/** * Gets the common name components of the issuer and all the subject alt names of a given type. * * @param certificate certificate to extract names from * @param altNameTypes type of alt names to extract * * @return list of subject names in the certificate */ @SuppressWarnings("unchecked") public static List getSubjectNames(X509Certificate certificate, Integer[] altNameTypes) { List issuerNames = new LinkedList(); List<String> entityCertCNs = X509Util.getCommonNames(certificate.getSubjectX500Principal()); issuerNames.add(entityCertCNs.get(0)); issuerNames.addAll(X509Util.getAltNames(certificate, altNameTypes)); return issuerNames; }
/** * Gets the common name components of the subject and all the subject alt names of a given type. * * @param certificate certificate to extract names from * @param altNameTypes type of alt names to extract * * @return list of subject names in the certificate */ @SuppressWarnings("unchecked") public static List getSubjectNames(X509Certificate certificate, Integer[] altNameTypes) { List issuerNames = new LinkedList(); List<String> entityCertCNs = X509Util.getCommonNames(certificate.getSubjectX500Principal()); issuerNames.add(entityCertCNs.get(0)); issuerNames.addAll(X509Util.getAltNames(certificate, altNameTypes)); return issuerNames; }
/** * Process name checking for the subject alt names within the certificate. * * @param certificate the certificate to process * @param trustedNames the set of trusted names * * @return true if one of the subject alt names matches the set of trusted names, false otherwise */ protected boolean processSubjectAltNames(X509Certificate certificate, Set<String> trustedNames) { log.debug("Processing subject alt names"); Integer[] nameTypes = new Integer[subjectAltNameTypes.size()]; subjectAltNameTypes.toArray(nameTypes); List altNames = X509Util.getAltNames(certificate, nameTypes); if (altNames != null) { log.debug("Extracted subject alt names from certificate: {}", altNames); for (Object altName : altNames) { if (trustedNames.contains(altName)) { log.debug("Matched subject alt name to trusted names: {}", altName.toString()); return true; } } } return false; }
/** * Get the list of subject alt name values from the certificate which are of the specified alt name type. * * @param cert the certificate from which to extract alt names * @param altNameType the type of alt name to extract * * @return the list of certificate subject alt names */ protected List<String> getAltNames(X509Certificate cert, Integer altNameType) { log.debug("Extracting alt names from certificate of type: {}", altNameType.toString()); Integer[] nameTypes = new Integer[] { altNameType }; List altNames = X509Util.getAltNames(cert, nameTypes); List<String> names = new ArrayList<String>(); for (Object altNameValue : altNames) { if (!(altNameValue instanceof String)) { log.debug("Skipping non-String certificate alt name value"); } else { names.add((String) altNameValue); } } log.debug("Extracted alt names from certificate: {}", names.toString()); return names; }
/** * Process name checking for the subject alt names within the certificate. * * @param certificate the certificate to process * @param trustedNames the set of trusted names * * @return true if one of the subject alt names matches the set of trusted names, false otherwise */ protected boolean processSubjectAltNames(X509Certificate certificate, Set<String> trustedNames) { log.debug("Processing subject alt names"); Integer[] nameTypes = new Integer[subjectAltNameTypes.size()]; subjectAltNameTypes.toArray(nameTypes); List altNames = X509Util.getAltNames(certificate, nameTypes); if (altNames != null) { log.debug("Extracted subject alt names from certificate: {}", altNames); for (Object altName : altNames) { if (trustedNames.contains(altName)) { log.debug("Matched subject alt name to trusted names: {}", altName.toString()); return true; } } } return false; }
/** * Process the options related to generation of KeyName elements based on subject * alternative name information within the certificate data. * * @param keyInfo the KeyInfo element being processed. * @param cert the certificate being processed */ protected void processSubjectAltNameKeyNames(KeyInfo keyInfo, java.security.cert.X509Certificate cert) { if (options.emitSubjectAltNamesAsKeyNames && options.subjectAltNames.size() > 0) { Integer[] nameTypes = new Integer[ options.subjectAltNames.size() ]; options.subjectAltNames.toArray(nameTypes); for (Object altNameValue : X509Util.getAltNames(cert, nameTypes)) { // Each returned value should either be a String or a DER-encoded byte array. // See X509Certificate#getSubjectAlternativeNames for the type rules. if (altNameValue instanceof String) { KeyInfoHelper.addKeyName(keyInfo, (String) altNameValue); } else if (altNameValue instanceof byte[]){ log.warn("Certificate contained an alt name value as a DER-encoded byte[] (not supported)"); } else { log.warn("Certificate contained an alt name value with an unexpected type: {}", altNameValue.getClass().getName()); } } } }
/** * Process the options related to generation of KeyName elements based on subject * alternative name information within the certificate data. * * @param keyInfo the KeyInfo element being processed. * @param cert the certificate being processed */ protected void processSubjectAltNameKeyNames(KeyInfo keyInfo, java.security.cert.X509Certificate cert) { if (options.emitSubjectAltNamesAsKeyNames && options.subjectAltNames.size() > 0) { Integer[] nameTypes = new Integer[ options.subjectAltNames.size() ]; options.subjectAltNames.toArray(nameTypes); for (Object altNameValue : X509Util.getAltNames(cert, nameTypes)) { // Each returned value should either be a String or a DER-encoded byte array. // See X509Certificate#getSubjectAlternativeNames for the type rules. if (altNameValue instanceof String) { KeyInfoHelper.addKeyName(keyInfo, (String) altNameValue); } else if (altNameValue instanceof byte[]){ log.warn("Certificate contained an alt name value as a DER-encoded byte[] (not supported)"); } else { log.warn("Certificate contained an alt name value with an unexpected type: {}", altNameValue.getClass().getName()); } } } }