List of usage examples for org.bouncycastle.asn1.x509 KeyUsage hasUsages
public boolean hasUsages(int usages)
From source file:org.tdmx.client.crypto.certificate.PKIXCertificate.java
License:Open Source License
public boolean isTdmxZoneAdminCertificate() { // critical basicConstraints CA=true, max path length=1 boolean caConstrained = isCA() && 1 == getCAPathLengthConstraint(); if (!caConstrained) { return false; }//w w w . ja v a 2 s.c o m // keyusage keyCertSign + digitalSignature KeyUsage ku = getKeyUsage(); if (ku == null) { return false; } if (!ku.hasUsages(KeyUsage.keyCertSign | KeyUsage.digitalSignature)) { return false; } // is self signed, ie. subject == issuer String subjectName = getSubject(); String issuerName = getIssuer(); if (subjectName == null || issuerName == null || !subjectName.equals(issuerName)) { return false; } // TODO subjectKey == issuerKey identifiers TdmxZoneInfo zi = getTdmxZoneInfo(); if (zi == null || !StringUtils.isLowerCase(zi.getZoneRoot())) { return false; } // critical nameConstraint where subject(-DN)==namecontraint subtree X500Name snc = getSubjectNameConstraint(); if (snc != null) { if (getCountry() != null) { String c = getFirstRDN(snc, BCStyle.C); if (!getCountry().equals(c)) { return false; } } if (getLocation() != null) { String l = getFirstRDN(snc, BCStyle.L); if (!getLocation().equals(l)) { return false; } } if (getOrganization() != null) { String o = getFirstRDN(snc, BCStyle.O); if (!getOrganization().equals(o)) { return false; } } if (getOrgUnit() != null) { String ou = getFirstRDN(snc, BCStyle.OU); if (!getOrgUnit().equals(ou)) { return false; } } String tdmxOU = getLastRDN(snc, BCStyle.OU); if (!CredentialUtils.TDMX_DOMAIN_CA_OU.equals(tdmxOU)) { return false; } return true; } return false; }
From source file:org.tdmx.client.crypto.certificate.PKIXCertificate.java
License:Open Source License
public boolean isTdmxDomainAdminCertificate() { // critical basicConstraints CA=true, max path length=1 boolean caConstrained = isCA() && 0 == getCAPathLengthConstraint(); if (!caConstrained) { return false; }/*from ww w .ja va 2s . c o m*/ // keyusage keyCertSign + digitalSignature KeyUsage ku = getKeyUsage(); if (ku == null) { return false; } if (!ku.hasUsages(KeyUsage.keyCertSign | KeyUsage.digitalSignature)) { return false; } // domain cert is NOT self signed, ie. subject != issuer String subjectName = getSubject(); String issuerName = getIssuer(); if (subjectName == null || issuerName == null || subjectName.equals(issuerName)) { return false; } // TODO subjectKey identifiers present // TODO issuerKey identifiers present TdmxZoneInfo zi = getTdmxZoneInfo(); if (zi == null || !StringUtils.isLowerCase(zi.getZoneRoot())) { return false; } if (getCommonName() == null || !StringUtils.isLowerCase(getCommonName())) { return false; } if (!getCommonName().equals(zi.getZoneRoot()) && !getCommonName().endsWith("." + zi.getZoneRoot())) { // domain is subdomain of zone root return false; } // critical nameConstraint where subject(-DN)==namecontraint subtree X500Name snc = getSubjectNameConstraint(); if (snc != null) { if (getCountry() != null) { String c = getFirstRDN(snc, BCStyle.C); if (!getCountry().equals(c)) { return false; } } if (getLocation() != null) { String l = getFirstRDN(snc, BCStyle.L); if (!getLocation().equals(l)) { return false; } } if (getOrganization() != null) { String o = getFirstRDN(snc, BCStyle.O); if (!getOrganization().equals(o)) { return false; } } if (getOrgUnit() != null) { String ou = getFirstRDN(snc, BCStyle.OU); if (!getOrgUnit().equals(ou)) { return false; } } String tdmxOU = getSecondLastRDN(snc, BCStyle.OU); if (!CredentialUtils.TDMX_DOMAIN_CA_OU.equals(tdmxOU)) { return false; } String domainOU = getLastRDN(snc, BCStyle.OU); if (!getCommonName().equals(domainOU)) { return false; } return true; } return false; }
From source file:org.tdmx.client.crypto.certificate.PKIXCertificate.java
License:Open Source License
public boolean isTdmxUserCertificate() { // critical basicConstraints CA=true, max path length=1 if (isCA()) { return false; }/*from w w w. j av a 2s .co m*/ // keyusage keyCertSign + digitalSignature KeyUsage ku = getKeyUsage(); if (ku == null) { return false; } if (!ku.hasUsages(KeyUsage.keyEncipherment | KeyUsage.digitalSignature | KeyUsage.nonRepudiation)) { return false; } // domain cert is NOT self signed, ie. subject != issuer String subjectName = getSubject(); String issuerName = getIssuer(); if (subjectName == null || issuerName == null || subjectName.equals(issuerName)) { return false; } // TODO subjectKey identifiers present // TODO issuerKey identifiers present TdmxZoneInfo zi = getTdmxZoneInfo(); if (zi == null || !StringUtils.isLowerCase(zi.getZoneRoot())) { // we must have the zone root normalized to uppercase. return false; } // Last OU is the domainName which must be uppercase too String domainName = getLastRDN(getSubjectName(), BCStyle.OU); if (domainName == null || !StringUtils.isLowerCase(domainName)) { return false; } if (!domainName.equals(zi.getZoneRoot()) && !domainName.endsWith("." + zi.getZoneRoot())) { // domain is subdomain of zone root return false; } return true; }