List of usage examples for org.bouncycastle.asn1.x500 X500Name getRDNs
public RDN[] getRDNs(ASN1ObjectIdentifier attributeType)
From source file:be.neutrinet.ispng.vpn.api.VPNClientCertificate.java
@Put public Representation storeCSR(Representation csrstream) { if (!getRequestAttributes().containsKey("client")) { return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); }//from www.j a v a2 s . co m StreamRepresentation sr = (StreamRepresentation) csrstream; // Do all kinds of security checks try { Client client = Clients.dao.queryForId(getAttribute("client").toString()); PEMParser parser = new PEMParser(sr.getReader()); PKCS10CertificationRequest csr = (PKCS10CertificationRequest) parser.readObject(); SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(pkInfo); // This makes the NSA work harder on their quantum computer // Require 4096 bit key // http://stackoverflow.com/a/20622933 if (!(rsa.getModulus().bitLength() > 2048)) { ClientError err = new ClientError("ILLEGAL_KEY_SIZE"); return new JacksonRepresentation(err); } X500Name subject = X500Name.getInstance(csr.getSubject()); RDN[] rdns = subject.getRDNs(BCStyle.CN); if (rdns == null || rdns.length == 0) { return clientError("NO_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST); } String CN = IETFUtils.valueToString(rdns[0].getFirst().getValue()); if (CN == null || CN.isEmpty()) { return clientError("INVALID_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST); } if (getQueryValue("rekey") != null && Boolean.parseBoolean(getQueryValue("rekey"))) { if (!getRequestAttributes().containsKey("cert")) { return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); } Certificate old = Certificates.dao.queryForId(getAttribute("cert")); if (old == null) return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); old.revocationDate = new Date(); if (old.get() == null) { // this can happen when the old certificate is no longer present on the system // in which case the rekey has to go through } else if (pkInfo.getPublicKeyData().getString() .equals(old.get().getSubjectPublicKeyInfo().getPublicKeyData().getString())) { return clientError("REKEY_USING_SAME_KEY", Status.CLIENT_ERROR_NOT_ACCEPTABLE); } Certificates.dao.update(old); } for (Certificate existingCert : Certificates.dao.queryForEq("client_id", client)) { if (existingCert.revocationDate.getTime() > System.currentTimeMillis()) { return clientError("ANOTHER_CLIENT_CERT_ACTIVE", Status.CLIENT_ERROR_NOT_ACCEPTABLE); } } // couple CN to client client.commonName = CN; Clients.dao.update(client); String caStorePath = VPN.cfg.getProperty("ca.storeDir", "ca"); File dir = new File(caStorePath); if (!dir.isDirectory()) { dir.mkdirs(); } Certificate cert = new Certificate(); cert.client = client; Certificates.dao.create(cert); FileWriter fw = new FileWriter(caStorePath + "/" + cert.id + ".csr"); PEMWriter pw = new PEMWriter(fw); pw.writeObject(csr); pw.flush(); return new JacksonRepresentation<>(cert); } catch (Exception ex) { Logger.getLogger(getClass()).error("Failed to validate CSR and/or sign CSR", ex); } return DEFAULT_ERROR; }
From source file:ca.nrc.cadc.beacon.web.view.StorageItem.java
License:Open Source License
public String getOwnerCN() { if (owner == null) { return ""; } else {//from w ww. j av a 2 s. c o m final X500Name xName = new X500Name(owner); RDN[] cnList = xName.getRDNs(BCStyle.CN); if (cnList.length > 0) { // Parse out any part of the cn that is before a '_' String[] cnStringParts = IETFUtils.valueToString(cnList[0].getFirst().getValue()).split("_"); return cnStringParts[0]; } else { return owner; } } }
From source file:com.aqnote.shared.cryptology.cert.util.CertificateUtil.java
License:Open Source License
public static String getSubjectEmail(X509Certificate cert) throws CertificateEncodingException { if (cert == null) return null; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); return getValue(x500name.getRDNs(BCStyle.E)[0]); }
From source file:com.aqnote.shared.cryptology.cert.util.CertificateUtil.java
License:Open Source License
public static String getSubjectCN(X509Certificate cert) throws CertificateEncodingException { if (cert == null) return null; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); return getValue(x500name.getRDNs(BCStyle.CN)[0]); }
From source file:com.aqnote.shared.cryptology.cert.util.CertificateUtil.java
License:Open Source License
public static String getSubjectTitle(X509Certificate cert) throws CertificateEncodingException { if (cert == null) return null; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); return getValue(x500name.getRDNs(BCStyle.T)[0]); }
From source file:com.aqnote.shared.cryptology.cert.util.CertificateUtil.java
License:Open Source License
public static String getIssuerEmail(X509Certificate cert) throws CertificateEncodingException { if (cert == null) return null; X500Name x500name = new JcaX509CertificateHolder(cert).getIssuer(); return getValue(x500name.getRDNs(BCStyle.E)[0]); }
From source file:com.aqnote.shared.cryptology.cert.util.CertificateUtil.java
License:Open Source License
public static String getIssuerCN(X509Certificate cert) throws CertificateEncodingException { if (cert == null) return null; X500Name x500name = new JcaX509CertificateHolder(cert).getIssuer(); return getValue(x500name.getRDNs(BCStyle.CN)[0]); }
From source file:com.aqnote.shared.cryptology.cert.util.CertificateUtil.java
License:Open Source License
public static String getIssuerTitle(X509Certificate cert) throws CertificateEncodingException { if (cert == null) return null; X500Name x500name = new JcaX509CertificateHolder(cert).getIssuer(); return getValue(x500name.getRDNs(BCStyle.T)[0]); }
From source file:com.chiorichan.http.ssl.CertificateWrapper.java
License:Mozilla Public License
public String getCommonNameWithException() throws CertificateEncodingException { X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; return IETFUtils.valueToString(cn.getFirst().getValue()); }
From source file:com.cordova.plugin.CertPlugin.java
License:Open Source License
private X509Certificate getX509CertificateFromP7cert(String p7cert) { try {/*from w w w . j a v a2 s . c o m*/ byte[] encapSigData = Base64.decode(p7cert, 0); // ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); CMSSignedData s = new CMSSignedData(encapSigData); Store certStore = s.getCertificates(); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); @SuppressWarnings("unchecked") ArrayList<X509CertificateHolder> certificateHolders = (ArrayList<X509CertificateHolder>) certStore .getMatches(null); for (X509CertificateHolder holder : certificateHolders) { X509Certificate cert = converter.getCertificate(holder); X500Name x500Name = holder.getSubject(); RDN[] rdns = x500Name.getRDNs(BCStyle.CN); RDN rdn = rdns[0]; String name = IETFUtils.valueToString(rdn.getFirst().getValue()); if (!name.contains("ROOT")) { //cn ?? ROOT ?? return cert; } // certList.add(cert); } return null; } catch (Exception e) { e.printStackTrace(); } return null; }