Example 51 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project xipki by xipki.
the class IdentifiedX509Certprofile method getSubject.
public SubjectInfo getSubject(X500Name requestedSubject) throws CertprofileException, BadCertTemplateException {
SubjectInfo subjectInfo = certprofile.getSubject(requestedSubject);
RDN[] countryRdns = subjectInfo.getGrantedSubject().getRDNs(ObjectIdentifiers.DN_C);
if (countryRdns != null) {
for (RDN rdn : countryRdns) {
String textValue = IETFUtils.valueToString(rdn.getFirst().getValue());
if (!SubjectDnSpec.isValidCountryAreaCode(textValue)) {
throw new BadCertTemplateException("invalid country/area code '" + textValue + "'");
}
}
}
return subjectInfo;
}
Also used :
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
SubjectInfo(org.xipki.ca.api.profile.x509.SubjectInfo)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 52 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project xipki by xipki.
the class X509Util method getCommonName.
public static String getCommonName(X500Name name) {
ParamUtil.requireNonNull("name", name);
RDN[] rdns = name.getRDNs(ObjectIdentifiers.DN_CN);
if (rdns != null && rdns.length > 0) {
RDN rdn = rdns[0];
AttributeTypeAndValue atv = null;
if (rdn.isMultiValued()) {
for (AttributeTypeAndValue m : rdn.getTypesAndValues()) {
if (m.getType().equals(ObjectIdentifiers.DN_CN)) {
atv = m;
break;
}
}
} else {
atv = rdn.getFirst();
}
return (atv == null) ? null : rdnValueToString(atv.getValue());
}
return null;
}
Also used :
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 53 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project xipki by xipki.
the class ExtensionsChecker method getRequestedSubjectAltNames.
// method checkExtensionSubjectAltName
private GeneralName[] getRequestedSubjectAltNames(X500Name requestedSubject, Extensions requestedExtensions) throws CertprofileException, BadCertTemplateException {
ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes = certProfile.getSubjectToSubjectAltNameModes();
if (extValue == null && subjectToSubjectAltNameModes == null) {
return null;
}
GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
Set<GeneralNameMode> subjectAltNameModes = certProfile.getSubjectAltNameModes();
if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
return (reqNames == null) ? null : reqNames.getNames();
}
List<GeneralName> grantedNames = new LinkedList<>();
// copy the required attributes of Subject
if (subjectToSubjectAltNameModes != null) {
X500Name grantedSubject;
try {
grantedSubject = certProfile.getSubject(requestedSubject).getGrantedSubject();
} catch (CertprofileException | BadCertTemplateException ex) {
if (certProfile.getSpecialCertprofileBehavior() == null) {
throw ex;
}
LogUtil.warn(LOG, ex, "could not derive granted subject from requested subject");
grantedSubject = requestedSubject;
}
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
RDN[] rdns = grantedSubject.getRDNs(attrType);
if (rdns == null) {
rdns = requestedSubject.getRDNs(attrType);
}
if (rdns == null) {
continue;
}
for (RDN rdn : rdns) {
String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
switch(tag) {
case rfc822Name:
case dNSName:
case uniformResourceIdentifier:
case iPAddress:
case directoryName:
case registeredID:
grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
break;
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
}
}
// copy the requested SubjectAltName entries
if (reqNames != null) {
GeneralName[] reqL = reqNames.getNames();
for (int i = 0; i < reqL.length; i++) {
grantedNames.add(reqL[i]);
}
}
return grantedNames.isEmpty() ? null : grantedNames.toArray(new GeneralName[0]);
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
LinkedList(java.util.LinkedList)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 54 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project xipki by xipki.
the class SubjectChecker method checkSubjectAttributeNotMultiValued.
private ValidationIssue checkSubjectAttributeNotMultiValued(ASN1ObjectIdentifier type, X500Name subject, X500Name requestedSubject) throws BadCertTemplateException {
ValidationIssue issue = createSubjectIssue(type);
// control
RdnControl rdnControl = subjectControl.getControl(type);
int minOccurs = (rdnControl == null) ? 0 : rdnControl.getMinOccurs();
int maxOccurs = (rdnControl == null) ? 0 : rdnControl.getMaxOccurs();
RDN[] rdns = subject.getRDNs(type);
int rdnsSize = (rdns == null) ? 0 : rdns.length;
if (rdnsSize < minOccurs || rdnsSize > maxOccurs) {
issue.setFailureMessage("number of RDNs '" + rdnsSize + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
return issue;
}
RDN[] requestedRdns = requestedSubject.getRDNs(type);
if (rdnsSize == 0) {
// check optional attribute but is present in requestedSubject
if (maxOccurs > 0 && requestedRdns != null && requestedRdns.length > 0) {
issue.setFailureMessage("is absent but expected present");
}
return issue;
}
StringBuilder failureMsg = new StringBuilder();
// check the encoding
StringType stringType = null;
if (rdnControl != null) {
stringType = rdnControl.getStringType();
}
List<String> requestedCoreAtvTextValues = new LinkedList<>();
if (requestedRdns != null) {
for (RDN requestedRdn : requestedRdns) {
String textValue = getRdnTextValueOfRequest(requestedRdn);
requestedCoreAtvTextValues.add(textValue);
}
if (rdnControl != null && rdnControl.getPatterns() != null) {
// sort the requestedRDNs
requestedCoreAtvTextValues = sort(requestedCoreAtvTextValues, rdnControl.getPatterns());
}
}
if (rdns == null) {
// return always false, only to make the null checker happy
return issue;
}
for (int i = 0; i < rdns.length; i++) {
RDN rdn = rdns[i];
AttributeTypeAndValue[] atvs = rdn.getTypesAndValues();
if (atvs.length > 1) {
failureMsg.append("size of RDN[" + i + "] is '" + atvs.length + "' but expected '1'");
failureMsg.append("; ");
continue;
}
String atvTextValue = getAtvValueString("RDN[" + i + "]", atvs[0], stringType, failureMsg);
if (atvTextValue == null) {
continue;
}
checkAttributeTypeAndValue("RDN[" + i + "]", type, atvTextValue, rdnControl, requestedCoreAtvTextValues, i, failureMsg);
}
int len = failureMsg.length();
if (len > 2) {
failureMsg.delete(len - 2, len);
issue.setFailureMessage(failureMsg.toString());
}
return issue;
}
Also used :
RdnControl(org.xipki.ca.api.profile.RdnControl)
StringType(org.xipki.ca.api.profile.StringType)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERT61String(org.bouncycastle.asn1.DERT61String)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ValidationIssue(org.xipki.common.qa.ValidationIssue)
RDN(org.bouncycastle.asn1.x500.RDN)
LinkedList(java.util.LinkedList)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
Example 55 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project xipki by xipki.
the class SubjectChecker method checkSubject.
public List<ValidationIssue> checkSubject(X500Name subject, X500Name requestedSubject) {
ParamUtil.requireNonNull("subject", subject);
ParamUtil.requireNonNull("requestedSubject", requestedSubject);
// collect subject attribute types to check
Set<ASN1ObjectIdentifier> oids = new HashSet<>();
for (ASN1ObjectIdentifier oid : subjectControl.getTypes()) {
oids.add(oid);
}
for (ASN1ObjectIdentifier oid : subject.getAttributeTypes()) {
oids.add(oid);
}
List<ValidationIssue> result = new LinkedList<>();
ValidationIssue issue = new ValidationIssue("X509.SUBJECT.group", "X509 subject RDN group");
result.add(issue);
if (CollectionUtil.isNonEmpty(subjectControl.getGroups())) {
Set<String> groups = new HashSet<>(subjectControl.getGroups());
for (String g : groups) {
boolean toBreak = false;
RDN rdn = null;
for (ASN1ObjectIdentifier type : subjectControl.getTypesForGroup(g)) {
RDN[] rdns = subject.getRDNs(type);
if (rdns == null || rdns.length == 0) {
continue;
}
if (rdns.length > 1) {
issue.setFailureMessage("AttributeTypeAndValues of group " + g + " is not in one RDN");
toBreak = true;
break;
}
if (rdn == null) {
rdn = rdns[0];
} else if (rdn != rdns[0]) {
issue.setFailureMessage("AttributeTypeAndValues of group " + g + " is not in one RDN");
toBreak = true;
break;
}
}
if (toBreak) {
break;
}
}
}
for (ASN1ObjectIdentifier type : oids) {
ValidationIssue valIssue;
try {
valIssue = checkSubjectAttribute(type, subject, requestedSubject);
} catch (BadCertTemplateException ex) {
valIssue = new ValidationIssue("X509.SUBJECT.REQUEST", "Subject in request");
valIssue.setFailureMessage(ex.getMessage());
}
result.add(valIssue);
}
return result;
}
Also used :
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERT61String(org.bouncycastle.asn1.DERT61String)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ValidationIssue(org.xipki.common.qa.ValidationIssue)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
LinkedList(java.util.LinkedList)
HashSet(java.util.HashSet)
Aggregations
RDN (org.bouncycastle.asn1.x500.RDN)55
X500Name (org.bouncycastle.asn1.x500.X500Name)33
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18
ArrayList (java.util.ArrayList)15
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15
X509Certificate (java.security.cert.X509Certificate)13
DERIA5String (org.bouncycastle.asn1.DERIA5String)13
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13
IOException (java.io.IOException)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)12
LinkedList (java.util.LinkedList)10
DEROctetString (org.bouncycastle.asn1.DEROctetString)10
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)10
KeyStoreException (java.security.KeyStoreException)8
List (java.util.List)8
InputStream (java.io.InputStream)7
KeyStore (java.security.KeyStore)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
CertificateException (java.security.cert.CertificateException)7
