Example usage for org.bouncycastle.asn1.x500 X500NameStyle oidToDisplayName

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x500 X500NameStyle oidToDisplayName.

Prototype

String oidToDisplayName(ASN1ObjectIdentifier oid);

Source Link

Document

Return the display name for toString() associated with the OID.

Usage

From source file:org.graylog.plugins.auth.tls.sso.CertificateTools.java

License:Open Source License

private static Map<String, String> convertCertificateInformation(X509CertificateHolder certificate)
        throws CertificateException {
    final X500NameStyle x500NameStyle = BCStyle.INSTANCE;
    final CertificateInfo<String, String> certInfo = new CertificateInfo<>();

    // Stores relative distinguished names of Subject
    X500Name subject = certificate.getSubject();
    for (RDN rdn : subject.getRDNs()) {
        if (rdn.getFirst() == null) {
            log.warn("Unable to get first RDN");
            continue;
        }/*from   ww  w  . j a  v a2 s .c om*/
        AttributeTypeAndValue atav = rdn.getFirst();
        if (atav == null) {
            log.warn("Unable to get first AttributeTypeAndValue");
            continue;
        }
        String displayName = x500NameStyle.oidToDisplayName(atav.getType());
        ASN1Encodable value = atav.getValue();
        if (displayName != null && value != null) {
            certInfo.putLogString(displayName, value);
        }
    }

    certInfo.putLogString("CERT_SERIAL", certificate.getSerialNumber());
    certInfo.putLogString("ISSUER", certificate.getIssuer());

    // Convert to java.security.cert.X509Certificate
    X509Certificate jcert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificate);

    // Set subject alternate names
    // There may be several of the same type in the certificate. This implementation will overwrite in collisions!
    Collection<List<?>> sans = jcert.getSubjectAlternativeNames();
    if (sans != null)
        for (List<?> san : sans) {
            Object[] sanArray = san.toArray();
            switch ((Integer) sanArray[0]) {
            // These are known to be Strings
            case 1:
                if (sanArray[1] != null)
                    certInfo.putLogString("rfc822Name", sanArray[1]);
                break;
            case 2:
                if (sanArray[1] != null)
                    certInfo.putLogString("dNSName", sanArray[1]);
                break;
            case 4:
                if (sanArray[1] != null)
                    certInfo.putLogString("directoryName", sanArray[1]);
                break;
            case 6:
                if (sanArray[1] != null)
                    certInfo.putLogString("uniformResourceIdentifier", sanArray[1]);
                break;
            case 7:
                if (sanArray[1] != null)
                    certInfo.putLogString("iPAddress", sanArray[1]);
                break;
            case 8:
                if (sanArray[1] != null)
                    certInfo.putLogString("registeredID", sanArray[1]);
                break;
            }
        }

    // Populate key usages
    boolean[] keyUsages = jcert.getKeyUsage();
    if (keyUsages != null && keyUsages.length == 9) {
        if (keyUsages[0])
            certInfo.putLogString("Usage digitalSignature", "true");
        if (keyUsages[1])
            certInfo.putLogString("Usage nonRepudiation", "true");
        if (keyUsages[2])
            certInfo.putLogString("Usage keyEncipherment", "true");
        if (keyUsages[3])
            certInfo.putLogString("Usage dataEncipherment", "true");
        if (keyUsages[4])
            certInfo.putLogString("Usage keyAgreement", "true");
        if (keyUsages[5])
            certInfo.putLogString("Usage keyCertSign", "true");
        if (keyUsages[6])
            certInfo.putLogString("Usage cRLSign", "true");
        if (keyUsages[7])
            certInfo.putLogString("Usage encipherOnly", "true");
        if (keyUsages[8])
            certInfo.putLogString("Usage decipherOnly", "true");
    }

    // Populate extended usages
    List<String> extendedUsage = jcert.getExtendedKeyUsage();
    if (extendedUsage != null)
        for (String s : extendedUsage) {
            if (extendedUsageOids.containsKey(s)) {
                certInfo.putLogString("Usage " + extendedUsageOids.get(s), "true");
            } else {
                log.warn("Unknown extended usage OID: {}", s);
            }
        }

    return certInfo;
}

---