List of usage examples for org.bouncycastle.asn1.x509 GeneralName rfc822Name
int rfc822Name
To view the source code for org.bouncycastle.asn1.x509 GeneralName rfc822Name.
Click Source Link
From source file:org.jruby.ext.openssl.X509Extension.java
License:LGPL
@SuppressWarnings("unchecked") private static boolean formatGeneralName(final GeneralName name, final ByteList out, final boolean slashed) { final ASN1Encodable obj = name.getName(); String val; boolean tagged = false; switch (name.getTagNo()) { case GeneralName.rfc822Name: if (!tagged) out.append('e').append('m').append('a').append('i').append('l').append(':'); tagged = true;/*from w w w . j av a2 s . c o m*/ case GeneralName.dNSName: if (!tagged) out.append('D').append('N').append('S').append(':'); tagged = true; case GeneralName.uniformResourceIdentifier: if (!tagged) out.append('U').append('R').append('I').append(':'); val = DERIA5String.getInstance(obj).getString(); out.append(ByteList.plain(val)); break; case GeneralName.directoryName: out.append('D').append('i').append('r').append('N').append('a').append('m').append('e').append(':'); final X500Name dirName = X500Name.getInstance(obj); if (slashed) { final RDN[] rdns = dirName.getRDNs(); final Hashtable defaultSymbols = getDefaultSymbols(); for (int i = 0; i < rdns.length; i++) { appendRDN(out.append('/'), rdns[i], defaultSymbols); } } else { out.append(ByteList.plain(dirName.toString())); } break; case GeneralName.iPAddress: out.append('I').append('P').append(':'); final byte[] ip = ((ASN1OctetString) name.getName()).getOctets(); int len = ip.length; boolean ip4 = len == 4; for (int i = 0; i < ip.length; i++) { out.append(ConvertBytes.intToCharBytes(((int) ip[i]) & 0xff)); if (i != len - 1) { if (ip4) out.append('.'); else out.append(':').append(':'); } } break; case GeneralName.otherName: out.append('o').append('t').append('h').append('e').append('r').append('N').append('a').append('m') .append('e').append(':'); out.append(ByteList.plain(obj.toString())); return true; //tagged = true; case GeneralName.registeredID: out.append('R').append('I').append('D').append(':'); //tagged = true; default: out.append(ByteList.plain(obj.toString())); } return false; }
From source file:org.jruby.ext.openssl.X509ExtensionFactory.java
License:LGPL
private static ASN1Encodable parseSubjectAltName(final String valuex) throws IOException { if (valuex.startsWith(DNS_)) { final String dns = valuex.substring(DNS_.length()); return new GeneralName(GeneralName.dNSName, dns); }/*from w w w . java 2 s . c om*/ if (valuex.startsWith(DNS_Name_)) { final String dns = valuex.substring(DNS_Name_.length()); return new GeneralName(GeneralName.dNSName, dns); } if (valuex.startsWith(URI_)) { final String uri = valuex.substring(URI_.length()); return new GeneralName(GeneralName.uniformResourceIdentifier, uri); } if (valuex.startsWith(RID_)) { final String rid = valuex.substring(RID_.length()); return new GeneralName(GeneralName.registeredID, rid); } if (valuex.startsWith(email_)) { final String mail = valuex.substring(email_.length()); return new GeneralName(GeneralName.rfc822Name, mail); } if (valuex.startsWith("IP:") || valuex.startsWith("IP Address:")) { final int idx = valuex.charAt(2) == ':' ? 3 : 11; String[] vals = valuex.substring(idx).split("\\.|::"); final byte[] ip = new byte[vals.length]; for (int i = 0; i < vals.length; i++) { ip[i] = (byte) (Integer.parseInt(vals[i]) & 0xff); } return new GeneralName(GeneralName.iPAddress, new DEROctetString(ip)); } if (valuex.startsWith("other")) { // otherName || othername final String other = valuex.substring(otherName_.length()); return new GeneralName(GeneralName.otherName, other); } if (valuex.startsWith("dir")) { // dirName || dirname final String dir = valuex.substring(dirName_.length()); return new GeneralName(GeneralName.directoryName, dir); } throw new IOException("could not parse SubjectAltName: " + valuex); }
From source file:org.nuxeo.ecm.platform.signature.core.pki.CertServiceImpl.java
License:Open Source License
protected CertificationRequest generateCSR(KeyPair keyPair, UserInfo userInfo) throws CertException { CertificationRequest csr;//from ww w .j a v a 2s . c o m GeneralNames subjectAltName = new GeneralNames( new GeneralName(GeneralName.rfc822Name, userInfo.getUserFields().get(CNField.Email))); Vector<DERObjectIdentifier> objectIdentifiers = new Vector<DERObjectIdentifier>(); Vector<X509Extension> extensionValues = new Vector<X509Extension>(); objectIdentifiers.add(X509Extensions.SubjectAlternativeName); extensionValues.add(new X509Extension(false, new DEROctetString(subjectAltName))); X509Extensions extensions = new X509Extensions(objectIdentifiers, extensionValues); Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); try { csr = new PKCS10CertificationRequest(CERT_SIGNATURE_ALGORITHM, userInfo.getX500Principal(), keyPair.getPublic(), new DERSet(attribute), keyPair.getPrivate()); } catch (InvalidKeyException e) { throw new CertException(e); } catch (NoSuchAlgorithmException e) { throw new CertException(e); } catch (NoSuchProviderException e) { throw new CertException(e); } catch (java.security.SignatureException e) { throw new CertException(e); } catch (Exception e) { throw new CertException(e); } return csr; }
From source file:org.qipki.ca.tests.http.QiPkiHttpCaTest.java
License:Open Source License
private void testCA() throws InterruptedException, IOException, JSONException, GeneralSecurityException { // Get CA list HttpGet get = new HttpGet(caApi.caListUri().get()); addAcceptJsonHeader(get);/* w w w . jav a 2 s . co m*/ String jsonCaList = httpClient.execute(get, strResponseHandler); LOGGER.debug("CAs List: {}", new JSONObject(jsonCaList).toString(2)); RestListValue caList = valueBuilderFactory.newValueFromJSON(RestListValue.class, jsonCaList); CAValue firstCa = (CAValue) caList.items().get().get(0); // Get first CA as Value get = new HttpGet(firstCa.uri().get()); addAcceptJsonHeader(get); String caJson = httpClient.execute(get, strResponseHandler); CAValue ca = valueBuilderFactory.newValueFromJSON(CAValue.class, caJson); LOGGER.debug("First CA JSON:\n{}", ca.toJSON()); // Get first CA CRL get = new HttpGet(ca.crlUri().get()); String crl = httpClient.execute(get, strResponseHandler); LOGGER.debug("First CA CRL:\n{}", crl); X509CRL x509CRL = cryptio.readCRLPEM(new StringReader(crl)); // Create a new CryptoStore HttpPost post = new HttpPost(caApi.cryptoStoreListUri().get()); addAcceptJsonHeader(post); CryptoStoreFactoryParamsValue csParams = paramsFactory.createCryptoStoreFactoryParams(testCryptoStoreName, KeyStoreType.JKS, "changeit".toCharArray()); post.setEntity(new StringEntity(csParams.toJSON())); String csJson = httpClient.execute(post, strResponseHandler); CryptoStoreValue cryptoStore = valueBuilderFactory.newValueFromJSON(CryptoStoreValue.class, csJson); // Create a new CA post = new HttpPost(caApi.caListUri().get()); addAcceptJsonHeader(post); KeyPairSpecValue keyPairSpec = cryptoValuesFactory.createKeySpec(AsymetricAlgorithm.RSA, 512); CAFactoryParamsValue caParams = paramsFactory.createCAFactoryParams(cryptoStore.uri().get(), testCaName, 1, "CN=" + testCaName, keyPairSpec, null); post.setEntity(new StringEntity(caParams.toJSON())); caJson = httpClient.execute(post, strResponseHandler); ca = valueBuilderFactory.newValueFromJSON(CAValue.class, caJson); // Create a new X509Profile post = new HttpPost(caApi.x509ProfileListUri().get()); addAcceptJsonHeader(post); X509ProfileFactoryParamsValue profileParams = paramsFactory.createX509ProfileFactoryParams("SSLClient", 1, "A simple SSLClient x509 profile for unit tests", x509ExtValuesFactory.buildKeyUsagesValue(true, EnumSet.of(KeyUsage.keyEncipherment, KeyUsage.digitalSignature)), x509ExtValuesFactory.buildExtendedKeyUsagesValue(false, EnumSet.of(ExtendedKeyUsage.clientAuth)), x509ExtValuesFactory.buildNetscapeCertTypesValue(false, EnumSet.of(NetscapeCertType.sslClient)), x509ExtValuesFactory.buildBasicConstraintsValue(true, false, 0), null); post.setEntity(new StringEntity(profileParams.toJSON())); String sslClientProfileJson = httpClient.execute(post, strResponseHandler); X509ProfileValue sslClientProfile = valueBuilderFactory.newValueFromJSON(X509ProfileValue.class, sslClientProfileJson); // Add profile to CA post = new HttpPost(ca.uri().get()); addAcceptJsonHeader(post); ValueBuilder<CAValue> caValueBuilder = valueBuilderFactory.newValueBuilder(CAValue.class).withPrototype(ca); // Needed as Values are immutables ca = caValueBuilder.prototype(); ca.allowedX509Profiles().get().add( paramsFactory.createX509ProfileAssignment(sslClientProfile.uri().get(), KeyEscrowPolicy.allowed)); ca = caValueBuilder.newInstance(); post.setEntity(new StringEntity(ca.toJSON())); caJson = httpClient.execute(post, strResponseHandler); ca = valueBuilderFactory.newValueFromJSON(CAValue.class, caJson); // Request certificate on X509Factory with a PKCS#10 request using the first CA KeyPair keyPair = asymGenerator .generateKeyPair(new AsymetricGeneratorParameters(AsymetricAlgorithm.RSA, 512)); PKCS10CertificationRequest pkcs10 = x509Generator.generatePKCS10(new DistinguishedName("CN=qipki"), keyPair, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "qipki@codeartisans.org"))); String pkcs10PEM = cryptio.asPEM(pkcs10).toString(); LOGGER.debug("Will request a new X509 with the following PKCS#10: " + pkcs10PEM); X509FactoryParamsValue x509FactoryParams = paramsFactory.createX509FactoryParams(ca.uri().get(), sslClientProfile.uri().get(), pkcs10PEM); post = new HttpPost(caApi.x509ListUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(x509FactoryParams.toJSON())); String jsonX509 = httpClient.execute(post, strResponseHandler); X509Value newX509 = valueBuilderFactory.newValueFromJSON(X509Value.class, jsonX509); LOGGER.debug("New X509 created using /api/x509/factory after POST/302/REDIRECT: {}", newX509.toJSON()); // Get detailled info about new X509 get = new HttpGet(newX509.detailUri().get()); addAcceptJsonHeader(get); String jsonX509Detail = httpClient.execute(get, strResponseHandler); LOGGER.debug("New X509 detail: {}", new JSONObject(jsonX509Detail).toString(2)); X509DetailValue newX509Detail = valueBuilderFactory.newValueFromJSON(X509DetailValue.class, jsonX509Detail); assertTrue(newX509Detail.keysExtensions().get().extendedKeyUsages().get().extendedKeyUsages().get() .contains(ExtendedKeyUsage.clientAuth)); assertTrue(newX509Detail.keysExtensions().get().netscapeCertTypes().get().netscapeCertTypes().get() .contains(NetscapeCertType.sslClient)); // Get X509 list get = new HttpGet(caApi.x509ListUri().get()); addAcceptJsonHeader(get); String jsonX509List = httpClient.execute(get, strResponseHandler); LOGGER.debug("X509s List: {}", new JSONObject(jsonX509List).toString(2)); RestListValue x509List = valueBuilderFactory.newValueFromJSON(RestListValue.class, jsonX509List); X509Value firstX509 = (X509Value) x509List.items().get().get(0); // Get first X509 get = new HttpGet(firstX509.uri().get()); addAcceptJsonHeader(get); jsonX509 = httpClient.execute(get, strResponseHandler); LOGGER.debug("First X509: {}", new JSONObject(jsonX509).toString(2)); firstX509 = valueBuilderFactory.newValueFromJSON(X509Value.class, jsonX509); // Revoke first X509 X509RevocationParamsValue x509RevocationParams = paramsFactory .createX509RevocationParams(RevocationReason.cessationOfOperation); post = new HttpPost(firstX509.revocationUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(x509RevocationParams.toJSON())); String jsonRevocation = httpClient.execute(post, strResponseHandler); LOGGER.debug(jsonRevocation); // Get KeyPair list get = new HttpGet(caApi.escrowedKeyPairListUri().get()); addAcceptJsonHeader(get); String jsonKeyPairList = httpClient.execute(get, strResponseHandler); LOGGER.debug("EscrowedKeyPair List: {}", new JSONObject(jsonKeyPairList).toString(2)); // Create KeyPair EscrowedKeyPairFactoryParamsValue escrowParams = paramsFactory .createEscrowedKeyPairFactoryParams(AsymetricAlgorithm.RSA, 512); post = new HttpPost(caApi.escrowedKeyPairListUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(escrowParams.toJSON())); String jsonEscrowed = httpClient.execute(post, strResponseHandler); LOGGER.debug("EscrowedKeyPair : {}", new JSONObject(jsonEscrowed).toString(2)); EscrowedKeyPairValue ekp = valueBuilderFactory.newValueFromJSON(EscrowedKeyPairValue.class, jsonEscrowed); // Recover KeyPair get = new HttpGet(ekp.recoveryUri().get()); addAcceptJsonHeader(get); String kpPem = httpClient.execute(get, strResponseHandler); LOGGER.debug("EscrowedKeyPair PEM: {}", kpPem); KeyPair keypair = cryptio.readKeyPairPEM(new StringReader(kpPem)); // Issue X509Certificate using an escrowed keypair String dn = "CN=qipki-escrowed"; LOGGER.debug("Will request a new X509 with the following DN: " + dn); x509FactoryParams = paramsFactory.createX509FactoryParams(ca.uri().get(), sslClientProfile.uri().get(), ekp.uri().get(), dn); post = new HttpPost(caApi.x509ListUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(x509FactoryParams.toJSON())); jsonX509 = httpClient.execute(post, strResponseHandler); newX509 = valueBuilderFactory.newValueFromJSON(X509Value.class, jsonX509); LOGGER.debug("New X509 created using /api/x509/factory and an escrowed keypair after POST/302/REDIRECT: {}", newX509.toJSON()); // Getting new X509 PEM get = new HttpGet(newX509.pemUri().get()); String x509pem = httpClient.execute(get, strResponseHandler); LOGGER.debug("X509 created from escrowed keypair PEM: {}", x509pem); X509Certificate x509Certificate = cryptio.readX509PEM(new StringReader(x509pem)); // Getting EscrowedKeyPair from X509Certificate get = new HttpGet(newX509.recoveryUri().get()); kpPem = httpClient.execute(get, strResponseHandler); LOGGER.debug("EscrowedKeyPair PEM: {}", kpPem); keypair = cryptio.readKeyPairPEM(new StringReader(kpPem)); // Create local PKCS#12 keystore with keypair, certificate and full certchain char[] password = "changeit".toCharArray(); KeyStore ks = KeyStore.getInstance(KeyStoreType.PKCS12.typeString(), BouncyCastleProvider.PROVIDER_NAME); ks.load(null, password); ks.setEntry("wow", new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] { x509Certificate }), new KeyStore.PasswordProtection(password)); String base64encodedp12 = cryptio.base64Encode(ks, password); System.out.println(base64encodedp12); // Exporting CA in a PKCS#12 keystore get = new HttpGet(ca.exportUri().get() + "?password=changeit"); byte[] responseBytes = httpClient.execute(get, bytesResponseHandler); ks = KeyStore.getInstance(KeyStoreType.PKCS12.typeString(), BouncyCastleProvider.PROVIDER_NAME); ks.load(new ByteArrayInputStream(responseBytes), password); base64encodedp12 = cryptio.base64Encode(ks, password); System.out.println(base64encodedp12); // Exporting CA in a JKS keystore get = new HttpGet(ca.exportUri().get() + "?password=changeit&kstype=jks"); responseBytes = httpClient.execute(get, bytesResponseHandler); ks = KeyStore.getInstance(KeyStoreType.JKS.typeString()); ks.load(new ByteArrayInputStream(responseBytes), password); base64encodedp12 = cryptio.base64Encode(ks, password); System.out.println(base64encodedp12); }
From source file:org.qipki.crypto.x509.X509ExtensionsReaderImpl.java
License:Open Source License
@Override public Map.Entry<X509GeneralName, String> asImmutableMapEntry(GeneralName generalName) { int nameType = generalName.getTagNo(); X509GeneralName x509GeneralName = null; String value = null;/* w ww . ja v a2 s . c o m*/ switch (nameType) { case GeneralName.otherName: ASN1Sequence otherName = (ASN1Sequence) generalName.getName(); // String oid = ( ( DERObjectIdentifier ) otherName.getObjectAt( 0 ) ).getId(); x509GeneralName = X509GeneralName.otherName; value = cryptCodex.toString(otherName.getObjectAt(1)); break; case GeneralName.rfc822Name: x509GeneralName = X509GeneralName.rfc822Name; value = generalName.getName().toString(); break; case GeneralName.dNSName: x509GeneralName = X509GeneralName.dNSName; value = generalName.getName().toString(); break; case GeneralName.registeredID: x509GeneralName = X509GeneralName.registeredID; value = generalName.getName().toString(); break; case GeneralName.x400Address: x509GeneralName = X509GeneralName.x400Address; value = generalName.getName().toString(); break; case GeneralName.ediPartyName: x509GeneralName = X509GeneralName.ediPartyName; value = generalName.getName().toString(); break; case GeneralName.directoryName: x509GeneralName = X509GeneralName.directoryName; value = new X500Principal(((X509Name) generalName.getName()).toString()) .getName(X500Principal.CANONICAL); break; case GeneralName.uniformResourceIdentifier: x509GeneralName = X509GeneralName.uniformResourceIdentifier; value = generalName.getName().toString(); break; case GeneralName.iPAddress: // What about IPv6 addresses ? ASN1OctetString iPAddress = (ASN1OctetString) generalName.getName(); byte[] iPAddressBytes = iPAddress.getOctets(); StringBuilder sb = new StringBuilder(); for (int idx = 0; idx < iPAddressBytes.length; idx++) { sb.append(iPAddressBytes[idx] & 0xFF); if (idx + 1 < iPAddressBytes.length) { sb.append("."); } } x509GeneralName = X509GeneralName.iPAddress; value = sb.toString(); break; default: x509GeneralName = X509GeneralName.unknownGeneralName; value = generalName.getName().toString(); } return new ImmutableMapEntry(x509GeneralName, value); }
From source file:org.usrz.libs.crypto.cert.X509CertificateBuilder.java
License:Apache License
/** * Add an alternative name in the form of an email address to the * generated certificate.//from w ww .j a va 2s . com */ public X509CertificateBuilder withAlternativeNameEmail(String email) { if (email == null) throw new NullPointerException("Null email"); alternativeNames.add(new GeneralName(GeneralName.rfc822Name, email)); return this; }
From source file:org.xipki.ca.certprofile.XmlX509CertprofileUtil.java
License:Open Source License
private static GeneralSubtree buildGeneralSubtree(final GeneralSubtreeBaseType type) throws CertprofileException { GeneralName base = null;/* w w w . j a v a 2s .co m*/ if (type.getDirectoryName() != null) { base = new GeneralName(X509Util.reverse(new X500Name(type.getDirectoryName()))); } else if (type.getDNSName() != null) { base = new GeneralName(GeneralName.dNSName, type.getDNSName()); } else if (type.getIpAddress() != null) { base = new GeneralName(GeneralName.iPAddress, type.getIpAddress()); } else if (type.getRfc822Name() != null) { base = new GeneralName(GeneralName.rfc822Name, type.getRfc822Name()); } else if (type.getUri() != null) { base = new GeneralName(GeneralName.uniformResourceIdentifier, type.getUri()); } else { throw new RuntimeException("should not reach here, unknown child of GeneralSubtreeBaseType"); } Integer i = type.getMinimum(); if (i != null && i < 0) { throw new CertprofileException("negative minimum is not allowed: " + i); } BigInteger minimum = (i == null) ? null : BigInteger.valueOf(i.intValue()); i = type.getMaximum(); if (i != null && i < 0) { throw new CertprofileException("negative maximum is not allowed: " + i); } BigInteger maximum = (i == null) ? null : BigInteger.valueOf(i.intValue()); return new GeneralSubtree(base, minimum, maximum); }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionNameConstraintsSubtrees(final StringBuilder failureMsg, final String description, final GeneralSubtree[] subtrees, final List<QaGeneralSubtree> expectedSubtrees) { int iSize = subtrees == null ? 0 : subtrees.length; int eSize = expectedSubtrees == null ? 0 : expectedSubtrees.size(); if (iSize != eSize) { failureMsg.append("size of " + description + " is '" + iSize + "' but expected '" + eSize + "'"); failureMsg.append("; "); return;/* w w w .jav a2 s . c om*/ } for (int i = 0; i < iSize; i++) { GeneralSubtree iSubtree = subtrees[i]; QaGeneralSubtree eSubtree = expectedSubtrees.get(i); BigInteger bigInt = iSubtree.getMinimum(); int iMinimum = bigInt == null ? 0 : bigInt.intValue(); Integer _int = eSubtree.getMinimum(); int eMinimum = _int == null ? 0 : _int.intValue(); String desc = description + " [" + i + "]"; if (iMinimum != eMinimum) { failureMsg.append("minimum of " + desc + " is '" + iMinimum + "' but expected '" + eMinimum + "'"); failureMsg.append("; "); } bigInt = iSubtree.getMaximum(); Integer iMaximum = bigInt == null ? null : bigInt.intValue(); Integer eMaximum = eSubtree.getMaximum(); if (iMaximum != eMaximum) { failureMsg.append("maxmum of " + desc + " is '" + iMaximum + "' but expected '" + eMaximum + "'"); failureMsg.append("; "); } GeneralName iBase = iSubtree.getBase(); GeneralName eBase; if (eSubtree.getDirectoryName() != null) { eBase = new GeneralName(X509Util.reverse(new X500Name(eSubtree.getDirectoryName()))); } else if (eSubtree.getDNSName() != null) { eBase = new GeneralName(GeneralName.dNSName, eSubtree.getDNSName()); } else if (eSubtree.getIpAddress() != null) { eBase = new GeneralName(GeneralName.iPAddress, eSubtree.getIpAddress()); } else if (eSubtree.getRfc822Name() != null) { eBase = new GeneralName(GeneralName.rfc822Name, eSubtree.getRfc822Name()); } else if (eSubtree.getUri() != null) { eBase = new GeneralName(GeneralName.uniformResourceIdentifier, eSubtree.getUri()); } else { throw new RuntimeException("should not reach here, unknown child of GeneralName"); } if (iBase.equals(eBase) == false) { failureMsg.append("base of " + desc + " is '" + iBase + "' but expected '" + eBase + "'"); failureMsg.append("; "); } } }
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;//from w ww .j a v a2 s . c o m for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknwon GeneralName tag " + tag); } } // end switch }
From source file:org.xipki.ca.server.impl.IdentifiedX509Certprofile.java
License:Open Source License
private static GeneralName createGeneralName(final GeneralName reqName, final Set<GeneralNameMode> modes) throws BadCertTemplateException { int tag = reqName.getTagNo(); GeneralNameMode mode = null;//from w w w .j a v a 2s .c om for (GeneralNameMode m : modes) { if (m.getTag().getTag() == tag) { mode = m; break; } } if (mode == null) { throw new BadCertTemplateException("generalName tag " + tag + " is not allowed"); } switch (tag) { case GeneralName.rfc822Name: case GeneralName.dNSName: case GeneralName.uniformResourceIdentifier: case GeneralName.iPAddress: case GeneralName.registeredID: case GeneralName.directoryName: { return new GeneralName(tag, reqName.getName()); } case GeneralName.otherName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0)); if (mode.getAllowedTypes().contains(type) == false) { throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed"); } ASN1Encodable value = ((ASN1TaggedObject) reqSeq.getObjectAt(1)).getObject(); String text; if (value instanceof ASN1String == false) { throw new BadCertTemplateException("otherName.value is not a String"); } else { text = ((ASN1String) value).getString(); } ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(type); vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text))); DERSequence seq = new DERSequence(vector); return new GeneralName(GeneralName.otherName, seq); } case GeneralName.ediPartyName: { ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName()); int n = reqSeq.size(); String nameAssigner = null; int idx = 0; if (n > 1) { DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); nameAssigner = ds.getString(); } DirectoryString ds = DirectoryString .getInstance(((ASN1TaggedObject) reqSeq.getObjectAt(idx++)).getObject()); String partyName = ds.getString(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (nameAssigner != null) { vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner))); } vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName))); ASN1Sequence seq = new DERSequence(vector); return new GeneralName(GeneralName.ediPartyName, seq); } default: { throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag); } }// end switch(tag) }