use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class ExtensionsChecker method checkExtensionSubjectAltName.
// method checkExtensionSubjectDirectoryAttributes
private void checkExtensionSubjectAltName(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl, X500Name requestedSubject) {
Set<GeneralNameMode> conf = certProfile.getSubjectAltNameModes();
GeneralName[] requested;
try {
requested = getRequestedSubjectAltNames(requestedSubject, requestedExtensions);
} catch (CertprofileException | BadCertTemplateException ex) {
String msg = "error while derive grantedSubject from requestedSubject";
LogUtil.warn(LOG, ex, msg);
failureMsg.append(msg);
return;
}
if (requested == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
GeneralName[] is = GeneralNames.getInstance(extensionValue).getNames();
GeneralName[] expected = new GeneralName[requested.length];
for (int i = 0; i < is.length; i++) {
try {
expected[i] = createGeneralName(is[i], conf);
} catch (BadCertTemplateException ex) {
failureMsg.append("could not process ").append(i + 1).append("-th name: ").append(ex.getMessage()).append("; ");
return;
}
}
if (is.length != expected.length) {
addViolation(failureMsg, "size of GeneralNames", is.length, expected.length);
return;
}
for (int i = 0; i < is.length; i++) {
if (!is[i].equals(expected[i])) {
failureMsg.append(i + 1).append("-th name does not match the requested one; ");
}
}
}
use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class ExtensionsChecker method getRequestedSubjectAltNames.
// method checkExtensionSubjectAltName
private GeneralName[] getRequestedSubjectAltNames(X500Name requestedSubject, Extensions requestedExtensions) throws CertprofileException, BadCertTemplateException {
ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName);
Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes = certProfile.getSubjectToSubjectAltNameModes();
if (extValue == null && subjectToSubjectAltNameModes == null) {
return null;
}
GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue);
Set<GeneralNameMode> subjectAltNameModes = certProfile.getSubjectAltNameModes();
if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) {
return (reqNames == null) ? null : reqNames.getNames();
}
List<GeneralName> grantedNames = new LinkedList<>();
// copy the required attributes of Subject
if (subjectToSubjectAltNameModes != null) {
X500Name grantedSubject;
try {
grantedSubject = certProfile.getSubject(requestedSubject).getGrantedSubject();
} catch (CertprofileException | BadCertTemplateException ex) {
if (certProfile.getSpecialCertprofileBehavior() == null) {
throw ex;
}
LogUtil.warn(LOG, ex, "could not derive granted subject from requested subject");
grantedSubject = requestedSubject;
}
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType);
RDN[] rdns = grantedSubject.getRDNs(attrType);
if (rdns == null) {
rdns = requestedSubject.getRDNs(attrType);
}
if (rdns == null) {
continue;
}
for (RDN rdn : rdns) {
String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue());
switch(tag) {
case rfc822Name:
case dNSName:
case uniformResourceIdentifier:
case iPAddress:
case directoryName:
case registeredID:
grantedNames.add(new GeneralName(tag.getTag(), rdnValue));
break;
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
}
}
// copy the requested SubjectAltName entries
if (reqNames != null) {
GeneralName[] reqL = reqNames.getNames();
for (int i = 0; i < reqL.length; i++) {
grantedNames.add(reqL[i]);
}
}
return grantedNames.isEmpty() ? null : grantedNames.toArray(new GeneralName[0]);
}
use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class XmlX509CertprofileUtil method buildGeneralNameMode.
// method buildPolicyConstrains
public static Set<GeneralNameMode> buildGeneralNameMode(GeneralNameType name) throws CertprofileException {
ParamUtil.requireNonNull("name", name);
Set<GeneralNameMode> ret = new HashSet<>();
if (name.getOtherName() != null) {
List<OidWithDescType> list = name.getOtherName().getType();
Set<ASN1ObjectIdentifier> set = new HashSet<>();
for (OidWithDescType entry : list) {
set.add(new ASN1ObjectIdentifier(entry.getValue()));
}
ret.add(new GeneralNameMode(GeneralNameTag.otherName, set));
}
if (name.getRfc822Name() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.rfc822Name));
}
if (name.getDnsName() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.dNSName));
}
if (name.getDirectoryName() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.directoryName));
}
if (name.getEdiPartyName() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.ediPartyName));
}
if (name.getUniformResourceIdentifier() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.uniformResourceIdentifier));
}
if (name.getIpAddress() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.iPAddress));
}
if (name.getRegisteredID() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.registeredID));
}
if (ret.isEmpty()) {
throw new CertprofileException("GeneralNameType must not be empty");
}
return ret;
}
Aggregations