Example usage for org.apache.commons.ssl.asn1 ASN1InputStream ASN1InputStream

List of usage examples for org.apache.commons.ssl.asn1 ASN1InputStream ASN1InputStream

  1. HOME
  2. Java
  3. org.apache.commons
  4. org.apache.commons.ssl.asn1.*
  5. ASN1InputStream
  6. ASN1InputStream

Introduction

In this page you can find the example usage for org.apache.commons.ssl.asn1 ASN1InputStream ASN1InputStream.

Prototype

public ASN1InputStream(byte[] input)

Source Link

Document

Create an ASN1InputStream based on the input byte array.

Usage

From source file:org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateAuthenticator.java

/**
 * Get alternative name that match with the given regex from the certificate.
 *
 * @param cert                  x509 certificate.
 * @param authenticationContext authenticationContext
 *///from w w  w  .  j  a  v  a2s.  com
private String getMatchedAlternativeName(X509Certificate cert, AuthenticationContext authenticationContext)
        throws AuthenticationFailedException {

    List<String> matchedAlternativeNamesList = new ArrayList<>();
    try {
        Collection<List<?>> altNames = cert.getSubjectAlternativeNames();
        if (altNames != null) {
            for (List item : altNames) {
                ASN1InputStream decoder = null;
                if (item.toArray()[1] instanceof byte[])
                    decoder = new ASN1InputStream((byte[]) item.toArray()[1]);
                else if (item.toArray()[1] instanceof String) {
                    Matcher m = alternativeNamesPatternCompiled.matcher((String) item.toArray()[1]);
                    addMatchStringsToList(m, matchedAlternativeNamesList);
                }
                if (decoder == null)
                    continue;
                String identity = decodeAlternativeName(decoder);
                Matcher m = alternativeNamesPatternCompiled.matcher(identity);
                addMatchStringsToList(m, matchedAlternativeNamesList);
            }
        } else {
            authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE,
                    X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_NOTFOUND_ERROR_CODE);
            throw new AuthenticationFailedException(
                    X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_NOTFOUND_ERROR);
        }
    } catch (CertificateParsingException | IOException e) {
        throw new AuthenticationFailedException("Failed to Parse the certificate");
    }
    if (matchedAlternativeNamesList.isEmpty()) {
        authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE,
                X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_REGEX_NO_MATCHES_ERROR_CODE);
        throw new AuthenticationFailedException("Regex Configured but no matches found for the given regex");
    } else if (matchedAlternativeNamesList.size() > 1) {
        authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE,
                X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_REGEX_MULTIPLE_MATCHES_ERROR_CODE);
        throw new AuthenticationFailedException("More than one match for the given regex");
    } else {
        return matchedAlternativeNamesList.get(0);
    }

}