Examples of org.apache.harmony.security.x509.BasicConstraints

Package org.apache.harmony.security.x509

Examples of org.apache.harmony.security.x509.BasicConstraints

org.bouncycastle.asn1.x509.BasicConstraints

Basic Constraints Extension (OID == 2.5.29.19). The ASN.1 definitionn for Basic Constraints Extension is:

 id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } BasicConstraints ::= SEQUENCE { cA                      BOOLEAN DEFAULT FALSE, pathLenConstraint       INTEGER (0..MAX) OPTIONAL }

(as specified in RFC 3280)

            }


            if (idp != null)
            {
                IssuingDistributionPoint    p = IssuingDistributionPoint.getInstance(idp);
                BasicConstraints bc = null;
                try
                {
                    bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
                }
                catch (AnnotatedException ae)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlBCExtError");
                    throw new CertPathReviewerException(msg,ae);
                }
                
                if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyUserCert");
                    throw new CertPathReviewerException(msg);
                }
                
                if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyCaCert");
                    throw new CertPathReviewerException(msg);
                }

View Full Code Here

                    }
            
                    //
                    // (k)
                    //
                    BasicConstraints    bc = BasicConstraints.getInstance(
                            CertPathValidatorUtilities.getExtensionValue(cert, BASIC_CONSTRAINTS));
                    if (bc != null)
                    {
                        if (!(bc.isCA()))
                        {
                            throw new CertPathValidatorException("Not a CA certificate");
                        }
                    }
                    else
                    {
                        throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
                    }
                
                    //
                    // (l)
                    //
                    if (!CertPathValidatorUtilities.isSelfIssued(cert))
                    {
                        if (maxPathLength <= 0)
                        {
                            throw new CertPathValidatorException("Max path length not greater than zero");
                        }
                    
                        maxPathLength--;
                    }
            
                    //
                    // (m)
                    //
                    if (bc != null)
                    {
                        BigInteger          _pathLengthConstraint = bc.getPathLenConstraint();
                
                        if (_pathLengthConstraint != null)
                        {
                            int _plc = _pathLengthConstraint.intValue();

View Full Code Here

                }
    
                if (idp != null)
                {
                    IssuingDistributionPoint    p = IssuingDistributionPoint.getInstance(idp);
                    BasicConstraints    bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, BASIC_CONSTRAINTS));
                    
                    if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
                    {
                        throw new AnnotatedException("CA Cert CRL only contains user certificates");
                    }
                    
                    if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                    {
                        throw new AnnotatedException("End CRL only contains CA certificates");
                    }
                    
                    if (p.onlyContainsAttributeCerts())

View Full Code Here

    v3CertGen.setSerialNumber(new BigInteger(Long.toString(System.currentTimeMillis())));


    v3CertGen.addExtension(
        X509Extensions.BasicConstraints,
        true,
        new BasicConstraints(false) );


    v3CertGen.addExtension(
        X509Extensions.SubjectKeyIdentifier,
        false,
        new SubjectKeyIdentifierStructure(newPubKey));

View Full Code Here

        new SubjectKeyIdentifierStructure(keyPair.getPublic()));


    v3CertGen.addExtension(
        X509Extensions.BasicConstraints,
        true,
        new BasicConstraints(0));


    v3CertGen.addExtension(
        X509Extensions.KeyUsage,
        false,
        new KeyUsage(KeyUsage.cRLSign | KeyUsage.keyCertSign) );

View Full Code Here

    }
  }


  protected void addV3CAExtensions(final JcaX509v3CertificateBuilder builder, final BouncyCastleCertificateRequest request) throws CertIOException {
    if (request.isCa()) {
      builder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
    }
  }

View Full Code Here

          webDN,
          pair.getPublic());


      JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
      certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));
      certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
      certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));


      // support alternateSubjectNames for SSL certificates
      List<GeneralName> altNames = new ArrayList<GeneralName>();
      if (HttpUtils.isIpAddress(sslMetadata.commonName)) {

View Full Code Here

          caPair.getPublic());


      JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
      caBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic()));
      caBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic()));
      caBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));
      caBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));


      JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC);
      X509Certificate cert = converter.getCertificate(caBuilder.build(caSigner));

View Full Code Here

          userDN,
          pair.getPublic());


      JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
      certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));
      certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
      certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));
      certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature));
      if (!StringUtils.isEmpty(clientMetadata.emailAddress)) {
        GeneralNames subjectAltName = new GeneralNames(
                    new GeneralName(GeneralName.rfc822Name, clientMetadata.emailAddress));

View Full Code Here

                begin, ends, subject, pubKey);


        if (subject.equals(issuer)) {
            certificateBuilder.addExtension(
                    X509Extension.basicConstraints, true,
                    new BasicConstraints(5));
        } else {
            JcaX509ExtensionUtils jxeu = new JcaX509ExtensionUtils();


            if (baseCrt != null) {
                byte[] sans = baseCrt.getExtensionValue(X509Extension.subjectAlternativeName.getId());
                if (sans != null) {
                    certificateBuilder.copyAndAddExtension(X509Extension.subjectAlternativeName, true, baseCrt);
                }
            }


            SubjectKeyIdentifier subjectKeyIdentifier = jxeu.createSubjectKeyIdentifier(pubKey);
            certificateBuilder.addExtension(
                    X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);


            AuthorityKeyIdentifier authorityKeyIdentifier = jxeu.createAuthorityKeyIdentifier(caPubKey);
            certificateBuilder.addExtension(
                    X509Extension.authorityKeyIdentifier, false,
                    authorityKeyIdentifier);


            certificateBuilder.addExtension(
                    X509Extension.basicConstraints, true,
                    new BasicConstraints(false));


            NetscapeCertType netscapeCertType = new NetscapeCertType(NetscapeCertType.sslClient | NetscapeCertType.sslServer);
            certificateBuilder.addExtension(
                    MiscObjectIdentifiers.netscapeCertType, false,
                    netscapeCertType);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.harmony.security.x509.BasicConstraints

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateBuilder

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateGenerator

com.gitblit.utils.X509Utils

com.maverick.crypto.asn1.ASN1EncodableVector

com.maverick.crypto.asn1.DERBoolean

com.maverick.crypto.asn1.DERInteger

com.maverick.crypto.asn1.DERSequence

com.maverick.crypto.asn1.x509.X509Certificate

cybervillains.ca.CertificateCreator

org.apache.accumulo.test.util.CertUtils

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.