X509Certificate cert = ...; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; return IETFUtils.valueToString(cn.getFirst().getValue());
/** * Reverses the X500Name in order make the certificate be in the right order * [see http://stackoverflow.com/questions/7567837/attributes-reversed-in-certificate-subject-and-issuer/12645265] * * @param x500Name the X500Name created with the intended order * @return the X500Name reversed */ private static X500Name reverseX500Name(X500Name x500Name) { List<RDN> rdns = Arrays.asList(x500Name.getRDNs()); Collections.reverse(rdns); return new X500Name(rdns.toArray(new RDN[rdns.size()])); }
@Override public synchronized Socket connectSocket(int connectTimeout, Socket socket, HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, HttpContext context) throws IOException { Socket result = super.connectSocket(connectTimeout, socket, host, remoteAddress, localAddress, context); if (!SSLSocket.class.isInstance(result)) { throw new IOException("Expected tls socket"); } SSLSocket sslSocket = (SSLSocket) result; java.security.cert.Certificate[] peerCertificateChain = sslSocket.getSession().getPeerCertificates(); if (peerCertificateChain.length != 1) { throw new IOException("Expected root ca cert"); } if (!X509Certificate.class.isInstance(peerCertificateChain[0])) { throw new IOException("Expected root ca cert in X509 format"); } String cn; try { X509Certificate certificate = (X509Certificate) peerCertificateChain[0]; cn = IETFUtils.valueToString(new JcaX509CertificateHolder(certificate).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue()); certificates.add(certificate); } catch (Exception e) { throw new IOException(e); } if (!caHostname.equals(cn)) { throw new IOException("Expected cn of " + caHostname + " but got " + cn); } return result; } }
private boolean certificateCommonNameChanged(String certificateCommonName) { try { KeyStore userKeyStore = UserConfig.getUserKeyStore(); X509Certificate currentCertificate = (X509Certificate) userKeyStore.getCertificate(CipherParams.CERTIFICATE_IDENTIFIER); if (currentCertificate != null) { X500Name currentCertificateSubject = new JcaX509CertificateHolder(currentCertificate).getSubject(); RDN currentCertificateSubjectCN = currentCertificateSubject.getRDNs(BCStyle.CN)[0]; String currentCertificateSubjectCnStr = IETFUtils.valueToString(currentCertificateSubjectCN.getFirst().getValue()); if (!certificateCommonName.equals(currentCertificateSubjectCnStr)) { logger.log(Level.INFO, "- Certificate regeneration necessary: Cert common name in daemon config changed from " + currentCertificateSubjectCnStr + " to " + certificateCommonName + "."); return true; } } else { logger.log(Level.INFO, "- Certificate regeneration necessary, because no certificate found in key store."); return true; } return false; } catch (Exception e) { throw new RuntimeException("Cannot (re-)generate server certificate for hostname: " + certificateCommonName, e); } }
public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException { List<GeneralName> namesList = new ArrayList<>(); try { final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue()); namesList.add(new GeneralName(GeneralName.dNSName, cn)); } catch (Exception e) { throw new IOException("Failed to extract CN from request DN: " + requestedDn, e); } if (StringUtils.isNotBlank(domainAlternativeNames)) { for (String alternativeName : domainAlternativeNames.split(",")) { namesList.add(new GeneralName(GeneralName.dNSName, alternativeName)); } } GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[]{})); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); return extGen.generate(); }
RDN[] rdNs = new X500Name(dn).getRDNs(); Arrays.sort(rdNs, new Comparator<RDN>() { @Override
final boolean critical = subjectDN.getRDNs().length == 0; certBuilder.addExtension(Extension.subjectAlternativeName, critical, subjectAlternativeNames);
X500Name x500name = new JcaX509CertificateHolder( (X509Certificate) cp.bytesToCertificate(pemBytes)).getSubject(); RDN rdn = x500name.getRDNs(BCStyle.CN)[0]; cn = IETFUtils.valueToString(rdn.getFirst().getValue()); CN_CACHE.put(cnKey, cn);
X500Name x500name = X500Name.getInstance(cert.getSubjectX500Principal() .getEncoded()); for (RDN rdn : x500name.getRDNs(BCStyle.CN)) {
/** * Reverses the X500Name in order make the certificate be in the right order * [see http://stackoverflow.com/questions/7567837/attributes-reversed-in-certificate-subject-and-issuer/12645265] * * @param x500Name the X500Name created with the intended order * @return the X500Name reversed */ private static X500Name reverseX500Name(X500Name x500Name) { List<RDN> rdns = Arrays.asList(x500Name.getRDNs()); Collections.reverse(rdns); return new X500Name(rdns.toArray(new RDN[rdns.size()])); }
/** * Reverses the X500Name in order make the certificate be in the right order * [see http://stackoverflow.com/questions/7567837/attributes-reversed-in-certificate-subject-and-issuer/12645265] * * @param x500Name the X500Name created with the intended order * @return the X500Name reversed */ private static X500Name reverseX500Name(X500Name x500Name) { List<RDN> rdns = Arrays.asList(x500Name.getRDNs()); Collections.reverse(rdns); return new X500Name(rdns.toArray(new RDN[rdns.size()])); }
X509Certificate cert = ...; X500Principal principal = cert.getSubjectX500Principal(); X500Name x500name = new X500Name( principal.getName() ); RDN cn = x500name.getRDNs(BCStyle.CN)[0]); return IETFUtils.valueToString(cn.getFirst().getValue());
private static Set<ASN1ObjectIdentifier> getAttributeNames(X500Name dn) { RDN[] rdns = dn.getRDNs(); Set<ASN1ObjectIdentifier> ret = new HashSet<ASN1ObjectIdentifier>(); for (RDN rdn: rdns) { for (AttributeTypeAndValue ava: rdn.getTypesAndValues()) ret.add(ava.getType()); } return ret; }
private String getRdn(X500Name name, ASN1ObjectIdentifier rdnOid) { RDN[] rdns = name.getRDNs(rdnOid); if (rdns.length > 0) { RDN rdn = rdns[0]; String value = rdn.getFirst().getValue().toString(); return value; } return null; }
public static X500Name reverse(X500Name name) { RDN[] orig = Args.notNull(name, "name").getRDNs(); final int n = orig.length; RDN[] newRdn = new RDN[n]; for (int i = 0; i < n; i++) { newRdn[i] = orig[n - 1 - i]; } return new X500Name(newRdn); }
/** * Given an X500Name, return the common name from it. * * @param x500Name The X500 name string to extract from * @return The common name from the X500Name */ public static String getCommonNameFromX500Name(String x500Name) { return new X500Name(x500Name).getRDNs(BCStyle.CN)[0].getFirst().getValue().toString(); }
/** * @since 4.0.3 */ public static String extractCommonName(X500Name x500name) { RDN cn = x500name.getRDNs(BCStyle.CN)[0]; return IETFUtils.valueToString(cn.getFirst().getValue()); }
public String extractCN(X509Certificate cert) throws GeneralSecurityException { X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String valx = IETFUtils.valueToString(cn.getFirst().getValue()); return valx; }
@Test public void testGetSubjectWithLongCN() throws Exception { Mockito.when(mockTaskSpec.getName()).thenReturn(UUID.randomUUID().toString()); CertificateNamesGenerator certificateNamesGenerator = new CertificateNamesGenerator(UUID.randomUUID().toString(), mockTaskSpec, mockPodInstance, SCHEDULER_CONFIG); RDN[] cnRDNs = certificateNamesGenerator.getSubject().getRDNs(BCStyle.CN); Assert.assertEquals(cnRDNs.length, 1); Assert.assertEquals(64, cnRDNs[0].getFirst().getValue().toString().length()); }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { X509Certificate cert = chain[0]; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String hostname = IETFUtils.valueToString(cn.getFirst().getValue()); checkTrusted(chain, hostname); }