Example 81 with X500Principal
use of javax.security.auth.x500.X500Principal in project XobotOS by xamarin.
the class X509CRLObject method getRevokedCertificate.
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
Enumeration certs = c.getRevokedCertificateEnumeration();
X500Principal previousCertificateIssuer = getIssuerX500Principal();
while (certs.hasMoreElements()) {
TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
if (serialNumber.equals(entry.getUserCertificate().getValue())) {
return crlEntry;
}
previousCertificateIssuer = crlEntry.getCertificateIssuer();
}
return null;
}
Also used :
Enumeration(java.util.Enumeration)
X500Principal(javax.security.auth.x500.X500Principal)
TBSCertList(org.bouncycastle.asn1.x509.TBSCertList)
X509CRLEntry(java.security.cert.X509CRLEntry)
Example 82 with X500Principal
use of javax.security.auth.x500.X500Principal in project nhin-d by DirectProject.
the class CertificateServiceImpl method getOwner.
private String getOwner(X509Certificate certificate) {
String address = "";
// check alternative names first
Collection<List<?>> altNames = null;
try {
altNames = certificate.getSubjectAlternativeNames();
} catch (CertificateParsingException ex) {
/* no -op */
}
if (altNames != null) {
for (List<?> entries : altNames) {
if (// should always be the case according the altNames spec, but checking to be defensive
entries.size() >= 2) {
Integer nameType = (Integer) entries.get(0);
// prefer email over over domain?
if (nameType == RFC822Name_TYPE)
address = (String) entries.get(1);
else if (nameType == DNSName_TYPE && address.isEmpty())
address = (String) entries.get(1);
}
}
}
if (!address.isEmpty())
return address;
// can't find subject address in alt names... try the principal
X500Principal issuerPrin = certificate.getSubjectX500Principal();
// get the domain name
Map<String, String> oidMap = new HashMap<String, String>();
// OID for email address
oidMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS");
String prinName = issuerPrin.getName(X500Principal.RFC1779, oidMap);
// see if there is an email address first in the DN
String searchString = "EMAILADDRESS=";
int index = prinName.indexOf(searchString);
if (index == -1) {
searchString = "CN=";
// no Email.. check the CN
index = prinName.indexOf(searchString);
if (index == -1)
// no CN... nothing else that can be done from here
return "";
}
// look for a "," to find the end of this attribute
int endIndex = prinName.indexOf(",", index);
if (endIndex > -1)
address = prinName.substring(index + searchString.length(), endIndex);
else
address = prinName.substring(index + searchString.length());
return address;
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
X500Principal(javax.security.auth.x500.X500Principal)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 83 with X500Principal
use of javax.security.auth.x500.X500Principal in project nhin-d by DirectProject.
the class CryptoExtensions method getSubjectAddress.
/**
* Gets the address name associated with the certificate. It may be an email address or a domain name.
* @param certificate The certificate to search
* @return The address of domain associated with a certificate.
*/
public static String getSubjectAddress(X509Certificate certificate) {
String address = "";
// check alternative names first
Collection<List<?>> altNames = null;
try {
altNames = certificate.getSubjectAlternativeNames();
} catch (CertificateParsingException ex) {
/* no -op */
}
if (altNames != null) {
for (List<?> entries : altNames) {
if (// should always be the case according the altNames spec, but checking to be defensive
entries.size() >= 2) {
Integer nameType = (Integer) entries.get(0);
// prefer email over over domain?
if (nameType == RFC822Name_TYPE)
address = (String) entries.get(1);
else if (nameType == DNSName_TYPE && address.isEmpty())
address = (String) entries.get(1);
}
}
}
if (!address.isEmpty())
return address;
// can't find issuer address in alt names... try the principal
X500Principal issuerPrin = certificate.getSubjectX500Principal();
// get the domain name
Map<String, String> oidMap = new HashMap<String, String>();
// OID for email address
oidMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS");
String prinName = issuerPrin.getName(X500Principal.RFC1779, oidMap);
// see if there is an email address first in the DN
String searchString = "EMAILADDRESS=";
int index = prinName.indexOf(searchString);
if (index == -1) {
searchString = "CN=";
// no Email.. check the CN
index = prinName.indexOf(searchString);
if (index == -1)
// no CN... nothing else that can be done from here
return "";
}
// look for a "," to find the end of this attribute
int endIndex = prinName.indexOf(",", index);
if (endIndex > -1)
address = prinName.substring(index + searchString.length(), endIndex);
else
address = prinName.substring(index + searchString.length());
return address;
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
X500Principal(javax.security.auth.x500.X500Principal)
ArrayList(java.util.ArrayList)
List(java.util.List)
Thumbprint(org.nhindirect.stagent.cert.Thumbprint)
Example 84 with X500Principal
use of javax.security.auth.x500.X500Principal in project nhin-d by DirectProject.
the class TrustChainValidator method getIssuerAddress.
private String getIssuerAddress(X509Certificate certificate) {
String address = "";
// check alternative names first
Collection<List<?>> altNames = null;
try {
altNames = certificate.getIssuerAlternativeNames();
} catch (CertificateParsingException ex) {
/* no -op */
}
if (altNames != null) {
for (List<?> entries : altNames) {
if (// should always be the case according the altNames spec, but checking to be defensive
entries.size() >= 2) {
Integer nameType = (Integer) entries.get(0);
// prefer email over over domain?
if (nameType == RFC822Name_TYPE)
address = (String) entries.get(1);
else if (nameType == DNSName_TYPE && address.isEmpty())
address = (String) entries.get(1);
}
}
}
if (!address.isEmpty())
return address;
// can't find issuer address in alt names... try the principal
X500Principal issuerPrin = certificate.getIssuerX500Principal();
// get the domain name
Map<String, String> oidMap = new HashMap<String, String>();
// OID for email address
oidMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS");
String prinName = issuerPrin.getName(X500Principal.RFC1779, oidMap);
// see if there is an email address first in the DN
String searchString = "EMAILADDRESS=";
int index = prinName.indexOf(searchString);
if (index == -1) {
searchString = "CN=";
// no Email.. check the CN
index = prinName.indexOf(searchString);
if (index == -1)
// no CN... nothing else that can be done from here
return "";
}
// look for a "," to find the end of this attribute
int endIndex = prinName.indexOf(",", index);
if (endIndex > -1)
address = prinName.substring(index + searchString.length(), endIndex);
else
address = prinName.substring(index + searchString.length());
return address;
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
X500Principal(javax.security.auth.x500.X500Principal)
ArrayList(java.util.ArrayList)
List(java.util.List)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Thumbprint(org.nhindirect.stagent.cert.Thumbprint)
Example 85 with X500Principal
use of javax.security.auth.x500.X500Principal in project nhin-d by DirectProject.
the class CRLRevocationManager_getCrlFromUriTest method testGetCrlFromUri_notInCache_loadFromCacheFile_assertCRLFound.
public void testGetCrlFromUri_notInCache_loadFromCacheFile_assertCRLFound() throws Exception {
CRLRevocationManager.initCRLCacheLocation();
String uri = "http://localhost:8080/certs.crl";
X509CRL crl = (X509CRL) TestUtils.loadCRL("certs.crl");
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
KeyPair pair = kpGen.generateKeyPair();
Calendar cal = Calendar.getInstance();
cal.set(Calendar.YEAR, cal.get(Calendar.YEAR) + 10);
X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
crlGen.setIssuerDN(new X500Principal("CN=Test CRL"));
crlGen.setNextUpdate(cal.getTime());
crlGen.setSignatureAlgorithm("SHA256withRSAEncryption");
crlGen.setThisUpdate(Calendar.getInstance().getTime());
crlGen.addCRL(crl);
crl = crlGen.generate(pair.getPrivate(), "BC");
CRLRevocationManager.INSTANCE.writeCRLCacheFile(uri, crl);
X509CRL retCrl = CRLRevocationManager.getInstance().getCrlFromUri(uri);
assertNotNull(retCrl);
assertEquals(crl, retCrl);
}
Also used :
KeyPair(java.security.KeyPair)
X509CRL(java.security.cert.X509CRL)
Calendar(java.util.Calendar)
X500Principal(javax.security.auth.x500.X500Principal)
KeyPairGenerator(java.security.KeyPairGenerator)
X509V2CRLGenerator(org.bouncycastle.x509.X509V2CRLGenerator)
Aggregations
X500Principal (javax.security.auth.x500.X500Principal)246
X509Certificate (java.security.cert.X509Certificate)68
IOException (java.io.IOException)52
ArrayList (java.util.ArrayList)39
List (java.util.List)25
Principal (java.security.Principal)21
PublicKey (java.security.PublicKey)21
TrustAnchor (java.security.cert.TrustAnchor)21
Certificate (java.security.cert.Certificate)20
X509CertSelector (java.security.cert.X509CertSelector)16
HashMap (java.util.HashMap)16
BigInteger (java.math.BigInteger)15
KeyPair (java.security.KeyPair)15
HashSet (java.util.HashSet)14
Test (org.junit.Test)14
KeyPairGenerator (java.security.KeyPairGenerator)13
CertPathValidatorException (java.security.cert.CertPathValidatorException)13
CertificateException (java.security.cert.CertificateException)13
GeneralSecurityException (java.security.GeneralSecurityException)12
CertificateParsingException (java.security.cert.CertificateParsingException)12
