Example 6 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project robovm by robovm.
the class DNParser method parse.
/**
* Parses DN
*
* @return a list of Relative Distinguished Names(RDN),
* each RDN is represented as a list of AttributeTypeAndValue objects
*/
public List<List<AttributeTypeAndValue>> parse() throws IOException {
List<List<AttributeTypeAndValue>> list = new ArrayList<List<AttributeTypeAndValue>>();
String attType = nextAT();
if (attType == null) {
//empty list of RDNs
return list;
}
ObjectIdentifier oid = AttributeTypeAndValue.getObjectIdentifier(attType);
List<AttributeTypeAndValue> atav = new ArrayList<AttributeTypeAndValue>();
while (true) {
if (pos == chars.length) {
//empty Attribute Value
atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
list.add(0, atav);
return list;
}
switch(chars[pos]) {
case '"':
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(quotedAV(), hasQE, oid)));
break;
case '#':
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(hexAV(), encoded)));
break;
case '+':
case ',':
case // compatibility with RFC 1779: semicolon can separate RDNs
';':
//empty attribute value
atav.add(new AttributeTypeAndValue(oid, new AttributeValue("", false, oid)));
break;
default:
atav.add(new AttributeTypeAndValue(oid, new AttributeValue(escapedAV(), hasQE, oid)));
}
if (pos >= chars.length) {
list.add(0, atav);
return list;
}
if (chars[pos] == ',' || chars[pos] == ';') {
list.add(0, atav);
atav = new ArrayList<AttributeTypeAndValue>();
} else if (chars[pos] != '+') {
throw new IOException("Invalid distinguished name string");
}
pos++;
attType = nextAT();
if (attType == null) {
throw new IOException("Invalid distinguished name string");
}
oid = AttributeTypeAndValue.getObjectIdentifier(attType);
}
}
Also used :
AttributeValue(org.apache.harmony.security.x501.AttributeValue)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
ObjectIdentifier(org.apache.harmony.security.utils.ObjectIdentifier)
Example 7 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project xipki by xipki.
the class BaseX509Certprofile method getSubject.
@Override
public SubjectInfo getSubject(X500Name requestedSubject) throws CertprofileException, BadCertTemplateException {
ParamUtil.requireNonNull("requestedSubject", requestedSubject);
verifySubjectDnOccurence(requestedSubject);
RDN[] requstedRdns = requestedSubject.getRDNs();
SubjectControl scontrol = getSubjectControl();
List<RDN> rdns = new LinkedList<>();
for (ASN1ObjectIdentifier type : scontrol.getTypes()) {
RdnControl control = scontrol.getControl(type);
if (control == null) {
continue;
}
RDN[] thisRdns = getRdns(requstedRdns, type);
if (thisRdns == null) {
continue;
}
int len = thisRdns.length;
if (len == 0) {
continue;
}
if (ObjectIdentifiers.DN_EmailAddress.equals(type)) {
throw new BadCertTemplateException("emailAddress is not allowed");
}
if (len == 1) {
ASN1Encodable rdnValue = thisRdns[0].getFirst().getValue();
RDN rdn;
if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
rdn = createDateOfBirthRdn(type, rdnValue);
} else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
rdn = createPostalAddressRdn(type, rdnValue, control, 0);
} else {
String value = X509Util.rdnValueToString(rdnValue);
rdn = createSubjectRdn(value, type, control, 0);
}
if (rdn != null) {
rdns.add(rdn);
}
} else {
if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
for (int i = 0; i < len; i++) {
RDN rdn = createDateOfBirthRdn(type, thisRdns[i].getFirst().getValue());
rdns.add(rdn);
}
} else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
for (int i = 0; i < len; i++) {
RDN rdn = createPostalAddressRdn(type, thisRdns[i].getFirst().getValue(), control, i);
rdns.add(rdn);
}
} else {
String[] values = new String[len];
for (int i = 0; i < len; i++) {
values[i] = X509Util.rdnValueToString(thisRdns[i].getFirst().getValue());
}
values = sortRdns(control, values);
int idx = 0;
for (String value : values) {
rdns.add(createSubjectRdn(value, type, control, idx++));
}
}
// if
}
// if
}
// for
Set<String> subjectDnGroups = scontrol.getGroups();
if (CollectionUtil.isNonEmpty(subjectDnGroups)) {
Set<String> consideredGroups = new HashSet<>();
final int n = rdns.size();
List<RDN> newRdns = new ArrayList<>(rdns.size());
for (int i = 0; i < n; i++) {
RDN rdn = rdns.get(i);
ASN1ObjectIdentifier type = rdn.getFirst().getType();
String group = scontrol.getGroup(type);
if (group == null) {
newRdns.add(rdn);
} else if (!consideredGroups.contains(group)) {
List<AttributeTypeAndValue> atvs = new LinkedList<>();
atvs.add(rdn.getFirst());
for (int j = i + 1; j < n; j++) {
RDN rdn2 = rdns.get(j);
ASN1ObjectIdentifier type2 = rdn2.getFirst().getType();
String group2 = scontrol.getGroup(type2);
if (group.equals(group2)) {
atvs.add(rdn2.getFirst());
}
}
newRdns.add(new RDN(atvs.toArray(new AttributeTypeAndValue[0])));
consideredGroups.add(group);
}
}
// for
rdns = newRdns;
}
// if
X500Name grantedSubject = new X500Name(rdns.toArray(new RDN[0]));
return new SubjectInfo(grantedSubject, null);
}
Also used :
ArrayList(java.util.ArrayList)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
LinkedList(java.util.LinkedList)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
RdnControl(org.xipki.ca.api.profile.RdnControl)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
HashSet(java.util.HashSet)
Example 8 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project xipki by xipki.
the class X509Util method canonicalizName.
public static String canonicalizName(X500Name name) {
ParamUtil.requireNonNull("name", name);
ASN1ObjectIdentifier[] tmpTypes = name.getAttributeTypes();
int len = tmpTypes.length;
List<String> types = new ArrayList<>(len);
for (ASN1ObjectIdentifier type : tmpTypes) {
types.add(type.getId());
}
Collections.sort(types);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < len; i++) {
String type = types.get(i);
if (i > 0) {
sb.append(",");
}
sb.append(type).append("=");
RDN[] rdns = name.getRDNs(new ASN1ObjectIdentifier(type));
List<String> values = new ArrayList<>(1);
for (int j = 0; j < rdns.length; j++) {
RDN rdn = rdns[j];
if (rdn.isMultiValued()) {
AttributeTypeAndValue[] atvs = rdn.getTypesAndValues();
for (AttributeTypeAndValue atv : atvs) {
if (type.equals(atv.getType().getId())) {
String textValue = IETFUtils.valueToString(atv.getValue()).toLowerCase();
values.add(textValue);
}
}
} else {
String textValue = IETFUtils.valueToString(rdn.getFirst().getValue()).toLowerCase();
values.add(textValue);
}
}
// end for(j)
sb.append(values.get(0));
final int n2 = values.size();
if (n2 > 1) {
for (int j = 1; j < n2; j++) {
sb.append(";").append(values.get(j));
}
}
}
return sb.toString();
}
Also used :
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 9 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project xipki by xipki.
the class SubjectChecker method checkSubjectAttributeMultiValued.
// method checkSubjectAttributeNotMultiValued
private ValidationIssue checkSubjectAttributeMultiValued(ASN1ObjectIdentifier type, X500Name subject, X500Name requestedSubject) throws BadCertTemplateException {
ValidationIssue issue = createSubjectIssue(type);
RDN[] rdns = subject.getRDNs(type);
int rdnsSize = (rdns == null) ? 0 : rdns.length;
RDN[] requestedRdns = requestedSubject.getRDNs(type);
if (rdnsSize != 1) {
if (rdnsSize == 0) {
// check optional attribute but is present in requestedSubject
if (requestedRdns != null && requestedRdns.length > 0) {
issue.setFailureMessage("is absent but expected present");
}
} else {
issue.setFailureMessage("number of RDNs '" + rdnsSize + "' is not 1");
}
return issue;
}
// control
final RdnControl rdnControl = subjectControl.getControl(type);
// check the encoding
StringType stringType = null;
if (rdnControl != null) {
stringType = rdnControl.getStringType();
}
List<String> requestedCoreAtvTextValues = new LinkedList<>();
if (requestedRdns != null) {
for (RDN requestedRdn : requestedRdns) {
String textValue = getRdnTextValueOfRequest(requestedRdn);
requestedCoreAtvTextValues.add(textValue);
}
if (rdnControl != null && rdnControl.getPatterns() != null) {
// sort the requestedRDNs
requestedCoreAtvTextValues = sort(requestedCoreAtvTextValues, rdnControl.getPatterns());
}
}
if (rdns == null) {
// return always false, only to make the null checker happy
return issue;
}
StringBuilder failureMsg = new StringBuilder();
AttributeTypeAndValue[] li = rdns[0].getTypesAndValues();
List<AttributeTypeAndValue> atvs = new LinkedList<>();
for (AttributeTypeAndValue m : li) {
if (type.equals(m.getType())) {
atvs.add(m);
}
}
final int atvsSize = atvs.size();
int minOccurs = (rdnControl == null) ? 0 : rdnControl.getMinOccurs();
int maxOccurs = (rdnControl == null) ? 0 : rdnControl.getMaxOccurs();
if (atvsSize < minOccurs || atvsSize > maxOccurs) {
issue.setFailureMessage("number of AttributeTypeAndValuess '" + atvsSize + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
return issue;
}
for (int i = 0; i < atvsSize; i++) {
AttributeTypeAndValue atv = atvs.get(i);
String atvTextValue = getAtvValueString("AttributeTypeAndValue[" + i + "]", atv, stringType, failureMsg);
if (atvTextValue == null) {
continue;
}
checkAttributeTypeAndValue("AttributeTypeAndValue[" + i + "]", type, atvTextValue, rdnControl, requestedCoreAtvTextValues, i, failureMsg);
}
int len = failureMsg.length();
if (len > 2) {
failureMsg.delete(len - 2, len);
issue.setFailureMessage(failureMsg.toString());
}
return issue;
}
Also used :
StringType(org.xipki.ca.api.profile.StringType)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERT61String(org.bouncycastle.asn1.DERT61String)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ValidationIssue(org.xipki.common.qa.ValidationIssue)
LinkedList(java.util.LinkedList)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
RdnControl(org.xipki.ca.api.profile.RdnControl)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 10 with AttributeTypeAndValue
use of org.openecard.bouncycastle.asn1.x500.AttributeTypeAndValue in project keystore-explorer by kaikramer.
the class RdnPanelList method getRdns.
public List<RDN> getRdns(boolean noEmptyRdns) {
List<RDN> rdns = new ArrayList<RDN>();
for (RdnPanel rdnPanel : entries) {
ASN1ObjectIdentifier attrType = OidDisplayNameMapping.getOidForDisplayName(rdnPanel.getAttributeName());
if (noEmptyRdns && StringUtils.trimAndConvertEmptyToNull(rdnPanel.getAttributeValue()) == null) {
continue;
}
ASN1Encodable attrValue = KseX500NameStyle.INSTANCE.stringToValue(attrType, rdnPanel.getAttributeValue());
rdns.add(new RDN(new AttributeTypeAndValue(attrType, attrValue)));
}
return rdns;
}
Also used :
ArrayList(java.util.ArrayList)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Aggregations
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13
RDN (org.bouncycastle.asn1.x500.RDN)12
IOException (java.io.IOException)8
ArrayList (java.util.ArrayList)8
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7
X500Name (org.bouncycastle.asn1.x500.X500Name)7
AttributeTypeAndValue (org.apache.harmony.security.x501.AttributeTypeAndValue)6
BigInteger (java.math.BigInteger)5
List (java.util.List)5
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)5
GeneralSecurityException (java.security.GeneralSecurityException)3
MessageDigest (java.security.MessageDigest)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Signature (java.security.Signature)3
Certificate (java.security.cert.Certificate)3
X509Certificate (java.security.cert.X509Certificate)3
LinkedList (java.util.LinkedList)3
X500Principal (javax.security.auth.x500.X500Principal)3
BerInputStream (org.apache.harmony.security.asn1.BerInputStream)3
