List of usage examples for javax.security.auth.x500 X500Principal getEncoded
public byte[] getEncoded()
From source file:ddf.security.sts.claimsHandler.AttributeMapLoader.java
public static String getCredentials(Principal principal) { String credential = null;//from w w w . j a v a2 s . c om if (principal instanceof X500Principal) { X500Principal x500p = (X500Principal) principal; credential = new String(x500p.getEncoded(), StandardCharsets.UTF_8); } else if (principal instanceof WSUsernameTokenPrincipalImpl) { credential = ((WSUsernameTokenPrincipalImpl) principal).getPassword(); } return credential; }
From source file:org.globus.gsi.util.CertificateIOUtil.java
public static byte[] encodePrincipal(X500Principal subject) throws IOException { return subject.getEncoded(); }
From source file:co.runrightfast.core.security.auth.x500.DistinguishedName.java
public static X500Name toX500Name(@NonNull final X500Principal principal) { return X500Name.getInstance(principal.getEncoded()); }
From source file:Main.java
private static String hashPrincipal(X500Principal principal) throws NoSuchAlgorithmException { // Android hashes a principal as the first four bytes of its MD5 digest, encoded in // lowercase hex and reversed. Verified in 4.2, 4.3, and 4.4. byte[] digest = MessageDigest.getInstance("MD5").digest(principal.getEncoded()); char[] hexChars = new char[8]; for (int i = 0; i < 4; i++) { hexChars[2 * i] = HEX_DIGITS[(digest[3 - i] >> 4) & 0xf]; hexChars[2 * i + 1] = HEX_DIGITS[digest[3 - i] & 0xf]; }/*from w ww .ja v a2 s .c o m*/ return new String(hexChars); }
From source file:org.dcache.xrootd.plugins.authn.gsi.CertUtil.java
/** * Computes the hash from the principal, using the passed-in digest * (usually MD5). After applying the digest on the DER-encoded * principal, the first 4 bytes of the computed hash are taken and * interpreted as a hexadecimal integer in Little Endian. This * corresponds to the openssl hash mechanism. * * Keep a cache of principals, as this method will often be called * with the same principal (to avoid costly rehashing). * * @param md the digest instance/*from w w w .j a v a 2 s . c o m*/ * @param principal the principal (subject or issuer) * @return the 8-digit hexadecimal hash */ public static String computeHash(MessageDigest md, X500Principal principal) { String principalHash; if (_hashCache.containsKey(principal)) { principalHash = _hashCache.get(principal); } else { md.reset(); md.update(principal.getEncoded()); byte[] md5hash = md.digest(); // take the first 4 bytes in little Endian int shortHash = (0xff & md5hash[3]) << 24 | (0xff & md5hash[2]) << 16 | (0xff & md5hash[1]) << 8 | (0xff & md5hash[0]); // convert to hex principalHash = Integer.toHexString(shortHash); _hashCache.put(principal, principalHash); } return principalHash; }
From source file:org.opensaml.xml.security.x509.X509Util.java
/** * Gets the commons names that appear within the given distinguished name. The returned list provides the names in * the order they appeared in the DN./*from www. ja v a2 s. co m*/ * * @param dn the DN to extract the common names from * * @return the common names that appear in the DN in the order they appear or null if the given DN is null */ public static List<String> getCommonNames(X500Principal dn) { if (dn == null) { return null; } log.debug("Extracting CNs from the following DN: {}", dn.toString()); List<String> commonNames = new LinkedList<String>(); try { ASN1InputStream asn1Stream = new ASN1InputStream(dn.getEncoded()); DERObject parent = asn1Stream.readObject(); String cn = null; DERObject dnComponent; DERSequence grandChild; DERObjectIdentifier componentId; for (int i = 0; i < ((DERSequence) parent).size(); i++) { dnComponent = ((DERSequence) parent).getObjectAt(i).getDERObject(); if (!(dnComponent instanceof DERSet)) { log.debug("No DN components."); continue; } // Each DN component is a set for (int j = 0; j < ((DERSet) dnComponent).size(); j++) { grandChild = (DERSequence) ((DERSet) dnComponent).getObjectAt(j).getDERObject(); if (grandChild.getObjectAt(0) != null && grandChild.getObjectAt(0).getDERObject() instanceof DERObjectIdentifier) { componentId = (DERObjectIdentifier) grandChild.getObjectAt(0).getDERObject(); if (CN_OID.equals(componentId.getId())) { // OK, this dn component is actually a cn attribute if (grandChild.getObjectAt(1) != null && grandChild.getObjectAt(1).getDERObject() instanceof DERString) { cn = ((DERString) grandChild.getObjectAt(1).getDERObject()).getString(); commonNames.add(cn); } } } } } asn1Stream.close(); return commonNames; } catch (IOException e) { log.error("Unable to extract common names from DN: ASN.1 parsing failed: " + e); return null; } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
public static String getUtf8String(final X500Principal x500Principal) { final byte[] encoded = x500Principal.getEncoded(); final ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(encoded); final ASN1Encodable[] asn1Encodables = asn1Sequence.toArray(); final StringBuilder stringBuilder = new StringBuilder(); /**//from w w w. j a v a 2 s.c o m * RFC 4514 LDAP: Distinguished Names * 2.1. Converting the RDNSequence * * If the RDNSequence is an empty sequence, the result is the empty or * zero-length string. * * Otherwise, the output consists of the string encodings of each * RelativeDistinguishedName in the RDNSequence (according to Section * 2.2), starting with the last element of the sequence and moving * backwards toward the first. * ... */ for (int ii = asn1Encodables.length - 1; ii >= 0; ii--) { final ASN1Encodable asn1Encodable = asn1Encodables[ii]; final DLSet dlSet = (DLSet) asn1Encodable; for (int jj = 0; jj < dlSet.size(); jj++) { final DLSequence dlSequence = (DLSequence) dlSet.getObjectAt(jj); if (dlSequence.size() != 2) { throw new DSSException("The DLSequence must contains exactly 2 elements."); } final ASN1Encodable attributeType = dlSequence.getObjectAt(0); final ASN1Encodable attributeValue = dlSequence.getObjectAt(1); String string = getString(attributeValue); /** * RFC 4514 LDAP: Distinguished Names * ... * Other characters may be escaped. * * Each octet of the character to be escaped is replaced by a backslash * and two hex digits, which form a single octet in the code of the * character. Alternatively, if and only if the character to be escaped * is one of * * ' ', '"', '#', '+', ',', ';', '<', '=', '>', or '\' * (U+0020, U+0022, U+0023, U+002B, U+002C, U+003B, * U+003C, U+003D, U+003E, U+005C, respectively) * * it can be prefixed by a backslash ('\' U+005C). * ... */ string = string.replace("\"", "\\\""); string = string.replace("#", "\\#"); string = string.replace("+", "\\+"); string = string.replace(",", "\\,"); string = string.replace(";", "\\;"); string = string.replace("<", "\\<"); string = string.replace("=", "\\="); string = string.replace(">", "\\>"); // System.out.println(">>> " + attributeType.toString() + "=" + attributeValue.getClass().getSimpleName() + "[" + string + "]"); if (stringBuilder.length() != 0) { stringBuilder.append(','); } stringBuilder.append(attributeType).append('=').append(string); } } //final X500Name x500Name = X500Name.getInstance(encoded); return stringBuilder.toString(); }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
public static Map<String, String> get(final X500Principal x500Principal) { Map<String, String> treeMap = new HashMap<String, String>(); final byte[] encoded = x500Principal.getEncoded(); final ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(encoded); final ASN1Encodable[] asn1Encodables = asn1Sequence.toArray(); for (final ASN1Encodable asn1Encodable : asn1Encodables) { final DLSet dlSet = (DLSet) asn1Encodable; for (int ii = 0; ii < dlSet.size(); ii++) { final DLSequence dlSequence = (DLSequence) dlSet.getObjectAt(ii); if (dlSequence.size() != 2) { throw new DSSException("The DLSequence must contains exactly 2 elements."); }// w w w.j a v a 2s .co m final ASN1Encodable asn1EncodableAttributeType = dlSequence.getObjectAt(0); final String stringAttributeType = getString(asn1EncodableAttributeType); final ASN1Encodable asn1EncodableAttributeValue = dlSequence.getObjectAt(1); final String stringAttributeValue = getString(asn1EncodableAttributeValue); treeMap.put(stringAttributeType, stringAttributeValue); } } return treeMap; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
/** * Generates a hexidecimal OpenSSL X509_NAME hash (as used in openssl x509 -hash -in cert.pem)<br /> * Based on openssl's crypto/x509/x509_cmp.c line 321 * * @param p//from w w w . j a v a 2 s . co m * * @return */ public static String openssl_X509_NAME_hash(X500Principal p) throws NoSuchAlgorithmException { // DER-encode the Principal, MD5 hash it, then extract the first 4 bytes and reverse their positions // MAINTAINER NOTE: This code replicates OpenSSL's hashing function byte[] derEncodedSubject = p.getEncoded(); byte[] md5 = MessageDigest.getInstance("MD5").digest(derEncodedSubject); // Reduce the MD5 hash to a single unsigned long byte[] result = new byte[] { md5[3], md5[2], md5[1], md5[0] }; return HexHelper.toHex(result); }
From source file:org.globus.myproxy.MyProxy.java
/** * Generates a hex X509_NAME hash (like openssl x509 -hash -in cert.pem) * Based on openssl's crypto/x509/x509_cmp.c line 321 *//*from ww w.j av a2s . c om*/ private static String openssl_X509_NAME_hash(X500Principal p) throws Exception { // This code replicates OpenSSL's hashing function // DER-encode the Principal, MD5 hash it, then extract the first 4 bytes and reverse their positions byte[] derEncodedSubject = p.getEncoded(); byte[] md5 = MessageDigest.getInstance("MD5").digest(derEncodedSubject); // Reduce the MD5 hash to a single unsigned long byte[] result = new byte[] { md5[3], md5[2], md5[1], md5[0] }; return toHex(result); }