Search in sources :

Example 1 with RdnControl

use of org.xipki.ca.api.profile.RdnControl in project xipki by xipki.

the class BaseX509Certprofile method verifySubjectDnOccurence.

protected void verifySubjectDnOccurence(X500Name requestedSubject) throws BadCertTemplateException {
    ParamUtil.requireNonNull("requestedSubject", requestedSubject);
    SubjectControl occurences = getSubjectControl();
    if (occurences == null) {
        return;
    }
    ASN1ObjectIdentifier[] types = requestedSubject.getAttributeTypes();
    for (ASN1ObjectIdentifier type : types) {
        RdnControl occu = occurences.getControl(type);
        if (occu == null) {
            throw new BadCertTemplateException(String.format("subject DN of type %s is not allowed", oidToDisplayName(type)));
        }
        RDN[] rdns = requestedSubject.getRDNs(type);
        if (rdns.length > occu.getMaxOccurs() || rdns.length < occu.getMinOccurs()) {
            throw new BadCertTemplateException(String.format("occurrence of subject DN of type %s not within the allowed range. " + "%d is not within [%d, %d]", oidToDisplayName(type), rdns.length, occu.getMinOccurs(), occu.getMaxOccurs()));
        }
    }
    for (ASN1ObjectIdentifier m : occurences.getTypes()) {
        RdnControl occurence = occurences.getControl(m);
        if (occurence.getMinOccurs() == 0) {
            continue;
        }
        boolean present = false;
        for (ASN1ObjectIdentifier type : types) {
            if (occurence.getType().equals(type)) {
                present = true;
                break;
            }
        }
        if (!present) {
            throw new BadCertTemplateException(String.format("required subject DN of type %s is not present", oidToDisplayName(occurence.getType())));
        }
    }
}
Also used : RdnControl(org.xipki.ca.api.profile.RdnControl) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with RdnControl

use of org.xipki.ca.api.profile.RdnControl in project xipki by xipki.

the class BaseX509Certprofile method getSubject.

@Override
public SubjectInfo getSubject(X500Name requestedSubject) throws CertprofileException, BadCertTemplateException {
    ParamUtil.requireNonNull("requestedSubject", requestedSubject);
    verifySubjectDnOccurence(requestedSubject);
    RDN[] requstedRdns = requestedSubject.getRDNs();
    SubjectControl scontrol = getSubjectControl();
    List<RDN> rdns = new LinkedList<>();
    for (ASN1ObjectIdentifier type : scontrol.getTypes()) {
        RdnControl control = scontrol.getControl(type);
        if (control == null) {
            continue;
        }
        RDN[] thisRdns = getRdns(requstedRdns, type);
        if (thisRdns == null) {
            continue;
        }
        int len = thisRdns.length;
        if (len == 0) {
            continue;
        }
        if (ObjectIdentifiers.DN_EmailAddress.equals(type)) {
            throw new BadCertTemplateException("emailAddress is not allowed");
        }
        if (len == 1) {
            ASN1Encodable rdnValue = thisRdns[0].getFirst().getValue();
            RDN rdn;
            if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
                rdn = createDateOfBirthRdn(type, rdnValue);
            } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
                rdn = createPostalAddressRdn(type, rdnValue, control, 0);
            } else {
                String value = X509Util.rdnValueToString(rdnValue);
                rdn = createSubjectRdn(value, type, control, 0);
            }
            if (rdn != null) {
                rdns.add(rdn);
            }
        } else {
            if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
                for (int i = 0; i < len; i++) {
                    RDN rdn = createDateOfBirthRdn(type, thisRdns[i].getFirst().getValue());
                    rdns.add(rdn);
                }
            } else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
                for (int i = 0; i < len; i++) {
                    RDN rdn = createPostalAddressRdn(type, thisRdns[i].getFirst().getValue(), control, i);
                    rdns.add(rdn);
                }
            } else {
                String[] values = new String[len];
                for (int i = 0; i < len; i++) {
                    values[i] = X509Util.rdnValueToString(thisRdns[i].getFirst().getValue());
                }
                values = sortRdns(control, values);
                int idx = 0;
                for (String value : values) {
                    rdns.add(createSubjectRdn(value, type, control, idx++));
                }
            }
        // if
        }
    // if
    }
    // for
    Set<String> subjectDnGroups = scontrol.getGroups();
    if (CollectionUtil.isNonEmpty(subjectDnGroups)) {
        Set<String> consideredGroups = new HashSet<>();
        final int n = rdns.size();
        List<RDN> newRdns = new ArrayList<>(rdns.size());
        for (int i = 0; i < n; i++) {
            RDN rdn = rdns.get(i);
            ASN1ObjectIdentifier type = rdn.getFirst().getType();
            String group = scontrol.getGroup(type);
            if (group == null) {
                newRdns.add(rdn);
            } else if (!consideredGroups.contains(group)) {
                List<AttributeTypeAndValue> atvs = new LinkedList<>();
                atvs.add(rdn.getFirst());
                for (int j = i + 1; j < n; j++) {
                    RDN rdn2 = rdns.get(j);
                    ASN1ObjectIdentifier type2 = rdn2.getFirst().getType();
                    String group2 = scontrol.getGroup(type2);
                    if (group.equals(group2)) {
                        atvs.add(rdn2.getFirst());
                    }
                }
                newRdns.add(new RDN(atvs.toArray(new AttributeTypeAndValue[0])));
                consideredGroups.add(group);
            }
        }
        // for
        rdns = newRdns;
    }
    // if
    X500Name grantedSubject = new X500Name(rdns.toArray(new RDN[0]));
    return new SubjectInfo(grantedSubject, null);
}
Also used : ArrayList(java.util.ArrayList) ASN1String(org.bouncycastle.asn1.ASN1String) DERUniversalString(org.bouncycastle.asn1.DERUniversalString) X500Name(org.bouncycastle.asn1.x500.X500Name) LinkedList(java.util.LinkedList) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) RdnControl(org.xipki.ca.api.profile.RdnControl) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) List(java.util.List) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) RDN(org.bouncycastle.asn1.x500.RDN) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Example 3 with RdnControl

use of org.xipki.ca.api.profile.RdnControl in project xipki by xipki.

the class SubjectChecker method checkSubjectAttributeMultiValued.

// method checkSubjectAttributeNotMultiValued
private ValidationIssue checkSubjectAttributeMultiValued(ASN1ObjectIdentifier type, X500Name subject, X500Name requestedSubject) throws BadCertTemplateException {
    ValidationIssue issue = createSubjectIssue(type);
    RDN[] rdns = subject.getRDNs(type);
    int rdnsSize = (rdns == null) ? 0 : rdns.length;
    RDN[] requestedRdns = requestedSubject.getRDNs(type);
    if (rdnsSize != 1) {
        if (rdnsSize == 0) {
            // check optional attribute but is present in requestedSubject
            if (requestedRdns != null && requestedRdns.length > 0) {
                issue.setFailureMessage("is absent but expected present");
            }
        } else {
            issue.setFailureMessage("number of RDNs '" + rdnsSize + "' is not 1");
        }
        return issue;
    }
    // control
    final RdnControl rdnControl = subjectControl.getControl(type);
    // check the encoding
    StringType stringType = null;
    if (rdnControl != null) {
        stringType = rdnControl.getStringType();
    }
    List<String> requestedCoreAtvTextValues = new LinkedList<>();
    if (requestedRdns != null) {
        for (RDN requestedRdn : requestedRdns) {
            String textValue = getRdnTextValueOfRequest(requestedRdn);
            requestedCoreAtvTextValues.add(textValue);
        }
        if (rdnControl != null && rdnControl.getPatterns() != null) {
            // sort the requestedRDNs
            requestedCoreAtvTextValues = sort(requestedCoreAtvTextValues, rdnControl.getPatterns());
        }
    }
    if (rdns == null) {
        // return always false, only to make the null checker happy
        return issue;
    }
    StringBuilder failureMsg = new StringBuilder();
    AttributeTypeAndValue[] li = rdns[0].getTypesAndValues();
    List<AttributeTypeAndValue> atvs = new LinkedList<>();
    for (AttributeTypeAndValue m : li) {
        if (type.equals(m.getType())) {
            atvs.add(m);
        }
    }
    final int atvsSize = atvs.size();
    int minOccurs = (rdnControl == null) ? 0 : rdnControl.getMinOccurs();
    int maxOccurs = (rdnControl == null) ? 0 : rdnControl.getMaxOccurs();
    if (atvsSize < minOccurs || atvsSize > maxOccurs) {
        issue.setFailureMessage("number of AttributeTypeAndValuess '" + atvsSize + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
        return issue;
    }
    for (int i = 0; i < atvsSize; i++) {
        AttributeTypeAndValue atv = atvs.get(i);
        String atvTextValue = getAtvValueString("AttributeTypeAndValue[" + i + "]", atv, stringType, failureMsg);
        if (atvTextValue == null) {
            continue;
        }
        checkAttributeTypeAndValue("AttributeTypeAndValue[" + i + "]", type, atvTextValue, rdnControl, requestedCoreAtvTextValues, i, failureMsg);
    }
    int len = failureMsg.length();
    if (len > 2) {
        failureMsg.delete(len - 2, len);
        issue.setFailureMessage(failureMsg.toString());
    }
    return issue;
}
Also used : StringType(org.xipki.ca.api.profile.StringType) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ValidationIssue(org.xipki.common.qa.ValidationIssue) LinkedList(java.util.LinkedList) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) RdnControl(org.xipki.ca.api.profile.RdnControl) RDN(org.bouncycastle.asn1.x500.RDN)

Example 4 with RdnControl

use of org.xipki.ca.api.profile.RdnControl in project xipki by xipki.

the class XmlX509Certprofile method initialize0.

// method initialize
private void initialize0(X509ProfileType conf) throws CertprofileException {
    if (conf.getVersion() != null) {
        String versionText = conf.getVersion();
        this.version = X509CertVersion.forName(versionText);
        if (this.version == null) {
            throw new CertprofileException(String.format("invalid version '%s'", versionText));
        }
    } else {
        this.version = X509CertVersion.v3;
    }
    if (conf.getSignatureAlgorithms() != null) {
        List<String> algoNames = conf.getSignatureAlgorithms().getAlgorithm();
        List<String> list = new ArrayList<>(algoNames.size());
        for (String algoName : algoNames) {
            try {
                list.add(AlgorithmUtil.canonicalizeSignatureAlgo(algoName));
            } catch (NoSuchAlgorithmException ex) {
                throw new CertprofileException(ex.getMessage(), ex);
            }
        }
        this.signatureAlgorithms = Collections.unmodifiableList(list);
    }
    this.raOnly = conf.isRaOnly();
    this.maxSize = conf.getMaxSize();
    this.validity = CertValidity.getInstance(conf.getValidity());
    String str = conf.getCertLevel();
    if ("RootCA".equalsIgnoreCase(str)) {
        this.certLevel = X509CertLevel.RootCA;
    } else if ("SubCA".equalsIgnoreCase(str)) {
        this.certLevel = X509CertLevel.SubCA;
    } else if ("EndEntity".equalsIgnoreCase(str)) {
        this.certLevel = X509CertLevel.EndEntity;
    } else {
        throw new CertprofileException("invalid CertLevel '" + str + "'");
    }
    str = conf.getNotBeforeTime();
    if ("midnight".equalsIgnoreCase(str)) {
        this.notBeforeMidnight = true;
    } else if ("current".equalsIgnoreCase(str)) {
        this.notBeforeMidnight = false;
    } else {
        throw new CertprofileException("invalid notBefore '" + str + "'");
    }
    String specBehavior = conf.getSpecialBehavior();
    if (specBehavior != null) {
        this.specialBehavior = SpecialX509CertprofileBehavior.forName(specBehavior);
    }
    this.duplicateKeyPermitted = conf.isDuplicateKey();
    this.serialNumberInReqPermitted = conf.isSerialNumberInReq();
    // KeyAlgorithms
    KeyAlgorithms keyAlgos = conf.getKeyAlgorithms();
    if (keyAlgos != null) {
        this.keyAlgorithms = XmlX509CertprofileUtil.buildKeyAlgorithms(keyAlgos);
    }
    // parameters
    Parameters confParams = conf.getParameters();
    if (confParams == null) {
        parameters = null;
    } else {
        Map<String, String> tmpMap = new HashMap<>();
        for (NameValueType nv : confParams.getParameter()) {
            tmpMap.put(nv.getName(), nv.getValue());
        }
        parameters = Collections.unmodifiableMap(tmpMap);
    }
    // Subject
    Subject subject = conf.getSubject();
    duplicateSubjectPermitted = subject.isDuplicateSubjectPermitted();
    List<RdnControl> subjectDnControls = new LinkedList<>();
    for (RdnType rdn : subject.getRdn()) {
        ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(rdn.getType().getValue());
        List<Pattern> patterns = null;
        if (CollectionUtil.isNonEmpty(rdn.getRegex())) {
            patterns = new LinkedList<>();
            for (String regex : rdn.getRegex()) {
                Pattern pattern = Pattern.compile(regex);
                patterns.add(pattern);
            }
        }
        if (patterns == null) {
            Pattern pattern = SubjectDnSpec.getPattern(type);
            if (pattern != null) {
                patterns = Arrays.asList(pattern);
            }
        }
        Range range = (rdn.getMinLen() != null || rdn.getMaxLen() != null) ? new Range(rdn.getMinLen(), rdn.getMaxLen()) : null;
        RdnControl rdnControl = new RdnControl(type, rdn.getMinOccurs(), rdn.getMaxOccurs());
        subjectDnControls.add(rdnControl);
        StringType stringType = XmlX509CertprofileUtil.convertStringType(rdn.getStringType());
        rdnControl.setStringType(stringType);
        rdnControl.setStringLengthRange(range);
        rdnControl.setPatterns(patterns);
        rdnControl.setPrefix(rdn.getPrefix());
        rdnControl.setSuffix(rdn.getSuffix());
        rdnControl.setGroup(rdn.getGroup());
        SubjectDnSpec.fixRdnControl(rdnControl);
    }
    this.subjectControl = new SubjectControl(subjectDnControls, subject.isKeepRdnOrder());
    this.incSerialNoIfSubjectExists = subject.isIncSerialNumber();
    // Extensions
    ExtensionsType extensionsType = conf.getExtensions();
    // Extension controls
    this.extensionControls = XmlX509CertprofileUtil.buildExtensionControls(extensionsType);
    Set<ASN1ObjectIdentifier> extnIds = new HashSet<>(this.extensionControls.keySet());
    // SubjectToSubjectAltName
    initSubjectToSubjectAltNames(extensionsType);
    // AdditionalInformation
    initAdditionalInformation(extnIds, extensionsType);
    // Admission
    initAdmission(extnIds, extensionsType);
    // AuthorityInfoAccess
    initAuthorityInfoAccess(extnIds, extensionsType);
    // AuthorityKeyIdentifier
    initAuthorityKeyIdentifier(extnIds, extensionsType);
    // AuthorizationTemplate
    initAuthorizationTemplate(extnIds, extensionsType);
    // BasicConstrains
    initBasicConstraints(extnIds, extensionsType);
    // BiometricInfo
    initBiometricInfo(extnIds, extensionsType);
    // Certificate Policies
    initCertificatePolicies(extnIds, extensionsType);
    // ExtendedKeyUsage
    initExtendedKeyUsage(extnIds, extensionsType);
    // Inhibit anyPolicy
    initInhibitAnyPolicy(extnIds, extensionsType);
    // KeyUsage
    initKeyUsage(extnIds, extensionsType);
    // Name Constrains
    initNameConstraints(extnIds, extensionsType);
    // Policy Constraints
    initPolicyConstraints(extnIds, extensionsType);
    // Policy Mappings
    initPolicyMappings(extnIds, extensionsType);
    // PrivateKeyUsagePeriod
    initPrivateKeyUsagePeriod(extnIds, extensionsType);
    // QCStatements
    initQcStatements(extnIds, extensionsType);
    // Restriction
    initRestriction(extnIds, extensionsType);
    // SMIMECapatibilities
    initSmimeCapabilities(extnIds, extensionsType);
    // SubjectAltNameMode
    initSubjectAlternativeName(extnIds, extensionsType);
    // SubjectInfoAccess
    initSubjectInfoAccess(extnIds, extensionsType);
    // TlsFeature
    initTlsFeature(extnIds, extensionsType);
    // validityModel
    initValidityModel(extnIds, extensionsType);
    // SubjectDirectoryAttributes
    initSubjectDirAttrs(extnIds, extensionsType);
    // constant extensions
    this.constantExtensions = XmlX509CertprofileUtil.buildConstantExtesions(extensionsType);
    if (this.constantExtensions != null) {
        extnIds.removeAll(this.constantExtensions.keySet());
    }
    // validate the configuration
    if (subjectToSubjectAltNameModes != null) {
        ASN1ObjectIdentifier type = Extension.subjectAlternativeName;
        if (!extensionControls.containsKey(type)) {
            throw new CertprofileException("subjectToSubjectAltNames cannot be configured if extension" + " subjectAltNames is not permitted");
        }
        if (subjectAltNameModes != null) {
            for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
                GeneralNameTag nameTag = subjectToSubjectAltNameModes.get(attrType);
                boolean allowed = false;
                for (GeneralNameMode m : subjectAltNameModes) {
                    if (m.getTag() == nameTag) {
                        allowed = true;
                        break;
                    }
                }
                if (!allowed) {
                    throw new CertprofileException("target SubjectAltName type " + nameTag + " is not allowed");
                }
            }
        }
    }
    // Remove the extension processed not be the CertProfile, but by the CA
    extnIds.remove(Extension.issuerAlternativeName);
    extnIds.remove(Extension.authorityInfoAccess);
    extnIds.remove(Extension.cRLDistributionPoints);
    extnIds.remove(Extension.freshestCRL);
    extnIds.remove(Extension.subjectKeyIdentifier);
    extnIds.remove(Extension.subjectInfoAccess);
    extnIds.remove(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck);
    Set<ASN1ObjectIdentifier> copyOfExtnIds = new HashSet<>(extnIds);
    for (ASN1ObjectIdentifier extnId : copyOfExtnIds) {
        Object extnValue = getExtensionValue(extnId, extensionsType, Object.class);
        boolean processed = initExtraExtension(extnId, extensionControls.get(extnId), extnValue);
        if (processed) {
            extnIds.remove(extnId);
        }
    }
    if (!extnIds.isEmpty()) {
        throw new CertprofileException("Cannot process the extensions: " + extnIds);
    }
}
Also used : NameValueType(org.xipki.ca.certprofile.x509.jaxb.NameValueType) HashMap(java.util.HashMap) DirectoryStringType(org.xipki.ca.api.profile.DirectoryStringType) StringType(org.xipki.ca.api.profile.StringType) ArrayList(java.util.ArrayList) KeyAlgorithms(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RdnControl(org.xipki.ca.api.profile.RdnControl) CertprofileException(org.xipki.ca.api.profile.CertprofileException) SubjectControl(org.xipki.ca.api.profile.x509.SubjectControl) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) HashSet(java.util.HashSet) Pattern(java.util.regex.Pattern) GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) Parameters(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Parameters) GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag) Range(org.xipki.ca.api.profile.Range) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) LinkedList(java.util.LinkedList) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 5 with RdnControl

use of org.xipki.ca.api.profile.RdnControl in project xipki by xipki.

the class SubjectChecker method checkSubjectAttributeNotMultiValued.

private ValidationIssue checkSubjectAttributeNotMultiValued(ASN1ObjectIdentifier type, X500Name subject, X500Name requestedSubject) throws BadCertTemplateException {
    ValidationIssue issue = createSubjectIssue(type);
    // control
    RdnControl rdnControl = subjectControl.getControl(type);
    int minOccurs = (rdnControl == null) ? 0 : rdnControl.getMinOccurs();
    int maxOccurs = (rdnControl == null) ? 0 : rdnControl.getMaxOccurs();
    RDN[] rdns = subject.getRDNs(type);
    int rdnsSize = (rdns == null) ? 0 : rdns.length;
    if (rdnsSize < minOccurs || rdnsSize > maxOccurs) {
        issue.setFailureMessage("number of RDNs '" + rdnsSize + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
        return issue;
    }
    RDN[] requestedRdns = requestedSubject.getRDNs(type);
    if (rdnsSize == 0) {
        // check optional attribute but is present in requestedSubject
        if (maxOccurs > 0 && requestedRdns != null && requestedRdns.length > 0) {
            issue.setFailureMessage("is absent but expected present");
        }
        return issue;
    }
    StringBuilder failureMsg = new StringBuilder();
    // check the encoding
    StringType stringType = null;
    if (rdnControl != null) {
        stringType = rdnControl.getStringType();
    }
    List<String> requestedCoreAtvTextValues = new LinkedList<>();
    if (requestedRdns != null) {
        for (RDN requestedRdn : requestedRdns) {
            String textValue = getRdnTextValueOfRequest(requestedRdn);
            requestedCoreAtvTextValues.add(textValue);
        }
        if (rdnControl != null && rdnControl.getPatterns() != null) {
            // sort the requestedRDNs
            requestedCoreAtvTextValues = sort(requestedCoreAtvTextValues, rdnControl.getPatterns());
        }
    }
    if (rdns == null) {
        // return always false, only to make the null checker happy
        return issue;
    }
    for (int i = 0; i < rdns.length; i++) {
        RDN rdn = rdns[i];
        AttributeTypeAndValue[] atvs = rdn.getTypesAndValues();
        if (atvs.length > 1) {
            failureMsg.append("size of RDN[" + i + "] is '" + atvs.length + "' but expected '1'");
            failureMsg.append("; ");
            continue;
        }
        String atvTextValue = getAtvValueString("RDN[" + i + "]", atvs[0], stringType, failureMsg);
        if (atvTextValue == null) {
            continue;
        }
        checkAttributeTypeAndValue("RDN[" + i + "]", type, atvTextValue, rdnControl, requestedCoreAtvTextValues, i, failureMsg);
    }
    int len = failureMsg.length();
    if (len > 2) {
        failureMsg.delete(len - 2, len);
        issue.setFailureMessage(failureMsg.toString());
    }
    return issue;
}
Also used : RdnControl(org.xipki.ca.api.profile.RdnControl) StringType(org.xipki.ca.api.profile.StringType) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERT61String(org.bouncycastle.asn1.DERT61String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ValidationIssue(org.xipki.common.qa.ValidationIssue) RDN(org.bouncycastle.asn1.x500.RDN) LinkedList(java.util.LinkedList) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)

Aggregations

RdnControl (org.xipki.ca.api.profile.RdnControl)6 LinkedList (java.util.LinkedList)4 RDN (org.bouncycastle.asn1.x500.RDN)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3 DERIA5String (org.bouncycastle.asn1.DERIA5String)3 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)3 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3 AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)3 StringType (org.xipki.ca.api.profile.StringType)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 DERBMPString (org.bouncycastle.asn1.DERBMPString)2 DERT61String (org.bouncycastle.asn1.DERT61String)2 BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)2 ValidationIssue (org.xipki.common.qa.ValidationIssue)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Pattern (java.util.regex.Pattern)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1