private boolean matchesDN(X500Principal subject, GeneralNames targets) { GeneralName[] names = targets.getNames(); for (int i = 0; i != names.length; i++) { GeneralName gn = names[i]; if (gn.getTagNo() == GeneralName.directoryName) { try { if (new X500Principal(((ASN1Encodable)gn.getName()).toASN1Primitive().getEncoded()).equals(subject)) { return true; } } catch (IOException e) { } } } return false; }
public static AccessDescription createAccessDescription(String accessMethodAndLocation) throws BadInputException { ParamUtil.requireNonNull("accessMethodAndLocation", accessMethodAndLocation); ConfPairs pairs; try { pairs = new ConfPairs(accessMethodAndLocation); } catch (IllegalArgumentException ex) { throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation); } Set<String> oids = pairs.names(); if (oids == null || oids.size() != 1) { throw new BadInputException("invalid accessMethodAndLocation " + accessMethodAndLocation); } String accessMethodS = oids.iterator().next(); String taggedValue = pairs.value(accessMethodS); ASN1ObjectIdentifier accessMethod = new ASN1ObjectIdentifier(accessMethodS); GeneralName location = createGeneralName(taggedValue); return new AccessDescription(accessMethod, location); }
private boolean matchesDN(X509Principal subject, GeneralNames targets) { GeneralName[] names = targets.getNames(); for (int i = 0; i != names.length; i++) { GeneralName gn = names[i]; if (gn.getTagNo() == GeneralName.directoryName) { try { if (new X509Principal(((ASN1Encodable)gn.getName()).toASN1Primitive() .getEncoded()).equals(subject)) { return true; } } catch (IOException e) { } } } return false; }
private Object[] getNames(GeneralName[] names) { List l = new ArrayList(names.length); for (int i = 0; i != names.length; i++) { if (names[i].getTagNo() == GeneralName.directoryName) { try { l.add(new X500Principal( ((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded())); } catch (IOException e) { throw new RuntimeException("badly formed Name object"); } } } return l.toArray(new Object[l.size()]); }
private Set extractGeneralNames(Collection names) throws IOException { if (names == null || names.isEmpty()) { return new HashSet(); } Set temp = new HashSet(); for (Iterator it = names.iterator(); it.hasNext();) { Object o = it.next(); if (o instanceof GeneralName) { temp.add(o); } else { temp.add(GeneralName.getInstance(ASN1Primitive.fromByteArray((byte[])o))); } } return temp; }
protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints) { Vector urls = new Vector(); if (crlDistPoints != null) { DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints(); for (int i = 0; i < distPoints.length; i++) { DistributionPointName dp_name = distPoints[i].getDistributionPoint(); if (dp_name.getType() == DistributionPointName.FULL_NAME) { GeneralName[] generalNames = GeneralNames.getInstance(dp_name.getName()).getNames(); for (int j = 0; j < generalNames.length; j++) { if (generalNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String url = ((DERIA5String) generalNames[j].getName()).getString(); urls.add(url); } } } } } return urls; }
protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess) { Vector urls = new Vector(); if (authInfoAccess != null) { AccessDescription[] ads = authInfoAccess.getAccessDescriptions(); for (int i = 0; i < ads.length; i++) { if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { GeneralName name = ads[i].getAccessLocation(); if (name.getTagNo() == GeneralName.uniformResourceIdentifier) { String url = ((DERIA5String) name.getName()).getString(); urls.add(url); } } } } return urls; }
private boolean matchesDN(X500Name subject, GeneralNames targets) { GeneralName[] names = targets.getNames(); for (int i = 0; i != names.length; i++) { GeneralName gn = names[i]; if (gn.getTagNo() == GeneralName.directoryName) { if (X500Name.getInstance(gn.getName()).equals(subject)) { return true; } } } return false; }
/** * Basic constructor - specify the contents of the PKIArchiveControl structure. * * @param privateKeyInfo the private key to be archived. * @param generalName the general name to be associated with the private key. */ public PKIArchiveControlBuilder(PrivateKeyInfo privateKeyInfo, GeneralName generalName) { EncKeyWithID encKeyWithID = new EncKeyWithID(privateKeyInfo, generalName); try { this.keyContent = new CMSProcessableByteArray(CRMFObjectIdentifiers.id_ct_encKeyWithID, encKeyWithID.getEncoded()); } catch (IOException e) { throw new IllegalStateException("unable to encode key and general name info"); } this.envGen = new CMSEnvelopedDataGenerator(); }
protected static void addAdditionalStoresFromAltNames( X509Certificate cert, ExtendedPKIXParameters pkixParams) throws CertificateParsingException { // if in the IssuerAltName extension an URI // is given, add an additinal X.509 store if (cert.getIssuerAlternativeNames() != null) { Iterator it = cert.getIssuerAlternativeNames().iterator(); while (it.hasNext()) { // look for URI List list = (List)it.next(); if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier))) { // found String temp = (String)list.get(1); CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams); } } } }
private EncKeyWithID(ASN1Sequence seq) { this.privKeyInfo = PrivateKeyInfo.getInstance(seq.getObjectAt(0)); if (seq.size() > 1) { if (!(seq.getObjectAt(1) instanceof DERUTF8String)) { this.identifier = GeneralName.getInstance(seq.getObjectAt(1)); } else { this.identifier = (ASN1Encodable)seq.getObjectAt(1); } } else { this.identifier = null; } }
private POPOSigningKeyInput(ASN1Sequence seq) { ASN1Encodable authInfo = (ASN1Encodable)seq.getObjectAt(0); if (authInfo instanceof ASN1TaggedObject) { ASN1TaggedObject tagObj = (ASN1TaggedObject)authInfo; if (tagObj.getTagNo() != 0) { throw new IllegalArgumentException( "Unknown authInfo tag: " + tagObj.getTagNo()); } sender = GeneralName.getInstance(tagObj.getObject()); } else { publicKeyMAC = PKMACValue.getInstance(authInfo); } publicKey = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(1)); }
public TSTInfo(ASN1ObjectIdentifier tsaPolicyId, MessageImprint messageImprint, ASN1Integer serialNumber, ASN1GeneralizedTime genTime, Accuracy accuracy, ASN1Boolean ordering, ASN1Integer nonce, GeneralName tsa, Extensions extensions) { version = new ASN1Integer(1); this.tsaPolicyId = tsaPolicyId; this.messageImprint = messageImprint; this.serialNumber = serialNumber; this.genTime = genTime; this.accuracy = accuracy; this.ordering = ordering; this.nonce = nonce; this.tsa = tsa; this.extensions = extensions; }
public CRLDistributionPointsImpl(X509Certificate cert) throws CertificateException, IOException { URINames = new ArrayList<>(); byte[] extVal = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); if (extVal == null) return; CRLDistPoint crlDistPoint = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extVal)); DistributionPoint[] points = crlDistPoint.getDistributionPoints(); for (DistributionPoint p : points) { GeneralNames tmp = p.getCRLIssuer(); if (tmp != null) { GeneralName[] crlIssers = tmp.getNames(); for (int i = 0; i < crlIssers.length; i++) { if (crlIssers[i].getTagNo() == GeneralName.uniformResourceIdentifier) { String issuerUrl = crlIssers[i].toString(); URINames.add(issuerUrl); } } } } }
/** * 动态生成服务器证书,并进行CA签授 * * @param issuer 颁发机构 */ public static X509Certificate genCert(String issuer, PrivateKey caPriKey, Date caNotBefore, Date caNotAfter, PublicKey serverPubKey, String... hosts) throws Exception { /* String issuer = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=ProxyeeRoot"; String subject = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=" + host;*/ //根据CA证书subject来动态生成目标服务器证书的issuer和subject String subject = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=" + hosts[0]; //doc from https://www.cryptoworkshop.com/guide/ JcaX509v3CertificateBuilder jv3Builder = new JcaX509v3CertificateBuilder(new X500Name(issuer), //issue#3 修复ElementaryOS上证书不安全问题(serialNumber为1时证书会提示不安全),避免serialNumber冲突,采用时间戳+4位随机数生成 BigInteger.valueOf(System.currentTimeMillis() + (long) (Math.random() * 10000) + 1000), caNotBefore, caNotAfter, new X500Name(subject), serverPubKey); //SAN扩展证书支持的域名,否则浏览器提示证书不安全 GeneralName[] generalNames = new GeneralName[hosts.length]; for (int i = 0; i < hosts.length; i++) { generalNames[i] = new GeneralName(GeneralName.dNSName, hosts[i]); } GeneralNames subjectAltName = new GeneralNames(generalNames); jv3Builder.addExtension(Extension.subjectAlternativeName, false, subjectAltName); //SHA256 用SHA1浏览器可能会提示证书不安全 ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPriKey); return new JcaX509CertificateConverter().getCertificate(jv3Builder.build(signer)); }
public AttributeCertificateHolder(X509Principal issuerName, BigInteger serialNumber) { holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial( GeneralNames.getInstance(new DERSequence(new GeneralName(issuerName))), new ASN1Integer(serialNumber))); }
public AttributeCertificateHolder(X500Name issuerName, BigInteger serialNumber) { holder = new Holder(new IssuerSerial( new GeneralNames(new GeneralName(issuerName)), new ASN1Integer(serialNumber))); }
private X500Name[] getPrincipals(GeneralName[] names) { List l = new ArrayList(names.length); for (int i = 0; i != names.length; i++) { if (names[i].getTagNo() == GeneralName.directoryName) { l.add(X500Name.getInstance(names[i].getName())); } } return (X500Name[])l.toArray(new X500Name[l.size()]); }
public JcaCertificateRequestMessageBuilder setAuthInfoSender(X500Principal sender) { if (sender != null) { setAuthInfoSender(new GeneralName(X500Name.getInstance(sender.getEncoded()))); } return this; }
/** * Create a X509CRLHolder from the passed in ASN.1 structure. * * @param x509CRL an ASN.1 CertificateList structure. */ public X509CRLHolder(CertificateList x509CRL) { this.x509CRL = x509CRL; this.extensions = x509CRL.getTBSCertList().getExtensions(); this.isIndirect = isIndirectCRL(extensions); this.issuerName = new GeneralNames(new GeneralName(x509CRL.getIssuer())); }
/** * Set the requestor name to the passed in X500Principal * * @param requestorName a X500Principal representing the requestor name. */ public OCSPReqBuilder setRequestorName( X500Name requestorName) { this.requestorName = new GeneralName(GeneralName.directoryName, requestorName); return this; }
public OCSPReqBuilder setRequestorName( GeneralName requestorName) { this.requestorName = requestorName; return this; }
/** * Checks if the given GeneralName is in the permitted set. * * @param name The GeneralName * @throws PKIXNameConstraintValidatorException * If the <code>name</code> */ public void checkPermitted(GeneralName name) throws PKIXNameConstraintValidatorException { switch (name.getTagNo()) { case 1: checkPermittedEmail(permittedSubtreesEmail, extractNameAsString(name)); break; case 2: checkPermittedDNS(permittedSubtreesDNS, DERIA5String.getInstance( name.getName()).getString()); break; case 4: checkPermittedDN(ASN1Sequence.getInstance(name.getName() .toASN1Primitive())); break; case 6: checkPermittedURI(permittedSubtreesURI, DERIA5String.getInstance( name.getName()).getString()); break; case 7: byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets(); checkPermittedIP(permittedSubtreesIP, ip); } }
/** * Check if the given GeneralName is contained in the excluded set. * * @param name The GeneralName. * @throws PKIXNameConstraintValidatorException * If the <code>name</code> is * excluded. */ public void checkExcluded(GeneralName name) throws PKIXNameConstraintValidatorException { switch (name.getTagNo()) { case 1: checkExcludedEmail(excludedSubtreesEmail, extractNameAsString(name)); break; case 2: checkExcludedDNS(excludedSubtreesDNS, DERIA5String.getInstance( name.getName()).getString()); break; case 4: checkExcludedDN(ASN1Sequence.getInstance(name.getName() .toASN1Primitive())); break; case 6: checkExcludedURI(excludedSubtreesURI, DERIA5String.getInstance( name.getName()).getString()); break; case 7: byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets(); checkExcludedIP(excludedSubtreesIP, ip); } }
/** * Adds a subtree to the excluded set of these name constraints. * * @param subtree A subtree with an excluded GeneralName. */ public void addExcludedSubtree(GeneralSubtree subtree) { GeneralName base = subtree.getBase(); switch (base.getTagNo()) { case 1: excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, extractNameAsString(base)); break; case 2: excludedSubtreesDNS = unionDNS(excludedSubtreesDNS, extractNameAsString(base)); break; case 4: excludedSubtreesDN = unionDN(excludedSubtreesDN, (ASN1Sequence)base.getName().toASN1Primitive()); break; case 6: excludedSubtreesURI = unionURI(excludedSubtreesURI, extractNameAsString(base)); break; case 7: excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString .getInstance(base.getName()).getOctets()); break; } }
private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer) { if (!isIndirect) { return null; } Extension ext = getExtension(Extension.certificateIssuer); if (ext == null) { return previousCertificateIssuer; } try { GeneralName[] names = GeneralNames.getInstance(ext.getParsedValue()).getNames(); for (int i = 0; i < names.length; i++) { if (names[i].getTagNo() == GeneralName.directoryName) { return X500Name.getInstance(names[i].getName()); } } return null; } catch (Exception e) { return null; } }
private SemanticsInformation(ASN1Sequence seq) { Enumeration e = seq.getObjects(); if (seq.size() < 1) { throw new IllegalArgumentException("no objects in SemanticsInformation"); } Object object = e.nextElement(); if (object instanceof ASN1ObjectIdentifier) { semanticsIdentifier = ASN1ObjectIdentifier.getInstance(object); if (e.hasMoreElements()) { object = e.nextElement(); } else { object = null; } } if (object != null) { ASN1Sequence generalNameSeq = ASN1Sequence.getInstance(object); nameRegistrationAuthorities = new GeneralName[generalNameSeq.size()]; for (int i= 0; i < generalNameSeq.size(); i++) { nameRegistrationAuthorities[i] = GeneralName.getInstance(generalNameSeq.getObjectAt(i)); } } }
public SemanticsInformation( ASN1ObjectIdentifier semanticsIdentifier, GeneralName[] generalNames) { this.semanticsIdentifier = semanticsIdentifier; this.nameRegistrationAuthorities = generalNames; }
/** * Constructor from ASN1Sequence. * <p/> * The sequence is of type ProcurationSyntax: * <p/> * <pre> * ProcurationSyntax ::= SEQUENCE { * country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL, * typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL, * signingFor [3] EXPLICIT SigningFor * } * <p/> * SigningFor ::= CHOICE * { * thirdPerson GeneralName, * certRef IssuerSerial * } * </pre> * * @param seq The ASN.1 sequence. */ private ProcurationSyntax(ASN1Sequence seq) { if (seq.size() < 1 || seq.size() > 3) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement()); switch (o.getTagNo()) { case 1: country = DERPrintableString.getInstance(o, true).getString(); break; case 2: typeOfSubstitution = DirectoryString.getInstance(o, true); break; case 3: ASN1Encodable signingFor = o.getObject(); if (signingFor instanceof ASN1TaggedObject) { thirdPerson = GeneralName.getInstance(signingFor); } else { certRef = IssuerSerial.getInstance(signingFor); } break; default: throw new IllegalArgumentException("Bad tag number: " + o.getTagNo()); } } }
public static GeneralNames createGeneralNames(List<String> taggedValues) throws BadInputException { if (CollectionUtil.isEmpty(taggedValues)) { return null; } int len = taggedValues.size(); GeneralName[] names = new GeneralName[len]; for (int i = 0; i < len; i++) { names[i] = createGeneralName(taggedValues.get(i)); } return new GeneralNames(names); }
private SinglePubInfo(ASN1Sequence seq) { pubMethod = ASN1Integer.getInstance(seq.getObjectAt(0)); if (seq.size() == 2) { pubLocation = GeneralName.getInstance(seq.getObjectAt(1)); } }
/** * Creates a new POPOSigningKeyInput with sender name as authInfo. */ public POPOSigningKeyInput( GeneralName sender, SubjectPublicKeyInfo spki) { this.sender = sender; this.publicKey = spki; }
public PKIHeaderBuilder( int pvno, GeneralName sender, GeneralName recipient) { this(new ASN1Integer(pvno), sender, recipient); }
private PKIHeaderBuilder( ASN1Integer pvno, GeneralName sender, GeneralName recipient) { this.pvno = pvno; this.sender = sender; this.recipient = recipient; }
public PKIHeader( int pvno, GeneralName sender, GeneralName recipient) { this(new ASN1Integer(pvno), sender, recipient); }
private PKIHeader( ASN1Integer pvno, GeneralName sender, GeneralName recipient) { this.pvno = pvno; this.sender = sender; this.recipient = recipient; }
private DVCSRequest(ASN1Sequence seq) { requestInformation = DVCSRequestInformation.getInstance(seq.getObjectAt(0)); data = Data.getInstance(seq.getObjectAt(1)); if (seq.size() > 2) { transactionIdentifier = GeneralName.getInstance(seq.getObjectAt(2)); } }
public SubjectAlternativeNameImpl(X509Certificate cert) throws IOException { DNSNames = new ArrayList<>(); byte[] extVal = cert.getExtensionValue(Extension.subjectAlternativeName.getId()); if (extVal == null) return; GeneralNames gn = GeneralNames.getInstance(X509ExtensionUtil.fromExtensionValue(extVal)); GeneralName[] names = gn.getNames(); for (GeneralName name : names) { if (name.getTagNo() == GeneralName.dNSName) { String dns = name.getName().toString(); DNSNames.add(dns); } } }
public TBSRequest( GeneralName requestorName, ASN1Sequence requestList, Extensions requestExtensions) { this.version = V1; this.requestorName = requestorName; this.requestList = requestList; this.requestExtensions = requestExtensions; }
