Example 6 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project ca3sCore by kuehne-trustable-de.
the class CertificateUtil method insertNameAttributes.
/**
* @param cert
* @param attributeName
* @param x500NameSubject
*/
public void insertNameAttributes(Certificate cert, String attributeName, X500Name x500NameSubject) {
try {
List<Rdn> rdnList = new LdapName(x500NameSubject.toString()).getRdns();
for (Rdn rdn : rdnList) {
String rdnExpression = rdn.getType().toLowerCase() + "=" + rdn.getValue().toString().toLowerCase().trim();
setCertMultiValueAttribute(cert, attributeName, rdnExpression);
}
} catch (InvalidNameException e) {
LOG.info("problem parsing RDN for {}", x500NameSubject);
}
for (RDN rdn : x500NameSubject.getRDNs()) {
for (org.bouncycastle.asn1.x500.AttributeTypeAndValue atv : rdn.getTypesAndValues()) {
String value = atv.getValue().toString().toLowerCase().trim();
setCertMultiValueAttribute(cert, attributeName, value);
String oid = atv.getType().getId().toLowerCase();
setCertMultiValueAttribute(cert, attributeName, oid + "=" + value);
if (!oid.equals(atv.getType().toString().toLowerCase())) {
setCertMultiValueAttribute(cert, attributeName, atv.getType().toString().toLowerCase() + "=" + value);
}
}
}
}
Also used :
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
InvalidNameException(javax.naming.InvalidNameException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
Rdn(javax.naming.ldap.Rdn)
RDN(org.bouncycastle.asn1.x500.RDN)
LdapName(javax.naming.ldap.LdapName)
Example 7 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project ca3sCore by kuehne-trustable-de.
the class CertificateUtil method addAdditionalCertificateAttributes.
/**
* @param x509Cert
* @param cert
* @throws CertificateParsingException
* @throws IOException
*/
public void addAdditionalCertificateAttributes(X509Certificate x509Cert, Certificate cert) throws CertificateParsingException, IOException {
int version = Integer.parseInt(getCertAttribute(cert, CertificateAttribute.ATTRIBUTE_ATTRIBUTES_VERSION, "0"));
if (version == 0) {
// extract signature algo
String keyAlgName = x509Cert.getPublicKey().getAlgorithm();
cert.setKeyAlgorithm(keyAlgName.toLowerCase());
AlgorithmInfo algorithmInfo = new AlgorithmInfo(x509Cert.getSigAlgName());
cert.setHashingAlgorithm(algorithmInfo.getHashAlgName());
cert.setPaddingAlgorithm(algorithmInfo.getPaddingAlgName());
cert.setSigningAlgorithm(algorithmInfo.getSigAlgName());
try {
String curveName = deriveCurveName(x509Cert.getPublicKey());
LOG.info("found curve name " + curveName + " for certificate '" + x509Cert.getSubjectX500Principal().getName() + "' with key algo " + keyAlgName);
cert.setCurveName(curveName.toLowerCase());
} catch (GeneralSecurityException e) {
if (keyAlgName.contains("ec")) {
LOG.info("unable to derive curve name for certificate '" + x509Cert.getSubjectX500Principal().getName() + "' with key algo " + keyAlgName);
}
}
String subject = x509Cert.getSubjectX500Principal().getName();
if (subject != null && subject.trim().length() > 0) {
try {
InetAddressValidator inv = InetAddressValidator.getInstance();
List<Rdn> rdnList = new LdapName(subject).getRdns();
for (Rdn rdn : rdnList) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
String cn = rdn.getValue().toString();
if (inv.isValid(cn)) {
LOG.debug("CN found IP in subject: '{}'", cn);
setCertMultiValueAttribute(cert, CsrAttribute.ATTRIBUTE_TYPED_VSAN, "IP:" + cn);
} else {
LOG.debug("CN found DNS name in subject: '{}'", cn);
setCertMultiValueAttribute(cert, CsrAttribute.ATTRIBUTE_TYPED_VSAN, "DNS:" + cn);
}
}
}
} catch (InvalidNameException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
String allSans = "";
// list all SANs
if (x509Cert.getSubjectAlternativeNames() != null) {
Collection<List<?>> altNames = x509Cert.getSubjectAlternativeNames();
if (altNames != null) {
for (List<?> altName : altNames) {
int altNameType = (Integer) altName.get(0);
String sanValue = "";
if (altName.get(1) instanceof String) {
sanValue = ((String) altName.get(1)).toLowerCase();
} else if (GeneralName.otherName == altNameType) {
// sanValue = "--other value--";
} else if (altName.get(1) instanceof byte[]) {
sanValue = new String((byte[]) (altName.get(1))).toLowerCase();
} else {
LOG.info("unexpected content type in SANS : {}", altName.get(1).toString());
}
if (allSans.length() > 0) {
allSans += ";";
}
allSans += sanValue;
setCertMultiValueAttribute(cert, CertificateAttribute.ATTRIBUTE_SAN, sanValue);
setCertMultiValueAttribute(cert, CsrAttribute.ATTRIBUTE_TYPED_SAN, getTypedSAN(altNameType, sanValue));
}
}
}
cert.setSans(CryptoUtil.limitLength(allSans, 250));
int keyLength = getAlignedKeyLength(x509Cert.getPublicKey());
cert.setKeyLength(keyLength);
List<String> crlUrls = getCrlDistributionPoints(x509Cert);
for (String crlUrl : crlUrls) {
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_CRL_URL, crlUrl);
}
String ocspUrl = getOCSPUrl(x509Cert);
if (ocspUrl != null) {
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_OCSP_URL, ocspUrl);
}
List<String> certificatePolicyIds = getCertificatePolicies(x509Cert);
for (String polId : certificatePolicyIds) {
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_POLICY_ID, polId);
}
}
if (version < 2) {
try {
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_FINGERPRINT_SHA1, DigestUtils.sha1Hex(x509Cert.getEncoded()).toLowerCase());
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_FINGERPRINT_SHA256, DigestUtils.sha3_256Hex(x509Cert.getEncoded()).toLowerCase());
} catch (CertificateEncodingException e) {
LOG.error("Problem getting encoded certificate '" + x509Cert.getSubjectX500Principal().getName() + "'", e);
}
try {
if (!cert.getSubject().trim().isEmpty()) {
X500Name x500Name = new X500Name(cert.getSubject());
for (RDN rdn : x500Name.getRDNs()) {
AttributeTypeAndValue[] attrTVArr = rdn.getTypesAndValues();
for (AttributeTypeAndValue attrTV : attrTVArr) {
String rdnReadableName = OidNameMapper.lookupOid(attrTV.getType().toString());
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_RDN_PREFIX + rdnReadableName.toUpperCase(), attrTV.getValue().toString());
}
}
}
} catch (IllegalArgumentException iae) {
LOG.error("Problem building X500Name for subject for certificate '" + x509Cert.getSubjectX500Principal().getName() + "'", iae);
}
}
if (version < CURRENT_ATTRIBUTES_VERSION) {
try {
String subjectRfc2253 = getNormalizedName(cert.getSubject());
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_SUBJECT_RFC_2253, subjectRfc2253, false);
} catch (InvalidNameException e) {
LOG.error("Problem building RFC 2253-styled subject for certificate '" + x509Cert.getSubjectX500Principal().getName() + "'", e);
}
setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_ATTRIBUTES_VERSION, "" + CURRENT_ATTRIBUTES_VERSION, false);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
AlgorithmInfo(de.trustable.util.AlgorithmInfo)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
InetAddressValidator(org.apache.commons.validator.routines.InetAddressValidator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
LdapName(javax.naming.ldap.LdapName)
InvalidNameException(javax.naming.InvalidNameException)
Rdn(javax.naming.ldap.Rdn)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 8 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project ca3sCore by kuehne-trustable-de.
the class PipelineUtil method isSubjectIP.
private boolean isSubjectIP(RDN[] rdnArr, List<String> messageList) {
for (RDN rdn : rdnArr) {
AttributeTypeAndValue atv = rdn.getFirst();
if (BCStyle.CN.equals(atv.getType())) {
String value = atv.getValue().toString().trim();
InetAddressValidator inv = InetAddressValidator.getInstance();
if (inv.isValidInet4Address(value)) {
messageList.add("CommonName '" + value + "' is a valid IP4 address");
return true;
}
if (inv.isValidInet6Address(value)) {
messageList.add("CommonName '" + value + "' is a valid IP6 address");
return true;
}
}
}
return false;
}
Also used :
InetAddressValidator(org.apache.commons.validator.routines.InetAddressValidator)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 9 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project Conversations by iNPUTmice.
the class XmppDomainVerifier method getCommonNames.
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
Also used :
ArrayList(java.util.ArrayList)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 10 with RDN
use of org.mozilla.jss.netscape.security.x509.RDN in project attestation by TokenScript.
the class IdentifierAttestation method makeLabeledURI.
/**
* @param label the label of the URL, similar to what is inside <a>...</a>
* @param URL the URL itself, similar to what is in <a href="...">, note that
* it should already be URLencoded therefore not containing space
*/
private X500Name makeLabeledURI(String label, String URL) {
DERUTF8String labeledURLValue = new DERUTF8String(URL + " " + label);
RDN rdn = new RDN(LABELED_URI, labeledURLValue);
return new X500Name(new RDN[] { rdn });
}
Also used :
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
X500Name(org.bouncycastle.asn1.x500.X500Name)
RDN(org.bouncycastle.asn1.x500.RDN)
Aggregations
RDN (org.bouncycastle.asn1.x500.RDN)120
X500Name (org.bouncycastle.asn1.x500.X500Name)75
IOException (java.io.IOException)25
X509Certificate (java.security.cert.X509Certificate)25
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)24
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)21
ArrayList (java.util.ArrayList)20
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)20
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)19
CertificateEncodingException (java.security.cert.CertificateEncodingException)18
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)17
List (java.util.List)16
DERIA5String (org.bouncycastle.asn1.DERIA5String)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15
CertificateException (java.security.cert.CertificateException)14
KeyStoreException (java.security.KeyStoreException)13
X500Principal (javax.security.auth.x500.X500Principal)13
InputStream (java.io.InputStream)12
KeyStore (java.security.KeyStore)12
Principal (java.security.Principal)11
