List of usage examples for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier
int uniformResourceIdentifier
To view the source code for org.bouncycastle.asn1.x509 GeneralName uniformResourceIdentifier.
Click Source Link
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;//from w w w. j a v a 2 s . c o m if (modes != null) { for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: return new GeneralName(tag, reqName.getName()); case GeneralName.otherName: ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode != null && !mode.getAllowedTypes().contains(type)) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject(); String text; if (!(value instanceof ASN1String)) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.ediPartyName: reqSeq = ASN1Sequence.getInstance(reqName.getName()); int size = reqSeq.size(); String nameAssigner = null; int idx = 0; if (size > 1) { DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private static void checkAia(final StringBuilder failureMsg, final AuthorityInformationAccess aia, final ASN1ObjectIdentifier accessMethod, final Set<String> expectedUris) { String typeDesc;/*from w w w . j a va2s . c om*/ if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) { typeDesc = "OCSP"; } else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) { typeDesc = "caIssuer"; } else { typeDesc = accessMethod.getId(); } List<AccessDescription> isAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : aia.getAccessDescriptions()) { if (accessMethod.equals(accessDescription.getAccessMethod())) { isAccessDescriptions.add(accessDescription); } } int size = isAccessDescriptions.size(); if (size != expectedUris.size()) { addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size()); return; } Set<String> isUris = new HashSet<>(); for (int i = 0; i < size; i++) { GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation(); if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) { addViolation(failureMsg, "tag of accessLocation of AIA ", isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier); } else { String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString(); isUris.add(isOcspUri); } } Set<String> diffs = strInBnotInA(expectedUris, isUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are present but not expected; "); } diffs = strInBnotInA(isUris, expectedUris); if (CollectionUtil.isNonEmpty(diffs)) { failureMsg.append(typeDesc).append(" URIs ").append(diffs.toString()); failureMsg.append(" are absent but are required; "); } }
From source file:org.xipki.pki.ca.server.impl.util.CaUtil.java
License:Open Source License
public static AuthorityInformationAccess createAuthorityInformationAccess(final List<String> caIssuerUris, final List<String> ocspUris) { if (CollectionUtil.isEmpty(caIssuerUris) && CollectionUtil.isEmpty(ocspUris)) { throw new IllegalArgumentException("caIssuerUris and ospUris must not be both empty"); }//from w w w .j a v a2 s.c om List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size()); if (CollectionUtil.isNonEmpty(caIssuerUris)) { for (String uri : caIssuerUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn)); } } if (CollectionUtil.isNonEmpty(ocspUris)) { for (String uri : ocspUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn)); } } DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0])); return AuthorityInformationAccess.getInstance(seq); }
From source file:org.xipki.pki.ca.server.impl.util.CaUtil.java
License:Open Source License
public static CRLDistPoint createCrlDistributionPoints(final List<String> crlUris, final X500Name caSubject, final X500Name crlSignerSubject) { ParamUtil.requireNonEmpty("crlUris", crlUris); int size = crlUris.size(); DistributionPoint[] points = new DistributionPoint[1]; GeneralName[] names = new GeneralName[size]; for (int i = 0; i < size; i++) { names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i)); }//from w w w. j a va2 s. c om // Distribution Point GeneralNames gns = new GeneralNames(names); DistributionPointName pointName = new DistributionPointName(gns); GeneralNames crlIssuer = null; if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) { GeneralName crlIssuerName = new GeneralName(crlSignerSubject); crlIssuer = new GeneralNames(crlIssuerName); } points[0] = new DistributionPoint(pointName, null, crlIssuer); return new CRLDistPoint(points); }
From source file:org.xipki.pki.ocsp.client.shell.BaseOcspStatusCommandSupport.java
License:Open Source License
public static List<String> extractOcspUrls(final AuthorityInformationAccess aia) throws CertificateEncodingException { AccessDescription[] accessDescriptions = aia.getAccessDescriptions(); List<AccessDescription> ocspAccessDescriptions = new LinkedList<>(); for (AccessDescription accessDescription : accessDescriptions) { if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) { ocspAccessDescriptions.add(accessDescription); }/*from w w w. ja v a 2 s . c o m*/ } final int n = ocspAccessDescriptions.size(); List<String> ocspUris = new ArrayList<>(n); for (int i = 0; i < n; i++) { GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation(); if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) { String ocspUri = ((ASN1String) accessLocation.getName()).getString(); ocspUris.add(ocspUri); } } return ocspUris; }
From source file:org.xipki.security.P10RequestGenerator.java
License:Open Source License
/** * * @param taggedValue [tag]value, and the value for tags otherName and ediPartyName is type=value. * @param modes/*www.j a va 2 s. c om*/ * @return * @throws BadInputException */ public static GeneralName createGeneralName(final String taggedValue) throws BadInputException { int tag = -1; String value = null; if (taggedValue.charAt(0) == '[') { int idx = taggedValue.indexOf(']', 1); if (idx > 1 && idx < taggedValue.length() - 1) { String tagS = taggedValue.substring(1, idx); try { tag = Integer.parseInt(tagS); value = taggedValue.substring(idx + 1); } catch (NumberFormatException e) { } } } if (tag == -1) { throw new BadInputException("invalid taggedValue " + taggedValue); } switch (tag) { case GeneralName.otherName: { int idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == 0 || idxSep == value.length() - 1) { throw new BadInputException("invalid otherName " + value); } String otherTypeOid = value.substring(0, idxSep); ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(otherTypeOid); String otherValue = value.substring(idxSep + 1); ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(otherValue))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.rfc822Name: return new GeneralName(tag, value); case GeneralName.dNSName: return new GeneralName(tag, value); case GeneralName.directoryName: { X500Name x500Name = X509Util.reverse(new X500Name(value)); return new GeneralName(GeneralName.directoryName, x500Name); } case GeneralName.ediPartyName: { int idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == value.length() - 1) { throw new BadInputException("invalid ediPartyName " + value); } String nameAssigner = idxSep == 0 ? null : value.substring(0, idxSep); String partyName = value.substring(idxSep + 1); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } case GeneralName.uniformResourceIdentifier: return new GeneralName(tag, value); case GeneralName.iPAddress: return new GeneralName(tag, value); case GeneralName.registeredID: return new GeneralName(tag, value); default: throw new RuntimeException("unsupported tag " + tag); } // end switch(tag) }
From source file:org.xwiki.crypto.pkix.internal.extension.BcExtensionUtils.java
License:Open Source License
/** * Convert general names from Bouncy Castle general names. * * @param genNames Bouncy castle general names. * @return a list of X.509 general names. *//*from w ww . j av a 2s .co m*/ public static List<X509GeneralName> getX509GeneralNames(GeneralNames genNames) { if (genNames == null) { return null; } GeneralName[] names = genNames.getNames(); List<X509GeneralName> x509names = new ArrayList<X509GeneralName>(names.length); for (GeneralName name : names) { switch (name.getTagNo()) { case GeneralName.rfc822Name: x509names.add(new X509Rfc822Name(name)); break; case GeneralName.dNSName: x509names.add(new X509DnsName(name)); break; case GeneralName.directoryName: x509names.add(new X509DirectoryName(name)); break; case GeneralName.uniformResourceIdentifier: x509names.add(new X509URI(name)); break; case GeneralName.iPAddress: x509names.add(new X509IpAddress(name)); break; default: x509names.add(new X509GenericName(name)); break; } } return x509names; }
From source file:org.xwiki.crypto.pkix.params.x509certificate.extension.X509URI.java
License:Open Source License
/** * Create a new instance from a Bouncy Castle general name. * * @param name the Bouncy Castle general name. *//* www .j av a2 s . co m*/ public X509URI(GeneralName name) { this(DERIA5String.getInstance(name.getName()).getString()); if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { throw new IllegalArgumentException("Incompatible general name: " + name.getTagNo()); } }
From source file:org.xwiki.crypto.pkix.params.x509certificate.extension.X509URI.java
License:Open Source License
@Override public GeneralName getGeneralName() { return new GeneralName(GeneralName.uniformResourceIdentifier, this.str); }
From source file:org.xwiki.crypto.x509.internal.X509Keymaker.java
License:Open Source License
/** * Create a new X509 client certificate. * * @param forCert the public key which will be embedded in the certificate, whoever has the matching private key * "owns" the certificate. * @param toSignWith the private key in this pair will be used to sign the certificate. * @param daysOfValidity number of days the cert should be valid for. * @param nonRepudiable this should only be true if the private key is not stored on the server. * @param webId the URI to put as the alternative name (for FOAFSSL webId compatibility) * @param userName a String representation of the name of the user getting the certificate. * @return a new X509 certificate.//from www.j a v a 2 s . co m * @throws GeneralSecurityException if something goes wrong. */ public synchronized X509Certificate makeClientCertificate(final PublicKey forCert, final KeyPair toSignWith, final int daysOfValidity, final boolean nonRepudiable, final String webId, final String userName) throws GeneralSecurityException { try { // the UID (same for issuer since this certificate confers no authority) final X509Name dName = new X509Name("UID=" + userName); this.prepareGenericCertificate(forCert, daysOfValidity, dName, dName); // Not a CA certGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); // Client cert certGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslClient | NetscapeCertType.smime)); // Key Usage extension. int keyUsage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement; if (nonRepudiable) { keyUsage |= KeyUsage.nonRepudiation; } certGenerator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(keyUsage)); // Set the authority key identifier to be the CA key which we are using. certGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(toSignWith.getPublic())); // FOAFSSL compatibility. final GeneralNames subjectAltNames = new GeneralNames( new GeneralName(GeneralName.uniformResourceIdentifier, webId)); certGenerator.addExtension(X509Extensions.SubjectAlternativeName, true, subjectAltNames); return this.generate(toSignWith); } finally { // Clean up after ourselves so that it is more difficult to try to extract private keys from the heap. this.certGenerator.reset(); } }