Example usage for org.bouncycastle.asn1.x509 GeneralName directoryName

List of usage examples for org.bouncycastle.asn1.x509 GeneralName directoryName

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. GeneralName
  6. directoryName

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 GeneralName directoryName.

Prototype

int directoryName

To view the source code for org.bouncycastle.asn1.x509 GeneralName directoryName.

Click Source Link

Usage

From source file:org.xipki.pki.ca.api.profile.x509.X509CertprofileUtil.java

License:Open Source License

public static GeneralName createGeneralName(@NonNull final GeneralName requestedName,
        @NonNull final Set<GeneralNameMode> modes) throws BadCertTemplateException {
    ParamUtil.requireNonNull("requestedName", requestedName);

    int tag = requestedName.getTagNo();
    GeneralNameMode mode = null;/*w  ww . j a v  a 2 s .  c om*/
    if (modes != null) {
        for (GeneralNameMode m : modes) {
            if (m.getTag().getTag() == tag) {
                mode = m;
                break;
            }
        }

        if (mode == null) {
            throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
        }
    }

    switch (tag) {
    case GeneralName.rfc822Name:
    case GeneralName.dNSName:
    case GeneralName.uniformResourceIdentifier:
    case GeneralName.iPAddress:
    case GeneralName.registeredID:
    case GeneralName.directoryName:
        return new GeneralName(tag, requestedName.getName());
    case GeneralName.otherName:
        ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
        int size = reqSeq.size();
        if (size != 2) {
            throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
        }

        ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
        if (mode != null && !mode.getAllowedTypes().contains(type)) {
            throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
        }

        ASN1Encodable asn1 = reqSeq.getObjectAt(1);
        if (!(asn1 instanceof ASN1TaggedObject)) {
            throw new BadCertTemplateException("otherName.value is not tagged Object");
        }

        int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
        if (tagNo != 0) {
            throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
        }

        ASN1EncodableVector vector = new ASN1EncodableVector();
        vector.add(type);
        vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
        DERSequence seq = new DERSequence(vector);

        return new GeneralName(GeneralName.otherName, seq);
    case GeneralName.ediPartyName:
        reqSeq = ASN1Sequence.getInstance(requestedName.getName());

        size = reqSeq.size();
        String nameAssigner = null;
        int idx = 0;
        if (size > 1) {
            DirectoryString ds = DirectoryString
                    .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
            nameAssigner = ds.getString();
        }

        DirectoryString ds = DirectoryString
                .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
        String partyName = ds.getString();

        vector = new ASN1EncodableVector();
        if (nameAssigner != null) {
            vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
        }
        vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
        seq = new DERSequence(vector);
        return new GeneralName(GeneralName.ediPartyName, seq);
    default:
        throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
    } // end switch (tag)
}

From source file:org.xipki.pki.ca.client.impl.CmpRequestor.java

License:Open Source License

private ProtectionVerificationResult verifyProtection(final String tid, final GeneralPKIMessage pkiMessage)
        throws CMPException, InvalidKeyException, OperatorCreationException {
    ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage);

    if (protectedMsg.hasPasswordBasedMacProtection()) {
        LOG.warn("NOT_SIGNAUTRE_BASED: " + pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
        return new ProtectionVerificationResult(null, ProtectionResult.NOT_SIGNATURE_BASED);
    }/*from ww  w  .  j a  v  a 2  s.c o  m*/

    PKIHeader header = protectedMsg.getHeader();

    if (recipientName != null) {
        boolean authorizedResponder = true;
        if (header.getSender().getTagNo() != GeneralName.directoryName) {
            authorizedResponder = false;
        } else {
            X500Name msgSender = X500Name.getInstance(header.getSender().getName());
            authorizedResponder = recipientName.equals(msgSender);
        }

        if (!authorizedResponder) {
            LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender());
            return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
        }
    }

    AlgorithmIdentifier protectionAlgo = protectedMsg.getHeader().getProtectionAlg();
    if (!responder.getSigAlgoValidator().isAlgorithmPermitted(protectionAlgo)) {
        String algoName;
        try {
            algoName = AlgorithmUtil.getSignatureAlgoName(protectionAlgo);
        } catch (NoSuchAlgorithmException ex) {
            algoName = protectionAlgo.getAlgorithm().getId();
        }
        LOG.warn("tid={}: response protected by untrusted protection algorithm '{}'", tid, algoName);
        return new ProtectionVerificationResult(null, ProtectionResult.INVALID);
    }

    X509Certificate cert = responder.getCert();
    ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(cert);
    if (verifierProvider == null) {
        LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender());
        return new ProtectionVerificationResult(cert, ProtectionResult.SENDER_NOT_AUTHORIZED);
    }

    boolean signatureValid = protectedMsg.verify(verifierProvider);
    ProtectionResult protRes = signatureValid ? ProtectionResult.VALID : ProtectionResult.INVALID;
    return new ProtectionVerificationResult(cert, protRes);
}

From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java

License:Open Source License

private void checkExtensionIssuerKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue,
        final X509IssuerInfo issuerInfo) {
    AuthorityKeyIdentifier asn1 = AuthorityKeyIdentifier.getInstance(extensionValue);
    byte[] keyIdentifier = asn1.getKeyIdentifier();
    if (keyIdentifier == null) {
        failureMsg.append("keyIdentifier is 'absent' but expected 'present'; ");
    } else if (!Arrays.equals(issuerInfo.getSubjectKeyIdentifier(), keyIdentifier)) {
        addViolation(failureMsg, "keyIdentifier", hex(keyIdentifier),
                hex(issuerInfo.getSubjectKeyIdentifier()));
    }//ww w . java2  s . c om

    BigInteger serialNumber = asn1.getAuthorityCertSerialNumber();
    GeneralNames names = asn1.getAuthorityCertIssuer();

    if (certProfile.isIncludeIssuerAndSerialInAki()) {
        if (serialNumber == null) {
            failureMsg.append("authorityCertSerialNumber is 'absent' but expected 'present'; ");
        } else {
            if (!issuerInfo.getCert().getSerialNumber().equals(serialNumber)) {
                addViolation(failureMsg, "authorityCertSerialNumber", LogUtil.formatCsn(serialNumber),
                        LogUtil.formatCsn(issuerInfo.getCert().getSerialNumber()));
            }
        }

        if (names == null) {
            failureMsg.append("authorityCertIssuer is 'absent' but expected 'present'; ");
        } else {
            GeneralName[] genNames = names.getNames();
            X500Name x500GenName = null;
            for (GeneralName genName : genNames) {
                if (genName.getTagNo() != GeneralName.directoryName) {
                    continue;
                }

                if (x500GenName != null) {
                    failureMsg.append("authorityCertIssuer contains at least two ");
                    failureMsg.append("directoryName but expected one; ");
                    break;
                } else {
                    x500GenName = (X500Name) genName.getName();
                }
            }

            if (x500GenName == null) {
                failureMsg.append("authorityCertIssuer does not contain directoryName but expected one; ");
            } else {
                X500Name caSubject = issuerInfo.getBcCert().getTBSCertificate().getSubject();
                if (!caSubject.equals(x500GenName)) {
                    addViolation(failureMsg, "authorityCertIssuer", x500GenName, caSubject);
                }
            }
        }
    } else {
        if (serialNumber != null) {
            failureMsg.append("authorityCertSerialNumber is 'absent' but expected 'present'; ");
        }

        if (names != null) {
            failureMsg.append("authorityCertIssuer is 'absent' but expected 'present'; ");
        }
    }
}

From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java

License:Open Source License

private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes)
        throws BadCertTemplateException {
    int tag = reqName.getTagNo();
    GeneralNameMode mode = null;//from  w  ww  . jav  a  2  s  . com
    if (modes != null) {
        for (GeneralNameMode m : modes) {
            if (m.getTag().getTag() == tag) {
                mode = m;
                break;
            }
        }

        if (mode == null) {
            throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
        }
    }

    switch (tag) {
    case GeneralName.rfc822Name:
    case GeneralName.dNSName:
    case GeneralName.uniformResourceIdentifier:
    case GeneralName.iPAddress:
    case GeneralName.registeredID:
    case GeneralName.directoryName:
        return new GeneralName(tag, reqName.getName());
    case GeneralName.otherName:
        ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName());
        ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
        if (mode != null && !mode.getAllowedTypes().contains(type)) {
            throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
        }

        ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject();
        String text;
        if (!(value instanceof ASN1String)) {
            throw new BadCertTemplateException("otherName.value is not a String");
        } else {
            text = ((ASN1String) value).getString();
        }

        ASN1EncodableVector vector = new ASN1EncodableVector();
        vector.add(type);
        vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text)));
        DERSequence seq = new DERSequence(vector);

        return new GeneralName(GeneralName.otherName, seq);
    case GeneralName.ediPartyName:
        reqSeq = ASN1Sequence.getInstance(reqName.getName());

        int size = reqSeq.size();
        String nameAssigner = null;
        int idx = 0;
        if (size > 1) {
            DirectoryString ds = DirectoryString
                    .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
            nameAssigner = ds.getString();
        }

        DirectoryString ds = DirectoryString
                .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
        String partyName = ds.getString();

        vector = new ASN1EncodableVector();
        if (nameAssigner != null) {
            vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
        }
        vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
        seq = new DERSequence(vector);
        return new GeneralName(GeneralName.ediPartyName, seq);
    default:
        throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
    } // end switch
}

From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java

License:Open Source License

private PKIBody unRevokeRemoveCertificates(final PKIMessage request, final RevReqContent rr,
        final Permission permission, final CmpControl cmpControl, final String msgId) {
    RevDetails[] revContent = rr.toRevDetailsArray();

    RevRepContentBuilder repContentBuilder = new RevRepContentBuilder();
    final int n = revContent.length;
    // test the request
    for (int i = 0; i < n; i++) {
        RevDetails revDetails = revContent[i];

        CertTemplate certDetails = revDetails.getCertDetails();
        X500Name issuer = certDetails.getIssuer();
        ASN1Integer serialNumber = certDetails.getSerialNumber();

        try {// ww  w  . ja v a2  s  .co  m
            X500Name caSubject = getCa().getCaInfo().getCertificate().getSubjectAsX500Name();

            if (issuer == null) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                        "issuer is not present");
            }

            if (!issuer.equals(caSubject)) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                        "issuer does not target at the CA");
            }

            if (serialNumber == null) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                        "serialNumber is not present");
            }

            if (certDetails.getSigningAlg() != null || certDetails.getValidity() != null
                    || certDetails.getSubject() != null || certDetails.getPublicKey() != null
                    || certDetails.getIssuerUID() != null || certDetails.getSubjectUID() != null) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                        "only version, issuer and serialNumber in RevDetails.certDetails are "
                                + "allowed, but more is specified");
            }

            if (certDetails.getExtensions() == null) {
                if (cmpControl.isRrAkiRequired()) {
                    return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                            "issuer's AKI not present");
                }
            } else {
                Extensions exts = certDetails.getExtensions();
                ASN1ObjectIdentifier[] oids = exts.getCriticalExtensionOIDs();
                if (oids != null) {
                    for (ASN1ObjectIdentifier oid : oids) {
                        if (!Extension.authorityKeyIdentifier.equals(oid)) {
                            return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                                    "unknown critical extension " + oid.getId());
                        }
                    }
                }

                Extension ext = exts.getExtension(Extension.authorityKeyIdentifier);
                if (ext == null) {
                    return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                            "issuer's AKI not present");
                } else {
                    AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(ext.getParsedValue());

                    if (aki.getKeyIdentifier() == null) {
                        return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                                "issuer's AKI not present");
                    }

                    boolean issuerMatched = true;

                    byte[] caSki = getCa().getCaInfo().getCertificate().getSubjectKeyIdentifier();
                    if (Arrays.equals(caSki, aki.getKeyIdentifier())) {
                        issuerMatched = false;
                    }

                    if (issuerMatched && aki.getAuthorityCertSerialNumber() != null) {
                        BigInteger caSerial = getCa().getCaInfo().getSerialNumber();
                        if (!caSerial.equals(aki.getAuthorityCertSerialNumber())) {
                            issuerMatched = false;
                        }
                    }

                    if (issuerMatched && aki.getAuthorityCertIssuer() != null) {
                        GeneralName[] names = aki.getAuthorityCertIssuer().getNames();
                        for (GeneralName name : names) {
                            if (name.getTagNo() != GeneralName.directoryName) {
                                issuerMatched = false;
                                break;
                            }

                            if (!caSubject.equals(name.getName())) {
                                issuerMatched = false;
                                break;
                            }
                        }
                    }

                    if (!issuerMatched) {
                        return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate,
                                "issuer does not target at the CA");
                    }
                }
            }
        } catch (IllegalArgumentException ex) {
            return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest,
                    "the request is not invalid");
        }
    } // end for

    byte[] encodedRequest = null;
    if (getCa().getCaInfo().isSaveRequest()) {
        try {
            encodedRequest = request.getEncoded();
        } catch (IOException ex) {
            LOG.warn("could not encode request");
        }
    }

    Long reqDbId = null;

    for (int i = 0; i < n; i++) {
        RevDetails revDetails = revContent[i];

        CertTemplate certDetails = revDetails.getCertDetails();
        ASN1Integer serialNumber = certDetails.getSerialNumber();
        // serialNumber is not null due to the check in the previous for-block.

        X500Name caSubject = getCa().getCaInfo().getCertificate().getSubjectAsX500Name();
        BigInteger snBigInt = serialNumber.getPositiveValue();
        CertId certId = new CertId(new GeneralName(caSubject), serialNumber);

        PKIStatusInfo status;

        try {
            Object returnedObj = null;
            Long certDbId = null;
            X509Ca ca = getCa();
            if (Permission.UNREVOKE_CERT == permission) {
                // unrevoke
                returnedObj = ca.unrevokeCertificate(snBigInt, msgId);
                if (returnedObj != null) {
                    certDbId = ((X509CertWithDbId) returnedObj).getCertId();
                }
            } else if (Permission.REMOVE_CERT == permission) {
                // remove
                returnedObj = ca.removeCertificate(snBigInt, msgId);
            } else {
                // revoke
                Date invalidityDate = null;
                CrlReason reason = null;

                Extensions crlDetails = revDetails.getCrlEntryDetails();
                if (crlDetails != null) {
                    ASN1ObjectIdentifier extId = Extension.reasonCode;
                    ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId);
                    if (extValue != null) {
                        int reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue();
                        reason = CrlReason.forReasonCode(reasonCode);
                    }

                    extId = Extension.invalidityDate;
                    extValue = crlDetails.getExtensionParsedValue(extId);
                    if (extValue != null) {
                        try {
                            invalidityDate = ASN1GeneralizedTime.getInstance(extValue).getDate();
                        } catch (ParseException ex) {
                            throw new OperationException(ErrorCode.INVALID_EXTENSION,
                                    "invalid extension " + extId.getId());
                        }
                    }
                } // end if (crlDetails)

                if (reason == null) {
                    reason = CrlReason.UNSPECIFIED;
                }

                returnedObj = ca.revokeCertificate(snBigInt, reason, invalidityDate, msgId);
                if (returnedObj != null) {
                    certDbId = ((X509CertWithRevocationInfo) returnedObj).getCert().getCertId();
                }
            } // end if (permission)

            if (returnedObj == null) {
                throw new OperationException(ErrorCode.UNKNOWN_CERT, "cert not exists");
            }

            if (certDbId != null && ca.getCaInfo().isSaveRequest()) {
                if (reqDbId == null) {
                    reqDbId = ca.addRequest(encodedRequest);
                }
                ca.addRequestCert(reqDbId, certDbId);
            }
            status = new PKIStatusInfo(PKIStatus.granted);
        } catch (OperationException ex) {
            ErrorCode code = ex.getErrorCode();
            LOG.warn("{} certificate, OperationException: code={}, message={}", permission.name(), code.name(),
                    ex.getErrorMessage());
            String errorMessage;
            switch (code) {
            case DATABASE_FAILURE:
            case SYSTEM_FAILURE:
                errorMessage = code.name();
                break;
            default:
                errorMessage = code.name() + ": " + ex.getErrorMessage();
                break;
            } // end switch code

            int failureInfo = getPKiFailureInfo(ex);
            status = generateRejectionStatus(failureInfo, errorMessage);
        } // end try

        repContentBuilder.add(status, certId);
    } // end for

    return new PKIBody(PKIBody.TYPE_REVOCATION_REP, repContentBuilder.build());
}

From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java

License:Open Source License

@Override
protected boolean intendsMe(final GeneralName requestRecipient) {
    if (requestRecipient == null) {
        return false;
    }//from ww w  .j a va2 s  .  c  o  m

    if (getSender().equals(requestRecipient)) {
        return true;
    }

    if (requestRecipient.getTagNo() == GeneralName.directoryName) {
        X500Name x500Name = X500Name.getInstance(requestRecipient.getName());
        if (x500Name.equals(caManager.getCmpResponderWrapper(getResponderName()).getSubjectAsX500Name())) {
            return true;
        }
    }

    return false;
}

From source file:org.xipki.security.P10RequestGenerator.java

License:Open Source License

/**
 *
 * @param taggedValue [tag]value, and the value for tags otherName and ediPartyName is type=value.
 * @param modes/*from   ww w  .j  ava 2  s .  c  om*/
 * @return
 * @throws BadInputException
 */
public static GeneralName createGeneralName(final String taggedValue) throws BadInputException {
    int tag = -1;
    String value = null;
    if (taggedValue.charAt(0) == '[') {
        int idx = taggedValue.indexOf(']', 1);
        if (idx > 1 && idx < taggedValue.length() - 1) {
            String tagS = taggedValue.substring(1, idx);
            try {
                tag = Integer.parseInt(tagS);
                value = taggedValue.substring(idx + 1);
            } catch (NumberFormatException e) {
            }
        }
    }

    if (tag == -1) {
        throw new BadInputException("invalid taggedValue " + taggedValue);
    }

    switch (tag) {
    case GeneralName.otherName: {
        int idxSep = value.indexOf("=");
        if (idxSep == -1 || idxSep == 0 || idxSep == value.length() - 1) {
            throw new BadInputException("invalid otherName " + value);
        }
        String otherTypeOid = value.substring(0, idxSep);
        ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(otherTypeOid);
        String otherValue = value.substring(idxSep + 1);
        ASN1EncodableVector vector = new ASN1EncodableVector();
        vector.add(type);
        vector.add(new DERTaggedObject(true, 0, new DERUTF8String(otherValue)));
        DERSequence seq = new DERSequence(vector);
        return new GeneralName(GeneralName.otherName, seq);
    }
    case GeneralName.rfc822Name:
        return new GeneralName(tag, value);
    case GeneralName.dNSName:
        return new GeneralName(tag, value);
    case GeneralName.directoryName: {
        X500Name x500Name = X509Util.reverse(new X500Name(value));
        return new GeneralName(GeneralName.directoryName, x500Name);
    }
    case GeneralName.ediPartyName: {
        int idxSep = value.indexOf("=");
        if (idxSep == -1 || idxSep == value.length() - 1) {
            throw new BadInputException("invalid ediPartyName " + value);
        }
        String nameAssigner = idxSep == 0 ? null : value.substring(0, idxSep);
        String partyName = value.substring(idxSep + 1);
        ASN1EncodableVector vector = new ASN1EncodableVector();
        if (nameAssigner != null) {
            vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
        }
        vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
        ASN1Sequence seq = new DERSequence(vector);
        return new GeneralName(GeneralName.ediPartyName, seq);
    }
    case GeneralName.uniformResourceIdentifier:
        return new GeneralName(tag, value);
    case GeneralName.iPAddress:
        return new GeneralName(tag, value);
    case GeneralName.registeredID:
        return new GeneralName(tag, value);
    default:
        throw new RuntimeException("unsupported tag " + tag);
    } // end switch(tag)
}

From source file:org.xwiki.crypto.pkix.internal.extension.BcExtensionUtils.java

License:Open Source License

/**
 * Convert general names from Bouncy Castle general names.
 *
 * @param genNames Bouncy castle general names.
 * @return a list of X.509 general names.
 *//*  ww w. j  a  v a 2 s . com*/
public static List<X509GeneralName> getX509GeneralNames(GeneralNames genNames) {
    if (genNames == null) {
        return null;
    }

    GeneralName[] names = genNames.getNames();
    List<X509GeneralName> x509names = new ArrayList<X509GeneralName>(names.length);

    for (GeneralName name : names) {
        switch (name.getTagNo()) {
        case GeneralName.rfc822Name:
            x509names.add(new X509Rfc822Name(name));
            break;
        case GeneralName.dNSName:
            x509names.add(new X509DnsName(name));
            break;
        case GeneralName.directoryName:
            x509names.add(new X509DirectoryName(name));
            break;
        case GeneralName.uniformResourceIdentifier:
            x509names.add(new X509URI(name));
            break;
        case GeneralName.iPAddress:
            x509names.add(new X509IpAddress(name));
            break;
        default:
            x509names.add(new X509GenericName(name));
            break;
        }
    }

    return x509names;
}

From source file:org.xwiki.crypto.pkix.params.x509certificate.extension.X509DirectoryName.java

License:Open Source License

/**
 * Create a new instance from a Bouncy Castle general name.
 *
 * @param name the Bouncy Castle general name.
 *//*from www. j av a2s  .co  m*/
public X509DirectoryName(GeneralName name) {
    super(X500Name.getInstance(name.getName()));

    if (name.getTagNo() != GeneralName.directoryName) {
        throw new IllegalArgumentException("Incompatible general name: " + name.getTagNo());
    }
}