use of org.bouncycastle.asn1.ASN1InputStream in project zm-mailbox by Zimbra.
the class CertUtil method getSubjectAttr.
private String getSubjectAttr(String needAttrName, String needAttrOid) {
String subjectDN = getSubjectDN();
try {
LdapName dn = new LdapName(subjectDN);
List<Rdn> rdns = dn.getRdns();
for (Rdn rdn : rdns) {
String type = rdn.getType();
boolean isOid = type.contains(".");
boolean matched = (isOid ? type.equals(needAttrOid) : type.equals(needAttrName));
if (matched) {
Object value = rdn.getValue();
if (value == null) {
continue;
}
if (isOid) {
byte[] bytes = (byte[]) value;
ASN1InputStream decoder = null;
try {
decoder = new ASN1InputStream(bytes);
DEREncodable encoded = decoder.readObject();
DERIA5String str = DERIA5String.getInstance(encoded);
return str.getString();
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to decode " + type, e);
} finally {
ByteUtil.closeStream(decoder);
}
} else {
return value.toString();
}
}
}
} catch (InvalidNameException e) {
ZimbraLog.account.warn(LOG_PREFIX + "Invalid subject dn value" + subjectDN, e);
}
return null;
}
use of org.bouncycastle.asn1.ASN1InputStream in project zm-mailbox by Zimbra.
the class CertUtil method printSubjectAlternativeNames.
private void printSubjectAlternativeNames(PrintStream outStream) throws Exception {
final String UPN_DISPLAY = "Principal Name";
final String RFC822NAME_DISPLAY = "RFC822 Name";
final String DNSNAME_DISPLAY = "DNS Name";
outStream.format("X509v3 Subject Alternative Name: \n");
ASN1InputStream decoder = null;
try {
Collection<List<?>> generalNames = cert.getSubjectAlternativeNames();
// Check that the certificate includes the SubjectAltName extension
if (generalNames == null) {
return;
}
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
}
outStream.format(" [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value);
} else if (GeneralName.rfc822Name == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value);
} else if (GeneralName.dNSName == tag.intValue()) {
String value = (String) generalName.get(1);
outStream.format(" [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value);
} else {
outStream.format(" [%d] - not yet supported\n", tag);
}
}
} catch (CertificateParsingException e) {
e.printStackTrace();
} finally {
ByteUtil.closeStream(decoder);
}
}
use of org.bouncycastle.asn1.ASN1InputStream in project zm-mailbox by Zimbra.
the class CertUtil method getSubjectAltNameOtherNameUPN.
String getSubjectAltNameOtherNameUPN() {
Collection<List<?>> generalNames = null;
try {
generalNames = cert.getSubjectAlternativeNames();
} catch (CertificateParsingException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
}
if (generalNames == null) {
return null;
}
ASN1InputStream decoder = null;
try {
// Check that the certificate includes the SubjectAltName extension
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
return value;
}
}
}
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
} finally {
ByteUtil.closeStream(decoder);
}
return null;
}
use of org.bouncycastle.asn1.ASN1InputStream in project oxAuth by GluuFederation.
the class CRLCertificateVerifier method getExtensionValue.
/**
* @param certificate
* the certificate from which we need the ExtensionValue
* @param oid
* the Object Identifier value for the extension.
* @return the extension value as an ASN1Primitive object
* @throws IOException
*/
private static ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
byte[] bytes = certificate.getExtensionValue(oid);
if (bytes == null) {
return null;
}
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
return aIn.readObject();
}
use of org.bouncycastle.asn1.ASN1InputStream in project oxAuth by GluuFederation.
the class OCSPCertificateVerifier method getExtensionValue.
/**
* @param certificate
* the certificate from which we need the ExtensionValue
* @param oid
* the Object Identifier value for the extension.
* @return the extension value as an ASN1Primitive object
* @throws IOException
*/
private static ASN1Primitive getExtensionValue(X509Certificate certificate, String oid) throws IOException {
byte[] bytes = certificate.getExtensionValue(oid);
if (bytes == null) {
return null;
}
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
return aIn.readObject();
}
Aggregations