List of usage examples for org.bouncycastle.asn1.x500.style IETFUtils valueToString
public static String valueToString(ASN1Encodable value)
From source file:be.neutrinet.ispng.vpn.api.VPNClientCertificate.java
@Put public Representation storeCSR(Representation csrstream) { if (!getRequestAttributes().containsKey("client")) { return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); }//from w w w .j a v a2 s . c om StreamRepresentation sr = (StreamRepresentation) csrstream; // Do all kinds of security checks try { Client client = Clients.dao.queryForId(getAttribute("client").toString()); PEMParser parser = new PEMParser(sr.getReader()); PKCS10CertificationRequest csr = (PKCS10CertificationRequest) parser.readObject(); SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(pkInfo); // This makes the NSA work harder on their quantum computer // Require 4096 bit key // http://stackoverflow.com/a/20622933 if (!(rsa.getModulus().bitLength() > 2048)) { ClientError err = new ClientError("ILLEGAL_KEY_SIZE"); return new JacksonRepresentation(err); } X500Name subject = X500Name.getInstance(csr.getSubject()); RDN[] rdns = subject.getRDNs(BCStyle.CN); if (rdns == null || rdns.length == 0) { return clientError("NO_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST); } String CN = IETFUtils.valueToString(rdns[0].getFirst().getValue()); if (CN == null || CN.isEmpty()) { return clientError("INVALID_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST); } if (getQueryValue("rekey") != null && Boolean.parseBoolean(getQueryValue("rekey"))) { if (!getRequestAttributes().containsKey("cert")) { return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); } Certificate old = Certificates.dao.queryForId(getAttribute("cert")); if (old == null) return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); old.revocationDate = new Date(); if (old.get() == null) { // this can happen when the old certificate is no longer present on the system // in which case the rekey has to go through } else if (pkInfo.getPublicKeyData().getString() .equals(old.get().getSubjectPublicKeyInfo().getPublicKeyData().getString())) { return clientError("REKEY_USING_SAME_KEY", Status.CLIENT_ERROR_NOT_ACCEPTABLE); } Certificates.dao.update(old); } for (Certificate existingCert : Certificates.dao.queryForEq("client_id", client)) { if (existingCert.revocationDate.getTime() > System.currentTimeMillis()) { return clientError("ANOTHER_CLIENT_CERT_ACTIVE", Status.CLIENT_ERROR_NOT_ACCEPTABLE); } } // couple CN to client client.commonName = CN; Clients.dao.update(client); String caStorePath = VPN.cfg.getProperty("ca.storeDir", "ca"); File dir = new File(caStorePath); if (!dir.isDirectory()) { dir.mkdirs(); } Certificate cert = new Certificate(); cert.client = client; Certificates.dao.create(cert); FileWriter fw = new FileWriter(caStorePath + "/" + cert.id + ".csr"); PEMWriter pw = new PEMWriter(fw); pw.writeObject(csr); pw.flush(); return new JacksonRepresentation<>(cert); } catch (Exception ex) { Logger.getLogger(getClass()).error("Failed to validate CSR and/or sign CSR", ex); } return DEFAULT_ERROR; }
From source file:ca.nrc.cadc.beacon.web.view.StorageItem.java
License:Open Source License
public String getOwnerCN() { if (owner == null) { return ""; } else {/*from w w w. ja v a2 s . c om*/ final X500Name xName = new X500Name(owner); RDN[] cnList = xName.getRDNs(BCStyle.CN); if (cnList.length > 0) { // Parse out any part of the cn that is before a '_' String[] cnStringParts = IETFUtils.valueToString(cnList[0].getFirst().getValue()).split("_"); return cnStringParts[0]; } else { return owner; } } }
From source file:ca.trustpoint.m2m.M2mTrustAnchor.java
License:Apache License
/** * Creates a new instance.// w w w . ja v a 2 s . co m * * @param x509Certificate X.509 certificate to use as trust anchor. * @throws IllegalArgumentException if x509Certificate is null. */ public M2mTrustAnchor(X509Certificate x509Certificate) throws IllegalArgumentException { if (x509Certificate == null) { throw new IllegalArgumentException("x509Certificate cannot be null."); } X500Name x500Name = JcaX500NameUtil.getSubject(x509Certificate); EntityName caName = new EntityName(); int attributeCount = 0; for (RDN rdn : x500Name.getRDNs()) { AttributeTypeAndValue attr = rdn.getFirst(); EntityNameAttributeId attributeId; if (BCStyle.C.equals(attr.getType())) { attributeId = EntityNameAttributeId.Country; } else if (BCStyle.O.equals(attr.getType())) { attributeId = EntityNameAttributeId.Organization; } else if (BCStyle.OU.equals(attr.getType())) { attributeId = EntityNameAttributeId.OrganizationalUnit; } else if (BCStyle.DN_QUALIFIER.equals(attr.getType())) { attributeId = EntityNameAttributeId.DistinguishedNameQualifier; } else if (BCStyle.ST.equals(attr.getType())) { attributeId = EntityNameAttributeId.StateOrProvince; } else if (BCStyle.L.equals(attr.getType())) { attributeId = EntityNameAttributeId.Locality; } else if (BCStyle.CN.equals(attr.getType())) { attributeId = EntityNameAttributeId.CommonName; } else if (BCStyle.SN.equals(attr.getType())) { attributeId = EntityNameAttributeId.SerialNumber; } else if (BCStyle.DC.equals(attr.getType())) { attributeId = EntityNameAttributeId.DomainComponent; } else { // Unsupported attribute. continue; } caName.addAttribute(new EntityNameAttribute(attributeId, IETFUtils.valueToString(attr.getValue()))); attributeCount++; if (attributeCount == EntityName.MAXIMUM_ATTRIBUTES) { // We have reached the maximum number of attributes for an EntityName, so stop here. break; } } this.caName = caName; this.publicKey = x509Certificate.getPublicKey(); certificate = null; }
From source file:com.aqnote.shared.cryptology.cert.util.CertificateUtil.java
License:Open Source License
public static String getValue(RDN rdn) { if (rdn == null) return null; return IETFUtils.valueToString(rdn.getFirst().getValue()); }
From source file:com.chiorichan.http.ssl.CertificateWrapper.java
License:Mozilla Public License
public String getCommonNameWithException() throws CertificateEncodingException { X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; return IETFUtils.valueToString(cn.getFirst().getValue()); }
From source file:com.cordova.plugin.CertPlugin.java
License:Open Source License
private X509Certificate getX509CertificateFromP7cert(String p7cert) { try {//from w ww . j a va 2 s .c om byte[] encapSigData = Base64.decode(p7cert, 0); // ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); CMSSignedData s = new CMSSignedData(encapSigData); Store certStore = s.getCertificates(); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); @SuppressWarnings("unchecked") ArrayList<X509CertificateHolder> certificateHolders = (ArrayList<X509CertificateHolder>) certStore .getMatches(null); for (X509CertificateHolder holder : certificateHolders) { X509Certificate cert = converter.getCertificate(holder); X500Name x500Name = holder.getSubject(); RDN[] rdns = x500Name.getRDNs(BCStyle.CN); RDN rdn = rdns[0]; String name = IETFUtils.valueToString(rdn.getFirst().getValue()); if (!name.contains("ROOT")) { //cn ?? ROOT ?? return cert; } // certList.add(cert); } return null; } catch (Exception e) { e.printStackTrace(); } return null; }
From source file:com.helger.peppol.as2client.AS2ClientHelper.java
License:Apache License
/** * @param aCert//from w ww . ja v a 2s . c o m * Source certificate. May not be <code>null</code>. * @return The common name of the certificate subject * @throws CertificateEncodingException * In case of an internal error */ @Nonnull public static String getSubjectCommonName(@Nonnull final X509Certificate aCert) throws CertificateEncodingException { ValueEnforcer.notNull(aCert, "Certificate"); final X500Name x500name = new JcaX509CertificateHolder(aCert).getSubject(); final RDN cn = x500name.getRDNs(BCStyle.CN)[0]; return IETFUtils.valueToString(cn.getFirst().getValue()); }
From source file:com.oath.auth.SocketTest.java
License:Apache License
private String getCN(Certificate[] certificates) throws CertificateEncodingException { final X509Certificate[] clientCerts = (X509Certificate[]) certificates; final X500Name certificateHolder = new JcaX509CertificateHolder(clientCerts[0]).getSubject(); final RDN commonName = certificateHolder.getRDNs(BCStyle.CN)[0]; return IETFUtils.valueToString(commonName.getFirst().getValue()); }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static String extractX509CSRCommonName(PKCS10CertificationRequest certReq) { String cn = null;//from www . j a v a 2 s .c om X500Name x500name = certReq.getSubject(); RDN cnRdn = x500name.getRDNs(BCStyle.CN)[0]; if (cnRdn != null) { cn = IETFUtils.valueToString(cnRdn.getFirst().getValue()); } return cn; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static String extractX509CertCommonName(X509Certificate x509Cert) { // in case there are multiple CNs, we're only looking at the first one String cn = null;/* ww w . j a va 2s. co m*/ String principalName = x509Cert.getSubjectX500Principal().getName(); if (principalName != null && !principalName.isEmpty()) { X500Name x500name = new X500Name(principalName); RDN cnRdn = x500name.getRDNs(BCStyle.CN)[0]; if (cnRdn != null) { cn = IETFUtils.valueToString(cnRdn.getFirst().getValue()); } } return cn; }