List of usage examples for org.bouncycastle.asn1.x509 GeneralName otherName
int otherName
To view the source code for org.bouncycastle.asn1.x509 GeneralName otherName.
Click Source Link
From source file:br.gov.jfrj.siga.cd.CertificadoUtil.java
License:Open Source License
/** * Recupera as propriedades ICP/Brasil-Pessoa Fsica (email e CPF) * /*from w ww .j a v a 2 s . c o m*/ * @param cert * @return * @throws IOException * @throws CertificateParsingException */ public static Properties recuperarPropriedadesNomesAlteranativos(X509Certificate cert) throws IOException, CertificateParsingException { Properties props = new Properties(); Pair<ASN1ObjectIdentifier, String> otherName; Iterator<?> subjectAltNamesIt = X509ExtensionUtil.getSubjectAlternativeNames(cert).iterator(); while (subjectAltNamesIt.hasNext()) { List<?> altName = (List<?>) subjectAltNamesIt.next(); int type = ((Integer) altName.get(0)).intValue(); if (type == GeneralName.rfc822Name) { String email = (String) altName.get(1); props.put("email", email); } else if (type == GeneralName.otherName) { otherName = getOtherName((DLSequence) altName.get(1)); props.put(otherName.first.getId(), otherName.second); } } // for (List<?> subjectAlternativeName : cert.getSubjectAlternativeNames()) { // String email; // @SuppressWarnings("unused") // int pos; // // // O primeiro elemento um Integer com o valor 0 = otherName, 1 // // = // // rfc822name etc. // // O segundo valor um byte array ou uma String. Veja o javadoc // // de // // getSubjectAlternativeNames. // switch (((Number) subjectAlternativeName.get(0)).intValue()) { // case 0: // OtherName - contm CPF, CNPJ etc. // // o OID fica em otherName.first // Collection collection = X509ExtensionUtil.getSubjectAlternativeNames(cert); // otherName = getOtherName((byte[]) subjectAlternativeName.get(1)); // props.put(otherName.first.getId(), otherName.second); // break; // case 1: // rfc822Name - usado para email // email = (String) subjectAlternativeName.get(1); // props.put("email", email); // break; // default: // break; // } // } return props; }
From source file:com.rcn.service.CertificateService.java
License:Open Source License
private GeneralNames toGeneralNames(String altName, Map<String, String> generalNameMap) { GeneralName subjectAltName = new GeneralName(GeneralName.rfc822Name, altName); List<GeneralName> generalNameList = new ArrayList<GeneralName>(); generalNameList.add(subjectAltName); generalNameMap.keySet().forEach(oid -> { String value = generalNameMap.get(oid); DERUTF8String derUtf8 = new DERUTF8String(value); ASN1Encodable oidObj = new DERObjectIdentifier(oid); ASN1Encodable valueObj = new DERTaggedObject(true, 0, derUtf8); ASN1Encodable[] asn1Seq = new ASN1Encodable[] { oidObj, valueObj }; generalNameList.add(new GeneralName(GeneralName.otherName, new DERSequence(asn1Seq))); });/*from w ww .ja v a2s.c o m*/ return new GeneralNames(new DERSequence(generalNameList.toArray(new GeneralName[0]))); }
From source file:com.tremolosecurity.proxy.auth.ssl.util.UpnExtractor.java
License:Apache License
private String loadNTPrincipal(X509Certificate[] certs) throws CertificateParsingException, IOException { X509Certificate cert = certs[0]; Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames(); if (subjectAlternativeNames != null && !subjectAlternativeNames.isEmpty()) { for (List<?> subjectAltName : subjectAlternativeNames) { if (((Integer) subjectAltName.get(0)) == GeneralName.otherName) { ASN1InputStream asn1Input = new ASN1InputStream((byte[]) subjectAltName.get(1)); ASN1Primitive derObject = asn1Input.readObject(); DLSequence seq = (DLSequence) derObject; ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); if (id.getId().equals("1.3.6.1.4.1.311.20.2.3")) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1); DERUTF8String str = null; while (str == null) { if (obj.getObject() instanceof DERTaggedObject) { obj = (ASN1TaggedObject) obj.getObject(); } else if (obj.getObject() instanceof DERUTF8String) { str = (DERUTF8String) obj.getObject(); } else { asn1Input.close(); return null; }//from w ww .j a v a 2s . c o m } asn1Input.close(); return str.getString(); } } } } return null; }
From source file:com.vmware.identity.openidconnect.client.TestUtils.java
License:Open Source License
static X509Certificate generateCertificate(KeyPair keyPair, String dn, String subjectAltName) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//from ww w . j a v a 2 s . c om if (subjectAltName != null) { v3CertGen .addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(subjectAltName)) })))); } X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.sts.auth.impl.UserCertAuthenticatorTest.java
License:Open Source License
private static X509Certificate generateCertificate(KeyPair keyPair, String dn) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());/* w w w .j a v a 2 s .co m*/ v3CertGen.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(upn)) })))); X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.yacme.ext.oxsit.cust_it.security.crl.X509CertRL.java
License:Open Source License
private static String decodeAGeneralName(GeneralName genName) throws IOException { switch (genName.getTagNo()) { //only URI are used here, the other protocols are ignored case GeneralName.uniformResourceIdentifier: return ((DERString) genName.getName()).getString(); case GeneralName.ediPartyName: case GeneralName.x400Address: case GeneralName.otherName: case GeneralName.directoryName: case GeneralName.dNSName: case GeneralName.rfc822Name: case GeneralName.registeredID: case GeneralName.iPAddress: break;/* w w w .j a v a 2s. c o m*/ default: throw new IOException("Bad tag number: " + genName.getTagNo()); } return null; }
From source file:com.yahoo.athenz.auth.util.CryptoTest.java
License:Apache License
@Test(dataProvider = "x500Principal") public void testX509CSRrequest(String x500Principal, boolean badRequest) throws Exception { PublicKey publicKey = Crypto.loadPublicKey(rsaPublicKey); PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey); String certRequest = null;/*from ww w . java 2 s . c o m*/ GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1")); GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2")); GeneralName[] sanArray = new GeneralName[] { otherName1, otherName2 }; try { certRequest = Crypto.generateX509CSR(privateKey, publicKey, x500Principal, sanArray); } catch (Exception e) { if (!badRequest) { fail("Should not have failed to create csr"); } } if (!badRequest) { //Now validate the csr Crypto.getPKCS10CertRequest(certRequest); } }
From source file:com.yahoo.athenz.auth.util.CryptoTest.java
License:Apache License
@Test(dataProvider = "x500Principal") public void testX509CSRrequestWithPrivateKeyOnly(String x500Principal, boolean badRequest) throws Exception { PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey); String certRequest = null;/*from w ww . j av a2 s. c om*/ GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1")); GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2")); GeneralName[] sanArray = new GeneralName[] { otherName1, otherName2 }; try { certRequest = Crypto.generateX509CSR(privateKey, x500Principal, sanArray); } catch (Exception e) { if (!badRequest) { fail("Should not have failed to create csr"); } } if (!badRequest) { //Now validate the csr Crypto.getPKCS10CertRequest(certRequest); } }
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
String getSubjectAltNameOtherNameUPN() {
Collection<List<?>> generalNames = null;
try {/* w w w. jav a2s . c om*/
generalNames = cert.getSubjectAlternativeNames();
} catch (CertificateParsingException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to get subject alternative names", e);
}
if (generalNames == null) {
return null;
}
ASN1InputStream decoder = null;
try {
// Check that the certificate includes the SubjectAltName extension
for (List<?> generalName : generalNames) {
Integer tag = (Integer) generalName.get(0);
if (GeneralName.otherName == tag.intValue()) {
// Value is encoded using ASN.1
decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]);
DEREncodable encoded = decoder.readObject();
DERSequence derSeq = (DERSequence) encoded;
DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0));
String oid = typeId.getId();
String value = null;
ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1));
if (OID_UPN.equals(oid)) {
ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject());
DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject());
value = str.getString();
return value;
}
}
}
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to process ASN.1 data", e);
} finally {
ByteUtil.closeStream(decoder);
}
return null;
}
From source file:com.zimbra.cs.service.authenticator.CertUtil.java
License:Open Source License
private void printSubjectAlternativeNames(PrintStream outStream) throws Exception { final String UPN_DISPLAY = "Principal Name"; final String RFC822NAME_DISPLAY = "RFC822 Name"; final String DNSNAME_DISPLAY = "DNS Name"; outStream.format("X509v3 Subject Alternative Name: \n"); ASN1InputStream decoder = null; try {//from w w w . j a v a 2 s . com Collection<List<?>> generalNames = cert.getSubjectAlternativeNames(); // Check that the certificate includes the SubjectAltName extension if (generalNames == null) { return; } /* OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } */ for (List<?> generalName : generalNames) { Integer tag = (Integer) generalName.get(0); if (GeneralName.otherName == tag.intValue()) { // Value is encoded using ASN.1 decoder = new ASN1InputStream((byte[]) generalName.toArray()[1]); DEREncodable encoded = decoder.readObject(); DERSequence derSeq = (DERSequence) encoded; DERObjectIdentifier typeId = DERObjectIdentifier.getInstance(derSeq.getObjectAt(0)); String oid = typeId.getId(); String value = null; ASN1TaggedObject otherNameValue = ASN1TaggedObject.getInstance(derSeq.getObjectAt(1)); if (OID_UPN.equals(oid)) { ASN1TaggedObject upnValue = ASN1TaggedObject.getInstance(otherNameValue.getObject()); DERUTF8String str = DERUTF8String.getInstance(upnValue.getObject()); value = str.getString(); } outStream.format(" [%d] %s(%s) = %s\n", tag, oid, UPN_DISPLAY, value); } else if (GeneralName.rfc822Name == tag.intValue()) { String value = (String) generalName.get(1); outStream.format(" [%d] %s = %s\n", tag, RFC822NAME_DISPLAY, value); } else if (GeneralName.dNSName == tag.intValue()) { String value = (String) generalName.get(1); outStream.format(" [%d] %s = %s\n", tag, DNSNAME_DISPLAY, value); } else { outStream.format(" [%d] - not yet supported\n", tag); } } } catch (CertificateParsingException e) { e.printStackTrace(); } finally { ByteUtil.closeStream(decoder); } }