Java Code Examples for org.bouncycastle.asn1.x509.GeneralName#getTagNo()
The following examples show how to use
org.bouncycastle.asn1.x509.GeneralName#getTagNo() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TlsHelperTest.java From localization_nifi with Apache License 2.0 | 6 votes |
|
private List<String> extractSanFromCsr(JcaPKCS10CertificationRequest csr) {
List<String> sans = new ArrayList<>();
Attribute[] certAttributes = csr.getAttributes();
for (Attribute attribute : certAttributes) {
if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
GeneralName[] names = gns.getNames();
for (GeneralName name : names) {
logger.info("Type: " + name.getTagNo() + " | Name: " + name.getName());
String title = "";
if (name.getTagNo() == GeneralName.dNSName) {
title = "DNS";
} else if (name.getTagNo() == GeneralName.iPAddress) {
title = "IP Address";
// name.toASN1Primitive();
} else if (name.getTagNo() == GeneralName.otherName) {
title = "Other Name";
}
sans.add(title + ": " + name.getName());
}
}
}
return sans;
}
Example 2
| Source File: TlsHelperTest.java From nifi with Apache License 2.0 | 6 votes |
|
private List<String> extractSanFromCsr(JcaPKCS10CertificationRequest csr) {
List<String> sans = new ArrayList<>();
Attribute[] certAttributes = csr.getAttributes();
for (Attribute attribute : certAttributes) {
if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
GeneralName[] names = gns.getNames();
for (GeneralName name : names) {
logger.info("Type: " + name.getTagNo() + " | Name: " + name.getName());
String title = "";
if (name.getTagNo() == GeneralName.dNSName) {
title = "DNS";
} else if (name.getTagNo() == GeneralName.iPAddress) {
title = "IP Address";
// name.toASN1Primitive();
} else if (name.getTagNo() == GeneralName.otherName) {
title = "Other Name";
}
sans.add(title + ": " + name.getName());
}
}
}
return sans;
}
Example 3
| Source File: SubjectAlternativeName.java From vespa with Apache License 2.0 | 6 votes |
|
private String getValue(GeneralName bcGeneralName) {
ASN1Encodable name = bcGeneralName.getName();
switch (bcGeneralName.getTagNo()) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
return DERIA5String.getInstance(name).getString();
case GeneralName.directoryName:
return X500Name.getInstance(name).toString();
case GeneralName.iPAddress:
byte[] octets = DEROctetString.getInstance(name.toASN1Primitive()).getOctets();
try {
return InetAddress.getByAddress(octets).getHostAddress();
} catch (UnknownHostException e) {
// Only thrown if IP address is of invalid length, which is an illegal argument
throw new IllegalArgumentException(e);
}
default:
return name.toString();
}
}
Example 4
| Source File: Crypto.java From athenz with Apache License 2.0 | 6 votes |
|
public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest certReq) {
List<String> ipAddresses = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
///CLOVER:OFF
if (gns == null) {
continue;
}
///CLOVER:ON
for (GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.iPAddress) {
try {
InetAddress addr = InetAddress.getByAddress(((DEROctetString) name.getName()).getOctets());
ipAddresses.add(addr.getHostAddress());
} catch (UnknownHostException ignored) {
}
}
}
}
}
return ipAddresses;
}
Example 5
| Source File: CmpResponder.java From xipki with Apache License 2.0 | 6 votes |
|
@Override
protected boolean intendsMe(GeneralName requestRecipient) {
if (requestRecipient == null) {
return false;
}
if (getSender().equals(requestRecipient)) {
return true;
}
if (requestRecipient.getTagNo() == GeneralName.directoryName) {
X500Name x500Name = X500Name.getInstance(requestRecipient.getName());
if (x500Name.equals(caManager.getSignerWrapper(getResponderName()).getSubject())) {
return true;
}
}
return false;
}
Example 6
| Source File: Actions.java From xipki with Apache License 2.0 | 6 votes |
|
public static List<String> extractOcspUrls(AuthorityInformationAccess aia)
throws CertificateEncodingException {
AccessDescription[] accessDescriptions = aia.getAccessDescriptions();
List<AccessDescription> ocspAccessDescriptions = new LinkedList<>();
for (AccessDescription accessDescription : accessDescriptions) {
if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
ocspAccessDescriptions.add(accessDescription);
}
}
final int n = ocspAccessDescriptions.size();
List<String> ocspUris = new ArrayList<>(n);
for (int i = 0; i < n; i++) {
GeneralName accessLocation = ocspAccessDescriptions.get(i).getAccessLocation();
if (accessLocation.getTagNo() == GeneralName.uniformResourceIdentifier) {
String ocspUri = ((ASN1String) accessLocation.getName()).getString();
ocspUris.add(ocspUri);
}
}
return ocspUris;
}
Example 7
| Source File: SubjectAlternativeNameImpl.java From SecuritySample with Apache License 2.0 | 5 votes |
|
public SubjectAlternativeNameImpl(X509Certificate cert) throws IOException {
DNSNames = new ArrayList<>();
byte[] extVal = cert.getExtensionValue(Extension.subjectAlternativeName.getId());
if (extVal == null)
return;
GeneralNames gn = GeneralNames.getInstance(X509ExtensionUtil.fromExtensionValue(extVal));
GeneralName[] names = gn.getNames();
for (GeneralName name : names) {
if (name.getTagNo() == GeneralName.dNSName) {
String dns = name.getName().toString();
DNSNames.add(dns);
}
}
}
Example 8
| Source File: BaseCmpResponder.java From xipki with Apache License 2.0 | 5 votes |
|
private static X500Name getX500Sender(PKIHeader reqHeader) {
GeneralName requestSender = reqHeader.getSender();
if (requestSender.getTagNo() != GeneralName.directoryName) {
return null;
}
return (X500Name) requestSender.getName();
}
Example 9
| Source File: OCSPCertificateVerifier.java From oxAuth with MIT License | 5 votes |
|
@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
} catch (IOException ex) {
log.error("Failed to get OCSP URL", ex);
return null;
}
if (obj == null) {
return null;
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
for (AccessDescription accessDescription : accessDescriptions) {
boolean correctAccessMethod = accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.ocspAccessMethod);
if (!correctAccessMethod) {
continue;
}
GeneralName name = accessDescription.getAccessLocation();
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
return null;
}
Example 10
| Source File: CRLCertificateVerifier.java From oxAuth with MIT License | 5 votes |
|
public String getCrlUri(X509Certificate certificate) throws IOException {
ASN1Primitive obj;
try {
obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
} catch (IOException ex) {
log.error("Failed to get CRL URL", ex);
return null;
}
if (obj == null) {
return null;
}
CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
DistributionPoint[] distributionPoints = distPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName distributionPointName = distributionPoint.getDistributionPoint();
if (DistributionPointName.FULL_NAME != distributionPointName.getType()) {
continue;
}
GeneralNames generalNames = (GeneralNames) distributionPointName.getName();
GeneralName[] names = generalNames.getNames();
for (GeneralName name : names) {
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
}
return null;
}
Example 11
| Source File: DSSASN1Utils.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
private static String parseGn(GeneralName gn) {
try {
if (GeneralName.uniformResourceIdentifier == gn.getTagNo()) {
ASN1String str = (ASN1String) ((DERTaggedObject) gn.toASN1Primitive()).getObject();
return str.getString();
}
} catch (Exception e) {
LOG.warn("Unable to parse GN '{}'", gn, e);
}
return null;
}
Example 12
| Source File: AbstractCRLUtils.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
private String getUrl(DistributionPointName distributionPoint) {
if ((distributionPoint != null) && (DistributionPointName.FULL_NAME == distributionPoint.getType())) {
final GeneralNames generalNames = (GeneralNames) distributionPoint.getName();
if ((generalNames != null) && (generalNames.getNames() != null && generalNames.getNames().length > 0)) {
for (GeneralName generalName : generalNames.getNames()) {
if (GeneralName.uniformResourceIdentifier == generalName.getTagNo()) {
ASN1String str = (ASN1String) ((DERTaggedObject) generalName.toASN1Primitive()).getObject();
return str.getString();
}
}
}
}
return null;
}
Example 13
| Source File: Crypto.java From athenz with Apache License 2.0 | 5 votes |
|
private static List<String> extractX509CSRSANField(PKCS10CertificationRequest certReq, int tagNo) {
List<String> values = new ArrayList<>();
Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
for (Attribute attribute : attributes) {
for (ASN1Encodable value : attribute.getAttributeValues()) {
Extensions extensions = Extensions.getInstance(value);
GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
///CLOVER:OFF
if (gns == null) {
continue;
}
///CLOVER:ON
for (GeneralName name : gns.getNames()) {
// GeneralName ::= CHOICE {
// otherName [0] OtherName,
// rfc822Name [1] IA5String,
// dNSName [2] IA5String,
// x400Address [3] ORAddress,
// directoryName [4] Name,
// ediPartyName [5] EDIPartyName,
// uniformResourceIdentifier [6] IA5String,
// iPAddress [7] OCTET STRING,
// registeredID [8] OBJECT IDENTIFIER}
if (name.getTagNo() == tagNo) {
values.add(((DERIA5String) name.getName()).getString());
}
}
}
}
return values;
}
Example 14
| Source File: BasicCertificate.java From signer with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
*
* @return A list of ulrs that inform the location of the certificate revocation lists
* @throws IOException exception
*/
public List<String> getCRLDistributionPoint() throws IOException {
List<String> crlUrls = new ArrayList<>();
ASN1Primitive primitive = getExtensionValue(Extension.cRLDistributionPoints.getId());
if (primitive == null) {
return null;
}
CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(primitive);
DistributionPoint[] distributionPoints = crlDistPoint.getDistributionPoints();
for (DistributionPoint distributionPoint : distributionPoints) {
DistributionPointName dpn = distributionPoint.getDistributionPoint();
// Look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
for (GeneralName genName : genNames) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(genName.getName()).getString();
crlUrls.add(url);
logger.info("Adicionando a url {}", url);
}
}
}
}
}
return crlUrls;
}
Example 15
| Source File: ExtensionsChecker.java From xipki with Apache License 2.0 | 4 votes |
|
private void checkExtnCrlDistributionPoints(StringBuilder failureMsg,
byte[] extensionValue, IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints",
asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames =
GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of CRL URL", name.getTagNo(),
GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNotEmpty(diffs)) {
failureMsg.append("CRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNotEmpty(diffs)) {
failureMsg.append("CRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
Example 16
| Source File: ExtensionsChecker.java From xipki with Apache License 2.0 | 4 votes |
|
private void checkExtnDeltaCrlDistributionPoints(StringBuilder failureMsg,
byte[] extensionValue, IssuerInfo issuerInfo) {
CRLDistPoint isCrlDistPoints = CRLDistPoint.getInstance(extensionValue);
DistributionPoint[] isDistributionPoints = isCrlDistPoints.getDistributionPoints();
if (isDistributionPoints == null) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", 0, 1);
return;
} else {
int len = isDistributionPoints.length;
if (len != 1) {
addViolation(failureMsg, "size of CRLDistributionPoints (deltaCRL)", len, 1);
return;
}
}
Set<String> isCrlUrls = new HashSet<>();
for (DistributionPoint entry : isDistributionPoints) {
int asn1Type = entry.getDistributionPoint().getType();
if (asn1Type != DistributionPointName.FULL_NAME) {
addViolation(failureMsg, "tag of DistributionPointName of CRLDistibutionPoints (deltaCRL)",
asn1Type, DistributionPointName.FULL_NAME);
continue;
}
GeneralNames isDistributionPointNames =
GeneralNames.getInstance(entry.getDistributionPoint().getName());
GeneralName[] names = isDistributionPointNames.getNames();
for (int i = 0; i < names.length; i++) {
GeneralName name = names[i];
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of deltaCRL URL", name.getTagNo(),
GeneralName.uniformResourceIdentifier);
} else {
String uri = ((ASN1String) name.getName()).getString();
isCrlUrls.add(uri);
}
}
Set<String> expCrlUrls = issuerInfo.getCrlUrls();
Set<String> diffs = strInBnotInA(expCrlUrls, isCrlUrls);
if (CollectionUtil.isNotEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are present but not expected; ");
}
diffs = strInBnotInA(isCrlUrls, expCrlUrls);
if (CollectionUtil.isNotEmpty(diffs)) {
failureMsg.append("deltaCRL URLs ").append(diffs).append(" are absent but are required; ");
}
}
}
Example 17
| Source File: ExtensionsChecker.java From xipki with Apache License 2.0 | 4 votes |
|
private static void checkAia(StringBuilder failureMsg, AuthorityInformationAccess aia,
ASN1ObjectIdentifier accessMethod, Set<String> expectedUris) {
String typeDesc;
if (X509ObjectIdentifiers.id_ad_ocsp.equals(accessMethod)) {
typeDesc = "OCSP";
} else if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessMethod)) {
typeDesc = "caIssuer";
} else {
typeDesc = accessMethod.getId();
}
List<AccessDescription> isAccessDescriptions = new LinkedList<>();
for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
if (accessMethod.equals(accessDescription.getAccessMethod())) {
isAccessDescriptions.add(accessDescription);
}
}
int size = isAccessDescriptions.size();
if (size != expectedUris.size()) {
addViolation(failureMsg, "number of AIA " + typeDesc + " URIs", size, expectedUris.size());
return;
}
Set<String> isUris = new HashSet<>();
for (int i = 0; i < size; i++) {
GeneralName isAccessLocation = isAccessDescriptions.get(i).getAccessLocation();
if (isAccessLocation.getTagNo() != GeneralName.uniformResourceIdentifier) {
addViolation(failureMsg, "tag of accessLocation of AIA ",
isAccessLocation.getTagNo(), GeneralName.uniformResourceIdentifier);
} else {
String isOcspUri = ((ASN1String) isAccessLocation.getName()).getString();
isUris.add(isOcspUri);
}
}
Set<String> diffs = strInBnotInA(expectedUris, isUris);
if (CollectionUtil.isNotEmpty(diffs)) {
failureMsg.append(typeDesc).append(" URIs ").append(diffs);
failureMsg.append(" are present but not expected; ");
}
diffs = strInBnotInA(isUris, expectedUris);
if (CollectionUtil.isNotEmpty(diffs)) {
failureMsg.append(typeDesc).append(" URIs ").append(diffs);
failureMsg.append(" are absent but are required; ");
}
}
Example 18
| Source File: DGeneralNameChooser.java From keystore-explorer with GNU General Public License v3.0 | 4 votes |
|
private void populate(GeneralName generalName) {
if (generalName == null) {
jrbDirectoryName.setSelected(true);
} else {
switch (generalName.getTagNo()) {
case GeneralName.directoryName: {
jrbDirectoryName.setSelected(true);
jdnDirectoryName.setDistinguishedName((X500Name) generalName.getName());
break;
}
case GeneralName.dNSName: {
jrbDnsName.setSelected(true);
jtfDnsName.setText(((DERIA5String) generalName.getName()).getString());
break;
}
case GeneralName.iPAddress: {
jrbIpAddress.setSelected(true);
byte[] ipAddressBytes = ((ASN1OctetString) generalName.getName()).getOctets();
try {
jtfIpAddress.setText(InetAddress.getByAddress(ipAddressBytes).getHostAddress());
} catch (UnknownHostException e) {
// cannot happen here because user input was checked for validity
}
break;
}
case GeneralName.registeredID: {
jrbRegisteredId.setSelected(true);
joiRegisteredId.setObjectId((ASN1ObjectIdentifier) generalName.getName());
break;
}
case GeneralName.rfc822Name: {
jrbRfc822Name.setSelected(true);
jtfRfc822Name.setText(((DERIA5String) generalName.getName()).getString());
break;
}
case GeneralName.uniformResourceIdentifier: {
jrbUniformResourceIdentifier.setSelected(true);
jtfUniformResourceIdentifier.setText(((DERIA5String) generalName.getName()).getString());
break;
}
case GeneralName.otherName: {
jrbPrincipalName.setSelected(true);
// we currently only support UPN in otherName
jtfPrincipalName.setText(GeneralNameUtil.parseUPN(generalName));
break;
}
}
}
}
Example 19
| Source File: RootCAProvider.java From cloudstack with Apache License 2.0 | 4 votes |
|
private Certificate generateCertificateUsingCsr(final String csr, final List<String> names, final List<String> ips, final int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, CertificateException, SignatureException, IOException, OperatorCreationException {
final List<String> dnsNames = new ArrayList<>();
final List<String> ipAddresses = new ArrayList<>();
if (names != null) {
dnsNames.addAll(names);
}
if (ips != null) {
ipAddresses.addAll(ips);
}
PemObject pemObject = null;
try {
final PemReader pemReader = new PemReader(new StringReader(csr));
pemObject = pemReader.readPemObject();
} catch (IOException e) {
LOG.error("Failed to read provided CSR string as a PEM object", e);
}
if (pemObject == null) {
throw new CloudRuntimeException("Unable to read/process CSR: " + csr);
}
final JcaPKCS10CertificationRequest request = new JcaPKCS10CertificationRequest(pemObject.getContent());
final String subject = request.getSubject().toString();
for (final Attribute attribute : request.getAttributes()) {
if (attribute == null) {
continue;
}
if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
final Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
final GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
if (gns != null && gns.getNames() != null && gns.getNames().length > 0) {
for (final GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.dNSName) {
dnsNames.add(name.getName().toString());
}
if (name.getTagNo() == GeneralName.iPAddress) {
final InetAddress address = InetAddress.getByAddress(DatatypeConverter.parseHexBinary(name.getName().toString().substring(1)));
ipAddresses.add(address.toString().replace("/", ""));
}
}
}
}
}
final X509Certificate clientCertificate = CertUtils.generateV3Certificate(
caCertificate, caKeyPair, request.getPublicKey(),
subject, CAManager.CertSignatureAlgorithm.value(),
validityDays, dnsNames, ipAddresses);
return new Certificate(clientCertificate, null, Collections.singletonList(caCertificate));
}
