private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
/** * Helper method to add DNSName types for the SAN extension * * @param dnsNames A {@code List} of names to add as DNSName types * * @throws IOException if an encoding error occurs. */ public void addSubjectAltNameDNSExt(List<String> dnsNames) throws IOException { if (!dnsNames.isEmpty()) { GeneralNames gNames = new GeneralNames(); for (String name : dnsNames) { gNames.add(new GeneralName(new DNSName(name))); } addExtension(new SubjectAlternativeNameExtension(false, gNames)); } }
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ PublicKey newKey = icert.getPublicKey(); if (newKey instanceof DSAPublicKey && ((DSAPublicKey)newKey).getParams() == null) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = (GeneralNames) subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME); for (Iterator<GeneralName> t = gNames.iterator(); t.hasNext(); ) { GeneralNameInterface gName = t.next().getName(); subjectNamesTraversed.add(gName); } } } catch (Exception e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
