List of usage examples for org.bouncycastle.asn1.x509 GeneralName GeneralName
public GeneralName(int tag, String name)
From source file:org.xipki.commons.security.util.X509Util.java
License:Open Source License
/** * * @param taggedValue [tag]value, and the value for tags otherName and ediPartyName is * type=value.//w w w. j av a 2s.c om */ public static GeneralName createGeneralName(final String taggedValue) throws BadInputException { ParamUtil.requireNonBlank("taggedValue", taggedValue); int tag = -1; String value = null; if (taggedValue.charAt(0) == '[') { int idx = taggedValue.indexOf(']', 1); if (idx > 1 && idx < taggedValue.length() - 1) { String tagS = taggedValue.substring(1, idx); try { tag = Integer.parseInt(tagS); value = taggedValue.substring(idx + 1); } catch (NumberFormatException ex) { throw new BadInputException("invalid tag '" + tagS + "'"); } } } if (tag == -1) { throw new BadInputException("invalid taggedValue " + taggedValue); } switch (tag) { case GeneralName.otherName: if (value == null) { throw new BadInputException("invalid otherName: no value specified"); } int idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == 0 || idxSep == value.length() - 1) { throw new BadInputException("invalid otherName " + value); } String otherTypeOid = value.substring(0, idxSep); ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(otherTypeOid); String otherValue = value.substring(idxSep + 1); ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(otherValue))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.rfc822Name: return new GeneralName(tag, value); case GeneralName.dNSName: return new GeneralName(tag, value); case GeneralName.directoryName: X500Name x500Name = reverse(new X500Name(value)); return new GeneralName(GeneralName.directoryName, x500Name); case GeneralName.ediPartyName: if (value == null) { throw new BadInputException("invalid ediPartyName: no value specified"); } idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == value.length() - 1) { throw new BadInputException("invalid ediPartyName " + value); } String nameAssigner = (idxSep == 0) ? null : value.substring(0, idxSep); String partyName = value.substring(idxSep + 1); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); case GeneralName.uniformResourceIdentifier: return new GeneralName(tag, value); case GeneralName.iPAddress: return new GeneralName(tag, value); case GeneralName.registeredID: return new GeneralName(tag, value); default: throw new RuntimeException("unsupported tag " + tag); } // end switch (tag) }
From source file:org.xipki.pki.ca.api.profile.x509.X509CertprofileUtil.java
License:Open Source License
public static GeneralName createGeneralName(@NonNull final GeneralName requestedName, @NonNull final Set<GeneralNameMode> modes) throws BadCertTemplateException { ParamUtil.requireNonNull("requestedName", requestedName); int tag = requestedName.getTagNo(); GeneralNameMode mode = null;//from www .j a va 2s . c o m if (modes != null) { for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: return new GeneralName(tag, requestedName.getName()); case GeneralName.otherName: ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName()); int size = reqSeq.size(); if (size != 2) { throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size); } ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode != null && !mode.getAllowedTypes().contains(type)) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable asn1 = reqSeq.getObjectAt(1); if (!(asn1 instanceof ASN1TaggedObject)) { throw new BadCertTemplateException("otherName.value is not tagged Object"); } int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo(); if (tagNo != 0) { throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject())); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.ediPartyName: reqSeq = ASN1Sequence.getInstance(requestedName.getName()); size = reqSeq.size(); String nameAssigner = null; int idx = 0; if (size > 1) { DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch (tag) }
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private GeneralNames createRequestedSubjectAltNames(final X500Name requestedSubject, final X500Name grantedSubject, final Extensions requestedExtensions) throws BadCertTemplateException { ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName); if (extValue == null && subjectToSubjectAltNameModes == null) { return null; }//from ww w . j a va 2s .c o m GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue); if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) { return reqNames; } List<GeneralName> grantedNames = new LinkedList<>(); // copy the required attributes of Subject if (subjectToSubjectAltNameModes != null) { for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) { GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType); RDN[] rdns = grantedSubject.getRDNs(attrType); if (rdns == null) { rdns = requestedSubject.getRDNs(attrType); } if (rdns == null) { continue; } for (RDN rdn : rdns) { String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue()); switch (tag) { case rfc822Name: case dNSName: case uniformResourceIdentifier: case iPAddress: case directoryName: case registeredID: grantedNames.add(new GeneralName(tag.getTag(), rdnValue)); break; default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch (tag) } } } // copy the requested SubjectAltName entries if (reqNames != null) { GeneralName[] reqL = reqNames.getNames(); for (int i = 0; i < reqL.length; i++) { grantedNames.add(X509CertprofileUtil.createGeneralName(reqL[i], subjectAltNameModes)); } } return grantedNames.isEmpty() ? null : new GeneralNames(grantedNames.toArray(new GeneralName[0])); }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private GeneralName[] getRequestedSubjectAltNames(final X500Name requestedSubject, final Extensions requestedExtensions) throws CertprofileException, BadCertTemplateException { ASN1Encodable extValue = (requestedExtensions == null) ? null : requestedExtensions.getExtensionParsedValue(Extension.subjectAlternativeName); Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes = certProfile .getSubjectToSubjectAltNameModes(); if (extValue == null && subjectToSubjectAltNameModes == null) { return null; }/* w w w. j a v a 2s. com*/ GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue); Set<GeneralNameMode> subjectAltNameModes = certProfile.getSubjectAltNameModes(); if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) { return (reqNames == null) ? null : reqNames.getNames(); } List<GeneralName> grantedNames = new LinkedList<>(); // copy the required attributes of Subject if (subjectToSubjectAltNameModes != null) { X500Name grantedSubject; try { grantedSubject = certProfile.getSubject(requestedSubject).getGrantedSubject(); } catch (CertprofileException | BadCertTemplateException ex) { if (certProfile.getSpecialCertprofileBehavior() == null) { throw ex; } LogUtil.warn(LOG, ex, "could not derive granted subject from requested subject"); grantedSubject = requestedSubject; } for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) { GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType); RDN[] rdns = grantedSubject.getRDNs(attrType); if (rdns == null) { rdns = requestedSubject.getRDNs(attrType); } if (rdns == null) { continue; } for (RDN rdn : rdns) { String rdnValue = X509Util.rdnValueToString(rdn.getFirst().getValue()); switch (tag) { case rfc822Name: case dNSName: case uniformResourceIdentifier: case iPAddress: case directoryName: case registeredID: grantedNames.add(new GeneralName(tag.getTag(), rdnValue)); break; default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch (tag) } } } // copy the requested SubjectAltName entries if (reqNames != null) { GeneralName[] reqL = reqNames.getNames(); for (int i = 0; i < reqL.length; i++) { grantedNames.add(reqL[i]); } } return grantedNames.isEmpty() ? null : grantedNames.toArray(new GeneralName[0]); }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;//w w w .jav a 2 s .c o m if (modes != null) { for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: return new GeneralName(tag, reqName.getName()); case GeneralName.otherName: ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode != null && !mode.getAllowedTypes().contains(type)) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject(); String text; if (!(value instanceof ASN1String)) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); case GeneralName.ediPartyName: reqSeq = ASN1Sequence.getInstance(reqName.getName()); int size = reqSeq.size(); String nameAssigner = null; int idx = 0; if (size > 1) { DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); default: throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } // end switch }
From source file:org.xipki.pki.ca.server.impl.util.CaUtil.java
License:Open Source License
public static AuthorityInformationAccess createAuthorityInformationAccess(final List<String> caIssuerUris, final List<String> ocspUris) { if (CollectionUtil.isEmpty(caIssuerUris) && CollectionUtil.isEmpty(ocspUris)) { throw new IllegalArgumentException("caIssuerUris and ospUris must not be both empty"); }/* w w w . j a v a 2 s . c om*/ List<AccessDescription> accessDescriptions = new ArrayList<>(ocspUris.size()); if (CollectionUtil.isNonEmpty(caIssuerUris)) { for (String uri : caIssuerUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, gn)); } } if (CollectionUtil.isNonEmpty(ocspUris)) { for (String uri : ocspUris) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, uri); accessDescriptions.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, gn)); } } DERSequence seq = new DERSequence(accessDescriptions.toArray(new AccessDescription[0])); return AuthorityInformationAccess.getInstance(seq); }
From source file:org.xipki.pki.ca.server.impl.util.CaUtil.java
License:Open Source License
public static CRLDistPoint createCrlDistributionPoints(final List<String> crlUris, final X500Name caSubject, final X500Name crlSignerSubject) { ParamUtil.requireNonEmpty("crlUris", crlUris); int size = crlUris.size(); DistributionPoint[] points = new DistributionPoint[1]; GeneralName[] names = new GeneralName[size]; for (int i = 0; i < size; i++) { names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i)); }/*from w ww .ja v a 2 s . co m*/ // Distribution Point GeneralNames gns = new GeneralNames(names); DistributionPointName pointName = new DistributionPointName(gns); GeneralNames crlIssuer = null; if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) { GeneralName crlIssuerName = new GeneralName(crlSignerSubject); crlIssuer = new GeneralNames(crlIssuerName); } points[0] = new DistributionPoint(pointName, null, crlIssuer); return new CRLDistPoint(points); }
From source file:org.xipki.security.P10RequestGenerator.java
License:Open Source License
/** * * @param taggedValue [tag]value, and the value for tags otherName and ediPartyName is type=value. * @param modes/*from ww w . jav a2 s . c o m*/ * @return * @throws BadInputException */ public static GeneralName createGeneralName(final String taggedValue) throws BadInputException { int tag = -1; String value = null; if (taggedValue.charAt(0) == '[') { int idx = taggedValue.indexOf(']', 1); if (idx > 1 && idx < taggedValue.length() - 1) { String tagS = taggedValue.substring(1, idx); try { tag = Integer.parseInt(tagS); value = taggedValue.substring(idx + 1); } catch (NumberFormatException e) { } } } if (tag == -1) { throw new BadInputException("invalid taggedValue " + taggedValue); } switch (tag) { case GeneralName.otherName: { int idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == 0 || idxSep == value.length() - 1) { throw new BadInputException("invalid otherName " + value); } String otherTypeOid = value.substring(0, idxSep); ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(otherTypeOid); String otherValue = value.substring(idxSep + 1); ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(otherValue))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.rfc822Name: return new GeneralName(tag, value); case GeneralName.dNSName: return new GeneralName(tag, value); case GeneralName.directoryName: { X500Name x500Name = X509Util.reverse(new X500Name(value)); return new GeneralName(GeneralName.directoryName, x500Name); } case GeneralName.ediPartyName: { int idxSep = value.indexOf("="); if (idxSep == -1 || idxSep == value.length() - 1) { throw new BadInputException("invalid ediPartyName " + value); } String nameAssigner = idxSep == 0 ? null : value.substring(0, idxSep); String partyName = value.substring(idxSep + 1); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } case GeneralName.uniformResourceIdentifier: return new GeneralName(tag, value); case GeneralName.iPAddress: return new GeneralName(tag, value); case GeneralName.registeredID: return new GeneralName(tag, value); default: throw new RuntimeException("unsupported tag " + tag); } // end switch(tag) }
From source file:org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName.java
License:Open Source License
@Override public GeneralName getGeneralName() { return new GeneralName(GeneralName.dNSName, this.domain); }
From source file:org.xwiki.crypto.pkix.params.x509certificate.extension.X509GenericName.java
License:Open Source License
/** * Create a new instance from a encoded ASN.1 value. * * @param tag the tag value.//from w w w . jav a 2 s . com * @param encoded the encoded ASN.1 value. * @throws IOException on encoding error. */ public X509GenericName(int tag, byte[] encoded) throws IOException { this.name = new GeneralName(tag, ASN1Primitive.fromByteArray(encoded)); }