List of usage examples for org.bouncycastle.asn1.x509 X509NameTokenizer nextToken
public String nextToken()
From source file:net.jxta.impl.membership.pse.PSEUtils.java
License:Open Source License
/** * return the CN token from the provided cert's subjectDN * * @param cert the certificate to examine * @return the CN name or null if none could be found. *//*from w w w. j a v a 2 s . c om*/ public static String getCertSubjectCName(X509Certificate cert) { // get the subject dname X500Principal subject = cert.getSubjectX500Principal(); X509NameTokenizer tokens = new X509NameTokenizer(subject.getName()); // iterate over the attributes of the dname while (tokens.hasMoreTokens()) { String aToken = tokens.nextToken(); if (aToken.length() < 3) { continue; } String attribute = aToken.substring(0, 3); if ("CN=".equalsIgnoreCase(attribute)) { return aToken.substring(3); } } return null; }
From source file:net.jxta.impl.membership.pse.PSEUtils.java
License:Open Source License
/** * return the CN token from the provided cert's issuerDN * * @param cert the certificate to examine * @return the CN name or null if none could be found. *//*from ww w .jav a 2 s . c om*/ public static String getCertIssuerCName(X509Certificate cert) { // get the subject dname X500Principal issuer = cert.getIssuerX500Principal(); X509NameTokenizer tokens = new X509NameTokenizer(issuer.getName()); // iterate over the attributes of the dname while (tokens.hasMoreTokens()) { String aToken = tokens.nextToken(); if (aToken.length() < 3) { continue; } String attribute = aToken.substring(0, 3); if ("CN=".equalsIgnoreCase(attribute)) { return aToken.substring(3); } } return null; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Tries to determine if a DN is in reversed form. It does this by taking the last attribute and the first attribute. If the last attribute comes * before the first in the dNObjects array the DN is assumed to be in reversed order. * /*from www . jav a 2s.c o m*/ * The default ordering is: "CN=Tomas, O=PrimeKey, C=SE" (dNObjectsForward ordering in EJBCA) a dn or form "C=SE, O=PrimeKey, CN=Tomas" is * reversed. * * If the string has only one component (e.g. "CN=example.com") then this method returns false. * * @param dn String containing DN to be checked, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". * @return true if the DN is believed to be in reversed order, false otherwise */ public static boolean isDNReversed(String dn) { /* * if (log.isTraceEnabled()) { log.trace(">isDNReversed: dn: " + dn); } */ boolean ret = false; if (dn != null) { String first = null; String last = null; X509NameTokenizer xt = new X509NameTokenizer(dn); if (xt.hasMoreTokens()) { first = xt.nextToken().trim(); } while (xt.hasMoreTokens()) { last = xt.nextToken().trim(); } String[] dNObjects = DnComponents.getDnObjects(true); if ((first != null) && (last != null)) { first = first.substring(0, first.indexOf('=')); last = last.substring(0, last.indexOf('=')); int firsti = 0, lasti = 0; for (int i = 0; i < dNObjects.length; i++) { if (first.equalsIgnoreCase(dNObjects[i])) { firsti = i; } if (last.equalsIgnoreCase(dNObjects[i])) { lasti = i; } } if (lasti < firsti) { ret = true; } } } /* * if (log.isTraceEnabled()) { log.trace("<isDNReversed: " + ret); } */ return ret; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Checks if a DN has at least two components. Then the DN can be in either LDAP or X500 order. * Otherwise it's not possible to determine the order. *///from w ww. j ava 2 s.c o m public static boolean dnHasMultipleComponents(String dn) { final X509NameTokenizer xt = new X509NameTokenizer(dn); if (xt.hasMoreTokens()) { xt.nextToken(); return xt.hasMoreTokens(); } return false; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Gets a list of all custom OIDs defined in the string. A custom OID is defined as an OID, simply as that. Otherwise, if it is not a custom oid, * the DNpart is defined by a name such as CN och rfc822Name. This method only returns a oid once, so if the input string has multiple of the same * oid, only one value is returned./*from www . j a v a 2 s .c om*/ * * @param dn String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz", or "rfc822Name=foo@bar.com", etc. * @param dnpart String specifying which part of the DN to get, should be "CN" or "OU" etc. * * @return ArrayList containing unique oids or empty list if no custom OIDs are present */ public static ArrayList<String> getCustomOids(String dn) { if (log.isTraceEnabled()) { log.trace(">getCustomOids: dn:'" + dn); } ArrayList<String> parts = new ArrayList<String>(); if (dn != null) { String o; X509NameTokenizer xt = new X509NameTokenizer(dn); while (xt.hasMoreTokens()) { o = xt.nextToken().trim(); // Try to see if it is a valid OID try { int i = o.indexOf('='); // An oid is never shorter than 3 chars and must start with 1. if ((i > 2) && (o.charAt(1) == '.')) { String oid = o.substring(0, i); // If we have multiple of the same custom oid, don't claim that we have more // This method will only return "unique" custom oids. if (!parts.contains(oid)) { // Check if it is a real oid, if it is not we will ignore it (IllegalArgumentException will be thrown) new ASN1ObjectIdentifier(oid); parts.add(oid); } } } catch (IllegalArgumentException e) { // Not a valid oid } } } if (log.isTraceEnabled()) { log.trace("<getCustomOids: resulting DN part=" + parts.toString()); } return parts; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Splits a DN into components./*from w ww . j a va 2s. c om*/ * @see X509NameTokenizer */ public static List<String> getX500NameComponents(String dn) { List<String> ret = new ArrayList<String>(); X509NameTokenizer tokenizer = new X509NameTokenizer(dn); while (tokenizer.hasMoreTokens()) { ret.add(tokenizer.nextToken()); } return ret; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Returns the parent DN of a DN string, e.g. if the input is * "cn=User,dc=example,dc=com" then it would return "dc=example,dc=com". * Returns an empty string if there is no parent DN. *//*from w w w. ja v a 2s . c o m*/ public static String getParentDN(String dn) { final X509NameTokenizer tokenizer = new X509NameTokenizer(dn); tokenizer.nextToken(); return tokenizer.getRemainingString(); }
From source file:org.ejbca.util.CertTools.java
License:Open Source License
/** * Creates a (Bouncycastle) X509Name object from a string with a DN. Known OID * (with order) are:// ww w . ja v a 2 s . c o m * <code> EmailAddress, UID, CN, SN (SerialNumber), GivenName, Initials, SurName, T, OU, * O, L, ST, DC, C </code> * To change order edit 'dnObjects' in this source file. Important NOT to mess * with the ordering within this class, since cert vierification on some * clients (IE :-() might depend on order. * * @param dn * String containing DN that will be transformed into X509Name, The * DN string has the format "CN=zz,OU=yy,O=foo,C=SE". Unknown OIDs in * the string will be added to the end positions of OID array. * @param converter BC converter for DirectoryStrings, that determines which encoding is chosen * @param ldaporder true if LDAP ordering of DN should be used (default in EJBCA), false for X.500 order, ldap order is CN=A,OU=B,O=C,C=SE, x.500 order is the reverse * @return X509Name or null if input is null */ public static X509Name stringToBcX509Name(String dn, X509NameEntryConverter converter, boolean ldaporder) { if (dn == null) { return null; } Vector<DERObjectIdentifier> defaultOrdering = new Vector<DERObjectIdentifier>(); Vector<String> values = new Vector<String>(); X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(dn); while (x509NameTokenizer.hasMoreTokens()) { // This is a pair key=val (CN=xx) String pair = x509NameTokenizer.nextToken(); // Will escape '+' and initial '#' chars int index = pair.indexOf('='); if (index != -1) { String key = pair.substring(0, index).toLowerCase().trim(); String val = pair.substring(index + 1); if (val != null) { // String whitespace from the beginning of the value, to handle the case // where someone type CN = Foo Bar val = StringUtils.stripStart(val, null); } // -- First search the OID by name in declared OID's DERObjectIdentifier oid = DnComponents.getOid(key); try { // -- If isn't declared, we try to create it if (oid == null) { oid = new DERObjectIdentifier(key); } defaultOrdering.add(oid); values.add(getUnescapedPlus(val)); } catch (IllegalArgumentException e) { // If it is not an OID we will ignore it log.warn("Unknown DN component ignored and silently dropped: " + key); } } else { log.warn("No 'key=value' pair encountered in token '" + pair + "' while converting subject DN '" + dn + "' into X509Name."); } } X509Name x509Name = new X509Name(defaultOrdering, values, converter); //-- Reorder fields X509Name orderedX509Name = getOrderedX509Name(x509Name, ldaporder, converter); //log.trace("<stringToBcX509Name"); return orderedX509Name; }
From source file:org.ejbca.util.CertTools.java
License:Open Source License
/** * Tries to determine if a DN is in reversed form. It does this by taking the last attribute * and the first attribute. If the last attribute comes before the first in the dNObjects array * the DN is assumed to be in reversed order. * /*from w w w. jav a 2 s . c o m*/ * The default ordering is: * "CN=Tomas, O=PrimeKey, C=SE" (dNObjectsForward ordering in EJBCA) a dn or form "C=SE, O=PrimeKey, CN=Tomas" is reversed. * * * @param dn String containing DN to be checked, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". * * @return true if the DN is believed to be in reversed order, false otherwise */ protected static boolean isDNReversed(String dn) { /*if (log.isTraceEnabled()) { log.trace(">isDNReversed: dn: " + dn); }*/ boolean ret = false; if (dn != null) { String first = null; String last = null; X509NameTokenizer xt = new X509NameTokenizer(dn); if (xt.hasMoreTokens()) { first = xt.nextToken(); } while (xt.hasMoreTokens()) { last = xt.nextToken(); } String[] dNObjects = DnComponents.getDnObjects(true); if ((first != null) && (last != null)) { first = first.substring(0, first.indexOf('=')); last = last.substring(0, last.indexOf('=')); int firsti = 0, lasti = 0; for (int i = 0; i < dNObjects.length; i++) { if (first.toLowerCase().equals(dNObjects[i])) { firsti = i; } if (last.toLowerCase().equals(dNObjects[i])) { lasti = i; } } if (lasti < firsti) { ret = true; } } } /*if (log.isTraceEnabled()) { log.trace("<isDNReversed: " + ret); }*/ return ret; }
From source file:org.ejbca.util.CertTools.java
License:Open Source License
/** * Gets a specified part of a DN. Specifically the first occurrence it the DN contains several * instances of a part (i.e. cn=x, cn=y returns x). * * @param dn String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". * @param dnpart String specifying which part of the DN to get, should be "CN" or "OU" etc. * * @return String containing dnpart or null if dnpart is not present */// w w w .j a v a 2 s . c o m public static String getPartFromDN(String dn, String dnpart) { if (log.isTraceEnabled()) { log.trace(">getPartFromDN: dn:'" + dn + "', dnpart=" + dnpart); } String part = null; if ((dn != null) && (dnpart != null)) { String o; dnpart += "="; // we search for 'CN=' etc. X509NameTokenizer xt = new X509NameTokenizer(dn); while (xt.hasMoreTokens()) { o = xt.nextToken(); //log.debug("checking: "+o.substring(0,dnpart.length())); if ((o.length() > dnpart.length()) && o.substring(0, dnpart.length()).equalsIgnoreCase(dnpart)) { part = o.substring(dnpart.length()); break; } } } if (log.isTraceEnabled()) { log.trace("<getpartFromDN: resulting DN part=" + part); } return part; }