List of usage examples for org.apache.commons.ssl.asn1 ASN1InputStream ASN1InputStream
public ASN1InputStream(byte[] input)
From source file:org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateAuthenticator.java
/** * Get alternative name that match with the given regex from the certificate. * * @param cert x509 certificate. * @param authenticationContext authenticationContext *///from w w w . j a v a2s. com private String getMatchedAlternativeName(X509Certificate cert, AuthenticationContext authenticationContext) throws AuthenticationFailedException { List<String> matchedAlternativeNamesList = new ArrayList<>(); try { Collection<List<?>> altNames = cert.getSubjectAlternativeNames(); if (altNames != null) { for (List item : altNames) { ASN1InputStream decoder = null; if (item.toArray()[1] instanceof byte[]) decoder = new ASN1InputStream((byte[]) item.toArray()[1]); else if (item.toArray()[1] instanceof String) { Matcher m = alternativeNamesPatternCompiled.matcher((String) item.toArray()[1]); addMatchStringsToList(m, matchedAlternativeNamesList); } if (decoder == null) continue; String identity = decodeAlternativeName(decoder); Matcher m = alternativeNamesPatternCompiled.matcher(identity); addMatchStringsToList(m, matchedAlternativeNamesList); } } else { authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_NOTFOUND_ERROR_CODE); throw new AuthenticationFailedException( X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_NOTFOUND_ERROR); } } catch (CertificateParsingException | IOException e) { throw new AuthenticationFailedException("Failed to Parse the certificate"); } if (matchedAlternativeNamesList.isEmpty()) { authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_REGEX_NO_MATCHES_ERROR_CODE); throw new AuthenticationFailedException("Regex Configured but no matches found for the given regex"); } else if (matchedAlternativeNamesList.size() > 1) { authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.X509_CERTIFICATE_ALTERNATIVE_NAMES_REGEX_MULTIPLE_MATCHES_ERROR_CODE); throw new AuthenticationFailedException("More than one match for the given regex"); } else { return matchedAlternativeNamesList.get(0); } }