List of usage examples for org.bouncycastle.asn1.x509 GeneralName getName
public ASN1Encodable getName()
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionIssuerKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue, final X509IssuerInfo issuerInfo) { AuthorityKeyIdentifier asn1 = AuthorityKeyIdentifier.getInstance(extensionValue); byte[] keyIdentifier = asn1.getKeyIdentifier(); if (keyIdentifier == null) { failureMsg.append("keyIdentifier is 'absent' but expected 'present'"); failureMsg.append("; "); } else if (Arrays.equals(issuerInfo.getSubjectKeyIdentifier(), keyIdentifier) == false) { failureMsg.append("keyIdentifier is '" + hex(keyIdentifier) + "' but expected '" + hex(issuerInfo.getSubjectKeyIdentifier()) + "'"); failureMsg.append("; "); }/*from ww w . j a v a2s. c o m*/ BigInteger serialNumber = asn1.getAuthorityCertSerialNumber(); GeneralNames names = asn1.getAuthorityCertIssuer(); if (includeIssuerAndSerialInAKI) { if (serialNumber == null) { failureMsg.append("authorityCertSerialNumber is 'absent' but expected 'present'"); failureMsg.append("; "); } else { if (issuerInfo.getCert().getSerialNumber().equals(serialNumber) == false) { failureMsg.append("authorityCertSerialNumber is '" + serialNumber + "' but expected '" + issuerInfo.getCert().getSerialNumber() + "'"); failureMsg.append("; "); } } if (names == null) { failureMsg.append("authorityCertIssuer is 'absent' but expected 'present'"); failureMsg.append("; "); } else { GeneralName[] genNames = names.getNames(); X500Name x500GenName = null; for (GeneralName genName : genNames) { if (genName.getTagNo() != GeneralName.directoryName) { continue; } if (x500GenName != null) { failureMsg.append( "authorityCertIssuer contains at least two directoryName " + "but expected one"); failureMsg.append("; "); break; } else { x500GenName = (X500Name) genName.getName(); } } if (x500GenName == null) { failureMsg.append("authorityCertIssuer does not contain directoryName but expected one"); failureMsg.append("; "); } else { X500Name caSubject = issuerInfo.getBcCert().getTBSCertificate().getSubject(); if (caSubject.equals(x500GenName) == false) { failureMsg.append("authorityCertIssuer is '" + x500GenName.toString() + "' but expected '" + caSubject.toString() + "'"); failureMsg.append("; "); } } } } else { if (serialNumber != null) { failureMsg.append("authorityCertSerialNumber is 'absent' but expected 'present'"); failureMsg.append("; "); } if (names != null) { failureMsg.append("authorityCertIssuer is 'absent' but expected 'present'"); failureMsg.append("; "); } } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private static void checkAIA(final StringBuilder failureMsg, final AuthorityInformationAccess aia, final ASN1ObjectIdentifier accessMethod, final Set<String> expectedUris) { String typeDesc;/* www . jav a 2s .c o m*/ if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> iAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { iAccessDescriptions.add(accessDescription); } } int n = iAccessDescriptions.size(); if (n != expectedUris.size()) { failureMsg.append("number of AIA " + typeDesc + " URIs is '").append(n); failureMsg.append("' but expected is '").append(expectedUris.size()).append("'"); failureMsg.append("; "); return; } Set<String> iUris = new HashSet<>(); for (int i = 0; i < n; i++) { GeneralName iAccessLocation = iAccessDescriptions.get(i).getAccessLocation(); if (iAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { failureMsg.append("tag of accessLocation of AIA " + typeDesc + " is '") .append(iAccessLocation.getTagNo()); failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier).append("'"); failureMsg.append("; "); } else { String iOCSPUri = ((ASN1String) iAccessLocation.getName()).getString(); iUris.add(iOCSPUri); } } Set<String> diffs = str_in_b_not_in_a(expectedUris, iUris); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(iUris, expectedUris); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append(typeDesc + " URIs ").append(diffs.toString()).append(" are absent but are required"); failureMsg.append("; "); } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionCrlDistributionPoints(final StringBuilder failureMsg, final byte[] extensionValue, final X509IssuerInfo issuerInfo) { CRLDistPoint iCRLDistPoints = CRLDistPoint.getInstance(extensionValue); DistributionPoint[] iDistributionPoints = iCRLDistPoints.getDistributionPoints(); int n = iDistributionPoints == null ? 0 : iDistributionPoints.length; if (n != 1) { failureMsg.append("size of CRLDistributionPoints is '").append(n).append("' but expected is '1'"); failureMsg.append("; "); return;/*from w w w.jav a 2s.c om*/ } Set<String> iCrlURLs = new HashSet<>(); for (DistributionPoint entry : iDistributionPoints) { int asn1Type = entry.getDistributionPoint().getType(); if (asn1Type != DistributionPointName.FULL_NAME) { failureMsg.append("tag of DistributionPointName of CRLDistibutionPoints is '").append(asn1Type); failureMsg.append("' but expected is '").append(DistributionPointName.FULL_NAME).append("'"); failureMsg.append("; "); continue; } GeneralNames iDistributionPointNames = (GeneralNames) entry.getDistributionPoint().getName(); GeneralName[] names = iDistributionPointNames.getNames(); for (int i = 0; i < names.length; i++) { GeneralName name = names[i]; if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { failureMsg.append("tag of CRL URL is '").append(name.getTagNo()); failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier) .append("'"); failureMsg.append("; "); } else { String uri = ((ASN1String) name.getName()).getString(); iCrlURLs.add(uri); } } Set<String> eCRLUrls = issuerInfo.getCrlURLs(); Set<String> diffs = str_in_b_not_in_a(eCRLUrls, iCrlURLs); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("CRL URLs ").append(diffs.toString()).append(" are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(iCrlURLs, eCRLUrls); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("CRL URLs ").append(diffs.toString()).append(" are absent but are required"); failureMsg.append("; "); } } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionDeltaCrlDistributionPoints(final StringBuilder failureMsg, final byte[] extensionValue, final X509IssuerInfo issuerInfo) { CRLDistPoint iCRLDistPoints = CRLDistPoint.getInstance(extensionValue); DistributionPoint[] iDistributionPoints = iCRLDistPoints.getDistributionPoints(); int n = iDistributionPoints == null ? 0 : iDistributionPoints.length; if (n != 1) { failureMsg.append("size of CRLDistributionPoints (deltaCRL) is '").append(n) .append("' but expected is '1'"); failureMsg.append("; "); return;/*w w w . ja va 2s. co m*/ } Set<String> iCrlURLs = new HashSet<>(); for (DistributionPoint entry : iDistributionPoints) { int asn1Type = entry.getDistributionPoint().getType(); if (asn1Type != DistributionPointName.FULL_NAME) { failureMsg.append("tag of DistributionPointName of CRLDistibutionPoints (deltaCRL) is '") .append(asn1Type); failureMsg.append("' but expected is '").append(DistributionPointName.FULL_NAME).append("'"); failureMsg.append("; "); continue; } GeneralNames iDistributionPointNames = (GeneralNames) entry.getDistributionPoint().getName(); GeneralName[] names = iDistributionPointNames.getNames(); for (int i = 0; i < names.length; i++) { GeneralName name = names[i]; if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { failureMsg.append("tag of deltaCRL URL is '").append(name.getTagNo()); failureMsg.append("' but expected is '").append(GeneralName.uniformResourceIdentifier) .append("'"); failureMsg.append("; "); } else { String uri = ((ASN1String) name.getName()).getString(); iCrlURLs.add(uri); } } Set<String> eCRLUrls = issuerInfo.getCrlURLs(); Set<String> diffs = str_in_b_not_in_a(eCRLUrls, iCrlURLs); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("deltaCRL URLs ").append(diffs.toString()) .append(" are present but not expected"); failureMsg.append("; "); } diffs = str_in_b_not_in_a(iCrlURLs, eCRLUrls); if (CollectionUtil.isNotEmpty(diffs)) { failureMsg.append("deltaCRL URLs ").append(diffs.toString()).append(" are absent but are required"); failureMsg.append("; "); } } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;//from w w w . j av a2s. c om for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknwon GeneralName tag " + tag); } } // end switch }
From source file:org.xipki.ca.server.impl.CmpResponder.java
License:Open Source License
private CmpRequestorInfo getRequestor(final PKIHeader reqHeader) { GeneralName requestSender = reqHeader.getSender(); if (requestSender.getTagNo() != GeneralName.directoryName) { return null; }/*w ww .j av a 2 s . c o m*/ return getRequestor((X500Name) requestSender.getName()); }
From source file:org.xipki.ca.server.impl.CmpResponder.java
License:Open Source License
public X500Name getResponderSubject() throws ConfigurationException { GeneralName sender = getSender(); return sender == null ? null : (X500Name) sender.getName(); }
From source file:org.xipki.ca.server.impl.IdentifiedX509Certprofile.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;// w ww. j a v a2 s .c o m for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } }// end switch(tag) }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
@Override protected boolean intendsMe(final GeneralName requestRecipient) throws ConfigurationException { if (requestRecipient == null) { return false; }/*from w w w .j a va2s . c om*/ if (getSender().equals(requestRecipient)) { return true; } if (requestRecipient.getTagNo() == GeneralName.directoryName) { X500Name x500Name = X500Name.getInstance(requestRecipient.getName()); if (x500Name.equals(caManager.getCmpResponderWrapper(getResponderName()).getSubjectAsX500Name())) { return true; } } return false; }
From source file:org.xipki.common.util.X509Util.java
License:Open Source License
public static List<String> extractOCSPUrls(final X509Certificate cert) throws CertificateEncodingException { byte[] extValue = getCoreExtValue(cert, Extension.authorityInfoAccess); if (extValue == null) { return Collections.emptyList(); }/* w ww .j av a2s. c om*/ AuthorityInformationAccess iAIA = AuthorityInformationAccess.getInstance(extValue); AccessDescription[] iAccessDescriptions = iAIA.getAccessDescriptions(); List<AccessDescription> iOCSPAccessDescriptions = new LinkedList<>(); for (AccessDescription iAccessDescription : iAccessDescriptions) { if (iAccessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) { iOCSPAccessDescriptions.add(iAccessDescription); } } int n = iOCSPAccessDescriptions.size(); List<String> OCSPUris = new ArrayList<>(n); for (int i = 0; i < n; i++) { GeneralName iAccessLocation = iOCSPAccessDescriptions.get(i).getAccessLocation(); if (iAccessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) { String iOCSPUri = ((ASN1String) iAccessLocation.getName()).getString(); OCSPUris.add(iOCSPUri); } } return OCSPUris; }