use of org.bouncycastle.asn1.ASN1OctetString in project cas by apereo.
the class X509SubjectAlternativeNameUPNPrincipalResolver method getUPNStringFromSequence.
/**
* Get UPN String.
*
* @param seq ASN1Sequence abstraction representing subject alternative name.
* First element is the object identifier, second is the object itself.
* @return UPN string or null
*/
private static String getUPNStringFromSequence(final ASN1Sequence seq) {
if (seq != null) {
// First in sequence is the object identifier, that we must check
final ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
if (id != null && UPN_OBJECTID.equals(id.getId())) {
final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
ASN1Primitive prim = obj.getObject();
// Due to bug in java cert.getSubjectAltName, it can be tagged an extra time
if (prim instanceof ASN1TaggedObject) {
prim = ASN1TaggedObject.getInstance(prim).getObject();
}
if (prim instanceof ASN1OctetString) {
return new String(((ASN1OctetString) prim).getOctets(), StandardCharsets.UTF_8);
}
if (prim instanceof ASN1String) {
return ((ASN1String) prim).getString();
}
return null;
}
}
return null;
}
use of org.bouncycastle.asn1.ASN1OctetString in project oxCore by GluuFederation.
the class LdapOperationsServiceImpl method search.
/*
* (non-Javadoc)
*
* @see org.gluu.site.ldap.PlatformOperationFacade#search(java.lang.String,
* com.unboundid.ldap.sdk.Filter, org.xdi.ldap.model.SearchScope,
* org.gluu.site.ldap.persistence.BatchOperation, int, int, int,
* com.unboundid.ldap.sdk.Control[], java.lang.String)
*/
@Override
public <T> SearchResult search(String dn, Filter filter, SearchScope scope, LdapBatchOperationWraper<T> batchOperationWraper, int startIndex, int searchLimit, int sizeLimit, Control[] controls, String... attributes) throws SearchException {
SearchRequest searchRequest;
BatchOperation<T> ldapBatchOperation = null;
if (batchOperationWraper != null) {
ldapBatchOperation = (BatchOperation<T>) batchOperationWraper.getBatchOperation();
}
if (LOG.isTraceEnabled()) {
// Find whole tree search
if (StringHelper.equalsIgnoreCase(dn, "o=gluu")) {
LOG.trace("Search in whole LDAP tree", new Exception());
}
}
if (attributes == null) {
searchRequest = new SearchRequest(dn, scope, filter);
} else {
searchRequest = new SearchRequest(dn, scope, filter, attributes);
}
boolean useSizeLimit = sizeLimit > 0;
if (useSizeLimit) {
// Use paged result to limit search
searchLimit = sizeLimit;
}
SearchResult searchResult = null;
List<SearchResult> searchResultList = new ArrayList<SearchResult>();
List<SearchResultEntry> searchResultEntries = new ArrayList<SearchResultEntry>();
List<SearchResultReference> searchResultReferences = new ArrayList<SearchResultReference>();
if ((searchLimit > 0) || (startIndex > 0)) {
if (searchLimit == 0) {
// Default page size
searchLimit = 100;
}
boolean collectSearchResult;
LDAPConnection ldapConnection = null;
try {
ldapConnection = getConnectionPool().getConnection();
ASN1OctetString cookie = null;
if (startIndex > 0) {
try {
cookie = scrollSimplePagedResultsControl(ldapConnection, dn, filter, scope, controls, startIndex);
} catch (InvalidSimplePageControlException ex) {
throw new LDAPSearchException(ex.getResultCode(), "Failed to scroll to specified startIndex", ex);
} catch (LDAPException ex) {
throw new LDAPSearchException(ex.getResultCode(), "Failed to scroll to specified startIndex", ex);
}
}
do {
collectSearchResult = true;
searchRequest.setControls(new Control[] { new SimplePagedResultsControl(searchLimit, cookie) });
setControls(searchRequest, controls);
searchResult = ldapConnection.search(searchRequest);
if (ldapBatchOperation != null) {
collectSearchResult = ldapBatchOperation.collectSearchResult(searchResult.getEntryCount());
}
if (collectSearchResult) {
searchResultList.add(searchResult);
searchResultEntries.addAll(searchResult.getSearchEntries());
searchResultReferences.addAll(searchResult.getSearchReferences());
}
if (ldapBatchOperation != null) {
List<T> entries = batchOperationWraper.createEntities(searchResult);
ldapBatchOperation.performAction(entries);
}
cookie = null;
try {
SimplePagedResultsControl c = SimplePagedResultsControl.get(searchResult);
if (c != null) {
cookie = c.getCookie();
}
} catch (LDAPException ex) {
LOG.error("Error while accessing cookies" + ex.getMessage());
}
if (useSizeLimit) {
break;
}
} while ((cookie != null) && (cookie.getValueLength() > 0));
} catch (LDAPException ex) {
throw new SearchException("Failed to scroll to specified startIndex", ex, ex.getResultCode().intValue());
} finally {
if (ldapConnection != null) {
getConnectionPool().releaseConnection(ldapConnection);
}
}
if (!collectSearchResult) {
return new SearchResult(searchResult.getMessageID(), searchResult.getResultCode(), searchResult.getDiagnosticMessage(), searchResult.getMatchedDN(), searchResult.getReferralURLs(), searchResultEntries, searchResultReferences, searchResultEntries.size(), searchResultReferences.size(), searchResult.getResponseControls());
}
if (!searchResultList.isEmpty()) {
SearchResult searchResultTemp = searchResultList.get(0);
return new SearchResult(searchResultTemp.getMessageID(), searchResultTemp.getResultCode(), searchResultTemp.getDiagnosticMessage(), searchResultTemp.getMatchedDN(), searchResultTemp.getReferralURLs(), searchResultEntries, searchResultReferences, searchResultEntries.size(), searchResultReferences.size(), searchResultTemp.getResponseControls());
}
} else {
setControls(searchRequest, controls);
try {
searchResult = getConnectionPool().search(searchRequest);
} catch (LDAPSearchException ex) {
throw new SearchException(ex.getMessage(), ex, ex.getResultCode().intValue());
}
}
return searchResult;
}
use of org.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class P12ComplexCsrGenCmd method createExtnValueSubjectInfoAccess.
@Override
protected ASN1OctetString createExtnValueSubjectInfoAccess() throws BadInputException {
if (!isEmpty(subjectInfoAccesses)) {
throw new BadInputException("subjectInfoAccess must be null");
}
ASN1EncodableVector vec = new ASN1EncodableVector();
GeneralName[] names = createComplexGeneralNames("SIA-").getNames();
ASN1EncodableVector vec2 = new ASN1EncodableVector();
vec2.add(ObjectIdentifiers.id_ad_caRepository);
vec2.add(names[0]);
vec.add(new DERSequence(vec2));
for (int i = 1; i < names.length; i++) {
vec2 = new ASN1EncodableVector();
vec2.add(new ASN1ObjectIdentifier("2.3.4." + i));
vec2.add(names[i]);
vec.add(new DERSequence(vec2));
}
try {
return new DEROctetString(new DERSequence(vec));
} catch (IOException ex) {
throw new BadInputException(ex.getMessage(), ex);
}
}
use of org.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class X509CaCmpResponderImpl method cmpEnrollCert.
private PKIBody cmpEnrollCert(PKIMessage request, PKIHeaderBuilder respHeader, CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor, ASN1OctetString tid, String msgId, AuditEvent event) throws InsuffientPermissionException {
long confirmWaitTime = cmpControl.getConfirmWaitTime();
if (confirmWaitTime < 0) {
confirmWaitTime *= -1;
}
// second to millisecond
confirmWaitTime *= 1000;
PKIBody respBody;
int type = reqBody.getType();
switch(type) {
case PKIBody.TYPE_CERT_REQ:
checkPermission(requestor, PermissionConstants.ENROLL_CERT);
respBody = processCr(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
case PKIBody.TYPE_KEY_UPDATE_REQ:
checkPermission(requestor, PermissionConstants.KEY_UPDATE);
respBody = processKur(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
case PKIBody.TYPE_P10_CERT_REQ:
checkPermission(requestor, PermissionConstants.ENROLL_CERT);
respBody = processP10cr(request, requestor, tid, reqHeader, CertificationRequest.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
case PKIBody.TYPE_CROSS_CERT_REQ:
checkPermission(requestor, PermissionConstants.ENROLL_CROSS);
respBody = processCcp(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
break;
default:
throw new RuntimeException("should not reach here");
}
// switch type
InfoTypeAndValue tv = null;
if (!cmpControl.isConfirmCert() && CmpUtil.isImplictConfirm(reqHeader)) {
pendingCertPool.removeCertificates(tid.getOctets());
tv = CmpUtil.getImplictConfirmGeneralInfo();
} else {
Date now = new Date();
respHeader.setMessageTime(new ASN1GeneralizedTime(now));
tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime)));
}
respHeader.setGeneralInfo(tv);
return respBody;
}
use of org.bouncycastle.asn1.ASN1OctetString in project xipki by xipki.
the class X509CaCmpResponderImpl method postProcessCertInfo.
// method generateCertificates
private CertResponse postProcessCertInfo(ASN1Integer certReqId, X509CertificateInfo certInfo, ASN1OctetString tid, CmpControl cmpControl) {
if (cmpControl.isConfirmCert()) {
pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + cmpControl.getConfirmWaitTimeMs());
}
String warningMsg = certInfo.getWarningMessage();
PKIStatusInfo statusInfo;
if (StringUtil.isBlank(warningMsg)) {
statusInfo = certInfo.isAlreadyIssued() ? new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText("ALREADY_ISSUED")) : new PKIStatusInfo(PKIStatus.granted);
} else {
statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText(warningMsg));
}
CertOrEncCert cec = new CertOrEncCert(CMPCertificate.getInstance(certInfo.getCert().getEncodedCert()));
CertifiedKeyPair kp = new CertifiedKeyPair(cec);
return new CertResponse(certReqId, statusInfo, kp, null);
}
Aggregations