtrees, final List<QaGeneralSubtree> expectedSubtrees) { int isSize = (subtrees == null) ? 0 : subtrees.length; int expSize = (expectedSubtrees == null) ? 0 : expectedSubtrees.size(); if (isSize != expSize) { addViolation(failureMsg, "size of " + description, isSize, expSize); return;/* w w w . ja v a2s .c o m*/ } if (subtrees == null || expectedSubtrees == null) { return; } for (int i = 0; i < isSize; i++) { GeneralSubtree isSubtree = subtrees[i]; QaGeneralSubtree expSubtree = expectedSubtrees.get(i); BigInteger bigInt = isSubtree.getMinimum(); int isMinimum = (bigInt == null) ? 0 : bigInt.intValue(); Integer minimum = expSubtree.getMinimum(); int expMinimum = (minimum == null) ? 0 : minimum.intValue(); String desc = description + " [" + i + "]"; if (isMinimum != expMinimum) { addViolation(failureMsg, "minimum of " + desc, isMinimum, expMinimum); } bigInt = isSubtree.getMaximum(); Integer isMaximum = (bigInt == null) ? null : bigInt.intValue(); Integer expMaximum = expSubtree.getMaximum(); if (!CompareUtil.equalsObject(isMaximum, expMaximum)) { addViolation(failureMsg, "maxmum of " + desc, isMaximum, expMaximum); } GeneralName isBase = isSubtree.getBase(); GeneralName expBase; if (expSubtree.getDirectoryName() != null) { expBase = new GeneralName(X509Util.reverse(new X500Name(expSubtree.getDirectoryName()))); } else if (expSubtree.getDnsName() != null) { expBase = new GeneralName(GeneralName.dNSName, expSubtree.getDnsName()); } else if (expSubtree.getIpAddress() != null) { expBase = new GeneralName(GeneralName.iPAddress, expSubtree.getIpAddress()); } else if (expSubtree.getRfc822Name() != null) { expBase = new GeneralName(GeneralName.rfc822Name, expSubtree.getRfc822Name()); } else if (expSubtree.getUri() != null) { expBase = new GeneralName(GeneralName.uniformResourceIdentifier, expSubtree.getUri()); } else { throw new RuntimeException("should not reach here, unknown child of GeneralName"); } if (!isBase.equals(expBase)) { addViolation(failureMsg, "base of " + desc, isBase, expBase); } } }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;//from w w w . jav a2 s . com if (modes != null) { for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: return new GeneralName(tag, reqName.getName()); case GeneralName.otherName: ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode != null && !mode.getAllowedTypes().contains(type)) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject(); String text; if (!(value instanceof ASN1String)) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.ediPartyName: reqSeq = ASN1Sequence.getInstance(reqName.getName()); int size = reqSeq.size(); String nameAssigner = null; int idx = 0; if (size > 1) { DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch }