Example usage for org.bouncycastle.asn1.x500 X500Name getRDNs

List of usage examples for org.bouncycastle.asn1.x500 X500Name getRDNs

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x500.*
  5. X500Name
  6. getRDNs

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x500 X500Name getRDNs.

Prototype

public RDN[] getRDNs(ASN1ObjectIdentifier attributeType)

Source Link

Document

return an array of RDNs containing the attribute type given by OID in structure order.

Usage

From source file:org.cesecore.certificates.certificate.CertificateCreateSessionTest.java

License:Open Source License

@Test
public void testDnOrder() throws Exception {
    final CertificateProfile certprof = new CertificateProfile(
            CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER);
    assertTrue(certprof.getUseLdapDnOrder());
    String finger1 = null;/*from   w ww. j  ava 2s . co  m*/
    String finger2 = null;
    try {
        int cpId = certProfileSession.addCertificateProfile(roleMgmgToken, "createCertTest", certprof);

        // EJBCA standard has SN means serialnumber, surname is SURNAME. Must be kept for backwards compatibility
        EndEntityInformation user = new EndEntityInformation("dnorder",
                "C=SE,O=PrimeKey,SN=12345,SURNAME=surname,CN=DnOrderTest", testx509ca.getCAId(), null,
                "dnoverride@anatom.se", new EndEntityType(EndEntityTypes.ENDUSER), 0, cpId,
                EndEntityConstants.TOKEN_USERGEN, 0, null);
        user.setStatus(EndEntityConstants.STATUS_NEW);
        user.setPassword("foo123");

        SimpleRequestMessage req = new SimpleRequestMessage(keys.getPublic(), "dnorder", "foo123");
        req.setIssuerDN(CertTools.getIssuerDN(testx509ca.getCACertificate()));
        req.setRequestDN("C=SE,O=Foo Company,SN=12345,SURNAME=surname,CN=DnOrderTest"); // This should not matter now

        // Make the call
        X509ResponseMessage resp = (X509ResponseMessage) certificateCreateSession.createCertificate(
                roleMgmgToken, user, req,
                org.cesecore.certificates.certificate.request.X509ResponseMessage.class,
                signSession.fetchCertGenParams());
        assertNotNull("Failed to get response", resp);
        Certificate cert = (X509Certificate) resp.getCertificate();
        finger1 = CertTools.getFingerprintAsString(cert);
        assertNotNull("Failed to create certificate", cert);
        X500Principal princ = ((X509Certificate) cert).getSubjectX500Principal();
        X500Name name = X500Name.getInstance(princ.getEncoded());
        assertEquals("CN=DnOrderTest,SERIALNUMBER=12345,SURNAME=surname,O=PrimeKey,C=SE", name.toString());
        // Get device serial number to check that it really is the correct stuff and that SerialNumber and SurName has not gotten mixed up
        RDN[] rdns = name.getRDNs(new ASN1ObjectIdentifier("2.5.4.5")); // Device serial number
        assertEquals(1, rdns.length);
        AttributeTypeAndValue value = rdns[0].getFirst();
        assertEquals("12345", value.getValue().toString());
        rdns = name.getRDNs(new ASN1ObjectIdentifier("2.5.4.4")); // Surname (last name)
        value = rdns[0].getFirst();
        assertEquals(1, rdns.length);
        assertEquals("surname", value.getValue().toString());

        // Test reversing DN, should make a lot of difference
        certprof.setUseLdapDnOrder(false);
        certProfileSession.changeCertificateProfile(roleMgmgToken, "createCertTest", certprof);

        resp = (X509ResponseMessage) certificateCreateSession.createCertificate(roleMgmgToken, user, req,
                org.cesecore.certificates.certificate.request.X509ResponseMessage.class,
                signSession.fetchCertGenParams());
        assertNotNull("Failed to get response", resp);
        cert = (X509Certificate) resp.getCertificate();
        finger2 = CertTools.getFingerprintAsString(cert);
        assertNotNull("Failed to create certificate", cert);
        princ = ((X509Certificate) cert).getSubjectX500Principal();
        name = X500Name.getInstance(princ.getEncoded());
        assertEquals("C=SE,O=PrimeKey,SURNAME=surname,SERIALNUMBER=12345,CN=DnOrderTest", name.toString());
        // Get device serial number to check that it really is the correct stuff and that SerialNumber and SurName has not gotten mixed up
        rdns = name.getRDNs(new ASN1ObjectIdentifier("2.5.4.5")); // Device serial number
        assertEquals(1, rdns.length);
        value = rdns[0].getFirst();
        assertEquals("12345", value.getValue().toString());
        rdns = name.getRDNs(new ASN1ObjectIdentifier("2.5.4.4")); // Surname (last name)
        value = rdns[0].getFirst();
        assertEquals(1, rdns.length);
        assertEquals("surname", value.getValue().toString());
    } finally {
        certProfileSession.removeCertificateProfile(roleMgmgToken, "createCertTest");
        internalCertStoreSession.removeCertificate(finger1);
        internalCertStoreSession.removeCertificate(finger2);
    }
}

From source file:org.cesecore.certificates.certificate.request.PKCS10RequestMessage.java

License:Open Source License

@Override
public String getUsername() {
    if (username != null) {
        return username;
    }/*from   w  ww.  j a va  2 s . com*/
    // Special if the DN contains unstructuredAddress where it becomes: 
    // CN=pix.primekey.se + unstructuredAddress=pix.primekey.se
    // We only want the CN and not the oid-part.
    // Luckily for us this is handles automatically by BC X500Name class
    X500Name xname = getRequestX500Name();
    String ret = null;
    if (xname == null) {
        log.info("No requestDN in request, probably we could not read/parse/decrypt request.");
    } else {
        RDN[] cnValues = xname.getRDNs(CeSecoreNameStyle.CN);
        if (cnValues.length == 0) {
            log.info("No CN in DN: " + xname.toString());
        } else {
            AttributeTypeAndValue[] tavs = cnValues[0].getTypesAndValues();
            for (AttributeTypeAndValue tav : tavs) {
                if (tav.getType().equals(CeSecoreNameStyle.CN)) {
                    ret = tav.getValue().toString();
                    break;
                }
            }
            // If we have a CN with a normal name like "Test Testsson" we only want to 
            // use the first part as the username
            int index = ret.indexOf(' ');
            if (index > 0) {
                ret = ret.substring(0, index);
            }
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("UserName='" + ret + "'");
    }
    return ret;
}

From source file:org.cesecore.util.CertTools.java

License:Open Source License

/**
 * Obtain a X500Name reordered, if some fields from original X500Name doesn't appear in "ordering" parameter, they will be added at end in the
 * original order.//from   w w w.  j  a va  2 s.  com
 * 
 * @param x500Name the X500Name that is unordered
 * @param ldaporder true if LDAP ordering of DN should be used (default in EJBCA), false for X.500 order, ldap order is CN=A,OU=B,O=C,C=SE, x.500
 *            order is the reverse
 * @param nameStyle Controls how the name is encoded. Usually it should be a CeSecoreNameStyle.
 * @return X500Name with ordered conmponents according to the orcering vector
 */
private static X500Name getOrderedX500Name(final X500Name x500Name, boolean ldaporder,
        final X500NameStyle nameStyle) {
    // -- Null prevent
    // Guess order of the input name
    final boolean isLdapOrder = !isDNReversed(x500Name.toString());
    // -- New order for the X509 Fields
    final List<ASN1ObjectIdentifier> newOrdering = new ArrayList<ASN1ObjectIdentifier>();
    final List<ASN1Encodable> newValues = new ArrayList<ASN1Encodable>();
    // -- Add ordered fields
    final ASN1ObjectIdentifier[] allOids = x500Name.getAttributeTypes();
    // If we think the DN is in LDAP order, first order it as a LDAP DN, if we don't think it's LDAP order
    // order it as a X.500 DN
    final List<ASN1ObjectIdentifier> ordering = getX509FieldOrder(isLdapOrder);
    final HashSet<ASN1ObjectIdentifier> hs = new HashSet<ASN1ObjectIdentifier>(
            allOids.length + ordering.size());
    for (final ASN1ObjectIdentifier oid : ordering) {
        if (!hs.contains(oid)) {
            hs.add(oid);
            final RDN[] valueList = x500Name.getRDNs(oid);
            // -- Only add the OID if has not null value
            for (final RDN value : valueList) {
                newOrdering.add(oid);
                newValues.add(value.getFirst().getValue());
            }
        }
    }
    // -- Add unexpected fields to the end
    for (final ASN1ObjectIdentifier oid : allOids) {
        if (!hs.contains(oid)) {
            hs.add(oid);
            final RDN[] valueList = x500Name.getRDNs(oid);
            // -- Only add the OID if has not null value
            for (final RDN value : valueList) {
                newOrdering.add(oid);
                newValues.add(value.getFirst().getValue());
                if (log.isDebugEnabled()) {
                    log.debug("added --> " + oid + " val: " + value);
                }
            }
        }
    }
    // If the requested ordering was the reverse of the ordering the input string was in (by our guess in the beginning)
    // we have to reverse the vectors
    if (ldaporder != isLdapOrder) {
        if (log.isDebugEnabled()) {
            log.debug("Reversing order of DN, ldaporder=" + ldaporder + ", isLdapOrder=" + isLdapOrder);
        }
        Collections.reverse(newOrdering);
        Collections.reverse(newValues);
    }

    X500NameBuilder nameBuilder = new X500NameBuilder(nameStyle);
    for (int i = 0; i < newOrdering.size(); i++) {
        nameBuilder.addRDN(newOrdering.get(i), newValues.get(i));
    }
    // -- Return X500Name with the ordered fields
    return nameBuilder.build();
}

From source file:org.codice.ddf.security.certificate.generator.PkiToolsTest.java

License:Open Source License

@Test
public void dnIsValidFormat() throws CertificateEncodingException {
    X500Name name = PkiTools.convertDistinguishedName("cn=john.smith", "o=police box", "o = Tardis",
            "l= London", "c=UK");
    assertThat(name.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString(), equalTo("john.smith"));
    assertThat(name.getRDNs(BCStyle.O).length, equalTo(2));
    assertThat(name.getRDNs(BCStyle.C)[0].getFirst().getValue().toString(), equalTo("UK"));
}

From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java

License:Open Source License

@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
    SSLSocket socket = null;//from w w w  .  j a va  2s  .  c o m
    String decodedUrl = null;
    List<Map<String, Object>> resultList = new ArrayList<>();
    try {
        decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
        socket = createNonVerifyingSslSocket(decodedUrl);
        socket.startHandshake();
        X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
        for (X509Certificate certificate : peerCertificateChain) {
            try {
                X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
                trustStore.setCertificateEntry(cnStr, certificate);
                resultList.add(Collections.singletonMap("success", true));
            } catch (CertificateEncodingException e) {
                resultList.add(Collections.singletonMap("success", false));
                LOGGER.info("Unable to store certificate: {}", certificate.toString(), e);
            }
        }
        Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
        if (!trustStoreFile.isAbsolute()) {
            Path ddfHomePath = Paths.get(System.getProperty("ddf.home"));
            trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
        }
        String keyStorePassword = SecurityConstants.getTruststorePassword();
        OutputStream fos = Files.newOutputStream(trustStoreFile);
        trustStore.store(fos, keyStorePassword.toCharArray());
    } catch (IOException | GeneralSecurityException e) {
        LOGGER.info("Unable to add certificate(s) to trust store from URL: {}",
                (decodedUrl != null) ? decodedUrl : url, e);
    } finally {
        IOUtils.closeQuietly(socket);
    }
    return resultList;
}

From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java

License:Open Source License

private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data,
        String type, String fileName, String path, String storepass, KeyStore store)
        throws KeystoreEditorException {
    OutputStream fos = null;/*from   ww w .  j av  a  2 s  .c  om*/
    try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) {
        if (StringUtils.isBlank(alias)) {
            throw new IllegalArgumentException("Alias cannot be null.");
        }
        Path storeFile = Paths.get(path);
        //check the two most common key/cert stores first (pkcs12 and jks)
        if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) {
            //priv key + cert chain
            KeyStore pkcs12Store = KeyStore.getInstance("PKCS12");
            pkcs12Store.load(inputStream, storePassword.toCharArray());
            Certificate[] chain = pkcs12Store.getCertificateChain(alias);
            Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray());
            if (key != null) {
                store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain);
                fos = Files.newOutputStream(storeFile);
                store.store(fos, storepass.toCharArray());
            }
        } else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) {
            //java keystore file
            KeyStore jks = KeyStore.getInstance("jks");
            jks.load(inputStream, storePassword.toCharArray());
            Enumeration<String> aliases = jks.aliases();

            //we are going to store all entries from the jks regardless of the passed in alias
            while (aliases.hasMoreElements()) {
                String jksAlias = aliases.nextElement();

                if (jks.isKeyEntry(jksAlias)) {
                    Key key = jks.getKey(jksAlias, keyPassword.toCharArray());
                    Certificate[] certificateChain = jks.getCertificateChain(jksAlias);
                    store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain);
                } else {
                    Certificate certificate = jks.getCertificate(jksAlias);
                    store.setCertificateEntry(jksAlias, certificate);
                }
            }

            fos = Files.newOutputStream(storeFile);
            store.store(fos, storepass.toCharArray());
            //need to parse der separately from pem, der has the same mime type but is binary hence checking both
        } else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) {
            ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream);
            ASN1Primitive asn1Primitive = asn1InputStream.readObject();
            X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            Certificate certificate = certificateFactory
                    .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
            X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
            if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) {
                store.setCertificateEntry(cnStr, certificate);
            }
            store.setCertificateEntry(alias, certificate);
            fos = Files.newOutputStream(storeFile);
            store.store(fos, storepass.toCharArray());
            //if it isn't one of the stores we support, it might be a key or cert by itself
        } else if (isPemParsable(type, fileName)) {
            //This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser
            Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
            PEMParser pemParser = new PEMParser(reader);
            Object object;
            boolean setEntry = false;
            while ((object = pemParser.readObject()) != null) {
                if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) {
                    PEMKeyPair pemKeyPair;
                    if (object instanceof PEMEncryptedKeyPair) {
                        PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object;
                        JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder();
                        pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair(
                                jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray()));
                    } else {
                        pemKeyPair = (PEMKeyPair) object;
                    }

                    KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair);
                    PrivateKey privateKey = keyPair.getPrivate();
                    Certificate[] chain = store.getCertificateChain(alias);
                    if (chain == null) {
                        chain = buildCertChain(alias, store);
                    }
                    store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain);
                    setEntry = true;
                } else if (object instanceof X509CertificateHolder) {
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object;
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                    Certificate certificate = certificateFactory
                            .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
                    X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate)
                            .getSubject();
                    RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                    String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
                    if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) {
                        store.setCertificateEntry(cnStr, certificate);
                    }
                    store.setCertificateEntry(alias, certificate);
                    setEntry = true;
                } else if (object instanceof ContentInfo) {
                    ContentInfo contentInfo = (ContentInfo) object;
                    if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
                        CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo);
                        OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure();
                        ASN1Set certificates = originatorInfo.getCertificates();
                        setEntry = importASN1CertificatesToStore(store, setEntry, certificates);
                    } else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) {
                        SignedData signedData = SignedData.getInstance(contentInfo.getContent());
                        ASN1Set certificates = signedData.getCertificates();
                        setEntry = importASN1CertificatesToStore(store, setEntry, certificates);
                    }
                } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
                    PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object;
                    Certificate[] chain = store.getCertificateChain(alias);
                    if (chain == null) {
                        chain = buildCertChain(alias, store);
                    }
                    try {
                        store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain);
                        setEntry = true;
                    } catch (KeyStoreException keyEx) {
                        try {
                            PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(),
                                    keyPassword.toCharArray());
                            store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(),
                                    chain);
                            setEntry = true;
                        } catch (GeneralSecurityException e) {
                            LOGGER.info(
                                    "Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.",
                                    e);
                            throw keyEx;
                        }
                    }
                }
            }
            if (setEntry) {
                fos = Files.newOutputStream(storeFile);
                store.store(fos, storepass.toCharArray());
            }
        }
    } catch (Exception e) {
        LOGGER.info("Unable to add entry {} to store", alias, e);
        throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e);
    } finally {
        if (fos != null) {
            try {
                fos.close();
            } catch (IOException ignore) {
            }
        }
    }
    init();
}

From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java

License:Open Source License

private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates)
        throws KeystoreEditorException {
    Enumeration certificateEnumeration = certificates.getObjects();
    try {/*w w w.j  a  v a2s  .co  m*/
        while (certificateEnumeration.hasMoreElements()) {
            ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement())
                    .toASN1Primitive();
            org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate
                    .getInstance(asn1Primitive);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            Certificate certificate = certificateFactory
                    .generateCertificate(new ByteArrayInputStream(instance.getEncoded()));
            X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate);
            setEntry = true;
        }
    } catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) {
        throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e);
    }
    return setEntry;
}

From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java

License:Open Source License

private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException {
    try {//from   w  w  w. j a  v  a  2  s. c o m
        Certificate certificate = store.getCertificate(alias);
        if (certificate != null) {
            X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0];
            X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer();
            RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0];
            String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue());
            String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue());
            if (StringUtils.isBlank(issuer) || issuer.equals(subject)) {
                List<Certificate> certificates = new ArrayList<>();
                certificates.add(certificate);
                return certificates;
            } else {
                List<Certificate> certificates = buildCertChainList(issuer, store);
                certificates.add(certificate);
                return certificates;
            }
        } else {
            return new ArrayList<>();
        }
    } catch (CertificateEncodingException | KeyStoreException e) {
        throw new KeystoreEditorException("Unable to build cert chain list.", e);
    }
}

From source file:org.commonjava.util.jhttpc.INTERNAL.util.SSLUtils.java

License:Apache License

public static void extractAliases(Certificate certificate, Set<String> aliases)
        throws CertificateParsingException {
    Logger logger = LoggerFactory.getLogger(SSLUtils.class);

    X509Certificate cert = (X509Certificate) certificate;
    //        logger.debug( "Extracting aliases from:\n\n{}\n\n", cert );

    X500Principal x500Principal = cert.getSubjectX500Principal();
    X500Name x500Name = new X500Name(x500Principal.getName(X500Principal.RFC1779));
    logger.trace("Certificate X.500 name: '{}'", x500Name.toString());

    RDN[] matchingRDNs = x500Name.getRDNs(BCStyle.CN);
    if (matchingRDNs != null && matchingRDNs.length > 0) {
        RDN cn = matchingRDNs[0];//w w w .j a va2 s.co m
        AttributeTypeAndValue typeAndValue = cn.getFirst();
        if (typeAndValue != null) {
            String alias = IETFUtils.valueToString(typeAndValue.getValue());
            logger.trace("Found certificate alias: '{}'", alias);
            aliases.add(alias);
        }
    }

    Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
    if (subjectAlternativeNames != null) {
        for (List<?> names : subjectAlternativeNames) {
            if (names.size() > 1 && (DNSNAME_TYPE.equals(names.get(0)))) {
                String alias = (String) names.get(1);
                logger.trace("Found subjectAlternativeName: '{}'", alias);
                aliases.add(alias);
            }
        }
    } else {
        logger.debug("NO SubjectAlternativeNames available!");
    }
}

From source file:org.digidoc4j.impl.bdoc.BDocSignature.java

License:GNU General Public License

private String getCN(X500Name x500Name) {
    logger.debug("");
    String name = x500Name.getRDNs(new ASN1ObjectIdentifier("2.5.4.3"))[0].getTypesAndValues()[0].getValue()
            .toString();/*from   w w w .ja v  a2  s.  co m*/
    logger.debug("Common name: " + name);
    return name;
}