@Override public boolean isValid(String id) { try { new X500Principal(id); return true; } catch (IllegalArgumentException e) { return false; } }
private X500Principal buildSubject() { StringBuilder nameBuilder = new StringBuilder(); if (cn != null) { nameBuilder.append("CN=").append(cn); } else { nameBuilder.append("CN=").append(UUID.randomUUID()); } if (ou != null) { nameBuilder.append(", OU=").append(ou); } return new X500Principal(nameBuilder.toString()); }
public CertificationRequest(String x500Name, String signatureAlgorithm, KeyPair keyPair) throws GeneralSecurityException { this(new CertificationRequestInfo(new X500Principal(x500Name), keyPair.getPublic()), findSignatureAlgorithmIdentifier(signatureAlgorithm), keyPair.getPrivate()); }
/** * Sets the subject that a certificate must match. * * @param subjectDN * the subject distinguished name in ASN.1 DER format, or {@code * null} to not check the subject. * @throws IOException * if decoding the subject fails. */ public void setSubject(byte[] subjectDN) throws IOException { if (subjectDN == null) { subject = null; return; } try { subject = new X500Principal(subjectDN); } catch (IllegalArgumentException e) { throw new IOException(e.getMessage()); } }
/** * <b>Do not use</b>, use {@link #setSubject(byte[])} or * {@link #setSubject(X500Principal)} instead. Returns the subject that a * certificate must match. * * @param subjectDN * the subject distinguished name in RFC 2253 format or {@code * null} to not check the subject. * @throws IOException * if decoding the subject fails. */ public void setSubject(String subjectDN) throws IOException { if (subjectDN == null) { subject = null; return; } try { subject = new X500Principal(subjectDN); } catch (IllegalArgumentException e) { throw new IOException(e.getMessage()); } }
/** * Returns <code>X500Principal</code> instance corresponding to this * <code>Name</code> instance * * @return equivalent X500Principal object */ public X500Principal getX500Principal(){ return new X500Principal(getEncoded()); }
public boolean equals(final DirectoryName other) { return (new X500Principal(name)).equals(new X500Principal(other.getName())); }
private static List<Object> parseDNchain(List<String> chain) { if (chain == null) { throw new IllegalArgumentException("DN chain must not be null."); } List<Object> result = new ArrayList<Object>(chain.size()); // Now we parse is a list of strings, lets make List of rdn out // of them for (String dn : chain) { dn = new X500Principal(dn).getName(X500Principal.CANONICAL); // Now dn is a nice CANONICAL DN List<Object> rdns = new ArrayList<Object>(); parseDN(dn, rdns); result.add(rdns); } if (result.size() == 0) { throw new IllegalArgumentException("empty DN chain"); } return result; }
private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US"); private boolean isDebuggable(Context ctx)
/** * Returns the criterion for the issuer distinguished names. * <p> * The CRL issuer must match at least one of the distinguished names. * * @return the unmodifiable list of issuer distinguished names to match, or * {@code null} if any issuer distinguished name will do. */ public Collection<X500Principal> getIssuers() { if (issuerNames == null) { return null; } if (issuerPrincipals == null) { issuerPrincipals = new ArrayList<X500Principal>(issuerNames.size()); } int size = issuerNames.size(); // extend the list of issuer Principals for (int i=issuerPrincipals.size(); i<size; i++) { issuerPrincipals.add(new X500Principal(issuerNames.get(i))); } return Collections.unmodifiableCollection(issuerPrincipals); }
@Override public boolean verifyCertificate(X509Certificate certificate, Attributes attributes) throws NamingException { Attribute attribute = attributes.get(ldapAttribute); if (attribute == null) return false; final int size = attribute.size(); for (int i = 0; i < size; i++) { Object attrSubject = attribute.get(i); if (attrSubject != null){ X500Principal certSubjectX500Principal = certificate.getSubjectX500Principal(); X500Principal attSubjectX500Principal = new X500Principal((String) attrSubject); if ( certSubjectX500Principal.equals(attSubjectX500Principal) ) { return true; } } } return false; } }
public static boolean matchGeneralName(GeneralName generalName, GeneralName actualGeneralName) { if ((generalName instanceof DNSName) && (actualGeneralName instanceof DirectoryName)) { // Check if the DNSName matches the DirectoryName's (most specific) Common Name field. // Although specifying a DNS name using the Common Name field has been deprecated, it is // still used in practice (e.g., see http://tools.ietf.org/html/rfc2818). String[] cnValues = X500PrincipalUtil.getAttributeValues(new X500Principal(((DirectoryName) actualGeneralName).getName()), X500.OID_AT_COMMON_NAME); String dnsName = ((DNSName) generalName).getName(); return dnsName.equalsIgnoreCase(cnValues[0]); } else { return generalName.equals(actualGeneralName); } }
public TestCertificate(String name) { encoded = name.getBytes(); principal = new X500Principal("CN=" + name); publicKey = new TestPublicKey(); } @Override
private X509Certificate createTypeOneX509Certificate(Date startDate, String principalDn, KeyPair keyPair) { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal principal = new X500Principal(principalDn); certGen.setSerialNumber(serialNumber()); certGen.setIssuerDN(principal); certGen.setNotBefore(startDate); DateTime now = new DateTime(new Date()); certGen.setNotAfter(now.plusYears(YEARS).toDate()); certGen.setSubjectDN(principal); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(new SystemEnvironment().get(GO_SSL_CERTS_ALGORITHM)); try { return certGen.generate(keyPair.getPrivate(), "BC"); } catch (Exception e) { throw bomb(e); } }
@Override public void handle(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) throws Exception { final ReferenceCountedOpenSslEngine engine = engineMap.get(ssl); try { final Set<String> keyTypesSet = supportedClientKeyTypes(keyTypeBytes); final String[] keyTypes = keyTypesSet.toArray(new String[0]); final X500Principal[] issuers; if (asn1DerEncodedPrincipals == null) { issuers = null; } else { issuers = new X500Principal[asn1DerEncodedPrincipals.length]; for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) { issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]); } } keyManagerHolder.setKeyMaterialClientSide(engine, keyTypes, issuers); } catch (Throwable cause) { logger.debug("request of key failed", cause); SSLHandshakeException e = new SSLHandshakeException("General OpenSslEngine problem"); e.initCause(cause); engine.handshakeException = e; } }
public void encodeTo(final ASN1Encoder encoder) { encoder.startExplicit(getType()); encoder.writeEncoded(new X500Principal(name).getEncoded()); encoder.endExplicit(); } }
public void encodeTo(final ASN1Encoder encoder) { encoder.startExplicit(getType()); encoder.writeEncoded(new X500Principal(getName()).getEncoded()); encoder.endExplicit(); }
@Override public void requested( long ssl, long certOut, long keyOut, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) { final ReferenceCountedOpenSslEngine engine = engineMap.get(ssl); try { final Set<String> keyTypesSet = supportedClientKeyTypes(keyTypeBytes); final String[] keyTypes = keyTypesSet.toArray(new String[0]); final X500Principal[] issuers; if (asn1DerEncodedPrincipals == null) { issuers = null; } else { issuers = new X500Principal[asn1DerEncodedPrincipals.length]; for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) { issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]); } } keyManagerHolder.setKeyMaterialClientSide(engine, certOut, keyOut, keyTypes, issuers); } catch (Throwable cause) { logger.debug("request of key failed", cause); SSLHandshakeException e = new SSLHandshakeException("General OpenSslEngine problem"); e.initCause(cause); engine.handshakeException = e; } }
@Test public void testPrincipalWithSslPrincipalMapper() throws Exception { SSLSession session = mock(SSLSession.class); when(session.getPeerPrincipal()).thenReturn(new X500Principal("CN=Duke, OU=ServiceUsers, O=Org, C=US")) .thenReturn(new X500Principal("CN=Duke, OU=SME, O=mycp, L=Fulton, ST=MD, C=US")) .thenReturn(new X500Principal("CN=duke, OU=JavaSoft, O=Sun Microsystems")) .thenReturn(new X500Principal("OU=JavaSoft, O=Sun Microsystems, C=US")); List<String> rules = Arrays.asList( "RULE:^CN=(.*),OU=ServiceUsers.*$/$1/L", "RULE:^CN=(.*),OU=(.*),O=(.*),L=(.*),ST=(.*),C=(.*)$/$1@$2/L", "RULE:^.*[Cc][Nn]=([a-zA-Z0-9.]*).*$/$1/U", "DEFAULT" ); SslPrincipalMapper mapper = SslPrincipalMapper.fromRules(rules); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, mapper); SslAuthenticationContext sslContext = new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name()); KafkaPrincipal principal = builder.build(sslContext); assertEquals("duke", principal.getName()); principal = builder.build(sslContext); assertEquals("duke@sme", principal.getName()); principal = builder.build(sslContext); assertEquals("DUKE", principal.getName()); principal = builder.build(sslContext); assertEquals("OU=JavaSoft,O=Sun Microsystems,C=US", principal.getName()); builder.close(); verify(session, times(4)).getPeerPrincipal(); }
/** * Build the principal. On return (with any outcome), this builder is re-set for building a new principal. * * @return the constructed principal (not {@code null}) * @throws IllegalArgumentException if the principal is somehow invalid */ public X500Principal build() throws IllegalArgumentException { final DEREncoder derEncoder = new DEREncoder(); derEncoder.startSequence(); for (Collection<X500AttributeTypeAndValue> itemSet : items) { derEncoder.startSet(); for (X500AttributeTypeAndValue item : itemSet) { item.encodeTo(derEncoder); } derEncoder.endSet(); } derEncoder.endSequence(); return new X500Principal(derEncoder.getEncoded()); } }