public static void appendTypeAndValue( StringBuffer buf, AttributeTypeAndValue typeAndValue, Hashtable oidSymbols) { String sym = (String)oidSymbols.get(typeAndValue.getType()); if (sym != null) { buf.append(sym); } else { buf.append(typeAndValue.getType().getId()); } buf.append('='); buf.append(valueToString(typeAndValue.getValue())); }
public static String getCommonName(X500Name name) { ParamUtil.requireNonNull("name", name); RDN[] rdns = name.getRDNs(ObjectIdentifiers.DN_CN); if (rdns != null && rdns.length > 0) { RDN rdn = rdns[0]; AttributeTypeAndValue atv = null; if (rdn.isMultiValued()) { for (AttributeTypeAndValue m : rdn.getTypesAndValues()) { if (m.getType().equals(ObjectIdentifiers.DN_CN)) { atv = m; break; } } } else { atv = rdn.getFirst(); } return (atv == null) ? null : rdnValueToString(atv.getValue()); } return null; }
static void verifyCertificateCommonName(X500Name subject, String commonName) { List<AttributeTypeAndValue> attributesAndValues = Arrays.stream(subject.getRDNs()) .flatMap(rdn -> rdn.isMultiValued() ? Stream.of(rdn.getTypesAndValues()) : Stream.of(rdn.getFirst())) .filter(attr -> attr.getType() == BCStyle.CN) .collect(Collectors.toList()); if (attributesAndValues.size() != 1) { throw new IllegalArgumentException("Only 1 common name should be set"); } String actualCommonName = DERUTF8String.getInstance(attributesAndValues.get(0).getValue()).getString(); if (! actualCommonName.equals(commonName)) { throw new IllegalArgumentException("Expected common name to be " + commonName + ", but was " + actualCommonName); } }
public RdnPanelList(X500Name x500Name, boolean editable) { setLayout(new MigLayout("insets dialog, flowy", "[right]", "[]rel[]")); // we have to reverse RDN order for dialog List<RDN> rdnsAsList = Arrays.asList(x500Name.getRDNs()); Collections.reverse(rdnsAsList); for (RDN rdn : rdnsAsList) { this.editable = editable; for (AttributeTypeAndValue atav : rdn.getTypesAndValues()) { String type = OidDisplayNameMapping.getDisplayNameForOid(atav.getType().getId()); String value = atav.getValue().toString(); addItem(new RdnPanel(new JComboBox<Object>(comboBoxEntries), type, value, this, editable)); } } }
public boolean match(Certificate cert) { if (!(cert instanceof X509Certificate)) { return false; } if (rdnArray == null) { return true; } try { X500Name x500name = getX500SubjectName((X509Certificate) cert); boolean ok = true; for (RDN rdn : rdnArray) { AttributeTypeAndValue expectedTypeAndValue = rdn.getFirst(); ok = ok && contains(x500name, expectedTypeAndValue); } return ok; } catch (CertificateEncodingException e) { return false; } }
private boolean checkRdn(RDN certRDN, AttributeTypeAndValue expectedTypeAndValue) { String expectedValue = IETFUtils.valueToString(expectedTypeAndValue.getValue()); boolean constraintFound = false; AttributeTypeAndValue[] typesAndValues = certRDN.getTypesAndValues(); for (AttributeTypeAndValue typesAndValue : typesAndValues) { if (typesAndValue.getType().equals(expectedTypeAndValue.getType())) { String actualValue = IETFUtils.valueToString(typesAndValue.getValue()); if (actualValue.equals(expectedValue)) { constraintFound = true; } else { constraintFound = false; break; } } } return constraintFound; }
public static void appendTypeAndValue( StringBuilder buf, AttributeTypeAndValue typeAndValue, Map<ASN1ObjectIdentifier, String> oidSymbols) { String sym = oidSymbols.get(typeAndValue.getType()); if (sym != null) { buf.append(sym); } else { buf.append(typeAndValue.getType().getId()); } buf.append('='); buf.append(valueToString(typeAndValue.getValue())); }
public static void appendRDN( StringBuffer buf, RDN rdn, Hashtable oidSymbols) { if (rdn.isMultiValued()) { AttributeTypeAndValue[] atv = rdn.getTypesAndValues(); boolean firstAtv = true; for (int j = 0; j != atv.length; j++) { if (firstAtv) { firstAtv = false; } else { buf.append('+'); } IETFUtils.appendTypeAndValue(buf, atv[j], oidSymbols); } } else { IETFUtils.appendTypeAndValue(buf, rdn.getFirst(), oidSymbols); } }
private static boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2) { if (atv1 == atv2) { return true; } if (atv1 == null) { return false; } if (atv2 == null) { return false; } ASN1ObjectIdentifier o1 = atv1.getType(); ASN1ObjectIdentifier o2 = atv2.getType(); if (!o1.equals(o2)) { return false; } String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue())); String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue())); if (!v1.equals(v2)) { return false; } return true; }
public int calculateHashCode(X500Name name) { int hashCodeValue = 0; RDN[] rdns = name.getRDNs(); // this needs to be order independent, like equals for (int i = 0; i != rdns.length; i++) { if (rdns[i].isMultiValued()) { AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues(); for (int j = 0; j != atv.length; j++) { hashCodeValue ^= atv[j].getType().hashCode(); hashCodeValue ^= calcHashCode(atv[j].getValue()); } } else { hashCodeValue ^= rdns[i].getFirst().getType().hashCode(); hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue()); } } return hashCodeValue; }
/** * Reorders DN to the order the elements appear in the RFC 2253 table * * https://www.ietf.org/rfc/rfc2253.txt * * String X.500 AttributeType * ------------------------------ * CN commonName * L localityName * ST stateOrProvinceName * O organizationName * OU organizationalUnitName * C countryName * STREET streetAddress * DC domainComponent * UID userid * * @param dn a possibly unordered DN * @return the ordered dn */ public static String reorderDn(String dn) { RDN[] rdNs = new X500Name(dn).getRDNs(); Arrays.sort(rdNs, new Comparator<RDN>() { @Override public int compare(RDN o1, RDN o2) { AttributeTypeAndValue o1First = o1.getFirst(); AttributeTypeAndValue o2First = o2.getFirst(); ASN1ObjectIdentifier o1Type = o1First.getType(); ASN1ObjectIdentifier o2Type = o2First.getType(); Integer o1Rank = dnOrderMap.get(o1Type); Integer o2Rank = dnOrderMap.get(o2Type); if (o1Rank == null) { if (o2Rank == null) { int idComparison = o1Type.getId().compareTo(o2Type.getId()); if (idComparison != 0) { return idComparison; } return String.valueOf(o1Type).compareTo(String.valueOf(o2Type)); } return 1; } else if (o2Rank == null) { return -1; } return o1Rank - o2Rank; } }); return new X500Name(rdNs).toString(); }
public static void appendRDN( StringBuffer buf, RDN rdn, Hashtable oidSymbols) { if (rdn.isMultiValued()) { AttributeTypeAndValue[] atv = rdn.getTypesAndValues(); boolean firstAtv = true; for (int j = 0; j != atv.length; j++) { if (firstAtv) { firstAtv = false; } else { buf.append('+'); } IETFUtils.appendTypeAndValue(buf, atv[j], oidSymbols); } } else { if (rdn.getFirst() != null) { IETFUtils.appendTypeAndValue(buf, rdn.getFirst(), oidSymbols); } } }
/** * Extract email addresses from a certificate * * @param cert the X509 certificate holder * @return a List of all email addresses found * @throws CertificateException */ private static List<String> getEmailFromCert(X509CertificateHolder cert) throws CertificateException { List<String> res = new ArrayList<>(); X500Name subject = cert.getSubject(); for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) { for (AttributeTypeAndValue emailAttr: emails.getTypesAndValues()) { log.debug("Add email from RDN: " + IETFUtils.valueToString(emailAttr.getValue())); res.add(IETFUtils.valueToString(emailAttr.getValue())); } } Extension subjectAlternativeNames = cert .getExtension(Extension.subjectAlternativeName); if (subjectAlternativeNames != null) { for (GeneralName name : GeneralNames.getInstance( subjectAlternativeNames.getParsedValue()).getNames()) { if (name.getTagNo() == GeneralName.rfc822Name) { String email = IETFUtils.valueToString(name.getName()); log.debug("Add email from subjectAlternativeName: " + email); res.add(email); } } } return res; }
@Override public String toString(X500Name name) { // Convert in reverse StringBuffer buf = new StringBuffer(); boolean first = true; RDN[] rdns = name.getRDNs(); for (int i = rdns.length - 1; i >= 0; i--) { if (first) { first = false; } else { buf.append(','); } if (rdns[i].isMultiValued()) { AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues(); boolean firstAtv = true; for (int j = 0; j != atv.length; j++) { if (firstAtv) { firstAtv = false; } else { buf.append('+'); } IETFUtils.appendTypeAndValue(buf, atv[j], DefaultSymbols); } } else { IETFUtils.appendTypeAndValue(buf, rdns[i].getFirst(), DefaultSymbols); } } return buf.toString(); }
private static String extractCommonName(X500Name name) { for (RDN rdn : name.getRDNs()) { AttributeTypeAndValue atav = rdn.getFirst(); if (atav.getType().equals(BCStyle.CN)) { return atav.getValue().toString(); } } return null; }
public List<RDN> getRdns(boolean noEmptyRdns) { List<RDN> rdns = new ArrayList<RDN>(); for (RdnPanel rdnPanel : entries) { ASN1ObjectIdentifier attrType = OidDisplayNameMapping.getOidForDisplayName(rdnPanel.getAttributeName()); if (noEmptyRdns && StringUtils.trimAndConvertEmptyToNull(rdnPanel.getAttributeValue()) == null) { continue; } ASN1Encodable attrValue = KseX500NameStyle.INSTANCE.stringToValue(attrType, rdnPanel.getAttributeValue()); rdns.add(new RDN(new AttributeTypeAndValue(attrType, attrValue))); } return rdns; }
@Test public void testReadCertificate() throws Exception { KeyStore keyStore = KeyStore.getInstance("PKCS12"); LOG.debug("eHealth PKCS12 path: " + this.config.getEHealthPKCS12Path()); FileInputStream fileInputStream = new FileInputStream(this.config.getEHealthPKCS12Path()); keyStore.load(fileInputStream, this.config.getEHealthPKCS12Password().toCharArray()); Enumeration<String> aliasesEnum = keyStore.aliases(); while (aliasesEnum.hasMoreElements()) { String alias = aliasesEnum.nextElement(); LOG.debug("alias: " + alias); X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); // LOG.debug("certificate: " + certificate); LOG.debug("certificate subject: " + certificate.getSubjectX500Principal()); X509CertificateHolder certificateHolder = new X509CertificateHolder(certificate.getEncoded()); X500Name subjectName = certificateHolder.getSubject(); RDN[] rdns = subjectName.getRDNs(); for (RDN rdn : rdns) { LOG.debug("--------"); AttributeTypeAndValue[] attributes = rdn.getTypesAndValues(); for (AttributeTypeAndValue attribute : attributes) { LOG.debug(attribute.getType() + " = " + attribute.getValue()); LOG.debug("value type: " + attribute.getValue().getClass().getName()); } } Certificate[] certificateChain = keyStore.getCertificateChain(alias); for (Certificate cert : certificateChain) { // LOG.debug("certificate chain: " + cert); } } }
private boolean checkArrayOfRdn(RDN[] certificateRdnValues, AttributeTypeAndValue expectedTypeAndValue) { boolean containsCorrectValues = true; for (RDN certRDN : certificateRdnValues) { if(!checkRdn(certRDN, expectedTypeAndValue)) { containsCorrectValues = false; break; } } return containsCorrectValues; }
@Override X500Name getX500SubjectName(X509Certificate cert) throws CertificateEncodingException { X500NameBuilder nameBuilder = new X500NameBuilder(X500Name.getDefaultStyle()); if(multiValue) { nameBuilder.addMultiValuedRDN(typeValues); } else { for (AttributeTypeAndValue typeValue : typeValues) { nameBuilder.addRDN(typeValue); } } return nameBuilder.build(); }
