List of usage examples for org.bouncycastle.asn1.x509 X509Name EmailAddress
ASN1ObjectIdentifier EmailAddress
To view the source code for org.bouncycastle.asn1.x509 X509Name EmailAddress.
Click Source Link
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.FixedBCPKIXCertPathReviewer.java
License:Open Source License
private void checkNameConstraints() { X509Certificate cert = null;/*from ww w. jav a2s .com*/ // // Setup // // (b) and (c) PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator(); // // process each certificate except the self issued which are not last in the path // int index; try { for (index = certs.size() - 1; index >= 0; index--) { // // certificate processing // cert = (X509Certificate) certs.get(index); // b),c) if (!(isSelfIssued(cert) && index != 0)) { X500Principal principal = getSubjectPrincipal(cert); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded())); ASN1Sequence dns; try { dns = (ASN1Sequence) aIn.readObject(); } catch (IOException e) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncSubjectNameError", new Object[] { new UntrustedInput(principal) }); throw new CertPathReviewerException(msg, e, certPath, index); } try { nameConstraintValidator.checkPermittedDN(dns); } catch (PKIXNameConstraintValidatorException cpve) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[] { new UntrustedInput(principal.getName()) }); throw new CertPathReviewerException(msg, cpve, certPath, index); } try { nameConstraintValidator.checkExcludedDN(dns); } catch (PKIXNameConstraintValidatorException cpve) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[] { new UntrustedInput(principal.getName()) }); throw new CertPathReviewerException(msg, cpve, certPath, index); } //FIX (missing in orig cert path reviewer) Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress); for (Enumeration e = emails.elements(); e.hasMoreElements();) { String email = (String) e.nextElement(); GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email); try { nameConstraintValidator.checkPermitted(emailAsGeneralName); } catch (PKIXNameConstraintValidatorException cpve) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[] { new UntrustedInput(principal.getName()) }); throw new CertPathReviewerException(msg, cpve, certPath, index); } try { nameConstraintValidator.checkExcluded(emailAsGeneralName); } catch (PKIXNameConstraintValidatorException cpve) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[] { new UntrustedInput(principal.getName()) }); throw new CertPathReviewerException(msg, cpve, certPath, index); } } ASN1Sequence altName; try { altName = (ASN1Sequence) getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME); } catch (AnnotatedException ae) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.subjAltNameExtError"); throw new CertPathReviewerException(msg, ae, certPath, index); } if (altName != null) { for (int j = 0; j < altName.size(); j++) { GeneralName name = GeneralName.getInstance(altName.getObjectAt(j)); try { nameConstraintValidator.checkPermitted(name); nameConstraintValidator.checkExcluded(name); } catch (PKIXNameConstraintValidatorException cpve) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedEmail", new Object[] { new UntrustedInput(name) }); throw new CertPathReviewerException(msg, cpve, certPath, index); } } } } // // prepare for next certificate // // // (g) handle the name constraints extension // ASN1Sequence ncSeq; try { ncSeq = (ASN1Sequence) getExtensionValue(cert, NAME_CONSTRAINTS); } catch (AnnotatedException ae) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncExtError"); throw new CertPathReviewerException(msg, ae, certPath, index); } if (ncSeq != null) { NameConstraints nc = NameConstraints.getInstance(ncSeq); // // (g) (1) permitted subtrees // GeneralSubtree[] permitted = nc.getPermittedSubtrees(); if (permitted != null) { nameConstraintValidator.intersectPermittedSubtree(permitted); } // // (g) (2) excluded subtrees // GeneralSubtree[] excluded = nc.getExcludedSubtrees(); if (excluded != null) { for (int c = 0; c != excluded.length; c++) { nameConstraintValidator.addExcludedSubtree(excluded[c]); } } } } // for } catch (CertPathReviewerException cpre) { addError(cpre.getErrorMessage(), cpre.getIndex()); } }
From source file:net.java.bd.tools.security.X509BDJEntryConverter.java
License:Open Source License
public DERObject getConvertedValue(DERObjectIdentifier oid, String value) { if (value.length() != 0 && value.charAt(0) == '#') { try {//from w w w.j a v a 2s. c om return convertHexEncoded(value, 1); } catch (IOException e) { throw new RuntimeException("can't recode value for oid " + oid.getId()); } } else if (oid.equals(X509Name.EmailAddress) || oid.equals(X509Name.DC)) { return new DERIA5String(value); } else if (oid.equals(X509Name.DATE_OF_BIRTH)) { return new DERGeneralizedTime(value); //} else if (oid.equals(X509Name.C) || oid.equals(X509Name.SN) || oid.equals(X509Name.DN_QUALIFIER)){ // Blu-ray Specific, require UTF8String. MHP 12.5.6. } else if (oid.equals(X509Name.SN) || oid.equals(X509Name.DN_QUALIFIER)) { return new DERPrintableString(value); } return new DERUTF8String(value); }
From source file:org.cesecore.certificates.util.dn.PrintableStringEntryConverter.java
License:Open Source License
/** * Apply default coversion for the given value depending on the oid * and the character range of the value. * //from w w w.j av a2 s . com * @param oid the object identifier for the DN entry * @param value the value associated with it * @return the ASN.1 equivalent for the string value. */ public DERObject getConvertedValue(DERObjectIdentifier oid, String value) { if (value.length() != 0 && value.charAt(0) == '#') { try { return convertHexEncoded(value, 1); } catch (IOException e) { throw new RuntimeException("can't recode value for oid " + oid.getId()); } } else if (oid.equals(X509Name.EmailAddress) || oid.equals(X509Name.DC)) { return new DERIA5String(value); } else if (canBePrintable(value)) { return new DERPrintableString(value); } else if (canBeUTF8(value)) { return new DERUTF8String(value); } return new DERBMPString(value); }
From source file:org.glite.security.delegation.GrDPX509Util.java
License:Apache License
/** * Create an X509 Certificate DN/* w w w . ja v a2s . c om*/ * @param organization Organization * @param orgUnit Organization Unit * @param commonName X509 Common Name * @param country Country * @param email Email address * @return X509Name of generated DN * @deprecated Use org.glite.security.util.proxy.ProxyCertificateGenerator */ public static X509Name makeGridCertDN(String organization, String orgUnit, String commonName, String country, String email) { Hashtable attrs = new Hashtable(); attrs.put(X509Name.O, organization); attrs.put(X509Name.OU, orgUnit); attrs.put(X509Name.C, country); attrs.put(X509Name.EmailAddress, email); attrs.put(X509Name.CN, commonName); X509Name x509Name = new X509Name(attrs); LOGGER.debug("GrDPX509Util : " + x509Name.toString()); return x509Name; }
From source file:org.glite.voms.PKIUtils.java
License:Open Source License
/** * Gets an OpenSSL-style representation of a principal. * * @param principal the principal/*from www. jav a2 s. c o m*/ * * @return a String representing the principal. */ public static String getOpenSSLFormatPrincipal(Principal principal) { X509Name name = new X509Name(principal.getName()); Vector oids = name.getOIDs(); Vector values = name.getValues(); ListIterator oids_iter = oids.listIterator(); ListIterator values_iter = values.listIterator(); String result = new String(); while (oids_iter.hasNext()) { DERObjectIdentifier oid = (DERObjectIdentifier) oids_iter.next(); String value = (String) values_iter.next(); if (oid.equals(X509Name.C)) result += "/C=" + value; else if (oid.equals(X509Name.CN)) result += "/CN=" + value; else if (oid.equals(X509Name.DC)) result += "/DC=" + value; else if (oid.equals(X509Name.E)) result += "/E=" + value; else if (oid.equals(X509Name.EmailAddress)) result += "/Email=" + value; else if (oid.equals(X509Name.L)) result += "/L=" + value; else if (oid.equals(X509Name.O)) result += "/O=" + value; else if (oid.equals(X509Name.OU)) result += "/OU=" + value; else if (oid.equals(X509Name.ST)) result += "/ST=" + value; else if (oid.equals(X509Name.UID)) result += "/UID=" + value; else result += "/" + oid.toString() + "=" + value; } logger.debug("SSLFormat: " + result); return result; }
From source file:org.tolven.config.model.CredentialManager.java
License:Open Source License
private X500Principal getX500Principal(CertificateGroupDetail certGroupDetail) { return new X500Principal(X509Name.EmailAddress + "=" + certGroupDetail.getEmail() + "," + X509Name.CN + "=" + certGroupDetail.getCommonName() + "," + X509Name.OU + "=" + certGroupDetail.getOrganizationUnitName() + "," + X509Name.O + "=" + certGroupDetail.getOrganizationName() + "," + X509Name.ST + "=" + certGroupDetail.getStateOrProvince() + "," + X509Name.C + "=" + certGroupDetail.getCountryName()); }
From source file:org.tolven.gatekeeper.CertificateHelper.java
License:Open Source License
public static X500Principal getX500Principal(String email, String commonName, String organizationUnitName, String organizationName, String stateOrProvince) { if (null == email || null == commonName || null == organizationUnitName || null == organizationName || null == stateOrProvince) { throw new RuntimeException( "Certificate requires EmailAddress, Common Name, organizationUnitName, organizationName, stateOrProvince"); }//from w w w . j av a2 s.com Attributes attributes = new BasicAttributes(); attributes.put(X509Name.EmailAddress.toString(), email); attributes.put(X509Name.CN.toString(), commonName); attributes.put(X509Name.OU.toString(), organizationUnitName); attributes.put(X509Name.O.toString(), organizationName); attributes.put(X509Name.ST.toString(), stateOrProvince); Rdn rdn; try { rdn = new Rdn(attributes); } catch (InvalidNameException ex) { throw new RuntimeException("Failed to obtain a Relative Distinguised Name", ex); } return new X500Principal(rdn.toString()); }
From source file:org.tolven.security.CertificateHelper.java
License:Open Source License
public static X500Principal getX500Principal(String email, String commonName, String organizationUnitName, String organizationName, String stateOrProvince, String countryName) { if (null == email || null == commonName || null == organizationUnitName || null == organizationName || null == stateOrProvince || null == countryName) { throw new RuntimeException( "Certificate requires EmailAddress, Common Name, organizationUnitName, organizationName, stateOrProvince, and countryName"); }// w ww .j a v a 2 s . c o m Attributes attributes = new BasicAttributes(); attributes.put(X509Name.EmailAddress.toString(), email); attributes.put(X509Name.CN.toString(), commonName); attributes.put(X509Name.OU.toString(), organizationUnitName); attributes.put(X509Name.O.toString(), organizationName); attributes.put(X509Name.ST.toString(), stateOrProvince); attributes.put(X509Name.C.toString(), countryName); Rdn rdn; try { rdn = new Rdn(attributes); } catch (InvalidNameException ex) { throw new RuntimeException("Failed to obtain a Relative Distinguised Name", ex); } return new X500Principal(rdn.toString()); }