List of usage examples for java.security.cert X509Certificate getSubjectAlternativeNames
public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException
From source file:org.cesecore.util.CertTools.java
/** * Gets the Microsoft specific GUID altName, that is encoded as an octect string. * // ww w. j a va 2 s . c o m * @param cert certificate containing the extension * @return String with the hex-encoded GUID byte array or null if the altName does not exist */ public static String getGuidAltName(Certificate cert) throws IOException, CertificateParsingException { if (cert instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) cert; Collection<List<?>> altNames = x509cert.getSubjectAlternativeNames(); if (altNames != null) { Iterator<List<?>> i = altNames.iterator(); while (i.hasNext()) { ASN1Sequence seq = getAltnameSequence((List<?>) i.next()); if (seq != null) { String guid = CertTools.getGUIDStringFromSequence(seq); if (guid != null) { return guid; } } } } } return null; }
From source file:org.cesecore.util.CertTools.java
/** * Search for e-mail address, first in SubjectAltName (as in PKIX recommendation) then in subject DN. Original author: Marco Ferrante, (c) 2005 * CSITA - University of Genoa (Italy)//ww w . java 2 s .com * * @param certificate * @return subject email or null if not present in certificate */ public static String getEMailAddress(Certificate certificate) { log.debug("Searching for EMail Address in SubjectAltName"); if (certificate == null) { return null; } if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; try { if (x509cert.getSubjectAlternativeNames() != null) { for (List<?> item : x509cert.getSubjectAlternativeNames()) { Integer type = (Integer) item.get(0); if (type.intValue() == 1) { return (String) item.get(1); } } } } catch (CertificateParsingException e) { log.error("Error parsing certificate: ", e); } log.debug("Searching for EMail Address in Subject DN"); ArrayList<String> emails = CertTools.getEmailFromDN(x509cert.getSubjectDN().getName()); if (!emails.isEmpty()) { return (String) emails.get(0); } } return null; }
From source file:org.cesecore.util.CertTools.java
/** * SubjectAltName ::= GeneralNames/*w w w . j av a 2 s .c om*/ * * GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName * * GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] * Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER} * * SubjectAltName is of form \"rfc822Name=<email>, dNSName=<host name>, uniformResourceIdentifier=<http://host.com/>, iPAddress=<address>, * guid=<globally unique id>, directoryName=<CN=testDirName|dir|name>, permanentIdentifier=<identifierValue/assigner|identifierValue|/assigner|/> * * Supported altNames are upn, krb5principal, rfc822Name, uniformResourceIdentifier, dNSName, iPAddress, directoryName, permanentIdentifier * * @author Marco Ferrante, (c) 2005 CSITA - University of Genoa (Italy) * @author Tomas Gustavsson * @param certificate containing alt names * @return String containing altNames of form * "rfc822Name=email, dNSName=hostname, uniformResourceIdentifier=uri, iPAddress=ip, upn=upn, directoryName=CN=testDirName|dir|name", permanentIdentifier=identifierValue/assigner or * empty string if no altNames exist. Values in returned String is from CertTools constants. AltNames not supported are simply not shown * in the resulting string. */ public static String getSubjectAlternativeName(Certificate certificate) { if (log.isTraceEnabled()) { log.trace(">getSubjectAlternativeName"); } String result = ""; if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; Collection<List<?>> altNames = null; try { altNames = x509cert.getSubjectAlternativeNames(); } catch (CertificateParsingException e) { throw new RuntimeException("Could not parse certificate", e); } if (altNames == null) { return null; } Iterator<List<?>> iter = altNames.iterator(); String append = ""; while (iter.hasNext()) { List<?> item = iter.next(); Integer type = (Integer) item.get(0); Object value = item.get(1); if (!StringUtils.isEmpty(result)) { // Result already contains one altname, so we have to add comma if there are more altNames append = ", "; } switch (type.intValue()) { case 0: ASN1Sequence seq = getAltnameSequence(item); String upn = getUPNStringFromSequence(seq); // OtherName can be something else besides UPN if (upn != null) { result += append + CertTools.UPN + "=" + upn; } else { String permanentIdentifier = getPermanentIdentifierStringFromSequence(seq); if (permanentIdentifier != null) { result += append + CertTools.PERMANENTIDENTIFIER + "=" + permanentIdentifier; } else { String krb5Principal = getKrb5PrincipalNameFromSequence(seq); if (krb5Principal != null) { result += append + CertTools.KRB5PRINCIPAL + "=" + krb5Principal; } else { String guid = getGUIDStringFromSequence(seq); if (guid != null) { result += append + CertTools.GUID + "=" + guid; } } } } break; case 1: result += append + CertTools.EMAIL + "=" + (String) value; break; case 2: result += append + CertTools.DNS + "=" + (String) value; break; case 3: // SubjectAltName of type x400Address not supported break; case 4: result += append + CertTools.DIRECTORYNAME + "=" + (String) value; break; case 5: // SubjectAltName of type ediPartyName not supported break; case 6: result += append + CertTools.URI + "=" + (String) value; break; case 7: result += append + CertTools.IPADDR + "=" + (String) value; break; default: // SubjectAltName of unknown type break; } } if (log.isTraceEnabled()) { log.trace("<getSubjectAlternativeName: " + result); } if (StringUtils.isEmpty(result)) { return null; } } return result; }