mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj3-server-dev/src/server/org/opends/server/schema/CertificateSyntax.java
@@ -29,6 +29,7 @@ import java.io.IOException; import java.util.List; import org.forgerock.i18n.slf4j.LocalizedLogger; @@ -45,16 +46,15 @@ import org.opends.server.types.ConfigChangeResult; import org.opends.server.types.ResultCode; import org.opends.server.protocols.asn1.ASN1; import org.opends.server.protocols.asn1.ASN1Exception; import org.opends.server.protocols.asn1.ASN1Reader; import org.forgerock.opendj.io.ASN1; import org.forgerock.opendj.ldap.DecodeException; import org.forgerock.opendj.io.ASN1Reader; import static org.opends.messages.SchemaMessages.*; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.LocalizableMessageBuilder; import static org.opends.server.schema.SchemaConstants.*; import static org.opends.server.protocols.asn1.ASN1Constants.*; /** @@ -282,7 +282,7 @@ { // Certificate SIGNED SEQUENCE if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -291,7 +291,7 @@ // CertificateContent SEQUENCE if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -300,11 +300,11 @@ // Optional Version if (reader.hasNextElement() && reader.peekType() == (TYPE_MASK_CONTEXT | TYPE_MASK_CONSTRUCTED)) reader.peekType() == (ASN1.TYPE_MASK_CONTEXT | ASN1.TYPE_MASK_CONSTRUCTED)) { reader.readStartExplicitTag(); if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_INTEGER_TYPE) reader.peekType() != ASN1.UNIVERSAL_INTEGER_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -329,7 +329,7 @@ // serialNumber if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_INTEGER_TYPE) reader.peekType() != ASN1.UNIVERSAL_INTEGER_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -338,7 +338,7 @@ // signature AlgorithmIdentifier if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -347,7 +347,7 @@ // issuer name (SEQUENCE as of X.501, 9.2) if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -356,7 +356,7 @@ // validity (SEQUENCE) if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -365,7 +365,7 @@ // subject name (SEQUENCE as of X.501, 9.2) if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -374,7 +374,7 @@ // SubjectPublicKeyInfo (SEQUENCE) if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -383,7 +383,7 @@ // OPTIONAL issuerUniqueIdentifier if (reader.hasNextElement() && reader.peekType() == (TYPE_MASK_CONTEXT + 1)) reader.peekType() == (ASN1.TYPE_MASK_CONTEXT + 1)) { if (x509Version < 1) { @@ -396,7 +396,7 @@ // OPTIONAL subjectUniqueIdentifier if (reader.hasNextElement() && reader.peekType() == (TYPE_MASK_CONTEXT + 2)) reader.peekType() == (ASN1.TYPE_MASK_CONTEXT + 2)) { if (x509Version < 1) { @@ -409,7 +409,7 @@ // OPTIONAL extensions if (reader.hasNextElement() && reader.peekType() == ((TYPE_MASK_CONTEXT|TYPE_MASK_CONSTRUCTED) + 3)) reader.peekType() == ((ASN1.TYPE_MASK_CONTEXT|ASN1.TYPE_MASK_CONSTRUCTED) + 3)) { if (x509Version < 2) { @@ -419,7 +419,7 @@ } reader.readStartExplicitTag(); // read Tag if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { // only valid in v3 invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); @@ -438,7 +438,7 @@ // AlgorithmIdentifier SEQUENCE if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_SEQUENCE_TYPE) reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -447,7 +447,7 @@ // ENCRYPTED HASH BIT STRING if (!reader.hasNextElement() || reader.peekType() != UNIVERSAL_BIT_STRING_TYPE) reader.peekType() != ASN1.UNIVERSAL_BIT_STRING_TYPE) { invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get()); return false; @@ -470,12 +470,16 @@ } // End of the certificate } catch (ASN1Exception e) catch (DecodeException e) { System.out.println(e.getMessageObject()); invalidReason.append(e.getMessageObject()); return false; } catch (IOException e) { invalidReason.append(e.getMessage()); return false; } // The basic structure of the value is an X.509 certificate return true;
