/** * Retrieves Subject Alternative Name UPN extension as a principal id String. * * @param certificate X.509 certificate credential. * * @return Resolved principal ID or null if no SAN UPN extension is available in provided certificate. * * @see AbstractX509PrincipalResolver#resolvePrincipalInternal(java.security.cert.X509Certificate) * @see java.security.cert.X509Certificate#getSubjectAlternativeNames() */ @Override protected String resolvePrincipalInternal(final X509Certificate certificate) { logger.debug("Resolving principal from Subject Alternative Name UPN for {}", certificate); try { final Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { for (final List<?> sanItem : subjectAltNames) { final ASN1Sequence seq = getAltnameSequence(sanItem); final String upnString = getUPNStringFromSequence(seq); if (upnString != null) { return upnString; } } } } catch (final CertificateParsingException e) { logger.error("Error is encountered while trying to retrieve subject alternative names collection from certificate", e); logger.debug("Returning null principal id..."); return null; } logger.debug("Returning null principal id..."); return null; }
/** * Retrieves Subject Alternative Name UPN extension as a principal id String. * * @param certificate X.509 certificate credential. * @return Resolved principal ID or null if no SAN UPN extension is available in provided certificate. * @see AbstractX509PrincipalResolver#resolvePrincipalInternal(java.security.cert.X509Certificate) * @see java.security.cert.X509Certificate#getSubjectAlternativeNames() */ @Override protected String resolvePrincipalInternal(final X509Certificate certificate) { LOGGER.debug("Resolving principal from Subject Alternative Name UPN for [{}]", certificate); try { final Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { for (final List<?> sanItem : subjectAltNames) { final ASN1Sequence seq = getAltnameSequence(sanItem); final String upnString = getUPNStringFromSequence(seq); if (upnString != null) { return upnString; } } } } catch (final CertificateParsingException e) { LOGGER.error("Error is encountered while trying to retrieve subject alternative names collection from certificate", e); LOGGER.debug("Returning null principal..."); return null; } LOGGER.debug("Returning null principal id..."); return null; }
public AttributeCertificateHolder(X509Certificate cert) throws CertificateParsingException { X509Principal name; try { name = PrincipalUtil.getIssuerX509Principal(cert); } catch (Exception e) { throw new CertificateParsingException(e.getMessage()); } holder = new Holder(new IssuerSerial(generateGeneralNames(name), new ASN1Integer(cert.getSerialNumber()))); }
private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateEncodingException { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); try { return new X509CertificateObject(Certificate.getInstance(new DERSequence(v))); } catch (CertificateParsingException e) { throw new ExtCertificateEncodingException("exception producing certificate object", e); } }
/** * add a given extension field for the standard extensions tag (tag 3) * copying the extension value from another certificate. * @throws CertificateParsingException if the extension cannot be extracted. */ public void copyAndAddExtension( String oid, boolean critical, X509Certificate cert) throws CertificateParsingException { byte[] extValue = cert.getExtensionValue(oid); if (extValue == null) { throw new CertificateParsingException("extension " + oid + " not present"); } try { ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue); this.addExtension(oid, critical, value); } catch (IOException e) { throw new CertificateParsingException(e.toString()); } }
protected static void addAdditionalStoresFromAltNames( X509Certificate cert, ExtendedPKIXParameters pkixParams) throws CertificateParsingException { // if in the IssuerAltName extension an URI // is given, add an additinal X.509 store if (cert.getIssuerAlternativeNames() != null) { Iterator it = cert.getIssuerAlternativeNames().iterator(); while (it.hasNext()) { // look for URI List list = (List)it.next(); if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier))) { // found String temp = (String)list.get(1); CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams); } } } }
private Certificate readDERCertificate( InputStream in) throws IOException, CertificateParsingException { ASN1InputStream dIn = new ASN1InputStream(in); ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); if (seq.size() > 1 && seq.getObjectAt(0) instanceof DERObjectIdentifier) { if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) { sData = new SignedData(ASN1Sequence.getInstance( (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); return getCertificate(); } } return new X509CertificateObject( org.bouncycastle.asn1.x509.Certificate.getInstance(seq)); }
private Certificate getCertificate() throws CertificateParsingException { if (sData != null) { while (sDataObjectCount < sData.size()) { Object obj = sData.getObjectAt(sDataObjectCount++); if (obj instanceof ASN1Sequence) { return new X509CertificateObject( org.bouncycastle.asn1.x509.Certificate.getInstance(obj)); } } } return null; }
private java.security.cert.Certificate readDERCertificate( ASN1InputStream dIn) throws IOException, CertificateParsingException { ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); if (seq.size() > 1 && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) { if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) { sData = SignedData.getInstance(ASN1Sequence.getInstance( (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); return getCertificate(); } } return new X509CertificateObject( Certificate.getInstance(seq)); }
private java.security.cert.Certificate getCertificate() throws CertificateParsingException { if (sData != null) { while (sDataObjectCount < sData.size()) { Object obj = sData.getObjectAt(sDataObjectCount++); if (obj instanceof ASN1Sequence) { return new X509CertificateObject( Certificate.getInstance(obj)); } } } return null; }
/** * Process response data and, if applicable, HTTPS information. The {@link org.symphonyoss.symphony.jcurl.JCurl.Response} object returned can be printed * out with response.print(). * * @param con a {@link java.net.HttpURLConnection} object. * @return a {@link org.symphonyoss.symphony.jcurl.JCurl.Response} object. * @throws java.io.IOException if any. * @throws java.security.cert.CertificateParsingException if any. */ public Response processResponse(HttpURLConnection con) throws IOException, CertificateParsingException { Response response = new Response(); long startTime = System.nanoTime(); con.connect(); long endTime = System.nanoTime(); response.timeTaken = endTime - startTime; processResponseHeaders(con, response); processResponseCode(con, response); processResponseCertificates(con, response); processResponseOutput(con, response); processResponseTags(response); return response; }
private static Object getSubjectAltName(X509Certificate cert, int type) { Collection<List<?>> subjectAltNames; try { subjectAltNames = cert.getSubjectAlternativeNames(); } catch (CertificateParsingException cpe) { if (debug != null && Debug.isOn("handshake")) { System.out.println( "Attempt to obtain subjectAltNames extension failed!"); } return null; } if (subjectAltNames != null) { for (List<?> subjectAltName : subjectAltNames) { int subjectAltNameType = (Integer)subjectAltName.get(0); if (subjectAltNameType == type) { return subjectAltName.get(1); } } } return null; }
public static String buildCertAppliesToString(X509Certificate cert) { List<String> elements = new ArrayList<>(); try { Collection<List<?>> altNames = cert.getSubjectAlternativeNames(); if (altNames != null) { for (List<?> altName : altNames) { Integer altNameType = (Integer) altName.get(0); if (altNameType != 2 && altNameType != 7) // dns or ip continue; elements.add((String) altName.get(1)); } } } catch (CertificateParsingException ignored) { } if (elements.size() == 0) return "none"; return TextUtils.join(",", elements.toArray()); }
private static List<String> getSubjectAltNames(X509Certificate certificate, int type) { List<String> result = new ArrayList(); try { Collection<?> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames == null) { return Collections.emptyList(); } Iterator it = subjectAltNames.iterator(); while (it.hasNext()) { List<?> entry = (List) it.next(); if (entry != null && entry.size() >= 2) { Integer altNameType = (Integer) entry.get(0); if (altNameType != null && altNameType.intValue() == type) { String altName = (String) entry.get(1); if (altName != null) { result.add(altName); } } } } return result; } catch (CertificateParsingException e) { return Collections.emptyList(); } }
/** * Returns a list of subject alternative names. Any name that is represented as a String by X509Certificate.getSubjectAlternativeNames() is converted to lowercase and returned. * * @param certificate a certificate * @return a list of subject alternative names; list is never null * @throws CertificateParsingException if parsing the certificate failed */ public static List<String> getSubjectAlternativeNames(final X509Certificate certificate) throws CertificateParsingException { final Collection<List<?>> altNames = certificate.getSubjectAlternativeNames(); if (altNames == null) { return new ArrayList<>(); } final List<String> result = new ArrayList<>(); for (final List<?> generalName : altNames) { /** * generalName has the name type as the first element a String or byte array for the second element. We return any general names that are String types. * * We don't inspect the numeric name type because some certificates incorrectly put IPs and DNS names under the wrong name types. */ final Object value = generalName.get(1); if (value instanceof String) { result.add(((String) value).toLowerCase()); } } return result; }
public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException { Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames(); List<String> emails = new ArrayList<>(); if (alternativeNames != null) { for(List<?> san : alternativeNames) { Integer type = (Integer) san.get(0); if (type == 1) { emails.add((String) san.get(1)); } } } X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject(); if (emails.size() == 0) { emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue())); } String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue()); if (emails.size() >= 1) { return new Pair<>(Jid.fromString(emails.get(0)), name); } else { return null; } }
public static boolean validateSubjectAltNameField(X509Certificate certificate, int field, Predicate<Object> fieldValidator) throws UaException { try { Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames == null) subjectAltNames = Collections.emptyList(); for (List<?> idAndValue : subjectAltNames) { if (idAndValue != null && idAndValue.size() == 2) { if (idAndValue.get(0).equals(field)) { if (fieldValidator.test(idAndValue.get(1))) { return true; } } } } return false; } catch (CertificateParsingException e) { throw new UaException(StatusCodes.Bad_CertificateInvalid, e); } }
public static String getSubjectAltNameUri(X509Certificate certificate) throws UaException { try { Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames == null) subjectAltNames = Collections.emptyList(); for (List<?> idAndValue : subjectAltNames) { if (idAndValue != null && idAndValue.size() == 2) { if (idAndValue.get(0).equals(SUBJECT_ALT_NAME_URI)) { Object uri = idAndValue.get(1); return uri != null ? uri.toString() : null; } } } return null; } catch (CertificateParsingException e) { throw new UaException(StatusCodes.Bad_CertificateInvalid, e); } }
/** * Extract the value of a given SubjectAltName field from a {@link X509Certificate}. * * @param certificate the certificate. * @param field the field number. * @return an {@link Optional} containing the value in the field. * @see #SUBJECT_ALT_NAME_IP_ADDRESS * @see #SUBJECT_ALT_NAME_DNS_NAME * @see #SUBJECT_ALT_NAME_URI */ public static Optional<Object> getSubjectAltNameField(X509Certificate certificate, int field) { try { Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames == null) subjectAltNames = Collections.emptyList(); for (List<?> idAndValue : subjectAltNames) { if (idAndValue != null && idAndValue.size() == 2) { if (idAndValue.get(0).equals(field)) { return Optional.ofNullable(idAndValue.get(1)); } } } return Optional.empty(); } catch (CertificateParsingException e) { return Optional.empty(); } }
protected static void addAdditionalStoresFromAltNames( X509Certificate cert, ExtendedPKIXParameters pkixParams) throws CertificateParsingException { // if in the IssuerAltName extension an URI // is given, add an additional X.509 store if (cert.getIssuerAlternativeNames() != null) { Iterator it = cert.getIssuerAlternativeNames().iterator(); while (it.hasNext()) { // look for URI List list = (List)it.next(); if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier))) { // found String temp = (String)list.get(1); CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams); } } } }
private Certificate readDERCertificate( InputStream in) throws IOException, CertificateParsingException { ASN1InputStream dIn = new ASN1InputStream(in); ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); if (seq.size() > 1 && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) { if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) { sData = new SignedData(ASN1Sequence.getInstance( (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); return getCertificate(); } } return new X509CertificateObject( org.bouncycastle.asn1.x509.Certificate.getInstance(seq)); }
private java.security.cert.Certificate readDERCertificate( ASN1InputStream dIn) throws IOException, CertificateParsingException { ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); if (seq.size() > 1 && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) { if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) { sData = SignedData.getInstance(ASN1Sequence.getInstance( (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); return getCertificate(); } } return new X509CertificateObject(bcHelper, Certificate.getInstance(seq)); }
private java.security.cert.Certificate getCertificate() throws CertificateParsingException { if (sData != null) { while (sDataObjectCount < sData.size()) { Object obj = sData.getObjectAt(sDataObjectCount++); if (obj instanceof ASN1Sequence) { return new X509CertificateObject(bcHelper, Certificate.getInstance(obj)); } } } return null; }
public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException { Extension e = getExtension(SubjectAlternativeNames.ID); if (e != null) { List<GeneralName> names = ((SubjectAlternativeNames) e.getValue()).getNames(); List<List<?>> list = new ArrayList<List<?>>(names.size()); for (GeneralName name : names) { List<Object> n = new ArrayList<Object>(2); n.add(name.kind().tag()); n.add(name.name()); list.add(n); } return list; } return null; }
public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException { Extension e = getExtension(IssuerAlternativeNames.ID); if (e != null) { List<GeneralName> names = ((IssuerAlternativeNames) e.getValue()).getNames(); List<List<?>> list = new ArrayList<List<?>>(names.size()); for (GeneralName name : names) { List<Object> n = new ArrayList<Object>(2); n.add(name.kind().tag()); n.add(name.name()); list.add(n); } return list; } return null; }
private boolean hasNomadAgentAltName(final SSLSession session) { try { final X509Certificate certificate = (X509Certificate) session.getPeerCertificates()[0]; final Collection<List<?>> entries = certificate.getSubjectAlternativeNames(); if (entries == null) { return false; } for (List<?> entry : entries) { if (entry.size() >= 2 && (Integer) entry.get(0) == 2) { final String name = (String) entry.get(1); if (NOMAD_ALT_NAME_PATTERN.matcher(name).matches()) { return true; } } } } catch (final SSLException | CertificateParsingException ignored) { } return false; }
static List<String> extractSubjectAlts(final X509Certificate cert, final int subjectType) { Collection<List<?>> c = null; try { c = cert.getSubjectAlternativeNames(); } catch(final CertificateParsingException ignore) { } List<String> subjectAltList = null; if (c != null) { for (final List<?> aC : c) { final List<?> list = aC; final int type = ((Integer) list.get(0)).intValue(); if (type == subjectType) { final String s = (String) list.get(1); if (subjectAltList == null) { subjectAltList = new ArrayList<String>(); } subjectAltList.add(s); } } } return subjectAltList; }
/** * Extract a {@link ASN1OctetString} that represents the value of a given extension * * @param cert is X509 certificate out of which an extension should be extracted * @param Oid is the Object IDentifier for the extension * @return a {@link ASN1OctetString} that represents an extension or {@code null} if no such * extension is found. * @throws CertificateParsingException if a parsing error occurs */ public static ASN1OctetString extractExtensionValue(X509Certificate cert, String Oid) throws CertificateParsingException { byte[] extensionValue = cert.getExtensionValue(Oid); if (extensionValue == null || extensionValue.length == 0) { // Did not find extension return null; } ASN1Object asn1Object = getAsn1Object(extensionValue); if (asn1Object == null || !(asn1Object instanceof ASN1OctetString)) { throw new CertificateParsingException("Expected ASN1OctetString."); } return (ASN1OctetString) asn1Object; }
private static ASN1Sequence getKeyDescriptionSequence(ASN1OctetString octet) throws CertificateParsingException { // Read out the Sequence ASN1Object asn1Object = X509ExtensionParsingUtil.getAsn1Object(octet.getOctets()); if (asn1Object == null || !(asn1Object instanceof ASN1Sequence)) { throw new CertificateParsingException("Expected KeyDescription Sequence."); } ASN1Sequence sequence = (ASN1Sequence) asn1Object; if (sequence.size() != DESCRIPTION_LENGTH) { throw new CertificateParsingException("KeyDescription Sequence has " + sequence.size() + " elements. Expected " + DESCRIPTION_LENGTH + " elements "); } return sequence; }
private static <T> List<T> getListFromTaggedObjectSet( HashMap<Integer, ASN1Primitive> taggedObjects, int tag, Class<T> type) throws CertificateParsingException { ASN1Primitive asn1Primitive = taggedObjects.get(tag); if (asn1Primitive == null) { // No tagged object mode found return null; } if (!(asn1Primitive instanceof ASN1Set)) { throw new CertificateParsingException("Expected ASN1Set"); } ASN1Set set = (ASN1Set) asn1Primitive; List<T> list = new ArrayList<T>(); for (ASN1Encodable asn1Encodable : set.toArray()) { list.add(buildTypeFromInt(X509ExtensionParsingUtil.getInt(asn1Encodable), type)); } return list; }
public List<String> getSubjectAlternativeNames() { List<String> subjectAlternativeNames = new LinkedList<String>(); try { if (certificate.getSubjectAlternativeNames() == null) { return subjectAlternativeNames; } for (List<?> i : certificate.getSubjectAlternativeNames()) { subjectAlternativeNames.add(i.get(1) + " (" + ObjectIdentifier.getSubjectAlternativeNames((Integer) i.get(0)) + ")"); } } catch (CertificateParsingException e) { e.printStackTrace(); } return subjectAlternativeNames; }
public List<String> getIssuerAlternativeNames() { List<String> issuerAlternativeNames = new LinkedList<String>(); try { if (certificate.getIssuerAlternativeNames() == null) { return issuerAlternativeNames; } for (List<?> i : certificate.getIssuerAlternativeNames()) { issuerAlternativeNames.add(i.get(1) + " (" + ObjectIdentifier.getSubjectAlternativeNames((Integer) i.get(0)) + ")"); } } catch (CertificateParsingException e) { e.printStackTrace(); } return issuerAlternativeNames; }