List of usage examples for org.bouncycastle.asn1.x509 GeneralSubtree GeneralSubtree
public GeneralSubtree(GeneralName base)
From source file:com.bettertls.nameconstraints.CertificateGenerator.java
License:Apache License
private void generateCertificatesWithNames(KeyStore rootCa, String commonName, String dnsSan, String ipSan) throws Exception { GeneralNames sans = null;/* w ww . jav a2 s. c o m*/ if (dnsSan != null || ipSan != null) { List<GeneralName> generalNames = new ArrayList<>(); if (dnsSan != null) { generalNames.add(new GeneralName(GeneralName.dNSName, dnsSan)); } if (ipSan != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipSan)); } sans = new GeneralNames(generalNames.toArray(new GeneralName[generalNames.size()])); } for (String ncIpWhitelist : new String[] { null, ipSubtree, invalidIpSubtree }) { for (String ncDnsWhitelist : new String[] { null, hostSubtree, invalidHostSubtree }) { List<GeneralSubtree> permittedWhitelist = new ArrayList<>(); if (ncIpWhitelist != null) { permittedWhitelist .add(new GeneralSubtree(new GeneralName(GeneralName.iPAddress, ncIpWhitelist))); } if (ncDnsWhitelist != null) { permittedWhitelist .add(new GeneralSubtree(new GeneralName(GeneralName.dNSName, ncDnsWhitelist))); } for (String ncIpBlacklist : new String[] { null, ipSubtree, invalidIpSubtree }) { for (String ncDnsBlacklist : new String[] { null, hostSubtree, invalidHostSubtree }) { List<GeneralSubtree> permittedBlacklist = new ArrayList<>(); if (ncIpBlacklist != null) { permittedBlacklist .add(new GeneralSubtree(new GeneralName(GeneralName.iPAddress, ncIpBlacklist))); } if (ncDnsBlacklist != null) { permittedBlacklist .add(new GeneralSubtree(new GeneralName(GeneralName.dNSName, ncDnsBlacklist))); } NameConstraints nameConstraints = null; if (permittedWhitelist.size() != 0 || permittedBlacklist.size() != 0) { nameConstraints = new NameConstraints( permittedWhitelist.size() == 0 ? null : permittedWhitelist .toArray(new GeneralSubtree[permittedWhitelist.size()]), permittedBlacklist.size() == 0 ? null : permittedBlacklist .toArray(new GeneralSubtree[permittedBlacklist.size()])); } System.out.println("Generating certificate " + nextCertId + "..."); writeCertificateSet(makeTree(nextCertId, rootCa, nameConstraints, commonName, sans), outputDir, Integer.toString(nextCertId)); // Build a manifest JSON entry for the certificate JSONArray manifestSans = new JSONArray(); if (dnsSan != null) { manifestSans.put(dnsSan); } if (ipSan != null) { manifestSans.put(ipSan); } JSONObject manifestNcs = new JSONObject(); JSONArray manifestNcWhitelist = new JSONArray(); if (ncDnsWhitelist != null) { manifestNcWhitelist.put(ncDnsWhitelist); } if (ncIpWhitelist != null) { manifestNcWhitelist.put(ncIpWhitelist); } JSONArray manifestNcBlacklist = new JSONArray(); if (ncDnsBlacklist != null) { manifestNcBlacklist.put(ncDnsBlacklist); } if (ncIpBlacklist != null) { manifestNcBlacklist.put(ncIpBlacklist); } manifestNcs.put("whitelist", manifestNcWhitelist); manifestNcs.put("blacklist", manifestNcBlacklist); certManifest.put(new JSONObject().put("id", nextCertId).put("commonName", commonName) .put("sans", manifestSans).put("nameConstraints", manifestNcs)); nextCertId += 1; } } } } }
From source file:org.cesecore.certificates.certificate.certextensions.standard.NameConstraint.java
License:Open Source License
/** * Converts a list of encoded strings of Name Constraints into ASN1 GeneralSubtree objects. * This is needed when creating an BouncyCastle ASN1 NameConstraint object for inclusion * in a certificate./*from w ww. j ava 2 s . co m*/ */ public static GeneralSubtree[] toGeneralSubtrees(List<String> list) { if (list == null) { return new GeneralSubtree[0]; } GeneralSubtree[] ret = new GeneralSubtree[list.size()]; int i = 0; for (String entry : list) { int type = getNameConstraintType(entry); Object data = getNameConstraintData(entry); GeneralName genname; switch (type) { case GeneralName.dNSName: case GeneralName.rfc822Name: genname = new GeneralName(type, (String) data); break; case GeneralName.directoryName: genname = new GeneralName(new X500Name(CeSecoreNameStyle.INSTANCE, (String) data)); break; case GeneralName.iPAddress: genname = new GeneralName(type, new DEROctetString((byte[]) data)); break; default: throw new UnsupportedOperationException( "Encoding of name constraint type " + type + " is not implemented."); } ret[i++] = new GeneralSubtree(genname); } return ret; }
From source file:org.glite.security.util.proxy.ProxyRestrictionData.java
License:Apache License
/** * This method copies the contents of a generalSubtrees sequence into the given vector. Static to protect the * internal data structures from access. * //from w w w . j a va 2s .c o m * @param subSeq the subsequence to copy. * @param vector The target to copy the parsed GeneralSubtree objects. */ private static void copyCondSequenceToVector(DERSequence subSeq, Vector<GeneralSubtree> vector) { Enumeration<DERObject> subTreeEnum = subSeq.getObjects(); while (subTreeEnum.hasMoreElements()) { DERObject object = subTreeEnum.nextElement(); vector.add(new GeneralSubtree((ASN1Sequence) object)); } }