Example 1 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project bitcoinj by bitcoinj.
the class X509Utils method getDisplayNameFromCertificate.
/**
* Returns either a string that "sums up" the certificate for humans, in a similar manner to what you might see
* in a web browser, or null if one cannot be extracted. This will typically be the common name (CN) field, but
* can also be the org (O) field, org+location+country if withLocation is set, or the email
* address for S/MIME certificates.
*/
@Nullable
public static String getDisplayNameFromCertificate(@Nonnull X509Certificate certificate, boolean withLocation) throws CertificateParsingException {
X500Name name = new X500Name(certificate.getSubjectX500Principal().getName());
String commonName = null, org = null, location = null, country = null;
for (RDN rdn : name.getRDNs()) {
AttributeTypeAndValue pair = rdn.getFirst();
String val = ((ASN1String) pair.getValue()).getString();
ASN1ObjectIdentifier type = pair.getType();
if (type.equals(RFC4519Style.cn))
commonName = val;
else if (type.equals(RFC4519Style.o))
org = val;
else if (type.equals(RFC4519Style.l))
location = val;
else if (type.equals(RFC4519Style.c))
country = val;
}
final Collection<List<?>> subjectAlternativeNames = certificate.getSubjectAlternativeNames();
String altName = null;
if (subjectAlternativeNames != null)
for (final List<?> subjectAlternativeName : subjectAlternativeNames) if (// rfc822name
(Integer) subjectAlternativeName.get(0) == 1)
altName = (String) subjectAlternativeName.get(1);
if (org != null) {
return withLocation ? Joiner.on(", ").skipNulls().join(org, location, country) : org;
} else if (commonName != null) {
return commonName;
} else {
return altName;
}
}
Also used :
List(java.util.List)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1String(org.bouncycastle.asn1.ASN1String)
ASN1String(org.bouncycastle.asn1.ASN1String)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Nullable(javax.annotation.Nullable)
Example 2 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentity method getTransportCertificateCn.
/**
* Return the unique TppIdentifier. This can be overridden for different ApiClientIdentity types. For example,
* OBWacs should use the NCA registration ID found in the organisationIdentifier (oid 2.5.4.97) of the subject
* Name in the certificate. For an OB Transport (legacy OB Directory issued certs) we might need to use the OU
* field from the certificate subject....
* @return a UID for the TPP.
*/
public String getTransportCertificateCn() {
try {
X509Certificate transportCert = getTransportCertificate();
if (transportCert != null) {
X500Name x500name = new JcaX509CertificateHolder(transportCert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnString = IETFUtils.valueToString(cn.getFirst().getValue());
return cnString;
} else {
log.info("getTppIdentifier() No certificates available from authentication; '{}'", authentication);
throw new ApiClientException("No certificates available from request");
}
} catch (CertificateEncodingException | ApiClientException e) {
log.info("getTransportCertificateCn() failed to get CN from transport certificate. X509Authentication; {}", authentication, e);
return null;
}
}
Also used :
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project openbanking-aspsp by OpenBankingToolkit.
the class X509CertificateHelper method getCn.
public static String getCn(X509Certificate x509Certificate) {
try {
X500Name x500name = new JcaX509CertificateHolder(x509Certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(cn.getFirst().getValue());
} catch (CertificateEncodingException e) {
return null;
}
}
Also used :
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 4 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project jss by dogtagpki.
the class ExtPrettyPrint method getIssuingDistributionPointExtension.
/**
* String Representation of IssuerAlternativeName Extension
*/
private String getIssuingDistributionPointExtension() {
StringBuffer sb = new StringBuffer();
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUING_DIST_POINT) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
IssuingDistributionPointExtension ext = (IssuingDistributionPointExtension) mExt;
IssuingDistributionPoint issuingDistributionPoint = ext.getIssuingDistributionPoint();
if (issuingDistributionPoint != null) {
GeneralNames fullNames = issuingDistributionPoint.getFullName();
RDN relativeName = issuingDistributionPoint.getRelativeName();
if (fullNames != null || relativeName != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n");
if (fullNames != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n");
for (int i = 0; i < fullNames.size(); i++) {
GeneralName fullName = (GeneralName) fullNames.elementAt(i);
if (fullName != null) {
sb.append(pp.indent(mIndentSize + 12) + fullName.toString() + "\n");
}
}
}
if (relativeName != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + relativeName.toString() + "\n");
}
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_USER_CERTS));
if (issuingDistributionPoint.getOnlyContainsUserCerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_CA_CERTS));
if (issuingDistributionPoint.getOnlyContainsCACerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
BitArray onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
if (onlySomeReasons != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS));
sb.append("0x" + pp.toHexString(onlySomeReasons.toByteArray()));
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_INDIRECT_CRL));
if (issuingDistributionPoint.getIndirectCRL()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
}
return sb.toString();
}
Also used :
IssuingDistributionPointExtension(org.mozilla.jss.netscape.security.x509.IssuingDistributionPointExtension)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames)
GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName)
RDN(org.mozilla.jss.netscape.security.x509.RDN)
CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
Example 5 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project ca3sCore by kuehne-trustable-de.
the class CaCmpConnector method buildCertRequest.
/**
* @param certReqId
* @param csr
* @param hmacSecret
* @return PKIMessage
* @throws GeneralSecurityException
*/
public PKIMessage buildCertRequest(long certReqId, final CSR csr, final String hmacSecret) throws GeneralSecurityException {
// read the pem csr and verify the signature
PKCS10CertificationRequest p10Req;
try {
p10Req = cryptoUtil.parseCertificateRequest(csr.getCsrBase64()).getP10Req();
} catch (IOException e) {
LOGGER.error("parsing csr", e);
throw new GeneralSecurityException(e.getMessage());
}
List<RDN> rdnList = new ArrayList<>();
for (de.trustable.ca3s.core.domain.RDN rdnDao : csr.getRdns()) {
LOGGER.debug("rdnDao : " + rdnDao.getRdnAttributes());
List<AttributeTypeAndValue> attrTVList = new ArrayList<AttributeTypeAndValue>();
if (rdnDao != null && rdnDao.getRdnAttributes() != null) {
for (RDNAttribute rdnAttr : rdnDao.getRdnAttributes()) {
ASN1ObjectIdentifier aoi = new ASN1ObjectIdentifier(rdnAttr.getAttributeType());
ASN1Encodable ae = new DERUTF8String(rdnAttr.getAttributeValue());
AttributeTypeAndValue attrTV = new AttributeTypeAndValue(aoi, ae);
attrTVList.add(attrTV);
}
}
RDN rdn = new RDN(attrTVList.toArray(new AttributeTypeAndValue[attrTVList.size()]));
LOGGER.debug("rdn : " + rdn.size() + " elements");
rdnList.add(rdn);
}
X500Name subjectDN = new X500Name(rdnList.toArray(new RDN[rdnList.size()]));
LOGGER.debug("subjectDN : " + subjectDN);
Collection<Extension> certExtList = new ArrayList<>();
// copy CSR attributes to Extension list
for (Attribute attribute : p10Req.getAttributes()) {
for (ASN1Encodable asn1Encodable : attribute.getAttributeValues()) {
if (asn1Encodable != null) {
try {
Extensions extensions = Extensions.getInstance(asn1Encodable);
for (ASN1ObjectIdentifier oid : extensions.getExtensionOIDs()) {
LOGGER.debug("copying oid '" + oid.toString() + "' from csr to PKIMessage");
certExtList.add(extensions.getExtension(oid));
}
} catch (IllegalArgumentException iae) {
LOGGER.debug("processing asn1 value '" + asn1Encodable + "' caused exception", iae);
}
}
}
}
final SubjectPublicKeyInfo keyInfo = p10Req.getSubjectPublicKeyInfo();
return cryptoUtil.buildCertRequest(certReqId, subjectDN, certExtList, keyInfo, hmacSecret);
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
RDNAttribute(de.trustable.ca3s.core.domain.RDNAttribute)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
RDNAttribute(de.trustable.ca3s.core.domain.RDNAttribute)
CsrAttribute(de.trustable.ca3s.core.domain.CsrAttribute)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
RDN (org.bouncycastle.asn1.x500.RDN)120
X500Name (org.bouncycastle.asn1.x500.X500Name)75
IOException (java.io.IOException)25
X509Certificate (java.security.cert.X509Certificate)25
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)24
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)21
ArrayList (java.util.ArrayList)20
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)20
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)19
CertificateEncodingException (java.security.cert.CertificateEncodingException)18
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)17
List (java.util.List)16
DERIA5String (org.bouncycastle.asn1.DERIA5String)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15
CertificateException (java.security.cert.CertificateException)14
KeyStoreException (java.security.KeyStoreException)13
X500Principal (javax.security.auth.x500.X500Principal)13
InputStream (java.io.InputStream)12
KeyStore (java.security.KeyStore)12
Principal (java.security.Principal)11
