Example 56 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project keystore-explorer by kaikramer.
the class X509Ext method getDistributionPointNameString.
private String getDistributionPointNameString(DistributionPointName distributionPointName, String baseIndent) throws IOException {
// @formatter:off
/*
* DistributionPointName ::= CHOICE {
* fullname [0] GeneralNames,
* nameRelativeToCRLIssuer [1] RelativeDistinguishedName
* }
*
* RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF
* AttributeTypeAndValue
*
* AttributeTypeAndValue ::= ASN1Sequence { type AttributeType, value
* AttributeValue }
*/
// @formatter: on
StringBuilder sb = new StringBuilder();
sb.append(baseIndent);
sb.append(res.getString("DistributionPointName"));
sb.append(NEWLINE);
if (distributionPointName.getType() == DistributionPointName.FULL_NAME) {
sb.append(baseIndent);
sb.append(INDENT);
sb.append(res.getString("DistributionPointFullName"));
sb.append(NEWLINE);
GeneralNames generalNames = GeneralNames.getInstance(distributionPointName.getName());
for (GeneralName generalName : generalNames.getNames()) {
sb.append(baseIndent);
sb.append(INDENT);
sb.append(INDENT);
sb.append(GeneralNameUtil.toString(generalName));
sb.append(NEWLINE);
}
} else {
// DistributionPointName.TAG_NAMERELATIVETOCRLISSUER
sb.append(baseIndent);
sb.append(INDENT);
sb.append(res.getString("DistributionPointNameRelativeToCrlIssuer"));
sb.append(NEWLINE);
RDN rdn = RDN.getInstance(distributionPointName.getName());
for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
ASN1ObjectIdentifier attributeType = attributeTypeAndValue.getType();
ASN1Encodable attributeValue = attributeTypeAndValue.getValue();
String attributeTypeStr = getAttributeTypeString(attributeType);
String attributeValueStr = getAttributeValueString(attributeType, attributeValue);
sb.append(baseIndent);
sb.append(INDENT);
sb.append(INDENT);
sb.append(MessageFormat.format("{0}={1}", attributeTypeStr, attributeValueStr));
sb.append(NEWLINE);
}
}
return sb.toString();
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 57 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project keystore-explorer by kaikramer.
the class X500NameUtils method getRdn.
/**
* Returns the (first) value of the (first) RDN of type rdnOid
*
* @param dn The X500Name
* @param rdnOid OID of wanted RDN
* @return Value of requested RDN
*/
public static String getRdn(X500Name dn, ASN1ObjectIdentifier rdnOid) {
if (dn == null || rdnOid == null) {
return "";
}
RDN[] rdns = dn.getRDNs(rdnOid);
String value = "";
if (rdns.length > 0) {
RDN rdn = rdns[0];
value = rdn.getFirst().getValue().toString();
}
return value;
}
Also used :
RDN(org.bouncycastle.asn1.x500.RDN)
Example 58 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project Pix-Art-Messenger by kriztan.
the class XmppDomainVerifier method getCommonNames.
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
Also used :
ArrayList(java.util.ArrayList)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 59 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project nifi-registry by apache.
the class CertificateUtils method reorderDn.
/**
* Reorders DN to the order the elements appear in the RFC 2253 table
*
* https://www.ietf.org/rfc/rfc2253.txt
*
* String X.500 AttributeType
* ------------------------------
* CN commonName
* L localityName
* ST stateOrProvinceName
* O organizationName
* OU organizationalUnitName
* C countryName
* STREET streetAddress
* DC domainComponent
* UID userid
*
* @param dn a possibly unordered DN
* @return the ordered dn
*/
public static String reorderDn(String dn) {
RDN[] rdNs = new X500Name(dn).getRDNs();
Arrays.sort(rdNs, new Comparator<RDN>() {
@Override
public int compare(RDN o1, RDN o2) {
AttributeTypeAndValue o1First = o1.getFirst();
AttributeTypeAndValue o2First = o2.getFirst();
ASN1ObjectIdentifier o1Type = o1First.getType();
ASN1ObjectIdentifier o2Type = o2First.getType();
Integer o1Rank = dnOrderMap.get(o1Type);
Integer o2Rank = dnOrderMap.get(o2Type);
if (o1Rank == null) {
if (o2Rank == null) {
int idComparison = o1Type.getId().compareTo(o2Type.getId());
if (idComparison != 0) {
return idComparison;
}
return String.valueOf(o1Type).compareTo(String.valueOf(o2Type));
}
return 1;
} else if (o2Rank == null) {
return -1;
}
return o1Rank - o2Rank;
}
});
return new X500Name(rdNs).toString();
}
Also used :
BigInteger(java.math.BigInteger)
X500Name(org.bouncycastle.asn1.x500.X500Name)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 60 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project open-ecard by ecsec.
the class HostnameVerifier method validInt.
private void validInt(Certificate cert, String hostOrIp) throws CertificateVerificationException {
boolean success = false;
boolean isIPAddr = IPAddress.isValid(hostOrIp);
// check hostname against Subject CN
if (!isIPAddr) {
RDN[] cn = cert.getSubject().getRDNs(BCStrictStyle.CN);
if (cn.length != 0) {
// CN is always a string type
String hostNameReference = cn[0].getFirst().getValue().toString();
success = checkWildcardName(hostOrIp, hostNameReference);
} else {
LOG.debug("No CN entry in certificate's Subject.");
}
} else {
LOG.debug("Given name is an IP Address. Validation relies solely on the SubjectAlternativeName.");
}
// stop execution when we found a valid name
if (success) {
return;
}
// evaluate subject alternative name
Extensions ext = cert.getTBSCertificate().getExtensions();
Extension subjAltExt = ext.getExtension(Extension.subjectAlternativeName);
if (subjAltExt != null) {
// extract SubjAltName from Extensions
GeneralNames gns = GeneralNames.fromExtensions(ext, Extension.subjectAlternativeName);
GeneralName[] names = gns.getNames();
for (GeneralName name : names) {
ASN1Encodable reference = name.getName();
switch(name.getTagNo()) {
case GeneralName.dNSName:
if (!isIPAddr) {
success = checkWildcardName(hostOrIp, reference.toString());
}
break;
case GeneralName.iPAddress:
if (isIPAddr) {
// TODO: validate IP Addresses
LOG.warn("IP Address verification not supported.");
}
break;
default:
LOG.debug("Unsupported GeneralName ({}) tag in SubjectAlternativeName.", name.getTagNo());
}
// stop execution when we found a valid name
if (success) {
return;
}
}
}
// evaluate result
if (!success) {
String errorMsg = "Hostname in certificate differs from actually requested host.";
throw new CertificateVerificationException(errorMsg);
}
}
Also used :
Extension(org.openecard.bouncycastle.asn1.x509.Extension)
GeneralNames(org.openecard.bouncycastle.asn1.x509.GeneralNames)
CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException)
GeneralName(org.openecard.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.openecard.bouncycastle.asn1.ASN1Encodable)
Extensions(org.openecard.bouncycastle.asn1.x509.Extensions)
RDN(org.openecard.bouncycastle.asn1.x500.RDN)
Aggregations
RDN (org.bouncycastle.asn1.x500.RDN)55
X500Name (org.bouncycastle.asn1.x500.X500Name)33
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18
ArrayList (java.util.ArrayList)15
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15
X509Certificate (java.security.cert.X509Certificate)13
DERIA5String (org.bouncycastle.asn1.DERIA5String)13
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13
IOException (java.io.IOException)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)12
LinkedList (java.util.LinkedList)10
DEROctetString (org.bouncycastle.asn1.DEROctetString)10
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)10
KeyStoreException (java.security.KeyStoreException)8
List (java.util.List)8
InputStream (java.io.InputStream)7
KeyStore (java.security.KeyStore)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
CertificateException (java.security.cert.CertificateException)7
