Java Code Examples for org.bouncycastle.asn1.x500.X500Name#equals()

The following examples show how to use org.bouncycastle.asn1.x500.X500Name#equals() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CaManagerImpl.java    From xipki with Apache License 2.0 6 votes vote down vote up
@Override
public CertWithRevocationInfo getCert(X500Name issuer, BigInteger serialNumber)
    throws CaMgmtException {
  Args.notNull(issuer, "issuer");
  Args.notNull(serialNumber, "serialNumber");

  NameId caId = null;
  for (String name : caInfos.keySet()) {
    CaInfo ca = caInfos.get(name);
    if (issuer.equals(caInfos.get(name).getCert().getSubject())) {
      caId = ca.getIdent();
      break;
    }
  }

  if (caId == null) {
    return null;
  }

  try {
    return certstore.getCertWithRevocationInfo(caId.getId(), serialNumber, idNameMap);
  } catch (OperationException ex) {
    throw new CaMgmtException(ex.getMessage(), ex);
  }
}
 
Example 2
Source File: CmpResponder.java    From xipki with Apache License 2.0 6 votes vote down vote up
@Override
protected boolean intendsMe(GeneralName requestRecipient) {
  if (requestRecipient == null) {
    return false;
  }

  if (getSender().equals(requestRecipient)) {
    return true;
  }

  if (requestRecipient.getTagNo() == GeneralName.directoryName) {
    X500Name x500Name = X500Name.getInstance(requestRecipient.getName());
    if (x500Name.equals(caManager.getSignerWrapper(getResponderName()).getSubject())) {
      return true;
    }
  }

  return false;
}
 
Example 3
Source File: CmpClientImpl.java    From xipki with Apache License 2.0 6 votes vote down vote up
@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request,
    ReqRespDebug debug) throws CmpClientException, PkiErrorException {
  Args.notNull(request, "request");

  initIfNotInitialized();
  List<UnrevokeOrRemoveCertRequest.Entry> requestEntries = request.getRequestEntries();
  if (CollectionUtil.isEmpty(requestEntries)) {
    return Collections.emptyMap();
  }

  X500Name issuer = requestEntries.get(0).getIssuer();
  for (int i = 1; i < requestEntries.size(); i++) {
    if (!issuer.equals(requestEntries.get(i).getIssuer())) {
      throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest,
          "unrevoking certificates issued by more than one CA is not allowed");
    }
  }

  final String caName = getCaNameByIssuer(issuer);
  CmpAgent agent = casMap.get(caName).getAgent();
  RevokeCertResponse result = agent.unrevokeCertificate(request, debug);
  return parseRevokeCertResult(result);
}
 
Example 4
Source File: CmpClientImpl.java    From xipki with Apache License 2.0 6 votes vote down vote up
@Override
public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request,
    ReqRespDebug debug) throws CmpClientException, PkiErrorException {
  Args.notNull(request, "request");

  initIfNotInitialized();
  List<UnrevokeOrRemoveCertRequest.Entry> requestEntries = request.getRequestEntries();
  if (CollectionUtil.isEmpty(requestEntries)) {
    return Collections.emptyMap();
  }

  X500Name issuer = requestEntries.get(0).getIssuer();
  for (int i = 1; i < requestEntries.size(); i++) {
    if (!issuer.equals(requestEntries.get(i).getIssuer())) {
      throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest,
          "removing certificates issued by more than one CA is not allowed");
    }
  }

  final String caName = getCaNameByIssuer(issuer);
  CmpAgent agent = casMap.get(caName).getAgent();
  RevokeCertResponse result = agent.removeCertificate(request, debug);
  return parseRevokeCertResult(result);
}
 
Example 5
Source File: DistinguishedNameComparer.java    From xades4j with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * @exception IllegalArgumentException if the DN string is invalid 
 */
boolean areEqual(X500Principal parsedDn, String stringDn)
{
    X500Name first = X500Name.getInstance(parsedDn.getEncoded());
    X500Name second = X500Name.getInstance(this.x500NameStyle, this.x500NameStyleProvider.fromString(stringDn).getEncoded());
    return first.equals(second);
}
 
Example 6
Source File: CmpClientImpl.java    From xipki with Apache License 2.0 5 votes vote down vote up
@Override
public Map<String, CertIdOrError> revokeCerts(RevokeCertRequest request, ReqRespDebug debug)
    throws CmpClientException, PkiErrorException {
  List<RevokeCertRequest.Entry> requestEntries =
        Args.notNull(request, "request").getRequestEntries();
  if (CollectionUtil.isEmpty(requestEntries)) {
    return Collections.emptyMap();
  }

  X500Name issuer = requestEntries.get(0).getIssuer();
  for (int i = 1; i < requestEntries.size(); i++) {
    if (!issuer.equals(requestEntries.get(i).getIssuer())) {
      throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest,
          "revoking certificates issued by more than one CA is not allowed");
    }
  }

  initIfNotInitialized();

  final String caName = getCaNameByIssuer(issuer);
  CaConf caConf = casMap.get(caName);
  if (caConf.getCmpControl().isRrAkiRequired()) {
    byte[] aki = caConf.getSubjectKeyIdentifier();
    List<RevokeCertRequest.Entry> entries = request.getRequestEntries();
    for (RevokeCertRequest.Entry entry : entries) {
      if (entry.getAuthorityKeyIdentifier() == null) {
        entry.setAuthorityKeyIdentifier(aki);
      }
    }
  }

  RevokeCertResponse result = caConf.getAgent().revokeCertificate(request, debug);
  return parseRevokeCertResult(result);
}
 
Example 7
Source File: GenericCryptoModule.java    From fido2 with GNU Lesser General Public License v2.1 4 votes vote down vote up
/**
 * Private method that retrieves the reference to a signing key from a
 * SunJCE JCEKS
 *
 * @param signingdn String containing the DN that was used to sign the XML
 * object
 * @return java.security.PublicKey object containing the RSA public-key of
 * the signer
 */
private PublicKey getXMLSignatureVerificationKey(String password, String signingdn) throws CryptoException {

    // Keystore location
    String truststorelocation;
    try {
        if ((truststorelocation = cryptoCommon.getConfigurationProperty("crypto.cfg.property.signing.truststorelocation")) == null) {
            cryptoCommon.logp(Level.SEVERE, classname, "getXMLSignatureSigningKey", "CRYPTO-ERR-2505", "crypto.cfg.property.signing.truststorelocation");
            throw new CryptoException(cryptoCommon.getMessageWithParam("CRYPTO-ERR-2505", "crypto.cfg.property.signing.truststorelocation"));
        }
    } catch (java.util.MissingResourceException e) {
        cryptoCommon.logp(Level.SEVERE, classname, "getXMLSignatureSigningKey", "CRYPTO-ERR-2505", "crypto.cfg.property.signing.truststorelocation");
        throw new CryptoException(cryptoCommon.getMessageWithParam("CRYPTO-ERR-2505", "crypto.cfg.property.signing.truststorelocation"));
    }

    PublicKey pbk = null;
    try {
        KeyStore truststore = KeyStore.getInstance("BCFKS", BC_FIPS_PROVIDER);
        truststore.load(new FileInputStream(truststorelocation), password.toCharArray());
        cryptoCommon.logp(Level.FINE, classname, "getXMLSignatureVerificationKey", "CRYPTO-MSG-2521", truststorelocation);

        // Print out certs in the truststore
        String alias;
        X500Name inputdn = new X500Name(signingdn);
        cryptoCommon.logp(Level.FINE, classname, "getXMLSignatureVerificationKey", "CRYPTO-MSG-2520", signingdn);
        for (Enumeration<String> e = truststore.aliases(); e.hasMoreElements();) {
            alias = e.nextElement();
            cryptoCommon.logp(Level.FINE, classname, "getXMLSignatureVerificationKey", "CRYPTO-MSG-2522", alias);
            X509Certificate cert = (X509Certificate) truststore.getCertificate(alias);
            X500Name xcdn = new X500Name(cert.getSubjectX500Principal().getName());
            cryptoCommon.logp(Level.FINE, classname, "getXMLSignatureVerificationKey", "CRYPTO-MSG-2515", xcdn + " [" + alias + "]");

            // Match using the X500Names
            if (xcdn.equals(inputdn)) {
                cryptoCommon.logp(Level.FINE, classname, "getXMLSignatureVerificationKey", "CRYPTO-MSG-2523", signingdn);
                boolean[] keyusage = cert.getKeyUsage();

                // Collect key-usages in a string buffer for logging
                java.io.StringWriter sw = new java.io.StringWriter();
                for (int i = 0; i < keyusage.length; i++) {
                    sw.write("\nkeyusage[" + i + "]: " + keyusage[i]);
                }
                cryptoCommon.logp(Level.FINE, classname, "getXMLSignatureVerificationKey", "CRYPTO-MSG-2517", sw.toString());

                // Now match for the signing bit
                if (keyusage[0]) {
                    // If true, this is the certificate we want
                    pbk = cert.getPublicKey();
                    cryptoCommon.logp(Level.FINE, classname, "getXMLSignatureVerificationKey", "CRYPTO-MSG-2524", signingdn + " [" + alias + "]");
                    break;
                }
            }
        }

    } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException ex) {
        cryptoCommon.logp(Level.SEVERE, classname, "getXMLSignatureVerificationKey", "CRYPTO-ERR-2507", ex.getLocalizedMessage());
        throw new CryptoException(cryptoCommon.getMessageWithParam("CRYPTO-ERR-2507", ex.getLocalizedMessage()));
    }
    if (pbk == null) {
        cryptoCommon.logp(Level.SEVERE, classname, "getXMLSignatureVerificationKey", "CRYPTO-ERR-2509");
        throw new CryptoException(cryptoCommon.getMessageProperty("CRYPTO-ERR-2509"));
    }
    return pbk;
}
 
Example 8
Source File: ScepResponder.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static void ensureIssuedByThisCa(X500Name thisCaX500Name, X500Name caX500Name)
    throws FailInfoException {
  if (!thisCaX500Name.equals(caX500Name)) {
    throw FailInfoException.BAD_CERTID;
  }
}