Search in sources :

Example 6 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project robovm by robovm.

the class DNParser method parse.

/**
     * Parses DN
     *
     * @return a list of Relative Distinguished Names(RDN),
     *         each RDN is represented as a list of AttributeTypeAndValue objects
     */
public List<List<AttributeTypeAndValue>> parse() throws IOException {
    List<List<AttributeTypeAndValue>> list = new ArrayList<List<AttributeTypeAndValue>>();
    String attType = nextAT();
    if (attType == null) {
        //empty list of RDNs
        return list;
    }
    ObjectIdentifier oid = AttributeTypeAndValue.getObjectIdentifier(attType);
    List<AttributeTypeAndValue> atav = new ArrayList<AttributeTypeAndValue>();
    while (true) {
        if (pos == chars.length) {
            //empty Attribute Value
            atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
            list.add(0, atav);
            return list;
        }
        switch(chars[pos]) {
            case '"':
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(quotedAV(), hasQE, oid)));
                break;
            case '#':
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(hexAV(), encoded)));
                break;
            case '+':
            case ',':
            case // compatibility with RFC 1779: semicolon can separate RDNs
            ';':
                //empty attribute value
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
                break;
            default:
                atav.add(new AttributeTypeAndValue(oid, new AttributeValue(escapedAV(), hasQE, oid)));
        }
        if (pos >= chars.length) {
            list.add(0, atav);
            return list;
        }
        if (chars[pos] == ',' || chars[pos] == ';') {
            list.add(0, atav);
            atav = new ArrayList<AttributeTypeAndValue>();
        } else if (chars[pos] != '+') {
            throw new IOException("Invalid distinguished name string");
        }
        pos++;
        attType = nextAT();
        if (attType == null) {
            throw new IOException("Invalid distinguished name string");
        }
        oid = AttributeTypeAndValue.getObjectIdentifier(attType);
    }
}
Also used : AttributeValue(org.apache.harmony.security.x501.AttributeValue) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) IOException(java.io.IOException) AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue) ObjectIdentifier(org.apache.harmony.security.utils.ObjectIdentifier)

Example 7 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project xipki by xipki.

the class BaseX509Certprofile method getSubject.

@Override
public SubjectInfo getSubject(X500Name requestedSubject) throws CertprofileException, BadCertTemplateException {
    ParamUtil.requireNonNull("requestedSubject", requestedSubject);
    verifySubjectDnOccurence(requestedSubject);
    RDN[] requstedRdns = requestedSubject.getRDNs();
    SubjectControl scontrol = getSubjectControl();
    List<RDN> rdns = new LinkedList<>();
    for (ASN1ObjectIdentifier type : scontrol.getTypes()) {
        RdnControl control = scontrol.getControl(type);
        if (control == null) {
            continue;
        }
        RDN[] thisRdns = getRdns(requstedRdns, type);
        if (thisRdns == null) {
            continue;
        }
        int len = thisRdns.length;
        if (len == 0) {
            continue;
        }
        if (ObjectIdentifiers.DN_EmailAddress.equals(type)) {
            throw new BadCertTemplateException("emailAddress is not allowed");
        }
        if (len == 1) {
            ASN1Encodable rdnValue = thisRdns[0].getFirst().getValue();
            RDN rdn;
            if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
                rdn = createDateOfBirthRdn(type, rdnValue);
            } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
                rdn = createPostalAddressRdn(type, rdnValue, control, 0);
            } else {
                String value = X509Util.rdnValueToString(rdnValue);
                rdn = createSubjectRdn(value, type, control, 0);
            }
            if (rdn != null) {
                rdns.add(rdn);
            }
        } else {
            if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
                for (int i = 0; i < len; i++) {
                    RDN rdn = createDateOfBirthRdn(type, thisRdns[i].getFirst().getValue());
                    rdns.add(rdn);
                }
            } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
                for (int i = 0; i < len; i++) {
                    RDN rdn = createPostalAddressRdn(type, thisRdns[i].getFirst().getValue(), control, i);
                    rdns.add(rdn);
                }
            } else {
                String[] values = new String[len];
                for (int i = 0; i < len; i++) {
                    values[i] = X509Util.rdnValueToString(thisRdns[i].getFirst().getValue());
                }
                values = sortRdns(control, values);
                int idx = 0;
                for (String value : values) {
                    rdns.add(createSubjectRdn(value, type, control, idx++));
                }
            }
        // if
        }
    // if
    }
    // for
    Set<String> subjectDnGroups = scontrol.getGroups();
    if (CollectionUtil.isNonEmpty(subjectDnGroups)) {
        Set<String> consideredGroups = new HashSet<>();
        final int n = rdns.size();
        List<RDN> newRdns = new ArrayList<>(rdns.size());
        for (int i = 0; i < n; i++) {
            RDN rdn = rdns.get(i);
            ASN1ObjectIdentifier type = rdn.getFirst().getType();
            String group = scontrol.getGroup(type);
            if (group == null) {
                newRdns.add(rdn);
            } else if (!consideredGroups.contains(group)) {
                List<AttributeTypeAndValue> atvs = new LinkedList<>();
                atvs.add(rdn.getFirst());
                for (int j = i + 1; j < n; j++) {
                    RDN rdn2 = rdns.get(j);
                    ASN1ObjectIdentifier type2 = rdn2.getFirst().getType();
                    String group2 = scontrol.getGroup(type2);
                    if (group.equals(group2)) {
                        atvs.add(rdn2.getFirst());
                    }
                }
                newRdns.add(new RDN(atvs.toArray(new AttributeTypeAndValue[0])));
                consideredGroups.add(group);
            }
        }
        // for
        rdns = newRdns;
    }
    // if
    X500Name grantedSubject = new X500Name(rdns.toArray(new RDN[0]));
    return new SubjectInfo(grantedSubject, null);
}
Also used : ArrayList(java.util.ArrayList) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) X500Name(org.bouncycastle.asn1.x500.X500Name) LinkedList(java.util.LinkedList) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) RdnControl(org.xipki.ca.api.profile.RdnControl) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) List(java.util.List) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Example 8 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project xipki by xipki.

the class X509Util method canonicalizName.

public static String canonicalizName(X500Name name) {
    ParamUtil.requireNonNull("name", name);
    ASN1ObjectIdentifier[] tmpTypes = name.getAttributeTypes();
    int len = tmpTypes.length;
    List<String> types = new ArrayList<>(len);
    for (ASN1ObjectIdentifier type : tmpTypes) {
        types.add(type.getId());
    }
    Collections.sort(types);
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < len; i++) {
        String type = types.get(i);
        if (i > 0) {
            sb.append(",");
        }
        sb.append(type).append("=");
        RDN[] rdns = name.getRDNs(new ASN1ObjectIdentifier(type));
        List<String> values = new ArrayList<>(1);
        for (int j = 0; j < rdns.length; j++) {
            RDN rdn = rdns[j];
            if (rdn.isMultiValued()) {
                AttributeTypeAndValue[] atvs = rdn.getTypesAndValues();
                for (AttributeTypeAndValue atv : atvs) {
                    if (type.equals(atv.getType().getId())) {
                        String textValue = IETFUtils.valueToString(atv.getValue()).toLowerCase();
                        values.add(textValue);
                    }
                }
            } else {
                String textValue = IETFUtils.valueToString(rdn.getFirst().getValue()).toLowerCase();
                values.add(textValue);
            }
        }
        // end for(j)
        sb.append(values.get(0));
        final int n2 = values.size();
        if (n2 > 1) {
            for (int j = 1; j < n2; j++) {
                sb.append(";").append(values.get(j));
            }
        }
    }
    return sb.toString();
}
Also used : ArrayList(java.util.ArrayList) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Example 9 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project xipki by xipki.

the class SubjectChecker method checkSubjectAttributeMultiValued.

// method checkSubjectAttributeNotMultiValued
private ValidationIssue checkSubjectAttributeMultiValued(ASN1ObjectIdentifier type, X500Name subject, X500Name requestedSubject) throws BadCertTemplateException {
    ValidationIssue issue = createSubjectIssue(type);
    RDN[] rdns = subject.getRDNs(type);
    int rdnsSize = (rdns == null) ? 0 : rdns.length;
    RDN[] requestedRdns = requestedSubject.getRDNs(type);
    if (rdnsSize != 1) {
        if (rdnsSize == 0) {
            // check optional attribute but is present in requestedSubject
            if (requestedRdns != null && requestedRdns.length > 0) {
                issue.setFailureMessage("is absent but expected present");
            }
        } else {
            issue.setFailureMessage("number of RDNs '" + rdnsSize + "' is not 1");
        }
        return issue;
    }
    // control
    final RdnControl rdnControl = subjectControl.getControl(type);
    // check the encoding
    StringType stringType = null;
    if (rdnControl != null) {
        stringType = rdnControl.getStringType();
    }
    List<String> requestedCoreAtvTextValues = new LinkedList<>();
    if (requestedRdns != null) {
        for (RDN requestedRdn : requestedRdns) {
            String textValue = getRdnTextValueOfRequest(requestedRdn);
            requestedCoreAtvTextValues.add(textValue);
        }
        if (rdnControl != null && rdnControl.getPatterns() != null) {
            // sort the requestedRDNs
            requestedCoreAtvTextValues = sort(requestedCoreAtvTextValues, rdnControl.getPatterns());
        }
    }
    if (rdns == null) {
        // return always false, only to make the null checker happy
        return issue;
    }
    StringBuilder failureMsg = new StringBuilder();
    AttributeTypeAndValue[] li = rdns[0].getTypesAndValues();
    List<AttributeTypeAndValue> atvs = new LinkedList<>();
    for (AttributeTypeAndValue m : li) {
        if (type.equals(m.getType())) {
            atvs.add(m);
        }
    }
    final int atvsSize = atvs.size();
    int minOccurs = (rdnControl == null) ? 0 : rdnControl.getMinOccurs();
    int maxOccurs = (rdnControl == null) ? 0 : rdnControl.getMaxOccurs();
    if (atvsSize < minOccurs || atvsSize > maxOccurs) {
        issue.setFailureMessage("number of AttributeTypeAndValuess '" + atvsSize + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
        return issue;
    }
    for (int i = 0; i < atvsSize; i++) {
        AttributeTypeAndValue atv = atvs.get(i);
        String atvTextValue = getAtvValueString("AttributeTypeAndValue[" + i + "]", atv, stringType, failureMsg);
        if (atvTextValue == null) {
            continue;
        }
        checkAttributeTypeAndValue("AttributeTypeAndValue[" + i + "]", type, atvTextValue, rdnControl, requestedCoreAtvTextValues, i, failureMsg);
    }
    int len = failureMsg.length();
    if (len > 2) {
        failureMsg.delete(len - 2, len);
        issue.setFailureMessage(failureMsg.toString());
    }
    return issue;
}
Also used : StringType(org.xipki.ca.api.profile.StringType) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ValidationIssue(org.xipki.common.qa.ValidationIssue) LinkedList(java.util.LinkedList) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) RdnControl(org.xipki.ca.api.profile.RdnControl) RDN(org.bouncycastle.asn1.x500.RDN)

Example 10 with AttributeTypeAndValue

use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project keystore-explorer by kaikramer.

the class RdnPanelList method getRdns.

public List<RDN> getRdns(boolean noEmptyRdns) {
    List<RDN> rdns = new ArrayList<RDN>();
    for (RdnPanel rdnPanel : entries) {
        ASN1ObjectIdentifier attrType = OidDisplayNameMapping.getOidForDisplayName(rdnPanel.getAttributeName());
        if (noEmptyRdns && StringUtils.trimAndConvertEmptyToNull(rdnPanel.getAttributeValue()) == null) {
            continue;
        }
        ASN1Encodable attrValue = KseX500NameStyle.INSTANCE.stringToValue(attrType, rdnPanel.getAttributeValue());
        rdns.add(new RDN(new AttributeTypeAndValue(attrType, attrValue)));
    }
    return rdns;
}
Also used : ArrayList(java.util.ArrayList) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Aggregations

AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13 RDN (org.bouncycastle.asn1.x500.RDN)12 IOException (java.io.IOException)8 ArrayList (java.util.ArrayList)8 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7 X500Name (org.bouncycastle.asn1.x500.X500Name)7 AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)6 BigInteger (java.math.BigInteger)5 List (java.util.List)5 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)5 GeneralSecurityException (java.security.GeneralSecurityException)3 MessageDigest (java.security.MessageDigest)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 Signature (java.security.Signature)3 Certificate (java.security.cert.Certificate)3 X509Certificate (java.security.cert.X509Certificate)3 LinkedList (java.util.LinkedList)3 X500Principal (javax.security.auth.x500.X500Principal)3 BerInputStream (org.apache.harmony.security.asn1.BerInputStream)3