/** * Get subject name from a certificate, using the currently configured X500DNHandler * and subject DN output format. * * @param cert the certificate being processed * @return the subject name */ protected String getSubjectName(java.security.cert.X509Certificate cert) { if (cert == null) { return null; } if (! DatatypeHelper.isEmpty(options.x500SubjectDNFormat)) { return options.x500DNHandler.getName(cert.getSubjectX500Principal(), options.x500SubjectDNFormat); } else { return options.x500DNHandler.getName(cert.getSubjectX500Principal()); } }
/** {@inheritDoc} */ public CertificateNameOptions clone() { CertificateNameOptions clonedOptions; try { clonedOptions = (CertificateNameOptions) super.clone(); } catch (CloneNotSupportedException e) { // we know we're cloneable, so this will never happen return null; } clonedOptions.subjectAltNames = new LinkedHashSet<Integer>(); clonedOptions.subjectAltNames.addAll(this.subjectAltNames); clonedOptions.x500DNHandler = this.x500DNHandler.clone(); return clonedOptions; }
log.debug("Extracted X500Principal from certificate: {}", x500DNHandler.getName(subjectPrincipal)); trustedNamePrincipal = x500DNHandler.parse(trustedName); log.debug("Evaluating principal successfully parsed from trusted name: {}", trustedName); if (subjectPrincipal.equals(trustedNamePrincipal)) { if (log.isDebugEnabled()) { log.debug("Matched subject DN to trusted names: {}", x500DNHandler.getName(subjectPrincipal));
/** * Find the certificate from the chain that contains one of the specified subject names. * * @param certs list of certificates to evaluate * @param names X509 subject names to use as search criteria * @return the matching certificate, or null */ protected X509Certificate findCertFromSubjectNames(List<X509Certificate> certs, List<X509SubjectName> names) { for (X509SubjectName subjectName : names) { if (! DatatypeHelper.isEmpty(subjectName.getValue())) { X500Principal subjectX500Principal = null; try { subjectX500Principal = x500DNHandler.parse(subjectName.getValue()); } catch (IllegalArgumentException e) { log.warn("X500 subject name '{}' could not be parsed by configured X500DNHandler '{}'", subjectName.getValue(), x500DNHandler.getClass().getName()); return null; } for (X509Certificate cert : certs) { if (cert.getSubjectX500Principal().equals(subjectX500Principal)) { return cert; } } } } return null; }
/** * Find the certificate from the chain that contains one of the specified subject names. * * @param certs list of certificates to evaluate * @param names X509 subject names to use as search criteria * @return the matching certificate, or null */ protected X509Certificate findCertFromSubjectNames(List<X509Certificate> certs, List<X509SubjectName> names) { for (X509SubjectName subjectName : names) { if (! DatatypeHelper.isEmpty(subjectName.getValue())) { X500Principal subjectX500Principal = null; try { subjectX500Principal = x500DNHandler.parse(subjectName.getValue()); } catch (IllegalArgumentException e) { log.warn("X500 subject name '{}' could not be parsed by configured X500DNHandler '{}'", subjectName.getValue(), x500DNHandler.getClass().getName()); return null; } for (X509Certificate cert : certs) { if (cert.getSubjectX500Principal().equals(subjectX500Principal)) { return cert; } } } } return null; }
/** * Get issuer name from a certificate, using the currently configured X500DNHandler * and issuer DN output format. * * @param cert the certificate being processed * @return the issuer name */ protected String getIssuerName(java.security.cert.X509Certificate cert) { if (cert == null) { return null; } if (! DatatypeHelper.isEmpty(options.x500IssuerDNFormat)) { return options.x500DNHandler.getName(cert.getIssuerX500Principal(), options.x500IssuerDNFormat); } else { return options.x500DNHandler.getName(cert.getIssuerX500Principal()); } }
log.debug("Extracted X500Principal from certificate: {}", x500DNHandler.getName(subjectPrincipal)); trustedNamePrincipal = x500DNHandler.parse(trustedName); log.debug("Evaluating principal successfully parsed from trusted name: {}", trustedName); if (subjectPrincipal.equals(trustedNamePrincipal)) { if (log.isDebugEnabled()) { log.debug("Matched subject DN to trusted names: {}", x500DNHandler.getName(subjectPrincipal));
/** {@inheritDoc} */ protected X509Options clone() { X509Options clonedOptions = (X509Options) super.clone(); clonedOptions.subjectAltNames = new LazySet<Integer>(); clonedOptions.subjectAltNames.addAll(this.subjectAltNames); clonedOptions.x500DNHandler = this.x500DNHandler.clone(); return clonedOptions; }
X500Principal issuerX500Principal = null; try { issuerX500Principal = x500DNHandler.parse(issuerNameValue); } catch (IllegalArgumentException e) { log.warn("X500 issuer name '{}' could not be parsed by configured X500DNHandler '{}'",
/** * Get subject name from a certificate, using the currently configured X500DNHandler * and subject DN output format. * * @param cert the certificate being processed * @return the subject name */ protected String getSubjectName(java.security.cert.X509Certificate cert) { if (cert == null) { return null; } if (! DatatypeHelper.isEmpty(options.x500SubjectDNFormat)) { return options.x500DNHandler.getName(cert.getSubjectX500Principal(), options.x500SubjectDNFormat); } else { return options.x500DNHandler.getName(cert.getSubjectX500Principal()); } }
/** {@inheritDoc} */ protected X509Options clone() { X509Options clonedOptions = (X509Options) super.clone(); clonedOptions.subjectAltNames = new LazySet<Integer>(); clonedOptions.subjectAltNames.addAll(this.subjectAltNames); clonedOptions.x500DNHandler = this.x500DNHandler.clone(); return clonedOptions; }
X500Principal issuerX500Principal = null; try { issuerX500Principal = x500DNHandler.parse(issuerNameValue); } catch (IllegalArgumentException e) { log.warn("X500 issuer name '{}' could not be parsed by configured X500DNHandler '{}'",
/** * Get issuer name from a certificate, using the currently configured X500DNHandler * and issuer DN output format. * * @param cert the certificate being processed * @return the issuer name */ protected String getIssuerName(java.security.cert.X509Certificate cert) { if (cert == null) { return null; } if (! DatatypeHelper.isEmpty(options.x500IssuerDNFormat)) { return options.x500DNHandler.getName(cert.getIssuerX500Principal(), options.x500IssuerDNFormat); } else { return options.x500DNHandler.getName(cert.getIssuerX500Principal()); } }
/** * Log information from the constructed cert path at level debug. * * @param buildResult the PKIX cert path builder result containing the cert path and trust anchor * @param targetCert the cert untrusted certificate that was being evaluated */ private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) { log.debug("Built valid PKIX cert path"); log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal())); for (Certificate cert : buildResult.getCertPath().getCertificates()) { log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert) .getSubjectX500Principal())); } TrustAnchor ta = buildResult.getTrustAnchor(); if (ta.getTrustedCert() != null) { log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal())); } else if (ta.getCA() != null) { log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA())); } else { log.debug("TrustAnchor: {}", ta.getCAName()); } }
/** * Log information from the constructed cert path at level debug. * * @param buildResult the PKIX cert path builder result containing the cert path and trust anchor * @param targetCert the cert untrusted certificate that was being evaluated */ private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) { log.debug("Built valid PKIX cert path"); log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal())); for (Certificate cert : buildResult.getCertPath().getCertificates()) { log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert) .getSubjectX500Principal())); } TrustAnchor ta = buildResult.getTrustAnchor(); if (ta.getTrustedCert() != null) { log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal())); } else if (ta.getCA() != null) { log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA())); } else { log.debug("TrustAnchor: {}", ta.getCAName()); } }
/** * Get subject name from a certificate, using the currently configured X500DNHandler and subject DN output format. * * @param cert the certificate being processed * @return the subject name */ protected String getSubjectName(X509Certificate cert) { if (cert == null) { return null; } String name = null; if (!DatatypeHelper.isEmpty(certNameOptions.getX500SubjectDNFormat())) { name = certNameOptions.getX500DNHandler().getName(cert.getSubjectX500Principal(), certNameOptions.getX500SubjectDNFormat()); } else { name = certNameOptions.getX500DNHandler().getName(cert.getSubjectX500Principal()); } log.debug("Extracted subject name from certificate: {}", name); return name; }
/** * Log information from the constructed cert path at level debug. * * @param buildResult the PKIX cert path builder result containing the cert path and trust anchor * @param targetCert the cert untrusted certificate that was being evaluated */ private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) { log.debug("Built valid PKIX cert path"); log.debug("Target certificate: {}", getX500DNHandler().getName(targetCert.getSubjectX500Principal())); for (Certificate cert : buildResult.getCertPath().getCertificates()) { log.debug("CertPath certificate: {}", getX500DNHandler().getName(((X509Certificate) cert) .getSubjectX500Principal())); } TrustAnchor ta = buildResult.getTrustAnchor(); if (ta.getTrustedCert() != null) { log.debug("TrustAnchor: {}", getX500DNHandler().getName(ta.getTrustedCert().getSubjectX500Principal())); } else if (ta.getCA() != null) { log.debug("TrustAnchor: {}", getX500DNHandler().getName(ta.getCA())); } else { log.debug("TrustAnchor: {}", ta.getCAName()); } }
StringBuilder builder = new StringBuilder(); builder.append('['); builder.append(String.format("subjectName='%s'", x500DNHandler.getName(x500Principal))); if (!DatatypeHelper.isEmpty(credential.getEntityId())) { builder.append(String.format(" |credential entityID='%s'", DatatypeHelper.safeTrimOrNullString(credential
StringBuilder builder = new StringBuilder(); builder.append('['); builder.append(String.format("subjectName='%s'", x500DNHandler.getName(x500Principal))); if (!DatatypeHelper.isEmpty(credential.getEntityId())) { builder.append(String.format(" |credential entityID='%s'", DatatypeHelper.safeTrimOrNullString(credential
if (log.isTraceEnabled()) { log.trace("Added X509CRL to cert store from issuer {} dated {}", x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getThisUpdate()); if (isEmpty) { log.trace("X509CRL added to cert store from issuer {} dated {} was empty", x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getThisUpdate()); x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getNextUpdate()); x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getNextUpdate()); if (log.isTraceEnabled()) { log.trace("Empty X509CRL not added to cert store, from issuer {} dated {}", x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getThisUpdate());