Java Code Examples for org.bouncycastle.asn1.x500.X500Name#getRDNs()
The following examples show how to use
org.bouncycastle.asn1.x500.X500Name#getRDNs() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: UserIdentityExtractor.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public Object extractUserIdentity(X509Certificate[] certs) {
if (certs == null || certs.length == 0)
throw new IllegalArgumentException();
X500Name name = x500Name.apply(certs);
if (name != null) {
RDN[] rnds = name.getRDNs(x500NameStyle);
if (rnds != null && rnds.length > 0) {
RDN cn = rnds[0];
return IETFUtils.valueToString(cn.getFirst().getValue());
}
}
return null;
}
Example 2
| Source File: X500NameUtils.java From keystore-explorer with GNU General Public License v3.0 | 6 votes |
|
/**
* Returns the (first) value of the (first) RDN of type rdnOid
*
* @param dn The X500Name
* @param rdnOid OID of wanted RDN
* @return Value of requested RDN
*/
public static String getRdn(X500Name dn, ASN1ObjectIdentifier rdnOid) {
if (dn == null || rdnOid == null) {
return "";
}
RDN[] rdns = dn.getRDNs(rdnOid);
String value = "";
if (rdns.length > 0) {
RDN rdn = rdns[0];
value = rdn.getFirst().getValue().toString();
}
return value;
}
Example 3
| Source File: NameUtil.java From portecle with GNU General Public License v2.0 | 6 votes |
|
/**
* Gets the common name from the given X500Name.
*
* @param name the X.500 name
* @return the common name, null if not found
*/
public static String getCommonName(X500Name name)
{
if (name == null)
{
return null;
}
RDN[] rdns = name.getRDNs(BCStyle.CN);
if (rdns.length == 0)
{
return null;
}
return rdns[0].getFirst().getValue().toString();
}
Example 4
| Source File: CertUtils.java From oxAuth with MIT License | 6 votes |
|
@NotNull
public static String getCN(@Nullable X509Certificate cert) {
try {
if (cert == null) {
return "";
}
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
final RDN[] rdns = x500name.getRDNs(BCStyle.CN);
if (rdns == null || rdns.length == 0) {
return "";
}
RDN cn = rdns[0];
if (cn != null && cn.getFirst() != null && cn.getFirst().getValue() != null) {
return IETFUtils.valueToString(cn.getFirst().getValue());
}
} catch (CertificateEncodingException e) {
log.error(e.getMessage(), e);
}
return "";
}
Example 5
| Source File: Crypto.java From athenz with Apache License 2.0 | 6 votes |
|
public static String extractX509CertSubjectField(X509Certificate x509Cert, ASN1ObjectIdentifier id) {
String principalName = x509Cert.getSubjectX500Principal().getName();
///CLOVER:OFF
if (principalName == null || principalName.isEmpty()) {
return null;
}
///CLOVER:ON
X500Name x500name = new X500Name(principalName);
RDN[] rdns = x500name.getRDNs(id);
// we're only supporting a single field in Athenz certificates so
// any other multiple value will be considered invalid
if (rdns == null || rdns.length == 0) {
return null;
}
///CLOVER:OFF
if (rdns.length != 1) {
throw new CryptoException("CSR Subject contains multiple values for the same field.");
}
///CLOVER:ON
return IETFUtils.valueToString(rdns[0].getFirst().getValue());
}
Example 6
| Source File: CryptoHelper.java From Pix-Art-Messenger with GNU General Public License v3.0 | 5 votes |
|
public static Pair<Jid, String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, IllegalArgumentException, CertificateParsingException {
Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
List<String> emails = new ArrayList<>();
if (alternativeNames != null) {
for (List<?> san : alternativeNames) {
Integer type = (Integer) san.get(0);
if (type == 1) {
emails.add((String) san.get(1));
}
}
}
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
if (emails.size() == 0 && x500name.getRDNs(BCStyle.EmailAddress).length > 0) {
emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
}
String name = x500name.getRDNs(BCStyle.CN).length > 0 ? IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue()) : null;
if (emails.size() >= 1) {
return new Pair<>(Jid.of(emails.get(0)), name);
} else if (name != null) {
try {
Jid jid = Jid.of(name);
if (jid.isBareJid() && jid.getLocal() != null) {
return new Pair<>(jid, null);
}
} catch (IllegalArgumentException e) {
return null;
}
}
return null;
}
Example 7
| Source File: JDistinguishedName.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
/**
* Set distinguished name.
*
* @param distinguishedName
* Distinguished name
*/
public void setDistinguishedName(X500Name distinguishedName) {
if (distinguishedName == null) {
this.distinguishedName = new X500Name(KseX500NameStyle.INSTANCE, new RDN[0]);
} else {
this.distinguishedName = new X500Name(KseX500NameStyle.INSTANCE, distinguishedName.getRDNs());
}
populate();
}
Example 8
| Source File: DistinguishedNameChooser.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
public DistinguishedNameChooser(X500Name dn, boolean editable, String defaultDN) {
this.editable = editable;
if (dn == null || dn.getRDNs().length == 0) {
if (defaultDN == null || defaultDN.isEmpty()) {
defaultDN = "CN=, OU=, O=, L=, ST=, C=";
}
currentName = new X500Name(KseX500NameStyle.INSTANCE, defaultDN);
} else {
this.currentName = dn;
}
this.defaultName = defaultDN;
init();
}
Example 9
| Source File: CryptoHelper.java From Conversations with GNU General Public License v3.0 | 5 votes |
|
public static Pair<Jid, String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, IllegalArgumentException, CertificateParsingException {
Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
List<String> emails = new ArrayList<>();
if (alternativeNames != null) {
for (List<?> san : alternativeNames) {
Integer type = (Integer) san.get(0);
if (type == 1) {
emails.add((String) san.get(1));
}
}
}
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
if (emails.size() == 0 && x500name.getRDNs(BCStyle.EmailAddress).length > 0) {
emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
}
String name = x500name.getRDNs(BCStyle.CN).length > 0 ? IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue()) : null;
if (emails.size() >= 1) {
return new Pair<>(Jid.of(emails.get(0)), name);
} else if (name != null) {
try {
Jid jid = Jid.of(name);
if (jid.isBareJid() && jid.getLocal() != null) {
return new Pair<>(jid, null);
}
} catch (IllegalArgumentException e) {
return null;
}
}
return null;
}
Example 10
| Source File: X500NameUtils.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
/**
* Return CN of a X.500 name
*
* @param name X.500 name object
* @return CN from Name or an empty string if no CN found
*/
public static String extractCN(X500Name name) {
for (RDN rdn : name.getRDNs()) {
AttributeTypeAndValue atav = rdn.getFirst();
if (atav.getType().equals(BCStyle.CN)) {
return atav.getValue().toString();
}
}
return "";
}
Example 11
| Source File: XmppDomainVerifier.java From Pix-Art-Messenger with GNU General Public License v3.0 | 5 votes |
|
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
Example 12
| Source File: CertificateToken.java From jqm with Apache License 2.0 | 5 votes |
|
public String getUserName()
{
try {
X500Name x500name = new JcaX509CertificateHolder(clientCert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(cn.getFirst().getValue());
} catch (CertificateEncodingException e) {
return "";
}
}
Example 13
| Source File: XmppDomainVerifier.java From Conversations with GNU General Public License v3.0 | 5 votes |
|
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
Example 14
| Source File: SslClientCertificateImpl.java From hivemq-community-edition with Apache License 2.0 | 5 votes |
|
@Nullable
private String subjectProperty(final ASN1ObjectIdentifier objectIdentifier, final X509Certificate cert) throws CertificateEncodingException {
final X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
final RDN[] rdNs = x500name.getRDNs(objectIdentifier);
if (rdNs.length < 1) {
return null;
}
final RDN cn = rdNs[0];
return IETFUtils.valueToString(cn.getFirst().getValue());
}
Example 15
| Source File: ClientAuthenticator.java From keywhiz with Apache License 2.0 | 5 votes |
|
static Optional<String> getClientName(Principal principal) {
X500Name name = new X500Name(principal.getName());
RDN[] rdns = name.getRDNs(BCStyle.CN);
if (rdns.length == 0) {
logger.warn("Certificate does not contain CN=xxx,...: {}", principal.getName());
return Optional.empty();
}
return Optional.of(IETFUtils.valueToString(rdns[0].getFirst().getValue()));
}
Example 16
| Source File: TestSecureOzoneCluster.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
public void validateCertificate(X509Certificate cert) throws Exception {
// Assert that we indeed have a self signed certificate.
X500Name x500Issuer = new JcaX509CertificateHolder(cert).getIssuer();
RDN cn = x500Issuer.getRDNs(BCStyle.CN)[0];
String hostName = InetAddress.getLocalHost().getHostName();
String scmUser = "scm@" + hostName;
assertEquals(scmUser, cn.getFirst().getValue().toString());
// Subject name should be om login user in real world but in this test
// UGI has scm user context.
assertEquals(scmUser, cn.getFirst().getValue().toString());
LocalDate today = LocalDateTime.now().toLocalDate();
Date invalidDate;
// Make sure the end date is honored.
invalidDate = java.sql.Date.valueOf(today.plus(1, ChronoUnit.DAYS));
assertTrue(cert.getNotAfter().after(invalidDate));
invalidDate = java.sql.Date.valueOf(today.plus(400, ChronoUnit.DAYS));
assertTrue(cert.getNotAfter().before(invalidDate));
assertTrue(cert.getSubjectDN().toString().contains(scmId));
assertTrue(cert.getSubjectDN().toString().contains(clusterId));
assertTrue(cert.getIssuerDN().toString().contains(scmUser));
assertTrue(cert.getIssuerDN().toString().contains(scmId));
assertTrue(cert.getIssuerDN().toString().contains(clusterId));
// Verify that certificate matches the public key.
String encodedKey1 = cert.getPublicKey().toString();
String encodedKey2 = om.getCertificateClient().getPublicKey().toString();
assertEquals(encodedKey1, encodedKey2);
}
Example 17
| Source File: ClientFingerprintTrustManager.java From incubator-tuweni with Apache License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
X509Certificate cert = chain[0];
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String hostname = IETFUtils.valueToString(cn.getFirst().getValue());
checkTrusted(chain, hostname);
}
Example 18
| Source File: SocketTest.java From athenz with Apache License 2.0 | 4 votes |
|
private String getCN(Certificate[] certificates) throws CertificateEncodingException {
final X509Certificate[] clientCerts = (X509Certificate[])certificates;
final X500Name certificateHolder = new JcaX509CertificateHolder(clientCerts[0]).getSubject();
final RDN commonName = certificateHolder.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(commonName.getFirst().getValue());
}
Example 19
| Source File: CertificateManager.java From Openfire with Apache License 2.0 | 4 votes |
|
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, X500NameBuilder issuerBuilder,
X500NameBuilder subjectBuilder, String domain, String signAlgoritm, Set<String> sanDnsNames ) throws GeneralSecurityException, IOException {
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
byte[] serno = new byte[8];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed((new Date().getTime()));
random.nextBytes(serno);
BigInteger serial = (new java.math.BigInteger(serno)).abs();
X500Name issuerDN = issuerBuilder.build();
X500Name subjectDN = subjectBuilder.build();
// builder
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( //
issuerDN, //
serial, //
new Date(), //
new Date(System.currentTimeMillis() + days * (1000L * 60 * 60 * 24)), //
subjectDN, //
pubKey //
);
// add subjectAlternativeName extension that includes all relevant names.
final GeneralNames subjectAlternativeNames = getSubjectAlternativeNames( sanDnsNames );
final boolean critical = subjectDN.getRDNs().length == 0;
certBuilder.addExtension(Extension.subjectAlternativeName, critical, subjectAlternativeNames);
// add keyIdentifiers extensions
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(pubKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(pubKey));
try {
// build the certificate
ContentSigner signer = new JcaContentSignerBuilder(signAlgoritm).build(privKey);
X509CertificateHolder cert = certBuilder.build(signer);
// verify the validity
if (!cert.isValidOn(new Date())) {
throw new GeneralSecurityException("Certificate validity not valid");
}
// verify the signature (self-signed)
ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().build(pubKey);
if (!cert.isSignatureValid(verifierProvider)) {
throw new GeneralSecurityException("Certificate signature not valid");
}
return new JcaX509CertificateConverter().getCertificate(cert);
} catch (OperatorCreationException | CertException e) {
throw new GeneralSecurityException(e);
}
}
Example 20
| Source File: SubjectChecker.java From xipki with Apache License 2.0 | 4 votes |
|
private ValidationIssue checkSubjectAttributeNotMultiValued(ASN1ObjectIdentifier type,
X500Name subject, X500Name requestedSubject) throws BadCertTemplateException {
ValidationIssue issue = createSubjectIssue(type);
// control
RdnControl rdnControl = subjectControl.getControl(type);
int minOccurs = (rdnControl == null) ? 0 : rdnControl.getMinOccurs();
int maxOccurs = (rdnControl == null) ? 0 : rdnControl.getMaxOccurs();
RDN[] rdns = subject.getRDNs(type);
int rdnsSize = (rdns == null) ? 0 : rdns.length;
if (rdnsSize < minOccurs || rdnsSize > maxOccurs) {
issue.setFailureMessage("number of RDNs '" + rdnsSize
+ "' is not within [" + minOccurs + ", " + maxOccurs + "]");
return issue;
}
List<String> requestedCoreAtvTextValues = new LinkedList<>();
RDN[] requestedRdns = requestedSubject.getRDNs(type);
if (rdnControl == null || rdnControl.isValueOverridable()) {
if (requestedRdns != null && requestedRdns.length > 0) {
for (RDN requestedRdn : requestedRdns) {
String textValue = getRdnTextValueOfRequest(requestedRdn);
requestedCoreAtvTextValues.add(textValue);
}
} else if (rdnControl != null && rdnControl.getValue() != null) {
requestedCoreAtvTextValues.add(rdnControl.getValue());
}
} else {
// rdnControl.getValue() could not be non-null here.
requestedCoreAtvTextValues.add(rdnControl.getValue());
}
if (rdnsSize == 0) {
// check optional attribute but is present in requestedSubject
if (maxOccurs > 0 && !requestedCoreAtvTextValues.isEmpty()) {
issue.setFailureMessage("is absent but expected present");
}
return issue;
}
StringBuilder failureMsg = new StringBuilder();
// check the encoding
StringType stringType = null;
if (rdnControl != null) {
stringType = rdnControl.getStringType();
}
if (stringType == null) {
stringType = StringType.utf8String;
}
for (int i = 0; i < rdns.length; i++) {
RDN rdn = rdns[i];
AttributeTypeAndValue[] atvs = rdn.getTypesAndValues();
if (atvs.length > 1) {
failureMsg.append("size of RDN[" + i + "] is '" + atvs.length + "' but expected '1'");
failureMsg.append("; ");
continue;
}
String atvTextValue = getAtvValueString("RDN[" + i + "]", atvs[0], stringType, failureMsg);
if (atvTextValue == null) {
continue;
}
checkAttributeTypeAndValue("RDN[" + i + "]", type, atvTextValue, rdnControl,
requestedCoreAtvTextValues, i, failureMsg);
}
int len = failureMsg.length();
if (len > 2) {
failureMsg.delete(len - 2, len);
issue.setFailureMessage(failureMsg.toString());
}
return issue;
}
