Example usage for org.bouncycastle.asn1.x509 X509Extension issuerAlternativeName

List of usage examples for org.bouncycastle.asn1.x509 X509Extension issuerAlternativeName

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. X509Extension
  6. issuerAlternativeName

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 X509Extension issuerAlternativeName.

Prototype

ASN1ObjectIdentifier issuerAlternativeName

To view the source code for org.bouncycastle.asn1.x509 X509Extension issuerAlternativeName.

Click Source Link

Document

Issuer Alternative Name

Usage

From source file:org.globus.gsi.trustmanager.X509ProxyCertPathValidator.java

License:Apache License

@SuppressWarnings("unused")
protected void checkProxyConstraints(TBSCertificateStructure proxy, TBSCertificateStructure issuer,
        X509Certificate checkedProxy) throws CertPathValidatorException, IOException {

    X509Extensions extensions;/*from   www.  jav a  2  s. com*/
    ASN1ObjectIdentifier oid;
    X509Extension proxyExtension;

    X509Extension proxyKeyUsage = null;

    extensions = proxy.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            oid = (ASN1ObjectIdentifier) e.nextElement();
            proxyExtension = extensions.getExtension(oid);
            if (oid.equals(X509Extension.subjectAlternativeName)
                    || oid.equals(X509Extension.issuerAlternativeName)) {
                // No Alt name extensions - 3.2 & 3.5
                throw new CertPathValidatorException("Proxy violation: no Subject or Issuer Alternative Name");
            } else if (oid.equals(X509Extension.basicConstraints)) {
                // Basic Constraint must not be true - 3.8
                BasicConstraints basicExt = CertificateUtil.getBasicConstraints(proxyExtension);
                if (basicExt.isCA()) {
                    throw new CertPathValidatorException("Proxy violation: Basic Constraint CA is set to true");
                }
            } else if (oid.equals(X509Extension.keyUsage)) {
                proxyKeyUsage = proxyExtension;

                checkKeyUsage(issuer, proxyExtension);
            }
        }
    }

    extensions = issuer.getExtensions();

    if (extensions != null) {
        Enumeration e = extensions.oids();
        while (e.hasMoreElements()) {
            oid = (ASN1ObjectIdentifier) e.nextElement();
            proxyExtension = extensions.getExtension(oid);
            checkExtension(oid, proxyExtension, proxyKeyUsage);
        }
    }

}

From source file:org.xwiki.crypto.pkix.internal.extension.BcX509Extensions.java

License:Open Source License

@Override
public List<X509GeneralName> getIssuerAltName() {
    return BcExtensionUtils.getX509GeneralNames(
            GeneralNames.fromExtensions(this.extensions, X509Extension.issuerAlternativeName));
}