List of usage examples for org.bouncycastle.asn1.x509 X509Name getValues
public Vector getValues()
From source file:ClientOCSPDriver.java
License:Open Source License
/** Generates a signed OCSP client request with the parameters specified in the constructor. This method can only be called once.//from w ww .j a v a2 s . c o m @param signingalgorithm The algorithm, that should be used to sign the OCSP client request, default is "MD5WITHRSA". @param provider The provider used to compute the hashes and sign the request, default is "BC" (Bouncy Castle). @return The raw DER encoded client OCSP request. This data has to be transported over a specific protocol (such as HTTP) to the OCSP server in order to get an OCSP server response. */ public byte[] getRequest(String signingalgorithm, String provider, String user) throws OCSPException, NoSuchProviderException, IOException { if (calledgenerate) throw new OCSPException("Request was already generated!"); map.clear(); OCSPReqGenerator gen = new OCSPReqGenerator(); for (int i = 0; i < certificates.length; ++i) { CertificateID certid = new CertificateID(CertificateID.HASH_SHA1, mastercert, certificates[i].getSerialNumber()); System.out.println("issuerNameHash: " + toHexadecimal(certid.getIssuerNameHash())); System.out.println("issuerKeyHash: " + toHexadecimal(certid.getIssuerKeyHash())); System.out.println("serialNumber: " + certid.getSerialNumber()); map.put(certid, certificates[i]); gen.addRequest(certid); } ASN1Sequence seq = null; if (usercert != null && userkey != null && user == null) { X509Name subjectName = new X509Name(true, usercert.getSubjectX500Principal().getName()); Vector oids = subjectName.getOIDs(); Vector values = subjectName.getValues(); //Create a ASNSequence object for the subject DN seq = getASNSequence(oids, values); gen.setRequestorName(new GeneralName(new X509Name(seq))); } if (user != null) { gen.setRequestorName(new GeneralName(GeneralName.rfc822Name, user)); } //Include nonce extension 1.3.6.1.5.5.7.48.1.2 /* byte[] Nonce = new byte[16]; random.nextBytes(Nonce); ASN1EncodableVector v = new ASN1EncodableVector(); ASN1EncodableVector sVec = new ASN1EncodableVector(); DERObjectIdentifier oid = new DERObjectIdentifier("1.3.6.1.5.5.7.48.1.2"); v.add(oid); v.add(new DEROctetString(Nonce)); sVec.add(new DERSequence(v)); seq = new DERSequence(sVec); gen.setRequestExtensions(new X509Extensions(seq)); */ //End byte[] ocspdata = null; if (usercert != null && userkey != null) { ocspdata = gen.generate(signingalgorithm, userkey, new X509Certificate[] { usercert }, provider) .getEncoded(); } else { ocspdata = gen.generate().getEncoded(); } calledgenerate = true; return ocspdata; }
From source file:android.net.http.DomainNameChecker.java
License:Apache License
/** * Checks the site certificate against the DNS domain name of the site being visited * @param certificate The certificate to check * @param thisDomain The DNS domain name of the site being visited * @return True iff if there is a domain match as specified by RFC2818 */// ww w .j a v a 2 s.c o m private static boolean matchDns(X509Certificate certificate, String thisDomain) { boolean hasDns = false; try { Collection subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { Iterator i = subjectAltNames.iterator(); while (i.hasNext()) { List altNameEntry = (List) (i.next()); if (altNameEntry != null && 2 <= altNameEntry.size()) { Integer altNameType = (Integer) (altNameEntry.get(0)); if (altNameType != null) { if (altNameType.intValue() == ALT_DNS_NAME) { hasDns = true; String altName = (String) (altNameEntry.get(1)); if (altName != null) { if (matchDns(thisDomain, altName)) { return true; } } } } } } } } catch (CertificateParsingException e) { // one way we can get here is if an alternative name starts with // '*' character, which is contrary to one interpretation of the // spec (a valid DNS name must start with a letter); there is no // good way around this, and in order to be compatible we proceed // to check the common name (ie, ignore alternative names) if (HttpLog.LOGV) { String errorMessage = e.getMessage(); if (errorMessage == null) { errorMessage = "failed to parse certificate"; } if (HttpLog.LOGV) { HttpLog.v("DomainNameChecker.matchDns(): " + errorMessage); } } } if (!hasDns) { X509Name xName = new X509Name(certificate.getSubjectDN().getName()); Vector val = xName.getValues(); Vector oid = xName.getOIDs(); for (int i = 0; i < oid.size(); i++) { if (oid.elementAt(i).equals(X509Name.CN)) { return matchDns(thisDomain, (String) (val.elementAt(i))); } } } return false; }
From source file:com.almarsoft.GroundhogReader.lib.DomainNameChecker.java
License:Apache License
/** * Checks the site certificate against the DNS domain name of the site being visited * @param certificate The certificate to check * @param thisDomain The DNS domain name of the site being visited * @return True iff if there is a domain match as specified by RFC2818 *//*w w w. j a v a 2 s.co m*/ private static boolean matchDns(X509Certificate certificate, String thisDomain) { boolean hasDns = false; try { Collection subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { Iterator i = subjectAltNames.iterator(); while (i.hasNext()) { List altNameEntry = (List) (i.next()); if (altNameEntry != null && 2 <= altNameEntry.size()) { Integer altNameType = (Integer) (altNameEntry.get(0)); if (altNameType != null) { if (altNameType.intValue() == ALT_DNS_NAME) { hasDns = true; String altName = (String) (altNameEntry.get(1)); if (altName != null) { if (matchDns(thisDomain, altName)) { return true; } } } } } } } } catch (CertificateParsingException e) { // one way we can get here is if an alternative name starts with // '*' character, which is contrary to one interpretation of the // spec (a valid DNS name must start with a letter); there is no // good way around this, and in order to be compatible we proceed // to check the common name (ie, ignore alternative names) } if (!hasDns) { X509Name xName = new X509Name(certificate.getSubjectDN().getName()); Vector val = xName.getValues(); Vector oid = xName.getOIDs(); for (int i = 0; i < oid.size(); i++) { if (oid.elementAt(i).equals(X509Name.CN)) { return matchDns(thisDomain, (String) (val.elementAt(i))); } } } return false; }
From source file:com.fsck.k9.helper.DomainNameChecker.java
License:Apache License
/** * Checks the site certificate against the DNS domain name of the site being * visited/*ww w .j av a2s. com*/ * * @param certificate * The certificate to check * @param thisDomain * The DNS domain name of the site being visited * @return True iff if there is a domain match as specified by RFC2818 */ private static boolean matchDns(X509Certificate certificate, String thisDomain) { boolean hasDns = false; try { Collection<?> subjectAltNames = certificate.getSubjectAlternativeNames(); if (subjectAltNames != null) { Iterator<?> i = subjectAltNames.iterator(); while (i.hasNext()) { List<?> altNameEntry = (List<?>) (i.next()); if ((altNameEntry != null) && (2 <= altNameEntry.size())) { Integer altNameType = (Integer) (altNameEntry.get(0)); if (altNameType != null) { if (altNameType.intValue() == ALT_DNS_NAME) { hasDns = true; String altName = (String) (altNameEntry.get(1)); if (altName != null) { if (matchDns(thisDomain, altName)) { return true; } } } } } } } } catch (CertificateParsingException e) { // one way we can get here is if an alternative name starts with // '*' character, which is contrary to one interpretation of the // spec (a valid DNS name must start with a letter); there is no // good way around this, and in order to be compatible we proceed // to check the common name (ie, ignore alternative names) if (K9.DEBUG) { String errorMessage = e.getMessage(); if (errorMessage == null) { errorMessage = "failed to parse certificate"; } Log.v(K9.LOG_TAG, "DomainNameChecker.matchDns(): " + errorMessage); } } if (!hasDns) { X509Name xName = new X509Name(certificate.getSubjectDN().getName()); Vector<?> val = xName.getValues(); Vector<?> oid = xName.getOIDs(); for (int i = 0; i < oid.size(); i++) { if (oid.elementAt(i).equals(X509Name.CN)) { return matchDns(thisDomain, (String) (val.elementAt(i))); } } } return false; }
From source file:com.sun.identity.cardfactory.PPIDHelper.java
License:CDDL license
private static String orgIdString(X509Certificate relyingpartyCert) throws TokenIssuanceException { X500Principal principal = relyingpartyCert.getSubjectX500Principal(); String dn = principal.getName(); if (dn == null) { PublicKey publicKey = relyingpartyCert.getPublicKey(); return new String(publicKey.getEncoded()); }// w ww . ja va 2 s . c o m X509Name x509Name = new X509Name(dn); Vector oids = x509Name.getOIDs(); Vector values = x509Name.getValues(); int index = 0; StringBuffer orgIdStringBuffer = new StringBuffer("|"); for (Object oid : oids) { if ("O".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("O=\"\"|"); } else { orgIdStringBuffer.append("O=\"" + value + "\"|"); } } else if ("L".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("L=\"\"|"); } else { orgIdStringBuffer.append("L=\"" + value + "\"|"); } } else if ("S".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("S=\"\"|"); } else { orgIdStringBuffer.append("S=\"" + value + "\"|"); } } else if ("C".equals(oid)) { String value = (String) values.get(index); if (value == null) { orgIdStringBuffer.append("C=\"\"|"); } else { orgIdStringBuffer.append("C=\"" + value + "\"|"); } } else { System.out.println("unused oid (" + oid + "). Value=" + (String) values.get(index)); } index += 1; } if (orgIdStringBuffer.length() == 1) { // none of OLSC were found PublicKey publicKey = relyingpartyCert.getPublicKey(); return new String(publicKey.getEncoded()); } return orgIdStringBuffer.toString(); }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplayCA_IT.java
License:Open Source License
protected void initIssuerName() { m_sIssuerName = ""; X509Name aName = m_aX509.getIssuer(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); Vector<?> values = aName.getValues(); for (int i = 0; i < oidv.size(); i++) { m_sIssuerName = m_sIssuerName + X509Name.DefaultSymbols.get(oidv.elementAt(i)) + "=" + values.elementAt(i).toString() + ((m_bDisplayOID) ? (" (OID: " + oidv.elementAt(i).toString() + ")") : "") + " \n"; hm.put(oidv.elementAt(i), values.elementAt(i).toString()); }//w ww .j av a 2 s . c om //look for givename (=nome di battesimo) m_sIssuerDisplayName = ""; //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix; if (m_sIssuerDisplayName.length() == 0) { //check for O oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("o")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); } } if (m_sIssuerDisplayName.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); m_sIssuerCommonName = m_sIssuerDisplayName; } } if (m_sIssuerDisplayName.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) m_sIssuerDisplayName = hm.get(oix).toString(); } if (m_sIssuerDisplayName.length() == 0) m_sIssuerDisplayName = m_sIssuerName; //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerCommonName = hm.get(oix).toString(); } }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplaySubject_IT.java
License:Open Source License
protected void initSubjectName() { m_sSubjectName = ""; //print the subject //order of printing is as got in the CNIPA spec //first, grab the OID in the subject name X509Name aName = m_aX509.getSubject(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); Vector<?> values = aName.getValues(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); for (int i = 0; i < oidv.size(); i++) { m_sSubjectName = m_sSubjectName + X509Name.DefaultSymbols.get(oidv.elementAt(i)) + "=" + values.elementAt(i).toString() + ((m_bDisplayOID) ? (" (OID: " + oidv.elementAt(i).toString() + ")") : "") + " \n"; hm.put(oidv.elementAt(i), values.elementAt(i).toString()); }// w w w . jav a 2s. c o m //extract data from subject name following CNIPA recommendation /* * first lookup for givenname and surname, if not existent * lookup for commonName (cn), if not existent * lookup for pseudonym () */ //look for givename (=nome di battesimo) m_sSubjectDisplayName = ""; //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("givenname")); if (hm.containsKey(oix)) { String tmpName = hm.get(oix).toString(); oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("surname")); if (hm.containsKey(oix)) m_sSubjectDisplayName = tmpName + " " + hm.get(oix).toString(); } if (m_sSubjectDisplayName.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sSubjectDisplayName = hm.get(oix).toString(); } } if (m_sSubjectDisplayName.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) m_sSubjectDisplayName = hm.get(oix).toString(); } if (m_sSubjectDisplayName.length() == 0) m_sSubjectDisplayName = m_sSubjectName; }
From source file:com.yacme.ext.oxsit.cust_it.comp.security.cert.X509CertDisplaySubject_IT.java
License:Open Source License
protected void initIssuerName() { m_sIssuerName = ""; X509Name aName = m_aX509.getIssuer(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); Vector<?> values = aName.getValues(); for (int i = 0; i < oidv.size(); i++) { m_sIssuerName = m_sIssuerName + X509Name.DefaultSymbols.get(oidv.elementAt(i)) + "=" + values.elementAt(i).toString() + ((m_bDisplayOID) ? (" (OID: " + oidv.elementAt(i).toString() + ")") : "") + " \n"; hm.put(oidv.elementAt(i), values.elementAt(i).toString()); }/*from w ww .j a va 2 s .c om*/ //look for givename (=nome di battesimo) m_sIssuerDisplayName = ""; //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix; if (m_sIssuerDisplayName.length() == 0) { //check for O oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("o")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); } } if (m_sIssuerDisplayName.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerDisplayName = hm.get(oix).toString(); } } if (m_sIssuerDisplayName.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) m_sIssuerDisplayName = hm.get(oix).toString(); } if (m_sIssuerDisplayName.length() == 0) m_sIssuerDisplayName = m_sIssuerName; //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { m_sIssuerCommonName = hm.get(oix).toString(); } }
From source file:com.yacme.ext.oxsit.Helpers.java
License:Open Source License
public static String getIssuerName(X509Certificate _Cert) { //convert to bouncycaste String sRet = ""; ByteArrayInputStream as;//from w ww . j ava2s . c o m try { as = new ByteArrayInputStream(_Cert.getEncoded()); ASN1InputStream aderin = new ASN1InputStream(as); DERObject ado; ado = aderin.readObject(); X509CertificateStructure _aX509 = new X509CertificateStructure((ASN1Sequence) ado); //extract the name, same as in display X509Name aName = _aX509.getIssuer(); Vector<DERObjectIdentifier> oidv = aName.getOIDs(); HashMap<DERObjectIdentifier, String> hm = new HashMap<DERObjectIdentifier, String>(20); Vector<?> values = aName.getValues(); for (int i = 0; i < oidv.size(); i++) { hm.put(oidv.elementAt(i), values.elementAt(i).toString()); } //look for givename (=nome di battesimo) //see BC source code for details about DefaultLookUp behaviour DERObjectIdentifier oix; if (sRet.length() == 0) { //check for O oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("o")); if (hm.containsKey(oix)) { sRet = hm.get(oix).toString(); } } if (sRet.length() == 0) { //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { sRet = hm.get(oix).toString(); } } if (sRet.length() == 0) { //if still not, check for pseudodym oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("pseudonym")); if (hm.containsKey(oix)) sRet = hm.get(oix).toString(); } //check for CN oix = (DERObjectIdentifier) (X509Name.DefaultLookUp.get("cn")); if (hm.containsKey(oix)) { sRet = sRet + ((sRet.length() > 0) ? ", " : "") + hm.get(oix).toString(); } } catch (IOException e) { e.printStackTrace(); } catch (CertificateEncodingException e) { e.printStackTrace(); } return sRet; }
From source file:org.glite.security.util.DNImplRFC2253.java
License:Apache License
/** * Creates a new DNImpl object.//from ww w. j a v a 2 s .c o m * * @param x509Name The X509Name instance holding the information to generate the DN from. */ @SuppressWarnings("unchecked") public DNImplRFC2253(X509Name x509Name) { m_oids = (DERObjectIdentifier[]) x509Name.getOIDs().toArray(new DERObjectIdentifier[] {}); m_rdns = (String[]) x509Name.getValues().toArray(new String[0]); m_count = m_oids.length; }