📄 certtools.java
字号:
log.warn("Huh, what's this? DN: " + dn+" PAIR: "+pair); } } X509Name x509Name = new X509Name(defaultOrdering, values, converter); //-- Reorder fields X509Name orderedX509Name = getOrderedX509Name(x509Name, dnOrder, converter); //log.debug("<stringToBcX509Name"); return orderedX509Name; } // stringToBcX509Name /** * Every DN-string should look the same. Creates a name string ordered and looking like we want * it... * * @param dn String containing DN * * @return String containing DN, or null if input is null */ public static String stringToBCDNString(String dn) { //log.debug(">stringToBcDNString: "+dn); if (isDNReversed(dn)) { dn = reverseDN(dn); } String ret = null; X509Name name = stringToBcX509Name(dn); if (name != null) { ret = name.toString(); } // For some databases (MySQL for instance) the database column holding subjectDN // is only 250 chars long. There have been strange error reported (clipping DN natuarally) // that is hard to debug if DN is more than 250 chars and we don't have a good message if ( (ret != null) && (ret.length() > 250) ) { log.info("Warning! DN is more than 250 characters long. Some databases have only 250 characters in the database for SubjectDN. Clipping may occur! DN ("+ret.length()+" chars): "+ret); } //log.debug("<stringToBcDNString: "+ret); return ret; } /** * Convenience method for getting an email addresses from a DN. Uses {@link * getPartsFromDN(String,String)} internally, and searches for {@link EMAIL}, {@link EMAIL1}, * {@link EMAIL2}, {@link EMAIL3} and returns the first one found. * * @param dn the DN * * @return ArrayList containing email or empty list if email is not present * @return the found email address, or <code>null</code> if none is found */ public static ArrayList getEmailFromDN(String dn) { log.debug(">getEmailFromDN(" + dn + ")"); ArrayList ret = new ArrayList(); for (int i = 0; i < EMAILIDS.length ; i++) { ArrayList emails = getPartsFromDN(dn, EMAILIDS[i]); if (emails.size() > 0) { ret.addAll(emails); } } log.debug("<getEmailFromDN(" + dn + "): " + ret.size()); return ret; } /** * Search for e-mail address, first in SubjectAltName (as in PKIX * recommendation) then in subject DN. * Original author: Marco Ferrante, (c) 2005 CSITA - University of Genoa (Italy) * * @param certificate * @return subject email or null if not present in certificate */ public static String getEMailAddress(Certificate certificate) { log.debug("Searching for EMail Address in SubjectAltName"); if (certificate == null) { return null; } if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; try { if (x509cert.getSubjectAlternativeNames() != null) { java.util.Collection altNames = x509cert.getSubjectAlternativeNames(); Iterator iter = altNames.iterator(); while (iter.hasNext()) { java.util.List item = (java.util.List)iter.next(); Integer type = (Integer)item.get(0); if (type.intValue() == 1) { return (String)item.get(1); } } } } catch (CertificateParsingException e) { log.error("Error parsing certificate: ", e); } log.debug("Searching for EMail Address in Subject DN"); ArrayList emails = CertTools.getEmailFromDN(x509cert.getSubjectDN().getName()); if (emails.size() > 0) { return (String)emails.get(0); } } return null; } /** * Takes a DN and reverses it completely so the first attribute ends up last. * C=SE,O=Foo,CN=Bar becomes CN=Bar,O=Foo,C=SE. * * @param dn String containing DN to be reversed, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". * * @return String containing reversed DN */ public static String reverseDN(String dn) { log.debug(">reverseDN: dn: " + dn); String ret = null; if (dn != null) { String o; BasicX509NameTokenizer xt = new BasicX509NameTokenizer(dn); StringBuffer buf = new StringBuffer(); boolean first = true; while (xt.hasMoreTokens()) { o = xt.nextToken(); //log.debug("token: "+o); if (!first) { buf.insert(0,","); } else { first = false; } buf.insert(0,o); } if (buf.length() > 0) { ret = buf.toString(); } } log.debug("<reverseDN: resulting dn: " + ret); return ret; } //reverseDN /** * Tries to determine if a DN is in reversed form. It does this by taking the last attribute * and the first attribute. If the last attribute comes before the first in the dNObjects array * the DN is assumed to be in reversed order. * The check if a DN is revered is relative to the default ordering, so if the default ordering is: * "C=SE, O=PrimeKey, CN=Tomas" (dNObjectsReverse ordering in EJBCA) a dn or form "CN=Tomas, O=PrimeKey, C=SE" is reversed. * * if the default ordering is: * "CN=Tomas, O=PrimeKey, C=SE" (dNObjectsForward ordering in EJBCA) a dn or form "C=SE, O=PrimeKey, CN=Tomas" is reversed. * * * @param dn String containing DN to be checked, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". * * @return true if the DN is believed to be in reversed order, false otherwise */ protected static boolean isDNReversed(String dn) { //log.debug(">isDNReversed: dn: " + dn); boolean ret = false; if (dn != null) { String first = null; String last = null; X509NameTokenizer xt = new X509NameTokenizer(dn); if (xt.hasMoreTokens()) { first = xt.nextToken(); } while (xt.hasMoreTokens()) { last = xt.nextToken(); } String[] dNObjects = DnComponents.getDnObjects(); if ( (first != null) && (last != null) ) { first = first.substring(0,first.indexOf('=')); last = last.substring(0,last.indexOf('=')); int firsti = 0, lasti = 0; for (int i = 0; i < dNObjects.length; i++) { if (first.toLowerCase().equals(dNObjects[i])) { firsti = i; } if (last.toLowerCase().equals(dNObjects[i])) { lasti = i; } } if (lasti < firsti) { ret = true; } } } //log.debug("<isDNReversed: " + ret); return ret; } //isDNReversed /** * Gets a specified part of a DN. Specifically the first occurrence it the DN contains several * instances of a part (i.e. cn=x, cn=y returns x). * * @param dn String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". * @param dnpart String specifying which part of the DN to get, should be "CN" or "OU" etc. * * @return String containing dnpart or null if dnpart is not present */ public static String getPartFromDN(String dn, String dnpart) { log.debug(">getPartFromDN: dn:'" + dn + "', dnpart=" + dnpart); String part = null; if ((dn != null) && (dnpart != null)) { String o; dnpart += "="; // we search for 'CN=' etc. X509NameTokenizer xt = new X509NameTokenizer(dn); while (xt.hasMoreTokens()) { o = xt.nextToken(); //log.debug("checking: "+o.substring(0,dnpart.length())); if ((o.length() > dnpart.length()) && o.substring(0, dnpart.length()).equalsIgnoreCase(dnpart)) { part = o.substring(dnpart.length()); break; } } } log.debug("<getpartFromDN: resulting DN part=" + part); return part; } //getPartFromDN /** * Gets a specified parts of a DN. Returns all occurences as an ArrayList, also works if DN contains several * instances of a part (i.e. cn=x, cn=y returns {x, y, null}). * * @param dn String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz". * @param dnpart String specifying which part of the DN to get, should be "CN" or "OU" etc. * * @return ArrayList containing dnparts or empty list if dnpart is not present */ public static ArrayList getPartsFromDN(String dn, String dnpart) { log.debug(">getPartsFromDN: dn:'" + dn + "', dnpart=" + dnpart); ArrayList parts = new ArrayList(); if ((dn != null) && (dnpart != null)) { String o; dnpart += "="; // we search for 'CN=' etc. X509NameTokenizer xt = new X509NameTokenizer(dn); while (xt.hasMoreTokens()) { o = xt.nextToken(); if ((o.length() > dnpart.length()) && o.substring(0, dnpart.length()).equalsIgnoreCase(dnpart)) { parts.add(o.substring(dnpart.length())); } } } log.debug("<getpartsFromDN: resulting DN part=" + parts.toString()); return parts; } //getPartFromDN /** * Gets a list of all custom OIDs defined in the string. A custom OID is defined as an OID, simply as that. Otherwise, if it is not a custom oid, the DNpart is defined by a name such as CN och rfc822Name. * * @param dn String containing DN, The DN string has the format "C=SE, O=xx, OU=yy, CN=zz", or "rfc822Name=foo@bar.com", etc. * @param dnpart String specifying which part of the DN to get, should be "CN" or "OU" etc. * * @return ArrayList containing oids or empty list if no custom OIDs are present */ public static ArrayList getCustomOids(String dn) { log.debug(">getCustomOids: dn:'" + dn); ArrayList parts = new ArrayList(); if (dn != null) { String o; X509NameTokenizer xt = new X509NameTokenizer(dn); while (xt.hasMoreTokens()) { o = xt.nextToken(); // Try to see if it is a valid OID try { int i = o.indexOf('='); // An oid is never shorter than 3 chars and must start with 1. if ( (i > 2) && (o.charAt(1) == '.') ) { String oid = o.substring(0, i); new DERObjectIdentifier(oid); parts.add(oid); } } catch (IllegalArgumentException e) { // Not a valid oid } } } log.debug("<getpartsFromDN: resulting DN part=" + parts.toString()); return parts; } //getPartFromDN /** * Gets subject DN in the format we are sure about (BouncyCastle),supporting UTF8. * * @param cert Certificate * * @return String containing the subjects DN. */ public static String getSubjectDN(Certificate cert) { return getDN(cert, 1); } /** * Gets issuer DN in the format we are sure about (BouncyCastle),supporting UTF8. * * @param cert Certificate * * @return String containing the issuers DN. */ public static String getIssuerDN(Certificate cert) { return getDN(cert, 2); }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -