/** * Get the first common name (CN) value from the subject DN of the specified certificate. * * @param cert the certificate being processed * @return the first CN value, or null if there are none */ protected String getCommonName(X509Certificate cert) { List<String> names = X509Util.getCommonNames(cert.getSubjectX500Principal()); if (names != null && !names.isEmpty()) { String name = names.get(0); log.debug("Extracted common name from certificate: {}", name); return name; } return null; }
/** * Gets the common name components of the subject and all the subject alt names of a given type. * * @param certificate certificate to extract names from * @param altNameTypes type of alt names to extract * * @return list of subject names in the certificate */ @SuppressWarnings("unchecked") public static List getSubjectNames(X509Certificate certificate, Integer[] altNameTypes) { List issuerNames = new LinkedList(); List<String> entityCertCNs = X509Util.getCommonNames(certificate.getSubjectX500Principal()); issuerNames.add(entityCertCNs.get(0)); issuerNames.addAll(X509Util.getAltNames(certificate, altNameTypes)); return issuerNames; }
/** * Gets the common name components of the issuer and all the subject alt names of a given type. * * @param certificate certificate to extract names from * @param altNameTypes type of alt names to extract * * @return list of subject names in the certificate */ @SuppressWarnings("unchecked") public static List getSubjectNames(X509Certificate certificate, Integer[] altNameTypes) { List issuerNames = new LinkedList(); List<String> entityCertCNs = X509Util.getCommonNames(certificate.getSubjectX500Principal()); issuerNames.add(entityCertCNs.get(0)); issuerNames.addAll(X509Util.getAltNames(certificate, altNameTypes)); return issuerNames; }
/** {@inheritDoc} */ public void check(String[] host, X509Certificate cert) throws SSLException { String[] cns = X509Util.getCommonNames(cert.getSubjectX500Principal()).toArray(new String[0]); String[] subjectAlts = Certificates.getDNSSubjectAlts(cert); //Note: could use X509Util for subject alt names also, per below. //List<String> subjectAltsList = X509Util.getAltNames(cert, new Integer[]{X509Util.DNS_ALT_NAME}); //String[] subjectAlts = subjectAltsList.toArray(new String[0]); check(host, cns, subjectAlts); }
/** * Process name checking for a certificate subject DN's common name. * * @param certificate the certificate to process * @param trustedNames the set of trusted names * * @return true if the subject DN common name matches the set of trusted names, false otherwise * */ protected boolean processSubjectDNCommonName(X509Certificate certificate, Set<String> trustedNames) { log.debug("Processing subject DN common name"); X500Principal subjectPrincipal = certificate.getSubjectX500Principal(); List<String> commonNames = X509Util.getCommonNames(subjectPrincipal); if (commonNames == null || commonNames.isEmpty()) { return false; } // TODO We only check the first one returned by X509Util. Maybe we should check all, // if there are multiple CN AVA's from the same (first) RDN. String commonName = commonNames.get(0); log.debug("Extracted common name from certificate: {}", commonName); if (DatatypeHelper.isEmpty(commonName)) { return false; } if (trustedNames.contains(commonName)) { log.debug("Matched subject DN common name to trusted names: {}", commonName); return true; } else { return false; } }
/** * Process name checking for a certificate subject DN's common name. * * @param certificate the certificate to process * @param trustedNames the set of trusted names * * @return true if the subject DN common name matches the set of trusted names, false otherwise * */ protected boolean processSubjectDNCommonName(X509Certificate certificate, Set<String> trustedNames) { log.debug("Processing subject DN common name"); X500Principal subjectPrincipal = certificate.getSubjectX500Principal(); List<String> commonNames = X509Util.getCommonNames(subjectPrincipal); if (commonNames == null || commonNames.isEmpty()) { return false; } // TODO We only check the first one returned by X509Util. Maybe we should check all, // if there are multiple CN AVA's from the same (first) RDN. String commonName = commonNames.get(0); log.debug("Extracted common name from certificate: {}", commonName); if (DatatypeHelper.isEmpty(commonName)) { return false; } if (trustedNames.contains(commonName)) { log.debug("Matched subject DN common name to trusted names: {}", commonName); return true; } else { return false; } }
/** * Process the options related to generation of KeyName elements based on the * the common name field(s) of the certificate's subject DN. * * @param keyInfo the KeyInfo element being processed. * @param cert the certificate being processed */ protected void processSubjectCNKeyName(KeyInfo keyInfo, java.security.cert.X509Certificate cert) { if (options.emitSubjectCNAsKeyName) { for (String name : X509Util.getCommonNames(cert.getSubjectX500Principal())) { if (! DatatypeHelper.isEmpty(name)) { KeyInfoHelper.addKeyName(keyInfo, name); } } } }
/** * Process the options related to generation of KeyName elements based on the * the common name field(s) of the certificate's subject DN. * * @param keyInfo the KeyInfo element being processed. * @param cert the certificate being processed */ protected void processSubjectCNKeyName(KeyInfo keyInfo, java.security.cert.X509Certificate cert) { if (options.emitSubjectCNAsKeyName) { for (String name : X509Util.getCommonNames(cert.getSubjectX500Principal())) { if (! DatatypeHelper.isEmpty(name)) { KeyInfoHelper.addKeyName(keyInfo, name); } } } }