Java Code Examples for org.bouncycastle.asn1.x509.GeneralName#directoryName()

The following examples show how to use org.bouncycastle.asn1.x509.GeneralName#directoryName() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SubjectAlternativeName.java    From vespa with Apache License 2.0 6 votes vote down vote up
private String getValue(GeneralName bcGeneralName) {
    ASN1Encodable name = bcGeneralName.getName();
    switch (bcGeneralName.getTagNo()) {
        case GeneralName.rfc822Name:
        case GeneralName.dNSName:
        case GeneralName.uniformResourceIdentifier:
            return DERIA5String.getInstance(name).getString();
        case GeneralName.directoryName:
            return X500Name.getInstance(name).toString();
        case GeneralName.iPAddress:
            byte[] octets = DEROctetString.getInstance(name.toASN1Primitive()).getOctets();
            try {
                return InetAddress.getByAddress(octets).getHostAddress();
            } catch (UnknownHostException e) {
                // Only thrown if IP address is of invalid length, which is an illegal argument
                throw new IllegalArgumentException(e);
            }
        default:
            return name.toString();
    }
}
 
Example 2
Source File: DAuthorityKeyIdentifier.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up
private void prepopulateWithAuthorityCertDetails(X500Name authorityCertName, BigInteger authorityCertSerialNumber) {
	if (authorityCertName != null) {
		try {
			GeneralName generalName = new GeneralName(GeneralName.directoryName, authorityCertName);
			GeneralNames generalNames = new GeneralNames(generalName);

			jgnAuthorityCertIssuer.setGeneralNames(generalNames);
		} catch (Exception e) {
			DError.displayError(this, e);
			return;
		}
	}

	if (authorityCertSerialNumber != null) {
		jtfAuthorityCertSerialNumber.setText("" + authorityCertSerialNumber.toString());
		jtfAuthorityCertSerialNumber.setCaretPosition(0);
	}
}
 
Example 3
Source File: CmpResponder.java    From xipki with Apache License 2.0 6 votes vote down vote up
@Override
protected boolean intendsMe(GeneralName requestRecipient) {
  if (requestRecipient == null) {
    return false;
  }

  if (getSender().equals(requestRecipient)) {
    return true;
  }

  if (requestRecipient.getTagNo() == GeneralName.directoryName) {
    X500Name x500Name = X500Name.getInstance(requestRecipient.getName());
    if (x500Name.equals(caManager.getSignerWrapper(getResponderName()).getSubject())) {
      return true;
    }
  }

  return false;
}
 
Example 4
Source File: BaseCmpResponder.java    From xipki with Apache License 2.0 5 votes vote down vote up
private static X500Name getX500Sender(PKIHeader reqHeader) {
  GeneralName requestSender = reqHeader.getSender();
  if (requestSender.getTagNo() != GeneralName.directoryName) {
    return null;
  }

  return (X500Name) requestSender.getName();
}
 
Example 5
Source File: DGeneralNameChooser.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up
private void populate(GeneralName generalName) {
	if (generalName == null) {
		jrbDirectoryName.setSelected(true);
	} else {
		switch (generalName.getTagNo()) {
		case GeneralName.directoryName: {
			jrbDirectoryName.setSelected(true);
			jdnDirectoryName.setDistinguishedName((X500Name) generalName.getName());
			break;
		}
		case GeneralName.dNSName: {
			jrbDnsName.setSelected(true);
			jtfDnsName.setText(((DERIA5String) generalName.getName()).getString());
			break;
		}
		case GeneralName.iPAddress: {
			jrbIpAddress.setSelected(true);
			byte[] ipAddressBytes = ((ASN1OctetString) generalName.getName()).getOctets();
			try {
				jtfIpAddress.setText(InetAddress.getByAddress(ipAddressBytes).getHostAddress());
			} catch (UnknownHostException e) {
				// cannot happen here because user input was checked for validity
			}
			break;
		}
		case GeneralName.registeredID: {
			jrbRegisteredId.setSelected(true);
			joiRegisteredId.setObjectId((ASN1ObjectIdentifier) generalName.getName());
			break;
		}
		case GeneralName.rfc822Name: {
			jrbRfc822Name.setSelected(true);
			jtfRfc822Name.setText(((DERIA5String) generalName.getName()).getString());
			break;
		}
		case GeneralName.uniformResourceIdentifier: {
			jrbUniformResourceIdentifier.setSelected(true);
			jtfUniformResourceIdentifier.setText(((DERIA5String) generalName.getName()).getString());
			break;
		}
		case GeneralName.otherName: {
			jrbPrincipalName.setSelected(true);
			// we currently only support UPN in otherName
			jtfPrincipalName.setText(GeneralNameUtil.parseUPN(generalName));
			break;
		}
		}
	}
}
 
Example 6
Source File: CmpAgent.java    From xipki with Apache License 2.0 4 votes vote down vote up
private ProtectionVerificationResult verifyProtection(String tid, GeneralPKIMessage pkiMessage)
    throws CMPException, InvalidKeyException, OperatorCreationException {
  ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage);

  PKIHeader header = protectedMsg.getHeader();

  if (requestor instanceof Requestor.PbmMacCmpRequestor) {
    if (!protectedMsg.hasPasswordBasedMacProtection()) {
      LOG.warn("NOT_MAC_BASED: {}",
          pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
      return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }

    Responder.PbmMacCmpResponder macResponder = (Responder.PbmMacCmpResponder) responder;
    PBMParameter parameter =
        PBMParameter.getInstance(pkiMessage.getHeader().getProtectionAlg().getParameters());
    AlgorithmIdentifier algId = parameter.getOwf();
    if (!macResponder.isPbmOwfPermitted(algId)) {
      LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.owf: {})", algId.getAlgorithm().getId());
      return new ProtectionVerificationResult(null, ProtectionResult.MAC_ALGO_FORBIDDEN);
    }

    algId = parameter.getMac();
    if (!macResponder.isPbmMacPermitted(algId)) {
      LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.mac: {})", algId.getAlgorithm().getId());
      return new ProtectionVerificationResult(null, ProtectionResult.MAC_ALGO_FORBIDDEN);
    }

    Requestor.PbmMacCmpRequestor macRequestor = (Requestor.PbmMacCmpRequestor) requestor;
    PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator());

    boolean macValid = protectedMsg.verify(pkMacBuilder, macRequestor.getPassword());
    return new ProtectionVerificationResult(requestor,
        macValid ? ProtectionResult.MAC_VALID : ProtectionResult.MAC_INVALID);
  } else {
    if (protectedMsg.hasPasswordBasedMacProtection()) {
      LOG.warn("NOT_SIGNATURE_BASED: {}",
          pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
      return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }

    if (recipientName != null) {
      boolean authorizedResponder = true;
      if (header.getSender().getTagNo() != GeneralName.directoryName) {
        authorizedResponder = false;
      } else {
        X500Name msgSender = X500Name.getInstance(header.getSender().getName());
        authorizedResponder = recipientName.equals(msgSender);
      }

      if (!authorizedResponder) {
        LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender());
        return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
      }
    }

    Responder.SignaturetCmpResponder sigResponder =
        (Responder.SignaturetCmpResponder) responder;
    AlgorithmIdentifier protectionAlgo = protectedMsg.getHeader().getProtectionAlg();
    if (!sigResponder.getSigAlgoValidator().isAlgorithmPermitted(protectionAlgo)) {
      String algoName;
      try {
        algoName = AlgorithmUtil.getSignatureAlgoName(protectionAlgo);
      } catch (NoSuchAlgorithmException ex) {
        algoName = protectionAlgo.getAlgorithm().getId();
      }
      LOG.warn("tid={}: response protected by untrusted protection algorithm '{}'",
          tid, algoName);
      return new ProtectionVerificationResult(null, ProtectionResult.SIGNATURE_INVALID);
    }

    X509Cert cert = sigResponder.getCert();
    ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(cert);
    if (verifierProvider == null) {
      LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender());
      return new ProtectionVerificationResult(cert, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }

    boolean signatureValid = protectedMsg.verify(verifierProvider);
    return new ProtectionVerificationResult(cert, signatureValid
        ? ProtectionResult.SIGNATURE_VALID : ProtectionResult.SIGNATURE_INVALID);
  }
}
 
Example 7
Source File: XiOCSPReqBuilder.java    From xipki with Apache License 2.0 2 votes vote down vote up
/**
 * Set the requestor name to the passed in X500Name.
 *
 * @param requestorName an X500Name representing the requestor name.
 * @return a reference to this object.
 */
public XiOCSPReqBuilder setRequestorName(X500Name requestorName) {
  this.requestorName = new GeneralName(GeneralName.directoryName, requestorName);

  return this;
}