sun.security.x509.SubjectAlternativeNameExtension Java Examples
The following examples show how to use
sun.security.x509.SubjectAlternativeNameExtension.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: X509CertSelectorTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
Example #2
Source File: X509CertSelectorTest.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
Example #3
Source File: X509CertSelectorTest.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
Example #4
Source File: CertificateBuilder.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
/** * Helper method to add DNSName types for the SAN extension * * @param dnsNames A {@code List} of names to add as DNSName types * * @throws IOException if an encoding error occurs. */ public void addSubjectAltNameDNSExt(List<String> dnsNames) throws IOException { if (!dnsNames.isEmpty()) { GeneralNames gNames = new GeneralNames(); for (String name : dnsNames) { gNames.add(new GeneralName(new DNSName(name))); } addExtension(new SubjectAlternativeNameExtension(false, gNames)); } }
Example #5
Source File: X509CertSelectorTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
Example #6
Source File: X509CertSelectorTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
Example #7
Source File: X509CertSelectorTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
Example #8
Source File: X509CertSelectorTest.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
Example #9
Source File: ForwardState.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #10
Source File: JavaKeyStoreUnitTest.java From tutorials with MIT License | 4 votes |
private X509Certificate generateSelfSignedCertificate(KeyPair keyPair) throws CertificateException, IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { X509CertInfo certInfo = new X509CertInfo(); // Serial number and version certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, new SecureRandom()))); certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); // Subject & Issuer X500Name owner = new X500Name(DN_NAME); certInfo.set(X509CertInfo.SUBJECT, owner); certInfo.set(X509CertInfo.ISSUER, owner); // Key and algorithm certInfo.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic())); AlgorithmId algorithm = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid); certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithm)); // Validity Date validFrom = new Date(); Date validTo = new Date(validFrom.getTime() + 50L * 365L * 24L * 60L * 60L * 1000L); //50 years CertificateValidity validity = new CertificateValidity(validFrom, validTo); certInfo.set(X509CertInfo.VALIDITY, validity); GeneralNameInterface dnsName = new DNSName("baeldung.com"); DerOutputStream dnsNameOutputStream = new DerOutputStream(); dnsName.encode(dnsNameOutputStream); GeneralNameInterface ipAddress = new IPAddressName("127.0.0.1"); DerOutputStream ipAddressOutputStream = new DerOutputStream(); ipAddress.encode(ipAddressOutputStream); GeneralNames generalNames = new GeneralNames(); generalNames.add(new GeneralName(dnsName)); generalNames.add(new GeneralName(ipAddress)); CertificateExtensions ext = new CertificateExtensions(); ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(generalNames)); certInfo.set(X509CertInfo.EXTENSIONS, ext); // Create certificate and sign it X509CertImpl cert = new X509CertImpl(certInfo); cert.sign(keyPair.getPrivate(), SHA1WITHRSA); // Since the SHA1withRSA provider may have a different algorithm ID to what we think it should be, // we need to reset the algorithm ID, and resign the certificate AlgorithmId actualAlgorithm = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG); certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, actualAlgorithm); X509CertImpl newCert = new X509CertImpl(certInfo); newCert.sign(keyPair.getPrivate(), SHA1WITHRSA); return newCert; }
Example #11
Source File: ForwardState.java From j2objc with Apache License 2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #12
Source File: ForwardState.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #13
Source File: ForwardState.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #14
Source File: ForwardState.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #15
Source File: ForwardState.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #16
Source File: ForwardState.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #17
Source File: ForwardState.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #18
Source File: ForwardState.java From hottub with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #19
Source File: ForwardState.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #20
Source File: ForwardState.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #21
Source File: ForwardState.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #22
Source File: ForwardState.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #23
Source File: ForwardState.java From Bytecoder with Apache License 2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #24
Source File: RsaSigningClient.java From protect with MIT License | 4 votes |
protected static X509CertInfo createCertificateInfo(final String subjectDn, final String altNameIp, final String altNameHost, final PublicKey subjectPublicKey, final long validForDays, final boolean makeCa, final String issuerDn) { try { // Look up algorithm based on CA private key final AlgorithmId algorithmId = AlgorithmId.get(CERTIFICATE_SIGNING_ALGORITHM); // Define validity period final Date notBefore = new Date(new Date().getTime() - 300); // 5 minutes prior to avoid clock skew issues final Date notAfter = new Date(notBefore.getTime() + (validForDays * 24 * 3600 * 1000)); final CertificateValidity validity = new CertificateValidity(notBefore, notAfter); // Random serial number final BigInteger serialNumber = RandomNumberGenerator.generateRandomInteger(128); // Define information within certificate final X509CertInfo certificateInfo = new X509CertInfo(); certificateInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); certificateInfo.set(X509CertInfo.VALIDITY, validity); certificateInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber)); certificateInfo.set(X509CertInfo.SUBJECT, new X500Name(subjectDn)); certificateInfo.set(X509CertInfo.ISSUER, new X500Name(issuerDn)); certificateInfo.set(X509CertInfo.KEY, new CertificateX509Key(subjectPublicKey)); certificateInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithmId)); // Process extensions final CertificateExtensions extensions = new CertificateExtensions(); // Make the issued certificate a sub-CA of this one (or self-signed) final BasicConstraintsExtension bce = new BasicConstraintsExtension(makeCa, 0); extensions.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(true, bce.getExtensionValue())); // Add a subject alternative name (if not null) if (altNameIp != null) { final GeneralNames generalNames = new GeneralNames(); generalNames.add(new GeneralName(new IPAddressName(altNameIp))); generalNames.add(new GeneralName(new DNSName(altNameHost))); final SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(false, generalNames); extensions.set(SubjectAlternativeNameExtension.NAME, san); } certificateInfo.set(X509CertInfo.EXTENSIONS, extensions); return certificateInfo; } catch (GeneralSecurityException | IOException e) { throw new RuntimeException(e); } }
Example #25
Source File: ForwardState.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
/** * Update the state with the next certificate added to the path. * * @param cert the certificate which is used to update the state */ @Override public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException { if (cert == null) return; X509CertImpl icert = X509CertImpl.toImpl(cert); /* see if certificate key has null parameters */ if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) { keyParamsNeededFlag = true; } /* update certificate */ this.cert = icert; /* update issuer DN */ issuerDN = cert.getIssuerX500Principal(); if (!X509CertImpl.isSelfIssued(cert)) { /* * update traversedCACerts only if this is a non-self-issued * intermediate CA cert */ if (!init && cert.getBasicConstraints() != -1) { traversedCACerts++; } } /* update subjectNamesTraversed only if this is the EE cert or if this cert is not self-issued */ if (init || !X509CertImpl.isSelfIssued(cert)){ X500Principal subjName = cert.getSubjectX500Principal(); subjectNamesTraversed.add(X500Name.asX500Name(subjName)); try { SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension(); if (subjAltNameExt != null) { GeneralNames gNames = subjAltNameExt.get( SubjectAlternativeNameExtension.SUBJECT_NAME); for (GeneralName gName : gNames.names()) { subjectNamesTraversed.add(gName.getName()); } } } catch (IOException e) { if (debug != null) { debug.println("ForwardState.updateState() unexpected " + "exception"); e.printStackTrace(); } throw new CertPathValidatorException(e); } } init = false; }
Example #26
Source File: CertificateGeneration.java From protect with MIT License | 4 votes |
public static X509CertInfo createCertificateInfo(final String subjectDn, final String altNameIp, final String altNameHost, final PublicKey subjectPublicKey, final long validForDays, final boolean makeCa, final String issuerDn, final String certificateSigningAlgorithm) { try { // Look up algorithm based on CA private key final AlgorithmId algorithmId = AlgorithmId.get(certificateSigningAlgorithm); // Define validity period final Date notBefore = new Date(new Date().getTime() - 300); // 5 minutes prior to avoid clock skew issues final Date notAfter = new Date(notBefore.getTime() + (validForDays * 24 * 3600 * 1000)); final CertificateValidity validity = new CertificateValidity(notBefore, notAfter); // Random serial number final BigInteger serialNumber = RandomNumberGenerator.generateRandomInteger(128); // Define information within certificate final X509CertInfo certificateInfo = new X509CertInfo(); certificateInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); certificateInfo.set(X509CertInfo.VALIDITY, validity); certificateInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber)); certificateInfo.set(X509CertInfo.SUBJECT, new X500Name(subjectDn)); certificateInfo.set(X509CertInfo.ISSUER, new X500Name(issuerDn)); certificateInfo.set(X509CertInfo.KEY, new CertificateX509Key(subjectPublicKey)); certificateInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithmId)); // Process extensions final CertificateExtensions extensions = new CertificateExtensions(); // Make the issued certificate a sub-CA of this one (or self-signed) final BasicConstraintsExtension bce = new BasicConstraintsExtension(makeCa, 0); extensions.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(true, bce.getExtensionValue())); // Add a subject alternative name (if not null) if (altNameIp != null) { final GeneralNames generalNames = new GeneralNames(); generalNames.add(new GeneralName(new IPAddressName(altNameIp))); generalNames.add(new GeneralName(new DNSName(altNameHost))); final SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(false, generalNames); extensions.set(SubjectAlternativeNameExtension.NAME, san); } certificateInfo.set(X509CertInfo.EXTENSIONS, extensions); return certificateInfo; } catch (GeneralSecurityException | IOException e) { throw new RuntimeException(e); } }