Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Licensed to the University Corporation for Advanced Internet Development,
* Inc. (UCAID) under one or more contributor license agreements. See the
* NOTICE file distributed with this work for additional information regarding
* copyright ownership. The UCAID licenses this file to You under the Apache
* License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.opensaml.security.x509;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.cryptacular.util.CertUtil;
import org.cryptacular.util.CodecUtil;
import org.cryptacular.x509.GeneralNameType;
import org.cryptacular.x509.dn.NameReader;
import org.cryptacular.x509.dn.RDNSequence;
import org.cryptacular.x509.dn.StandardAttributeType;
import org.opensaml.security.SecurityException;
import org.opensaml.security.crypto.KeySupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.base.Strings;
import com.google.common.io.Files;
import com.google.common.net.InetAddresses;
/**
* Utility class for working with X509 objects.
*/
public class X509Support {
/** Common Name (CN) OID. */
public static final String CN_OID = "2.5.4.3";
/** Subject Key Identifier (SKI) OID. */
public static final String SKI_OID = "2.5.29.14";
/** RFC 2459 Other Subject Alt Name type. */
public static final Integer OTHER_ALT_NAME = new Integer(0);
/** RFC 2459 RFC 822 (email address) Subject Alt Name type. */
public static final Integer RFC822_ALT_NAME = new Integer(1);
/** RFC 2459 DNS Subject Alt Name type. */
public static final Integer DNS_ALT_NAME = new Integer(2);
/** RFC 2459 X.400 Address Subject Alt Name type. */
public static final Integer X400ADDRESS_ALT_NAME = new Integer(3);
/** RFC 2459 Directory Name Subject Alt Name type. */
public static final Integer DIRECTORY_ALT_NAME = new Integer(4);
/** RFC 2459 EDI Party Name Subject Alt Name type. */
public static final Integer EDI_PARTY_ALT_NAME = new Integer(5);
/** RFC 2459 URI Subject Alt Name type. */
public static final Integer URI_ALT_NAME = new Integer(6);
/** RFC 2459 IP Address Subject Alt Name type. */
public static final Integer IP_ADDRESS_ALT_NAME = new Integer(7);
/** RFC 2459 Registered ID Subject Alt Name type. */
public static final Integer REGISTERED_ID_ALT_NAME = new Integer(8);
/** Constructed. */
protected X509Support() {
}
/**
* Determines the certificate, from the collection, associated with the private key.
*
* @param certs certificates to check
* @param privateKey entity's private key
*
* @return the certificate associated with entity's private key or null if no certificate in the collection is
* associated with the given private key
*
* @throws SecurityException thrown if the public or private keys checked are of an unsupported type
*
* @since 1.2
*/
@Nullable public static X509Certificate determineEntityCertificate(
@Nullable final Collection certs, @Nullable final PrivateKey privateKey)
throws SecurityException {
if (certs == null || privateKey == null) {
return null;
}
for (X509Certificate certificate : certs) {
try {
if (KeySupport.matchKeyPair(certificate.getPublicKey(), privateKey)) {
return certificate;
}
} catch (SecurityException e) {
// An exception here is just a false match.
// Java 7 apparently throws in this case.
}
}
return null;
}
/**
* Gets the commons names that appear within the given distinguished name.
*
*
* The returned list provides the names in the order they appeared in the DN, according to
* RFC 1779/2253 encoding. In this encoding the "most specific" name would typically appear
* in the left-most position, and would appear first in the returned list.
*
*
* @param dn the DN to extract the common names from
*
* @return the common names that appear in the DN in the order they appear, or null if the given DN is null
*/
@Nullable public static List getCommonNames(@Nullable final X500Principal dn) {
if (dn == null) {
return null;
}
Logger log = getLogger();
log.debug("Extracting CNs from the following DN: {}", dn.toString());
final RDNSequence attrs = NameReader.readX500Principal(dn);
// Have to copy because list returned from Attributes is unmodifiable, so can't reverse it.
final List values = new ArrayList<>(attrs.getValues(StandardAttributeType.CommonName));
// Reverse the order so that the most-specific CN is first in the list,
// consistent with RFC 1779/2253 RDN ordering.
Collections.reverse(values);
return values;
}
/**
* Gets the list of alternative names of a given name type.
*
* @param certificate the certificate to extract the alternative names from
* @param nameTypes the name types
*
* @return the alt names, of the given type, within the cert
*/
@Nullable public static List getAltNames(@Nullable final X509Certificate certificate,
@Nullable final Integer[] nameTypes) {
if (certificate == null || nameTypes == null || nameTypes.length == 0) {
return null;
}
final List