List of usage examples for org.bouncycastle.asn1.x509 X509Name getOIDs
public Vector getOIDs()
From source file:ClientOCSPDriver.java
License:Open Source License
/** Generates a signed OCSP client request with the parameters specified in the constructor. This method can only be called once./*ww w . java2 s .c om*/ @param signingalgorithm The algorithm, that should be used to sign the OCSP client request, default is "MD5WITHRSA". @param provider The provider used to compute the hashes and sign the request, default is "BC" (Bouncy Castle). @return The raw DER encoded client OCSP request. This data has to be transported over a specific protocol (such as HTTP) to the OCSP server in order to get an OCSP server response. */ public byte[] getRequest(String signingalgorithm, String provider, String user) throws OCSPException, NoSuchProviderException, IOException { if (calledgenerate) throw new OCSPException("Request was already generated!"); map.clear(); OCSPReqGenerator gen = new OCSPReqGenerator(); for (int i = 0; i < certificates.length; ++i) { CertificateID certid = new CertificateID(CertificateID.HASH_SHA1, mastercert, certificates[i].getSerialNumber()); System.out.println("issuerNameHash: " + toHexadecimal(certid.getIssuerNameHash())); System.out.println("issuerKeyHash: " + toHexadecimal(certid.getIssuerKeyHash())); System.out.println("serialNumber: " + certid.getSerialNumber()); map.put(certid, certificates[i]); gen.addRequest(certid); } ASN1Sequence seq = null; if (usercert != null && userkey != null && user == null) { X509Name subjectName = new X509Name(true, usercert.getSubjectX500Principal().getName()); Vector oids = subjectName.getOIDs(); Vector values = subjectName.getValues(); //Create a ASNSequence object for the subject DN seq = getASNSequence(oids, values); gen.setRequestorName(new GeneralName(new X509Name(seq))); } if (user != null) { gen.setRequestorName(new GeneralName(GeneralName.rfc822Name, user)); } //Include nonce extension 1.3.6.1.5.5.7.48.1.2 /* byte[] Nonce = new byte[16]; random.nextBytes(Nonce); ASN1EncodableVector v = new ASN1EncodableVector(); ASN1EncodableVector sVec = new ASN1EncodableVector(); DERObjectIdentifier oid = new DERObjectIdentifier("1.3.6.1.5.5.7.48.1.2"); v.add(oid); v.add(new DEROctetString(Nonce)); sVec.add(new DERSequence(v)); seq = new DERSequence(sVec); gen.setRequestExtensions(new X509Extensions(seq)); */ //End byte[] ocspdata = null; if (usercert != null && userkey != null) { ocspdata = gen.generate(signingalgorithm, userkey, new X509Certificate[] { usercert }, provider) .getEncoded(); } else { ocspdata = gen.generate().getEncoded(); } calledgenerate = true; return ocspdata; }
From source file:android.net.http.DomainNameChecker.java
License:Apache License
/** * Checks the site certificate against the DNS domain name of the site being visited * @param certificate The certificate to check * @param thisDomain The DNS domain name of the site being visited * @return True iff if there is a domain match as specified by RFC2818 *///from w ww .j av a 2s . c o m private static boolean matchDns(X509Certificate certificate, String thisDomain) { boolean hasDns = false; try { Collection subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { Iterator i = subjectAltNames.iterator(); while (i.hasNext()) { List altNameEntry = (List) (i.next()); if (altNameEntry != null && 2 <= altNameEntry.size()) { Integer altNameType = (Integer) (altNameEntry.get(0)); if (altNameType != null) { if (altNameType.intValue() == ALT_DNS_NAME) { hasDns = true; String altName = (String) (altNameEntry.get(1)); if (altName != null) { if (matchDns(thisDomain, altName)) { return true; } } } } } } } } catch (CertificateParsingException e) { // one way we can get here is if an alternative name starts with // '*' character, which is contrary to one interpretation of the // spec (a valid DNS name must start with a letter); there is no // good way around this, and in order to be compatible we proceed // to check the common name (ie, ignore alternative names) if (HttpLog.LOGV) { String errorMessage = e.getMessage(); if (errorMessage == null) { errorMessage = "failed to parse certificate"; } if (HttpLog.LOGV) { HttpLog.v("DomainNameChecker.matchDns(): " + errorMessage); } } } if (!hasDns) { X509Name xName = new X509Name(certificate.getSubjectDN().getName()); Vector val = xName.getValues(); Vector oid = xName.getOIDs(); for (int i = 0; i < oid.size(); i++) { if (oid.elementAt(i).equals(X509Name.CN)) { return matchDns(thisDomain, (String) (val.elementAt(i))); } } } return false; }
From source file:com.almarsoft.GroundhogReader.lib.DomainNameChecker.java
License:Apache License
/** * Checks the site certificate against the DNS domain name of the site being visited * @param certificate The certificate to check * @param thisDomain The DNS domain name of the site being visited * @return True iff if there is a domain match as specified by RFC2818 *///from www .j a v a 2 s. c om private static boolean matchDns(X509Certificate certificate, String thisDomain) { boolean hasDns = false; try { Collection subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { Iterator i = subjectAltNames.iterator(); while (i.hasNext()) { List altNameEntry = (List) (i.next()); if (altNameEntry != null && 2 <= altNameEntry.size()) { Integer altNameType = (Integer) (altNameEntry.get(0)); if (altNameType != null) { if (altNameType.intValue() == ALT_DNS_NAME) { hasDns = true; String altName = (String) (altNameEntry.get(1)); if (altName != null) { if (matchDns(thisDomain, altName)) { return true; } } } } } } } } catch (CertificateParsingException e) { // one way we can get here is if an alternative name starts with // '*' character, which is contrary to one interpretation of the // spec (a valid DNS name must start with a letter); there is no // good way around this, and in order to be compatible we proceed // to check the common name (ie, ignore alternative names) } if (!hasDns) { X509Name xName = new X509Name(certificate.getSubjectDN().getName()); Vector val = xName.getValues(); Vector oid = xName.getOIDs(); for (int i = 0; i < oid.size(); i++) { if (oid.elementAt(i).equals(X509Name.CN)) { return matchDns(thisDomain, (String) (val.elementAt(i))); } } } return false; }
From source file:com.fsck.k9.helper.DomainNameChecker.java
License:Apache License
/** * Checks the site certificate against the DNS domain name of the site being * visited/*from w w w .j a v a2s. co m*/ * * @param certificate * The certificate to check * @param thisDomain * The DNS domain name of the site being visited * @return True iff if there is a domain match as specified by RFC2818 */ private static boolean matchDns(X509Certificate certificate, String thisDomain) { boolean hasDns = false; try { Collection<?> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { Iterator<?> i = subjectAltNames.iterator(); while (i.hasNext()) { List<?> altNameEntry = (List<?>) (i.next()); if ((altNameEntry != null) && (2 <= altNameEntry.size())) { Integer altNameType = (Integer) (altNameEntry.get(0)); if (altNameType != null) { if (altNameType.intValue() == ALT_DNS_NAME) { hasDns = true; String altName = (String) (altNameEntry.get(1)); if (altName != null) { if (matchDns(thisDomain, altName)) { return true; } } } } } } } } catch (CertificateParsingException e) { // one way we can get here is if an alternative name starts with // '*' character, which is contrary to one interpretation of the // spec (a valid DNS name must start with a letter); there is no // good way around this, and in order to be compatible we proceed // to check the common name (ie, ignore alternative names) if (K9.DEBUG) { String errorMessage = e.getMessage(); if (errorMessage == null) { errorMessage = "failed to parse certificate"; } Log.v(K9.LOG_TAG, "DomainNameChecker.matchDns(): " + errorMessage); } } if (!hasDns) { X509Name xName = new X509Name(certificate.getSubjectDN().getName()); Vector<?> val = xName.getValues(); Vector<?> oid = xName.getOIDs(); for (int i = 0; i < oid.size(); i++) { if (oid.elementAt(i).equals(X509Name.CN)) { return matchDns(thisDomain, (String) (val.elementAt(i))); } } } return false; }
From source file:com.sun.identity.cardfactory.PPIDHelper.java
License:CDDL license
private static String orgIdString(X509Certificate relyingpartyCert) throws TokenIssuanceException { X500Principal principal = relyingpartyCert.getSubjectX500Principal(); String dn = principal.getName(); if (dn == null) { PublicKey publicKey = relyingpartyCert.getPublicKey(); return new String(publicKey.getEncoded()); }/*from w w w . j av a 2s .c o m*/ X509Name x509Name = new X509Name(dn); Vector oids = x509Name.getOIDs(); Vector values = x509Name.getValues(); int index = 0; StringBuffer orgIdStringBuffer = new StringBuffer("|"); for (Object oid : oids) { if ("O".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("O=\"\"|"); } else { orgIdStringBuffer.append("O=\"" + value + "\"|"); } } else if ("L".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("L=\"\"|"); } else { orgIdStringBuffer.append("L=\"" + value + "\"|"); } } else if ("S".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("S=\"\"|"); } else { orgIdStringBuffer.append("S=\"" + value + "\"|"); } } else if ("C".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("C=\"\"|"); } else { orgIdStringBuffer.append("C=\"" + value + "\"|"); } } else { System.out.println("unused oid (" + oid + "). Value=" + (String) values.get(index)); } index += 1; } if (orgIdStringBuffer.length() == 1) { // none of OLSC were found PublicKey publicKey = relyingpartyCert.getPublicKey(); return new String(publicKey.getEncoded()); } return orgIdStringBuffer.toString(); }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplayCA_IT.java
License:Open Source License
protected void initIssuerName() { m_sIssuerName = ""; X509Name aName = m_aX509.getIssuer(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); Vector<?> values = aName.getValues(); for (int i = 0; i < oidv.size(); i++) { m_sIssuerName = m_sIssuerName + X509Name.DefaultSymbols.get(oidv.elementAt(i)) + "=" + values.elementAt(i).toString() + ((m_bDisplayOID) ? (" (OID: " + oidv.elementAt(i).toString() + ")") : "") + " \n"; hm.put(oidv.elementAt(i), values.elementAt(i).toString()); }// ww w .java 2 s . c om //look for givename (=nome di battesimo) m_sIssuerDisplayName = ""; //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix; if (m_sIssuerDisplayName.length() == 0) { //check for O oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("o")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); } } if (m_sIssuerDisplayName.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); m_sIssuerCommonName = m_sIssuerDisplayName; } } if (m_sIssuerDisplayName.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) m_sIssuerDisplayName = hm.get(oix).toString(); } if (m_sIssuerDisplayName.length() == 0) m_sIssuerDisplayName = m_sIssuerName; //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerCommonName = hm.get(oix).toString(); } }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplaySubject_IT.java
License:Open Source License
protected void initSubjectName() { m_sSubjectName = ""; //print the subject //order of printing is as got in the CNIPA spec //first, grab the OID in the subject name X509Name aName = m_aX509.getSubject(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); Vector<?> values = aName.getValues(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); for (int i = 0; i < oidv.size(); i++) { m_sSubjectName = m_sSubjectName + X509Name.DefaultSymbols.get(oidv.elementAt(i)) + "=" + values.elementAt(i).toString() + ((m_bDisplayOID) ? (" (OID: " + oidv.elementAt(i).toString() + ")") : "") + " \n"; hm.put(oidv.elementAt(i), values.elementAt(i).toString()); }/*from w w w. ja v a 2 s .c o m*/ //extract data from subject name following CNIPA recommendation /* * first lookup for givenname and surname, if not existent * lookup for commonName (cn), if not existent * lookup for pseudonym () */ //look for givename (=nome di battesimo) m_sSubjectDisplayName = ""; //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("givenname")); if (hm.containsKey(oix)) { String tmpName = hm.get(oix).toString(); oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("surname")); if (hm.containsKey(oix)) m_sSubjectDisplayName = tmpName + " " + hm.get(oix).toString(); } if (m_sSubjectDisplayName.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sSubjectDisplayName = hm.get(oix).toString(); } } if (m_sSubjectDisplayName.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) m_sSubjectDisplayName = hm.get(oix).toString(); } if (m_sSubjectDisplayName.length() == 0) m_sSubjectDisplayName = m_sSubjectName; }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplaySubject_IT.java
License:Open Source License
protected void initIssuerName() { m_sIssuerName = ""; X509Name aName = m_aX509.getIssuer(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); Vector<?> values = aName.getValues(); for (int i = 0; i < oidv.size(); i++) { m_sIssuerName = m_sIssuerName + X509Name.DefaultSymbols.get(oidv.elementAt(i)) + "=" + values.elementAt(i).toString() + ((m_bDisplayOID) ? (" (OID: " + oidv.elementAt(i).toString() + ")") : "") + " \n"; hm.put(oidv.elementAt(i), values.elementAt(i).toString()); }/*from ww w .j a va2 s .c om*/ //look for givename (=nome di battesimo) m_sIssuerDisplayName = ""; //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix; if (m_sIssuerDisplayName.length() == 0) { //check for O oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("o")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); } } if (m_sIssuerDisplayName.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); } } if (m_sIssuerDisplayName.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) m_sIssuerDisplayName = hm.get(oix).toString(); } if (m_sIssuerDisplayName.length() == 0) m_sIssuerDisplayName = m_sIssuerName; //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerCommonName = hm.get(oix).toString(); } }
From source file:com.yacme.ext.oxsit.Helpers.java
License:Open Source License
public static String getIssuerName(X509Certificate _Cert) { //convert to bouncycaste String sRet = ""; ByteArrayInputStream as;// w w w . j a v a2 s.c o m try { as = new ByteArrayInputStream(_Cert.getEncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; ado = aderin.readObject(); X509CertificateStructure _aX509 = new X509CertificateStructure((ASN1Sequence) ado); //extract the name, same as in display X509Name aName = _aX509.getIssuer(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); Vector<?> values = aName.getValues(); for (int i = 0; i < oidv.size(); i++) { hm.put(oidv.elementAt(i), values.elementAt(i).toString()); } //look for givename (=nome di battesimo) //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix; if (sRet.length() == 0) { //check for O oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("o")); if (hm.containsKey(oix)) { sRet = hm.get(oix).toString(); } } if (sRet.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { sRet = hm.get(oix).toString(); } } if (sRet.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) sRet = hm.get(oix).toString(); } //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { sRet = sRet + ((sRet.length() > 0) ? ", " : "") + hm.get(oix).toString(); } } catch (IOException e) { e.printStackTrace(); } catch (CertificateEncodingException e) { e.printStackTrace(); } return sRet; }
From source file:org.ejbca.util.CertTools.java
License:Open Source License
/** * Obtain a X509Name reordered, if some fields from original X509Name * doesn't appear in "ordering" parameter, they will be added at end * in the original order./*from w w w . jav a 2s. c o m*/ * * @param x509Name the X509Name that is unordered * @param ldaporder true if LDAP ordering of DN should be used (default in EJBCA), false for X.500 order, ldap order is CN=A,OU=B,O=C,C=SE, x.500 order is the reverse * @return X509Name with ordered conmponents according to the orcering vector */ private static X509Name getOrderedX509Name(final X509Name x509Name, final boolean ldaporder, final X509NameEntryConverter converter) { //-- Null prevent // Guess order of the input name final boolean isLdapOrder = !isDNReversed(x509Name.toString()); //-- New order for the X509 Fields final List<DERObjectIdentifier> newOrdering = new ArrayList<DERObjectIdentifier>(); final List<Object> newValues = new ArrayList<Object>(); //-- Add ordered fields @SuppressWarnings("unchecked") final Vector<DERObjectIdentifier> allOids = x509Name.getOIDs(); // If we think the DN is in LDAP order, first order it as a LDAP DN, if we don't think it's LDAP order // order it as a X.500 DN final List<DERObjectIdentifier> ordering = getX509FieldOrder(isLdapOrder); final HashSet<DERObjectIdentifier> hs = new HashSet<DERObjectIdentifier>(allOids.size() + ordering.size()); for (final DERObjectIdentifier oid : ordering) { if (!hs.contains(oid)) { hs.add(oid); @SuppressWarnings("unchecked") final Vector<Object> valueList = x509Name.getValues(oid); //-- Only add the OID if has not null value for (final Object value : valueList) { newOrdering.add(oid); newValues.add(value); } } } //-- Add unexpected fields to the end for (final DERObjectIdentifier oid : allOids) { if (!hs.contains(oid)) { hs.add(oid); @SuppressWarnings("unchecked") final Vector<Object> valueList = x509Name.getValues(oid); //-- Only add the OID if has not null value for (final Object value : valueList) { newOrdering.add(oid); newValues.add(value); if (log.isDebugEnabled()) { log.debug("added --> " + oid + " val: " + value); } } } } // If the requested ordering was the reverse of the ordering the input string was in (by our guess in the beginning) // we have to reverse the vectors if (ldaporder != isLdapOrder) { if (log.isDebugEnabled()) { log.debug("Reversing order of DN, ldaporder=" + ldaporder + ", isLdapOrder=" + isLdapOrder); } Collections.reverse(newOrdering); Collections.reverse(newValues); } //-- Return X509Name with the ordered fields return new X509Name(new Vector<DERObjectIdentifier>(newOrdering), new Vector<Object>(newValues), converter); }