Examples with Extension - org.bouncycastle.asn1.x509.Extension

Example 96 with Extension

use of org.bouncycastle.asn1.x509.Extension in project zm-mailbox by Zimbra.

the class CertUtil method getSubjectAltNameOtherNameUPN.

String getSubjectAltNameOtherNameUPN() {
    Collection<List<?>> generalNames = null;
    try {
        generalNames = cert.getSubjectAlternativeNames();
    } catch (CertificateParsingException e) {
        ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
    }
    if (generalNames == null) {
        return null;
    }
    ASN1InputStream decoder = null;
    try {
        // Check that the certificate includes the SubjectAltName extension
        for (List<?> generalName : generalNames) {
            Integer tag = (Integer) generalName.get(0);
            if (GeneralName.otherName == tag.intValue()) {
                // Value is encoded using ASN.1
                decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
                DEREncodable encoded = decoder.readObject();
                DERSequence derSeq = (DERSequence) encoded;
                DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
                String oid = typeId.getId();
                String value = null;
                ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
                if (OID_UPN.equals(oid)) {
                    ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
                    DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
                    value = str.getString();
                    return value;
                }
            }
        }
    } catch (IOException e) {
        ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
    } finally {
        ByteUtil.closeStream(decoder);
    }
    return null;
}

Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) CertificateParsingException(java.security.cert.CertificateParsingException) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) DEREncodable(org.bouncycastle.asn1.DEREncodable) List(java.util.List)

Example 97 with Extension

use of org.bouncycastle.asn1.x509.Extension in project jmeter by apache.

the class SMIMEAssertion method getEmailFromCert.

/**
     * Extract email addresses from a certificate
     * 
     * @param cert the X509 certificate holder
     * @return a List of all email addresses found
     * @throws CertificateException
     */
private static List<String> getEmailFromCert(X509CertificateHolder cert) throws CertificateException {
    List<String> res = new ArrayList<>();
    X500Name subject = cert.getSubject();
    for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) {
        for (AttributeTypeAndValue emailAttr : emails.getTypesAndValues()) {
            if (log.isDebugEnabled()) {
                log.debug("Add email from RDN: {}", IETFUtils.valueToString(emailAttr.getValue()));
            }
            res.add(IETFUtils.valueToString(emailAttr.getValue()));
        }
    }
    Extension subjectAlternativeNames = cert.getExtension(Extension.subjectAlternativeName);
    if (subjectAlternativeNames != null) {
        for (GeneralName name : GeneralNames.getInstance(subjectAlternativeNames.getParsedValue()).getNames()) {
            if (name.getTagNo() == GeneralName.rfc822Name) {
                String email = IETFUtils.valueToString(name.getName());
                log.debug("Add email from subjectAlternativeName: {}", email);
                res.add(email);
            }
        }
    }
    return res;
}

Also used : Extension(org.bouncycastle.asn1.x509.Extension) ArrayList(java.util.ArrayList) X500Name(org.bouncycastle.asn1.x500.X500Name) GeneralName(org.bouncycastle.asn1.x509.GeneralName) RDN(org.bouncycastle.asn1.x500.RDN) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Aggregations

IOException (java.io.IOException)52 Enumeration (java.util.Enumeration)37 ArrayList (java.util.ArrayList)36 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)36 List (java.util.List)35 CertPathValidatorException (java.security.cert.CertPathValidatorException)34 X509Certificate (java.security.cert.X509Certificate)34 GeneralSecurityException (java.security.GeneralSecurityException)33 CertificateExpiredException (java.security.cert.CertificateExpiredException)31 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)31 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)31 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)31 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)28 CertPathBuilderException (java.security.cert.CertPathBuilderException)26 Extension (org.bouncycastle.asn1.x509.Extension)25 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)22 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)22 HashSet (java.util.HashSet)21 Set (java.util.Set)21 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)20