Example 11 with RDN
use of org.bouncycastle.asn1.x500.RDN in project keywhiz by square.
the class ClientAuthFactory method getClientName.
static Optional<String> getClientName(ContainerRequest request) {
Principal principal = request.getSecurityContext().getUserPrincipal();
if (principal == null) {
return Optional.empty();
}
X500Name name = new X500Name(principal.getName());
RDN[] rdns = name.getRDNs(BCStyle.CN);
if (rdns.length == 0) {
logger.warn("Certificate does not contain CN=xxx,...: {}", principal.getName());
return Optional.empty();
}
return Optional.of(IETFUtils.valueToString(rdns[0].getFirst().getValue()));
}Example 12 with RDN
use of org.bouncycastle.asn1.x500.RDN in project syncany by syncany.
the class WebServer method certificateCommonNameChanged.
private boolean certificateCommonNameChanged(String certificateCommonName) {
try {
KeyStore userKeyStore = UserConfig.getUserKeyStore();
X509Certificate currentCertificate = (X509Certificate) userKeyStore.getCertificate(CipherParams.CERTIFICATE_IDENTIFIER);
if (currentCertificate != null) {
X500Name currentCertificateSubject = new JcaX509CertificateHolder(currentCertificate).getSubject();
RDN currentCertificateSubjectCN = currentCertificateSubject.getRDNs(BCStyle.CN)[0];
String currentCertificateSubjectCnStr = IETFUtils.valueToString(currentCertificateSubjectCN.getFirst().getValue());
if (!certificateCommonName.equals(currentCertificateSubjectCnStr)) {
logger.log(Level.INFO, "- Certificate regeneration necessary: Cert common name in daemon config changed from " + currentCertificateSubjectCnStr + " to " + certificateCommonName + ".");
return true;
}
} else {
logger.log(Level.INFO, "- Certificate regeneration necessary, because no certificate found in key store.");
return true;
}
return false;
} catch (Exception e) {
throw new RuntimeException("Cannot (re-)generate server certificate for hostname: " + certificateCommonName, e);
}
}
Also used :
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStore(java.security.KeyStore)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
X509Certificate(java.security.cert.X509Certificate)
Example 13 with RDN
use of org.bouncycastle.asn1.x500.RDN in project zm-mailbox by Zimbra.
the class CertUtil method getSubjectAttr.
private String getSubjectAttr(String needAttrName, String needAttrOid) {
String subjectDN = getSubjectDN();
try {
LdapName dn = new LdapName(subjectDN);
List<Rdn> rdns = dn.getRdns();
for (Rdn rdn : rdns) {
String type = rdn.getType();
boolean isOid = type.contains(".");
boolean matched = (isOid ? type.equals(needAttrOid) : type.equals(needAttrName));
if (matched) {
Object value = rdn.getValue();
if (value == null) {
continue;
}
if (isOid) {
byte[] bytes = (byte[]) value;
ASN1InputStream decoder = null;
try {
decoder = new ASN1InputStream(bytes);
DEREncodable encoded = decoder.readObject();
DERIA5String str = DERIA5String.getInstance(encoded);
return str.getString();
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to decode " + type, e);
} finally {
ByteUtil.closeStream(decoder);
}
} else {
return value.toString();
}
}
}
} catch (InvalidNameException e) {
ZimbraLog.account.warn(LOG_PREFIX + "Invalid subject dn value" + subjectDN, e);
}
return null;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
InvalidNameException(javax.naming.InvalidNameException)
DEREncodable(org.bouncycastle.asn1.DEREncodable)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
IOException(java.io.IOException)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Example 14 with RDN
use of org.bouncycastle.asn1.x500.RDN in project jmeter by apache.
the class SMIMEAssertion method getEmailFromCert.
/**
* Extract email addresses from a certificate
*
* @param cert the X509 certificate holder
* @return a List of all email addresses found
* @throws CertificateException
*/
private static List<String> getEmailFromCert(X509CertificateHolder cert) throws CertificateException {
List<String> res = new ArrayList<>();
X500Name subject = cert.getSubject();
for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) {
for (AttributeTypeAndValue emailAttr : emails.getTypesAndValues()) {
if (log.isDebugEnabled()) {
log.debug("Add email from RDN: {}", IETFUtils.valueToString(emailAttr.getValue()));
}
res.add(IETFUtils.valueToString(emailAttr.getValue()));
}
}
Extension subjectAlternativeNames = cert.getExtension(Extension.subjectAlternativeName);
if (subjectAlternativeNames != null) {
for (GeneralName name : GeneralNames.getInstance(subjectAlternativeNames.getParsedValue()).getNames()) {
if (name.getTagNo() == GeneralName.rfc822Name) {
String email = IETFUtils.valueToString(name.getName());
log.debug("Add email from subjectAlternativeName: {}", email);
res.add(email);
}
}
}
return res;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
ArrayList(java.util.ArrayList)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 15 with RDN
use of org.bouncycastle.asn1.x500.RDN in project ddf by codice.
the class KeystoreEditor method addTrustedCertificateFromUrl.
@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
SSLSocket socket = null;
String decodedUrl = null;
List<Map<String, Object>> resultList = new ArrayList<>();
try {
decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
socket = createNonVerifyingSslSocket(decodedUrl);
socket.startHandshake();
X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
for (X509Certificate certificate : peerCertificateChain) {
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
trustStore.setCertificateEntry(cnStr, certificate);
resultList.add(Collections.singletonMap("success", true));
} catch (CertificateEncodingException e) {
resultList.add(Collections.singletonMap("success", false));
LOGGER.info("Unable to store certificate: {}", certificate.toString(), e);
}
}
Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
if (!trustStoreFile.isAbsolute()) {
Path ddfHomePath = Paths.get(System.getProperty("ddf.home"));
trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
}
String keyStorePassword = SecurityConstants.getTruststorePassword();
OutputStream fos = Files.newOutputStream(trustStoreFile);
trustStore.store(fos, keyStorePassword.toCharArray());
} catch (IOException | GeneralSecurityException e) {
LOGGER.info("Unable to add certificate(s) to trust store from URL: {}", (decodedUrl != null) ? decodedUrl : url, e);
} finally {
IOUtils.closeQuietly(socket);
}
return resultList;
}
Also used :
Path(java.nio.file.Path)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509Certificate(java.security.cert.X509Certificate)
Map(java.util.Map)
HashMap(java.util.HashMap)
RDN(org.bouncycastle.asn1.x500.RDN)
Aggregations
RDN (org.bouncycastle.asn1.x500.RDN)17
IOException (java.io.IOException)12
X509Certificate (java.security.cert.X509Certificate)12
X500Name (org.bouncycastle.asn1.x500.X500Name)12
KeyStoreException (java.security.KeyStoreException)8
InputStream (java.io.InputStream)7
KeyStore (java.security.KeyStore)7
CertificateException (java.security.cert.CertificateException)7
List (java.util.List)7
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
Principal (java.security.Principal)6
Map (java.util.Map)6
ImmutableList (com.google.common.collect.ImmutableList)5
ImmutableMap (com.google.common.collect.ImmutableMap)5
ImmutableSet (com.google.common.collect.ImmutableSet)5
SecurityAssertion (ddf.security.assertion.SecurityAssertion)5
ArrayList (java.util.ArrayList)5
Arrays (java.util.Arrays)5
Collections (java.util.Collections)5
