List of usage examples for javax.security.auth.x500 X500Principal RFC2253
String RFC2253
To view the source code for javax.security.auth.x500 X500Principal RFC2253.
Click Source Link
From source file:Main.java
public static String convertLegacyToRFC2253(String dn) { int i = dn.toLowerCase().indexOf(" e="); if (i < 0) i = dn.toLowerCase().indexOf(",e="); if (i > 0) { dn = dn.substring(0, ++i) + "EMAILADDRESS" + dn.substring(++i); }/*ww w .j a v a 2 s .c o m*/ return new X500Principal(dn).getName(X500Principal.RFC2253); }
From source file:com.newrelic.agent.deps.org.apache.http.conn.ssl.DefaultHostnameVerifier.java
public final void verify(final String host, final X509Certificate cert) throws SSLException { final boolean ipv4 = InetAddressUtils.isIPv4Address(host); final boolean ipv6 = InetAddressUtils.isIPv6Address(host); final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List<String> subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { if (ipv4) { matchIPAddress(host, subjectAlts); } else if (ipv6) { matchIPv6Address(host, subjectAlts); } else {//w w w.java 2 s. com matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { // CN matching has been deprecated by rfc2818 and can be used // as fallback only when no subjectAlts are available final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); } }
From source file:org.dataone.proto.trove.net.SocketFactoryManager.java
/** * Load PEM file contents into in-memory keystore NOTE: this implementation uses Bouncy Castle security provider * * @return the keystore that will provide the material * @throws KeyStoreException//from w w w . j a va 2s. co m * @throws CertificateException * @throws NoSuchAlgorithmException * @throws IOException */ private KeyStore getKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { // if the location has been set, use it KeyStore keyStore = null; Object pemObject = null; keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, keyStorePassword.toCharArray()); // get the private key and certificate from the PEM // TODO: find a way to do this with default Java provider (not Bouncy Castle)? Security.addProvider(new BouncyCastleProvider()); PEMParser pemReader = new PEMParser(new FileReader(clientCertificateLocation)); X509Certificate certificate = null; PrivateKey privateKey = null; KeyPair keyPair = null; while ((pemObject = pemReader.readObject()) != null) { if (pemObject instanceof PrivateKey) { privateKey = (PrivateKey) pemObject; } else if (pemObject instanceof KeyPair) { keyPair = (KeyPair) pemObject; privateKey = keyPair.getPrivate(); } else if (pemObject instanceof X509Certificate) { certificate = (X509Certificate) pemObject; } } if (certificate == null) { log.warn("Certificate is null"); } else { if (certificate.getSubjectX500Principal().getName(X500Principal.RFC2253) .equals(certificate.getIssuerX500Principal().getName(X500Principal.RFC2253))) { log.warn("Certificate is Self Signed"); } } Certificate[] chain = new Certificate[] { certificate }; // set the entry keyStore.setKeyEntry("cilogon", privateKey, keyStorePassword.toCharArray(), chain); return keyStore; }
From source file:eu.europa.esig.dss.validation.SignedDocumentValidator.java
/** * This method deals with the certificate's details. The retrieved information is transformed to the JAXB object. * * @param usedDigestAlgorithms/*from w ww. ja va 2s.c om*/ * set of different digest algorithms used to compute certificate digest * @param certToken * current certificate token * @return */ private XmlCertificate dealCertificateDetails(final Set<DigestAlgorithm> usedDigestAlgorithms, final CertificateToken certToken) { final XmlCertificate xmlCert = DIAGNOSTIC_DATA_OBJECT_FACTORY.createXmlCertificate(); xmlCert.setId(certToken.getDSSId().asXmlId()); XmlDistinguishedName xmlDistinguishedName = xmlForDistinguishedName(X500Principal.CANONICAL, certToken.getSubjectX500Principal()); xmlCert.getSubjectDistinguishedName().add(xmlDistinguishedName); xmlDistinguishedName = xmlForDistinguishedName(X500Principal.RFC2253, certToken.getSubjectX500Principal()); xmlCert.getSubjectDistinguishedName().add(xmlDistinguishedName); xmlDistinguishedName = xmlForDistinguishedName(X500Principal.CANONICAL, certToken.getIssuerX500Principal()); xmlCert.getIssuerDistinguishedName().add(xmlDistinguishedName); xmlDistinguishedName = xmlForDistinguishedName(X500Principal.RFC2253, certToken.getIssuerX500Principal()); xmlCert.getIssuerDistinguishedName().add(xmlDistinguishedName); xmlCert.setSerialNumber(certToken.getSerialNumber()); for (final DigestAlgorithm digestAlgorithm : usedDigestAlgorithms) { final XmlDigestAlgAndValueType xmlDigestAlgAndValue = new XmlDigestAlgAndValueType(); xmlDigestAlgAndValue.setDigestMethod(digestAlgorithm.getName()); xmlDigestAlgAndValue.setDigestValue(DSSUtils.digest(digestAlgorithm, certToken)); xmlCert.getDigestAlgAndValue().add(xmlDigestAlgAndValue); } TokenIdentifier issuerTokenDSSId = certToken.getIssuerTokenDSSId(); if (issuerTokenDSSId != null) { xmlCert.setIssuerCertificate(issuerTokenDSSId.asXmlId()); } xmlCert.setNotAfter(DSSXMLUtils.createXMLGregorianCalendar(certToken.getNotAfter())); xmlCert.setNotBefore(DSSXMLUtils.createXMLGregorianCalendar(certToken.getNotBefore())); final PublicKey publicKey = certToken.getPublicKey(); xmlCert.setPublicKeySize(DSSPKUtils.getPublicKeySize(publicKey)); xmlCert.setPublicKeyEncryptionAlgo(DSSPKUtils.getPublicKeyEncryptionAlgo(publicKey)); xmlForKeyUsageBits(certToken, xmlCert); if (DSSASN1Utils.isOCSPSigning(certToken)) { xmlCert.setIdKpOCSPSigning(true); } if (DSSASN1Utils.hasIdPkixOcspNoCheckExtension(certToken)) { xmlCert.setIdPkixOcspNoCheck(true); } if (DSSASN1Utils.hasExpiredCertOnCRLExtension(certToken)) { xmlCert.setExpiredCertOnCRL(true); } final XmlBasicSignatureType xmlBasicSignatureType = DIAGNOSTIC_DATA_OBJECT_FACTORY .createXmlBasicSignatureType(); final SignatureAlgorithm signatureAlgorithm = certToken.getSignatureAlgorithm(); xmlBasicSignatureType.setDigestAlgoUsedToSignThisToken(signatureAlgorithm.getDigestAlgorithm().getName()); xmlBasicSignatureType .setEncryptionAlgoUsedToSignThisToken(signatureAlgorithm.getEncryptionAlgorithm().getName()); final String keyLength = DSSPKUtils.getPublicKeySize(certToken); xmlBasicSignatureType.setKeyLengthUsedToSignThisToken(keyLength); final boolean signatureIntact = certToken.isSignatureValid(); xmlBasicSignatureType.setReferenceDataFound(signatureIntact); xmlBasicSignatureType.setReferenceDataIntact(signatureIntact); xmlBasicSignatureType.setSignatureIntact(signatureIntact); xmlBasicSignatureType.setSignatureValid(signatureIntact); xmlCert.setBasicSignature(xmlBasicSignatureType); final CertificateToken issuerToken = certToken.getIssuerToken(); final XmlSigningCertificateType xmlSigningCertificate = xmlForSigningCertificate(issuerToken); xmlCert.setSigningCertificate(xmlSigningCertificate); final XmlCertificateChainType xmlCertChainType = xmlForCertificateChain(issuerToken); xmlCert.setCertificateChain(xmlCertChainType); xmlCert.setSelfSigned(certToken.isSelfSigned()); xmlCert.setTrusted(certToken.isTrusted()); return xmlCert; }
From source file:org.apache.camel.component.xmlsecurity.api.XAdESSignatureProperties.java
protected void addCertificate(X509Certificate cert, Element signedCertificate, Document doc, int index, Input input) throws CertificateEncodingException, NoSuchAlgorithmException, XmlSignatureException { Element elCert = createElement("Cert", doc, input); signedCertificate.appendChild(elCert); String algorithm = getMessageDigestAlgorithm(getDigestAlgorithmForSigningCertificate(), "The digest algorithm '%s' for the signing certificate is invalid"); String digest = calculateDigest(algorithm, cert.getEncoded()); Element certDigest = createElement("CertDigest", doc, input); elCert.appendChild(certDigest);//from w w w. j a va 2 s .com Element digestMethod = createDigSigElement("DigestMethod", doc, input.getPrefixForXmlSignatureNamespace()); certDigest.appendChild(digestMethod); setAttribute(digestMethod, "Algorithm", getDigestAlgorithmForSigningCertificate()); Element digestValue = createDigSigElement("DigestValue", doc, input.getPrefixForXmlSignatureNamespace()); certDigest.appendChild(digestValue); digestValue.setTextContent(digest); Element issuerSerial = createElement("IssuerSerial", doc, input); elCert.appendChild(issuerSerial); Element x509IssuerName = createDigSigElement("X509IssuerName", doc, input.getPrefixForXmlSignatureNamespace()); issuerSerial.appendChild(x509IssuerName); x509IssuerName.setTextContent(cert.getIssuerX500Principal().getName(X500Principal.RFC2253)); Element x509SerialNumber = createDigSigElement("X509SerialNumber", doc, input.getPrefixForXmlSignatureNamespace()); issuerSerial.appendChild(x509SerialNumber); x509SerialNumber.setTextContent(cert.getSerialNumber().toString()); List<String> uris = getSigningCertificateURIs(); if (!uris.isEmpty() && uris.size() > index) { String uri = uris.get(index); if (uri != null && !uri.isEmpty()) { setAttribute(elCert, "URI", uri); } } }
From source file:org.apache.qpid.server.management.plugin.HttpManagementUtil.java
public static Subject tryToAuthenticate(HttpServletRequest request, HttpManagementConfiguration managementConfig) { Subject subject = null;//from w w w. ja v a2 s.c om SocketAddress localAddress = getSocketAddress(request); final AuthenticationProvider authenticationProvider = managementConfig .getAuthenticationProvider(localAddress); SubjectCreator subjectCreator = authenticationProvider.getSubjectCreator(request.isSecure()); String remoteUser = request.getRemoteUser(); if (remoteUser != null || authenticationProvider instanceof AnonymousAuthenticationManager) { subject = authenticateUser(subjectCreator, remoteUser, null); } else if (authenticationProvider instanceof ExternalAuthenticationManager && Collections .list(request.getAttributeNames()).contains("javax.servlet.request.X509Certificate")) { Principal principal = null; X509Certificate[] certificates = (X509Certificate[]) request .getAttribute("javax.servlet.request.X509Certificate"); if (certificates != null && certificates.length != 0) { principal = certificates[0].getSubjectX500Principal(); if (!Boolean.valueOf(String.valueOf(authenticationProvider .getAttribute(ExternalAuthenticationManager.ATTRIBUTE_USE_FULL_DN)))) { String username; String dn = ((X500Principal) principal).getName(X500Principal.RFC2253); username = SSLUtil.getIdFromSubjectDN(dn); principal = new UsernamePrincipal(username); } subject = subjectCreator.createSubjectWithGroups(new AuthenticatedPrincipal(principal)); } } else { String header = request.getHeader("Authorization"); if (header != null) { String[] tokens = header.split("\\s"); if (tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0])) { boolean isBasicAuthSupported = false; if (request.isSecure()) { isBasicAuthSupported = managementConfig.isHttpsBasicAuthenticationEnabled(); } else { isBasicAuthSupported = managementConfig.isHttpBasicAuthenticationEnabled(); } if (isBasicAuthSupported) { String base64UsernameAndPassword = tokens[1]; String[] credentials = (new String( Base64.decodeBase64(base64UsernameAndPassword.getBytes()))).split(":", 2); if (credentials.length == 2) { subject = authenticateUser(subjectCreator, credentials[0], credentials[1]); } } } } } return subject; }
From source file:org.dataone.proto.trove.jsse.X509CertificateToolset.java
/** * Returns the RFC2253 string representation for the certificate's subject This is the standard format used in * DataONE./*from ww w . ja v a 2 s.c o m*/ * * @param certificate * @return subject DN using RFC2253 format */ public String getSubjectDN(X509Certificate certificate) { if (certificate == null) { return null; } X500Principal principal = certificate.getSubjectX500Principal(); String dn = principal.getName(X500Principal.RFC2253); //dn = standardizeDN(dn); return dn; }
From source file:org.dataone.proto.trove.jsse.X509CertificateToolset.java
/** * Returns D1-wide consistent Subject DN string representations * * @see http://www.ietf.org/rfc/rfc2253.txt * @param name - the [reasonable] DN representation * @return the standard D1 representation *//* w w w.j ava 2 s. c om*/ public String standardizeDN(String name) { X500Principal principal = new X500Principal(name); String standardizedName = principal.getName(X500Principal.RFC2253); return standardizedName; }
From source file:org.globus.gsi.util.CertificateUtil.java
/** * Converts DN of the form "CN=A, OU=B, O=C" into Globus format * "/O=C/OU=B/CN=A" <BR> This function might return incorrect * Globus-formatted ID when one of the RDNs in the DN contains commas. * * @return the converted DN in Globus format. *///from ww w . j a v a 2s .c o m public static String toGlobusID(X500Principal principal) { if (principal == null) { return null; } String dn = principal.getName(X500Principal.RFC2253, OID_MAP); StringBuilder buf = new StringBuilder(); final int IDLE = 0; final int VALUE = 1; final int KEY = 2; int state = IDLE; int cEnd = 0; char[] asChars = dn.toCharArray(); /* * walk in reverse order and merge RDN */ for (int i = asChars.length - 1; i >= 0; i--) { char c = asChars[i]; switch (state) { case KEY: if (c == ',') { String s = dn.substring(i + 1, cEnd + 1); buf.append('/').append(s); state = IDLE; } break; case VALUE: if (c == '=') { state = KEY; } break; case IDLE: default: cEnd = i; state = VALUE; } } String s = dn.substring(0, cEnd + 1); buf.append('/').append(s); // remove comma escaping as some other components may use string comparison. return buf.toString().replace("\\,", ","); }
From source file:org.nimbustools.ctxbroker.security.CertificateAuthority.java
/** * CertificateAuthority constructor//from ww w .ja v a 2 s. c om * * @param caCert CA's public cert, X509Certificate * @param caPrivateKey (unencrypted) private key object * @param globusCADN only used for logging * @throws NoSuchProviderException problem initializing keypair generator * @throws NoSuchAlgorithmException problem initializing keypair generator * @throws CertificateException problem initializing certificate factory * @throws IOException file/stream problem * @throws ContextBrokerException other problem with CA input */ protected CertificateAuthority(X509Certificate caCert, PrivateKey caPrivateKey, String globusCADN) throws NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, ContextBrokerException { if (caCert == null) { throw new IllegalArgumentException("caCert is null"); } if (caPrivateKey == null) { throw new IllegalArgumentException("caPrivateKey is null"); } this.kpGen = KeyPairGenerator.getInstance("RSA", "BC"); this.kpGen.initialize(1024, new SecureRandom()); this.certGen = new X509V3CertificateGenerator(); this.factory = CertificateFactory.getInstance("X.509", "BC"); this.caX509 = caCert; this.caPrivate = caPrivateKey; this.caX509Name = new X509Principal(caX509.getIssuerX500Principal().getEncoded()); this.initializeGenerator(); X500Principal subjectDN = caCert.getSubjectX500Principal(); String targetBase = subjectDN.getName(X500Principal.RFC2253); String[] parts = targetBase.split(","); String target = ""; int cnCount = 0; for (int i = 0; i < parts.length; i++) { String newpiece; if (parts[i].startsWith("CN") || parts[i].startsWith("cn")) { newpiece = replaceToken; cnCount += 1; } else { newpiece = parts[i]; } if (i == 0) { target = newpiece; } else { target = newpiece + "," + target; } } if (cnCount == 0) { throw new ContextBrokerException("Unsupported: CA has no " + "CN (?)"); } if (cnCount != 1) { throw new ContextBrokerException("Unsupported: CA has more " + "than one CN"); } this.targetString = target; final String msg = "Initialized certificate authority with subject " + "DN (RFC2253) = '" + targetBase + "' " + "and Globus style DN = '" + globusCADN + "'. " + "New DNs will look like this (RFC2253): '" + this.targetString + "'"; logger.info(msg); }