List of usage examples for org.bouncycastle.asn1.x509 GeneralName getName
public ASN1Encodable getName()
From source file:org.elasticsearch.xpack.core.ssl.CertificateToolTests.java
License:Open Source License
private void assertSubjAltNames(GeneralNames subjAltNames, CertificateInformation certInfo) throws Exception { final int expectedCount = certInfo.ipAddresses.size() + certInfo.dnsNames.size() + certInfo.commonNames.size(); assertEquals(expectedCount, subjAltNames.getNames().length); Collections.sort(certInfo.dnsNames); Collections.sort(certInfo.ipAddresses); for (GeneralName generalName : subjAltNames.getNames()) { if (generalName.getTagNo() == GeneralName.dNSName) { String dns = ((ASN1String) generalName.getName()).getString(); assertTrue(certInfo.dnsNames.stream().anyMatch(dns::equals)); } else if (generalName.getTagNo() == GeneralName.iPAddress) { byte[] ipBytes = DEROctetString.getInstance(generalName.getName()).getOctets(); String ip = NetworkAddress.format(InetAddress.getByAddress(ipBytes)); assertTrue(certInfo.ipAddresses.stream().anyMatch(ip::equals)); } else if (generalName.getTagNo() == GeneralName.otherName) { ASN1Sequence seq = ASN1Sequence.getInstance(generalName.getName()); assertThat(seq.size(), equalTo(2)); assertThat(seq.getObjectAt(0), instanceOf(ASN1ObjectIdentifier.class)); assertThat(seq.getObjectAt(0).toString(), equalTo(CN_OID)); assertThat(seq.getObjectAt(1), instanceOf(ASN1TaggedObject.class)); ASN1TaggedObject tagged = (ASN1TaggedObject) seq.getObjectAt(1); assertThat(tagged.getObject(), instanceOf(ASN1String.class)); assertThat(tagged.getObject().toString(), Matchers.isIn(certInfo.commonNames)); } else {/*w ww.j a v a2 s . c o m*/ fail("unknown general name with tag " + generalName.getTagNo()); } } }
From source file:org.glite.security.util.IPAddressComparator.java
License:Apache License
/** * Parses the string representation of the IP address and returns the address as a byte array. The methods returns * bytes of the IP address, 4 bytes for IPv4 address, 16 for the IPv6 address, 5 for IPv4 address with netmask and * 17 for the IPv6 address with netmask. example 137.138.125.111/24 would return bytes {137, 138, 125, 111, 24}. So * far only the slash-int way of defining the netmask is supported. * //w ww. j av a2 s. co m * @param ip The IP address with optional netmask. * @return see above for explanation of the return value. */ public static byte[] parseIP(String ip) { // TODO: maybe implement properly without using GeneralName... GeneralName name = new GeneralName(7, ip); return ASN1OctetString.getInstance(name.getName()).getOctets(); }
From source file:org.glite.security.util.proxy.ProxyRestrictionData.java
License:Apache License
/** * Generates a string array of IP address spaces from the vector of GeneralSubtrees. * //w w w.ja v a 2 s . c o m * @param subtrees The vector of GeneralSubtrees to parse. Null as input will return null. * @return the array of IP address spaces. */ private static byte[][] subtreesIntoArray(Vector<GeneralSubtree> subtrees) { if (subtrees == null) { return null; } Vector<byte[]> ips = new Vector<byte[]>(); Enumeration<GeneralSubtree> enumGeneralNames = subtrees.elements(); while (enumGeneralNames.hasMoreElements()) { GeneralName item = enumGeneralNames.nextElement().getBase(); if (item.getTagNo() == GeneralName.iPAddress) { ASN1OctetString octets = (ASN1OctetString) item.getName(); byte[] bytes = octets.getOctets(); ips.add(bytes); } } return ips.toArray(new byte[0][0]); }
From source file:org.glite.voms.ac.AttributeHolder.java
License:Open Source License
/** * Gets the Grantor of these attributes. * * @return the grantor./*from ww w .j a va2 s . c o m*/ */ public String getGrantor() { ASN1Sequence seq = ASN1Sequence.getInstance(grantor.toASN1Primitive()); GeneralName name = GeneralName.getInstance(seq.getObjectAt(0)); return DERIA5String.getInstance(name.getName()).getString(); }
From source file:org.glite.voms.ac.Holder.java
License:eu-egee.org license
protected static boolean matchesDN(X500Principal subject, GeneralNames targets) { Enumeration e = ((ASN1Sequence) targets.toASN1Primitive()).getObjects(); while (e.hasMoreElements()) { GeneralName gn = GeneralName.getInstance(e.nextElement()); if (gn.getTagNo() == 4) { try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(gn.getName()); X500Principal principal = new X500Principal(b.toByteArray()); if (principal.equals(subject)) { return true; }//from w w w . ja v a2 s . c o m } catch (IOException i) { } } } return false; }
From source file:org.glite.voms.ac.Util.java
License:eu-egee.org license
public static X500Principal generalNameToX500Name(GeneralName name) { int tag = -1; if ((name == null) || ((tag = name.getTagNo()) != 4)) { throw new IllegalArgumentException("GeneralName is not a DirectoryName (tag=" + tag + ")"); }//from w ww. j a v a 2 s.co m try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(name.getName()); return new X500Principal(b.toByteArray()); } catch (IOException i) { throw new IllegalArgumentException("Bad DN encoding of Attribute Certificate issuer"); } }
From source file:org.glite.voms.ac.Util.java
License:eu-egee.org license
public static X509Principal generalNameToX509Name(GeneralName name) { int tag = -1; if ((name == null) || ((tag = name.getTagNo()) != 4)) { throw new IllegalArgumentException("GeneralName is not a DirectoryName (tag=" + tag + ")"); }/*from w ww . j a va2 s .c o m*/ try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(name.getName()); return new X509Principal(b.toByteArray()); } catch (IOException i) { throw new IllegalArgumentException("Bad DN encoding of Attribute Certificate issuer"); } }
From source file:org.glite.voms.VOMSAttribute.java
License:eu-egee.org license
/** * Returns an String representation of the AC holder. * @return the AC holder.//from ww w. j a v a2s. com * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getHolder() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); GeneralNames names = myAC.getHolder().getIssuer(); Enumeration e = ((ASN1Sequence) names.toASN1Primitive()).getObjects(); if (e.hasMoreElements()) { GeneralName gn = GeneralName.getInstance(e.nextElement()); if (gn.getTagNo() == 4) { try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(gn.getName()); X500Principal principal = new X500Principal(b.toByteArray()); return principal.getName(); } catch (IOException ex) { return null; } } } return null; }
From source file:org.icepdf.core.pobjects.acroform.signature.certificates.CRLVerifier.java
License:Apache License
/** * Extracts all CRL distribution point URLs from the "CRL Distribution Point" * extension in a X.509 certificate. If CRL distribution point extension is * unavailable, returns an empty list./*from w w w . java 2 s. c o m*/ */ public static List<String> getCrlDistributionPoints(X509Certificate cert) throws CertificateParsingException, IOException { byte[] crldpExt = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (crldpExt == null) { return new ArrayList<String>(); } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crldpExt)); ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); List<String> crlUrls = new ArrayList<String>(); for (DistributionPoint dp : distPoint.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); // Look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // Look for an URI for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url); } } } } } return crlUrls; }
From source file:org.italiangrid.voms.asn1.VOMSACUtils.java
License:Apache License
@SuppressWarnings("rawtypes") private static List<String> deserializeACTargets(X509AttributeCertificateHolder ac) { List<String> targets = new ArrayList<String>(); X509Extension targetExtension = ac.getExtension(X509Extension.targetInformation); if (targetExtension == null) return targets; TargetInformation ti = TargetInformation.getInstance((ASN1Sequence) targetExtension.getParsedValue()); // Only one Targets according to RFC 3281 Targets asn1TargetContainer = ti.getTargetsObjects()[0]; // The deserialization has to be done by hand since it seems VOMS // does not correctly encode the ACTargets extension... ASN1Sequence targetSequence = (ASN1Sequence) asn1TargetContainer.getDERObject(); Target[] asn1Targets = new Target[targetSequence.size()]; int count = 0; for (Enumeration e = targetSequence.getObjects(); e.hasMoreElements();) { // There's one sequence more than expected here that makes // the bc constructor fail... ASN1Sequence seq = (ASN1Sequence) e.nextElement(); ASN1TaggedObject val = (ASN1TaggedObject) seq.getObjectAt(0); asn1Targets[count++] = Target.getInstance(val); }// www . j a va2 s . c o m // Extract the actual string for (Target t : asn1Targets) { GeneralName targetURI = t.getTargetName(); if (targetURI.getTagNo() != GeneralName.uniformResourceIdentifier) raiseACNonConformantError("wrong AC target extension encoding. Only URI targets are supported."); String targetString = ((DERIA5String) targetURI.getName()).getString(); targets.add(targetString); } return targets; }