static URI getResponderURI(X509CertImpl certImpl) { // Examine the certificate's AuthorityInfoAccess extension AuthorityInfoAccessExtension aia = certImpl.getAuthorityInfoAccessExtension(); if (aia == null) { return null; } List<AccessDescription> descriptions = aia.getAccessDescriptions(); for (AccessDescription description : descriptions) { if (description.getAccessMethod().equals((Object) AccessDescription.Ad_OCSP_Id)) { GeneralName generalName = description.getAccessLocation(); if (generalName.getType() == GeneralNameInterface.NAME_URI) { URIName uri = (URIName) generalName.getName(); return uri.getURI(); } } } return null; }
static URI getResponderURI(X509CertImpl certImpl) { // Examine the certificate's AuthorityInfoAccess extension AuthorityInfoAccessExtension aia = certImpl.getAuthorityInfoAccessExtension(); if (aia == null) { return null; } List<AccessDescription> descriptions = aia.getAccessDescriptions(); for (AccessDescription description : descriptions) { if (description.getAccessMethod().equals( AccessDescription.Ad_OCSP_Id)) { GeneralName generalName = description.getAccessLocation(); if (generalName.getType() == GeneralNameInterface.NAME_URI) { URIName uri = (URIName) generalName.getName(); return uri.getURI(); } } } return null; }
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
private static GeneralSubtree getGeneralSubtree(GeneralNameInterface gni) { // Create a new GeneralSubtree with the specified name, 0 base, and // unlimited length GeneralName gn = new GeneralName(gni); GeneralSubtree subTree = new GeneralSubtree(gn, 0, -1); return subTree; }
/** * Helper method to add DNSName types for the SAN extension * * @param dnsNames A {@code List} of names to add as DNSName types * * @throws IOException if an encoding error occurs. */ public void addSubjectAltNameDNSExt(List<String> dnsNames) throws IOException { if (!dnsNames.isEmpty()) { GeneralNames gNames = new GeneralNames(); for (String name : dnsNames) { gNames.add(new GeneralName(new DNSName(name))); } addExtension(new SubjectAlternativeNameExtension(false, gNames)); } }
/** * Helper method to add one or more OCSP URIs to the Authority Info Access * certificate extension. * * @param locations A list of one or more OCSP responder URIs as strings * * @throws IOException if an encoding error occurs. */ public void addAIAExt(List<String> locations) throws IOException { if (!locations.isEmpty()) { List<AccessDescription> acDescList = new ArrayList<>(); for (String ocspUri : locations) { acDescList.add(new AccessDescription( AccessDescription.Ad_OCSP_Id, new GeneralName(new URIName(ocspUri)))); } addExtension(new AuthorityInfoAccessExtension(acDescList)); } }
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ PublicKey newKey = icert.getPublicKey(); if (newKey instanceof DSAPublicKey && ((DSAPublicKey)newKey).getParams() == null) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = (GeneralNames) subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME); for (Iterator<GeneralName> t = gNames.iterator(); t.hasNext(); ) { GeneralNameInterface gName = t.next().getName(); subjectNamesTraversed.add(gName); } } } catch (Exception e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
