Examples of NameConstraints

Examples of gnu.java.security.x509.ext.NameConstraints

742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
          return false;
      }

    if (pathToNames != null)
      {
        NameConstraints nc = null;
        if (cert instanceof GnuPKIExtension)
          {
            Extension e =
              ((GnuPKIExtension) cert).getExtension(NameConstraints.ID);
            if (e != null)
              nc = (NameConstraints) e.getValue();
          }
        else
          {
            byte[] b = cert.getExtensionValue(NameConstraints.ID.toString());
            if (b != null)
              {
                try
                  {
                    nc = new NameConstraints(b);
                  }
                catch (IOException ioe)
                  {
                  }
              }
          }
       
        if (nc == null)
          return false;

        int match = 0;
        for (GeneralName name : pathToNames)
          {
            for (GeneralSubtree subtree : nc.permittedSubtrees())
              {
                if (name.equals(subtree.base()))
                  match++;
              }
          }
View Full Code Here

Examples of gnu.java.security.x509.ext.NameConstraints

953
954
955
956
957
958
959
960
961
962
963
   */
  public void setNameConstraints(byte[] nameConstraints)
    throws IOException
  {
    // Check if the input is well-formed...
    new NameConstraints(nameConstraints);
   
    // But we just compare raw byte arrays.
    this.nameConstraints = nameConstraints != null
      ? (byte[]) nameConstraints.clone() : null;
  }
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
                // make the subtrees (part of name constraints)
                // this subtrees will be used as permited and as excluded
                GeneralSubtree subtree =
                    new GeneralSubtree(name_constraints[i]);
                GeneralSubtrees subtrees = new GeneralSubtrees();
                NameConstraints constraints;
                subtrees.addSubtree(subtree);
                // start the checking for each alt. name corresponding
                // to current name_constraints[i]
                boolean check_matching = true;
                for (int j=0; j<alternative_names[i].length; j++) {
                    GeneralNames alt_names_extension = new GeneralNames();
                    if (alternative_names[i][j] == null) {
                        // double trick: turn the switch and check that the
                        // restrictions apply only when the specified name
                        // form is presented.  If no name of the type is in the
                        // certificate, the certificate is acceptable.
                        check_matching = false;
                    } else {
                        alt_names_extension.addName(alternative_names[i][j]);
                    }
                    TestCert certificate = new TestCert(alt_names_extension);
                    certificate.setSubject(x500Subject);
                    certificate.setEncoding(getCertEncoding(nameSubject,
                                                     alt_names_extension));
                    // first check if permited name match
                    constraints = new NameConstraints(subtrees, null);
                    selector.setNameConstraints(constraints.getEncoded());
                    boolean expected = check_matching
                                       || (alternative_names[i][j] == null);
                    assertTrue("The method match() for:\n        "
                               + alternative_names[i][j]
                               + "\nand permited name\n        "
                               + name_constraints[i]
                               + "\nshould return: "+expected,
                               selector.match(certificate) == expected);
                    // second check if excluded name does not match
                    constraints = (check_matching)
                                    // check for 'Any name matching a
                                    // restriction in the excludedSubtrees
                                    // field is invalid regardless of
                                    // information appearing in the 
                                    // permittedSubtrees'.
                                    ? new NameConstraints(subtrees, subtrees)
                                    : new NameConstraints(null, subtrees);
                    selector.setNameConstraints(constraints.getEncoded());
                    expected = !check_matching
                               || (alternative_names[i][j] == null);
                    assertTrue("The method match() for:\n        "
                               + alternative_names[i][j]
                               + "\nand excluded name\n        "
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
                // make the subtrees (part of name constraints)
                // this subtrees will be used as permited and as excluded
                GeneralSubtree subtree =
                    new GeneralSubtree(name_constraints[i]);
                GeneralSubtrees subtrees = new GeneralSubtrees();
                NameConstraints constraints;
                subtrees.addSubtree(subtree);
                // start the checking for each alt. name corresponding
                // to current name_constraints[i]
                boolean check_matching = true;
                for (int j=0; j<alternative_names[i].length; j++) {
                    GeneralNames alt_names_extension = new GeneralNames();
                    if (alternative_names[i][j] == null) {
                        // double trick: turn the switch and check that the
                        // restrictions apply only when the specified name
                        // form is presented.  If no name of the type is in the
                        // certificate, the certificate is acceptable.
                        check_matching = false;
                    } else {
                        alt_names_extension.addName(alternative_names[i][j]);
                    }
                    TestCert certificate = new TestCert(alt_names_extension);
                    certificate.setSubject(x500Subject);
                    certificate.setEncoding(getCertEncoding(nameSubject,
                                                     alt_names_extension));
                    // first check if permited name match
                    constraints = new NameConstraints(subtrees, null);
                    selector.setNameConstraints(constraints.getEncoded());
                    boolean expected = check_matching
                                       || (alternative_names[i][j] == null);
                    assertTrue("The method match() for:\n        "
                               + alternative_names[i][j]
                               + "\nand permited name\n        "
                               + name_constraints[i]
                               + "\nshould return: "+expected,
                               selector.match(certificate) == expected);
                    // second check if excluded name does not match
                    constraints = (check_matching)
                                    // check for 'Any name matching a
                                    // restriction in the excludedSubtrees
                                    // field is invalid regardless of
                                    // information appearing in the 
                                    // permittedSubtrees'.
                                    ? new NameConstraints(subtrees, subtrees)
                                    : new NameConstraints(null, subtrees);
                    selector.setNameConstraints(constraints.getEncoded());
                    expected = !check_matching
                               || (alternative_names[i][j] == null);
                    assertTrue("The method match() for:\n        "
                               + alternative_names[i][j]
                               + "\nand excluded name\n        "
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
                GeneralSubtrees neg_subtrees = new GeneralSubtrees();
                neg_subtrees.addSubtree(
                        new GeneralSubtree(
                            new GeneralName(4, variants[i][3])));

                NameConstraints constraints;
                // Work with name which is presented in certificate
                // first check if certificate with permited name matches:
                constraints = new NameConstraints(pos_subtrees, null);
                selector.setNameConstraints(constraints.getEncoded());
                assertTrue("The method match() for certificate "
                           + "with subject:\n        "
                           + variants[i][0]
                           + "\nand with alternative name:\n        "
                           + variants[i][1]
                           + "\nand permited name\n        "
                           + variants[i][2]
                           + "\nshould return true",
                           selector.match(certificate));
                // second check if certificate with excluded name doesn't match:
                constraints = new NameConstraints(pos_subtrees, pos_subtrees);
                selector.setNameConstraints(constraints.getEncoded());
                assertTrue("The method match() for certificate "
                           + "with subject:\n        "
                           + variants[i][0]
                           + "\nand with alternative name:\n        "
                           + variants[i][1]
                           + "\nand excluded name\n        "
                           + variants[i][2]
                           + "\nshould return false",
                           !selector.match(certificate));
                // Work with name which is not presented in certificate
                // first check if the certificate without permited name
                // does not match:
                constraints = new NameConstraints(neg_subtrees, null);
                selector.setNameConstraints(constraints.getEncoded());
                assertTrue("The method match() for certificate "
                           + "with subject:\n        "
                           + variants[i][0]
                           + "\nand with alternative name:\n        "
                           + variants[i][1]
                           + "\nand permited name\n        "
                           + variants[i][3]
                           + "\nshould return false",
                           !selector.match(certificate));
                // second check if certificate without excluded name matches:
                constraints = new NameConstraints(neg_subtrees, neg_subtrees);
                selector.setNameConstraints(constraints.getEncoded());
                assertTrue("The method match() for certificate "
                           + "with subject:\n        "
                           + variants[i][0]
                           + "\nand with alternative name:\n        "
                           + variants[i][1]
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
            X509CertSelector selector = new X509CertSelector();

            TestCert cert;
            GeneralSubtrees subtrees;
            NameConstraints constraints;
            for (int i=0; i<names.length; i+=2) {
                // Set up the pathToNames criterion
                ArrayList pathToNames = new ArrayList();
                pathToNames.add(names[i].getAsList());
                selector.setPathToNames(pathToNames);
               
                // Construct the subtrees without the current name
                subtrees = new GeneralSubtrees();
                for (int j=0; j<names.length; j++) {
                    if (i != j && i+1 != j) {
                        subtrees.addSubtree(new GeneralSubtree(names[j]));
                    }
                }
                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                subtrees.addSubtree(new GeneralSubtree(names[i+1]));

                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as a permitted name so method match() "
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as an excluded name but it does not "
                            + "contain this name as a permitted so match()"
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as an excluded name so method match() "
                            + "should return true", selector.match(cert));

                subtrees.addSubtree(new GeneralSubtree(names[i]));

                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as a permitted name so method match() "
                            + "should return true", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as an excluded name so method match() "
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as an excluded name so method match() "
                            + "should return false", selector.match(cert));
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
            X509CertSelector selector = new X509CertSelector();

            TestCert cert;
            GeneralSubtrees subtrees;
            NameConstraints constraints;
            for (int i=0; i<names.length-2; i+=2) {
                // Set up the pathToNames criterion
                selector.addPathToName(types[i], names[i]);
               
                // Construct the subtrees without the current name
                subtrees = new GeneralSubtrees();
                for (int j=i+2; j<names.length; j++) {
                    if (i != j && i+1 != j) {
                        subtrees.addSubtree(
                                new GeneralSubtree(
                                    new GeneralName(types[j], names[j])));
                    }
                }
                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                subtrees.addSubtree(
                        new GeneralSubtree(
                            new GeneralName(types[i+1], names[i+1])));

                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as a permitted name so method match() "
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as an excluded name but it does not "
                            + "contain this name as a permitted so match()"
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as an excluded name so method match() "
                            + "should return true", selector.match(cert));

                subtrees.addSubtree(
                        new GeneralSubtree(
                            new GeneralName(types[i], names[i])));

                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as a permitted name so method match() "
                            + "should return true", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as an excluded name so method match() "
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as an excluded name so method match() "
                            + "should return false", selector.match(cert));
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
            X509CertSelector selector = new X509CertSelector();

            TestCert cert;
            GeneralSubtrees subtrees;
            NameConstraints constraints;
            for (int i=0; i<names.length-2; i+=2) {
                // Set up the pathToNames criterion
                selector.addPathToName(types[i], names[i]);
               
                // Construct the subtrees without the current name
                subtrees = new GeneralSubtrees();
                for (int j=i+2; j<names.length; j++) {
                    if (i != j && i+1 != j) {
                        subtrees.addSubtree(
                                new GeneralSubtree(
                                    new GeneralName(types[j], names[j])));
                    }
                }
                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the names "
                            + "of such type so method match() should "
                            + "return true.", selector.match(cert));

                subtrees.addSubtree(
                        new GeneralSubtree(
                            new GeneralName(types[i+1], names[i+1])));

                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as a permitted name so method match() "
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as an excluded name but it does not "
                            + "contain this name as a permitted so match()"
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate does not contain the name "
                            + "as an excluded name so method match() "
                            + "should return true", selector.match(cert));

                subtrees.addSubtree(
                        new GeneralSubtree(
                            new GeneralName(types[i], names[i])));

                constraints = new NameConstraints(subtrees, null);
                cert = new TestCert(constraints);
                assertTrue("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as a permitted name so method match() "
                            + "should return true", selector.match(cert));

                constraints = new NameConstraints(subtrees, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as an excluded name so method match() "
                            + "should return false", selector.match(cert));

                constraints = new NameConstraints(null, subtrees);
                cert = new TestCert(constraints);
                assertFalse("The Name Constraints Extension of the "
                            + "certificate contains the name "
                            + "as an excluded name so method match() "
                            + "should return false", selector.match(cert));
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
            }
        }
        if (pathToNames != null) {
            byte[] bytes = getExtensionValue(cert, "2.5.29.30"); //$NON-NLS-1$
            if (bytes != null) {
                NameConstraints nameConstraints;
                try {
                    nameConstraints =
                        (NameConstraints) NameConstraints.ASN1.decode(bytes);
                } catch (IOException e) {
                    // the extension is invalid;
                    return false;
                }
                if (!nameConstraints.isAcceptable(pathToNames)) {
                    return false;
                }
            }
        }
        return true;
View Full Code Here

Examples of org.apache.harmony.security.x509.NameConstraints

1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
                // make the subtrees (part of name constraints)
                // this subtrees will be used as permited and as excluded
                GeneralSubtree subtree =
                    new GeneralSubtree(name_constraints[i]);
                GeneralSubtrees subtrees = new GeneralSubtrees();
                NameConstraints constraints;
                subtrees.addSubtree(subtree);
                // start the checking for each alt. name corresponding
                // to current name_constraints[i]
                boolean check_matching = true;
                for (int j=0; j<alternative_names[i].length; j++) {
                    GeneralNames alt_names_extension = new GeneralNames();
                    if (alternative_names[i][j] == null) {
                        // double trick: turn the switch and check that the
                        // restrictions apply only when the specified name
                        // form is presented.  If no name of the type is in the
                        // certificate, the certificate is acceptable.
                        check_matching = false;
                    } else {
                        alt_names_extension.addName(alternative_names[i][j]);
                    }
                    TestCert certificate = new TestCert(alt_names_extension);
                    certificate.setSubject(x500Subject);
                    certificate.setEncoding(getCertEncoding(nameSubject,
                                                     alt_names_extension));
                    // first check if permited name match
                    constraints = new NameConstraints(subtrees, null);
                    selector.setNameConstraints(constraints.getEncoded());
                    boolean expected = check_matching
                                       || (alternative_names[i][j] == null);
                    assertTrue("The method match() for:\n        "
                               + alternative_names[i][j]
                               + "\nand permited name\n        "
                               + name_constraints[i]
                               + "\nshould return: "+expected,
                               selector.match(certificate) == expected);
                    // second check if excluded name does not match
                    constraints = (check_matching)
                                    // check for 'Any name matching a
                                    // restriction in the excludedSubtrees
                                    // field is invalid regardless of
                                    // information appearing in the 
                                    // permittedSubtrees'.
                                    ? new NameConstraints(subtrees, subtrees)
                                    : new NameConstraints(null, subtrees);
                    selector.setNameConstraints(constraints.getEncoded());
                    expected = !check_matching
                               || (alternative_names[i][j] == null);
                    assertTrue("The method match() for:\n        "
                               + alternative_names[i][j]
                               + "\nand excluded name\n        "
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.