Examples of org.bouncycastle.asn1.x509.X509Name

• org.bouncycastle.asn1.x509.X509Name

   RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type  OBJECT IDENTIFIER, value ANY } 

  @deprecated use org.bouncycastle.asn1.x500.X500Name.

            if ( header==null ) {
                StressTest.this.performanceTest.getLog().error("No header in response message.");
                return false;
            }
            // Check that the signer is the expected CA
            final X509Name name = X509Name.getInstance(header.getSender().getName());
            if ( header.getSender().getTagNo()!=4 || name==null || !name.equals(this.cacert.getSubjectDN()) ) {
                StressTest.this.performanceTest.getLog().error("Not signed by right issuer.");
            }

            if ( header.getSenderNonce().getOctets().length!=16 ) {
                StressTest.this.performanceTest.getLog().error("Wrong length of received sender nonce (made up by server). Is "+header.getSenderNonce().getOctets().length+" byte but should be 16.");

            if ( cert==null ) {
                StressTest.this.performanceTest.getLog().error("Not possbile to create certificate.");
                return null;
            }
            // Remove this test to be able to test unid-fnr
            if ( cert.getSubjectDN().hashCode() != new X509Name(sessionData.getUserDN()).hashCode() ) {
                StressTest.this.performanceTest.getLog().error("Subject is '"+cert.getSubjectDN()+"' but should be '"+sessionData.getUserDN()+'\'');
                return null;
            }
            if ( cert.getIssuerX500Principal().hashCode() != this.cacert.getSubjectX500Principal().hashCode() ) {
                StressTest.this.performanceTest.getLog().error("Issuer is '"+cert.getIssuerDN()+"' but should be '"+this.cacert.getSubjectDN()+'\'');

            if ( header.getSender().getTagNo()!=4 ) {
                StressTest.this.performanceTest.getLog().error("Wrong tag in respnse message header. Is "+header.getSender().getTagNo()+" should be 4.");
                return false;
            }
            {
                final X509Name name = X509Name.getInstance(header.getSender().getName());
                if ( name.hashCode() != this.cacert.getSubjectDN().hashCode() ) {
                    StressTest.this.performanceTest.getLog().error("Wrong CA DN. Is '"+name+"' should be '"+this.cacert.getSubjectDN()+"'.");
                    return false;
                }
            }
            {
                final X509Name name = X509Name.getInstance(header.getRecipient().getName());
                if ( name.hashCode() != new X509Name(sessionData.userDN).hashCode() ) {
                    StressTest.this.performanceTest.getLog().error("Wrong recipient DN. Is '"+name+"' should be '"+sessionData.userDN+"'.");
                    return false;
                }
            }
            final PKIBody body = respObject.getBody();

        private PKIMessage genCertConfirm(final SessionData sessionData, final String hash) {

            PKIHeader myPKIHeader =
                new PKIHeader(
                        new DERInteger(2),
                        new GeneralName(new X509Name(sessionData.getUserDN())),
                        new GeneralName(new X509Name(this.cacert.getSubjectDN().getName())));
            myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date()));
            // senderNonce
            myPKIHeader.setSenderNonce(new DEROctetString(sessionData.getNonce()));
            // TransactionId
            myPKIHeader.setTransactionID(new DEROctetString(sessionData.getTransId()));

  public BigInteger getSerialNo() {
    return this.original.getSerialNo();
  }
  @Override
  public String getRequestDN() {
    final X509Name name = getRequestX509Name();
    if ( name==null ) {
      return null;
    }
    return CertTools.stringToBCDNString(name.toString());
  }

    this.storage = _storage;
  }

  @Override
  public IRequestMessage processRequestMessage(IRequestMessage req, String certificateProfileName) throws HandlerException {
    final X509Name dn = req.getRequestX509Name();
    if (LOG.isDebugEnabled()) {
      LOG.debug(">processRequestMessage:'"+dn+"' and '"+certificateProfileName+"'");
    }
    final String unidPrefix = getPrefixFromCertProfileName(certificateProfileName);
    if ( unidPrefix==null ) {
      return req;
    }
    final Vector<String> v = dn.getValues();
    final Vector<Object> o = dn.getOIDs();
    if( v.size()!=o.size() ) {
      throw new HandlerException("the BC X509Name object is corrupt.");
    }
    for ( int i=0; i<v.size(); i++ ) {
      if ( o.get(i).equals(X509Name.SERIALNUMBER) ) {
        final String newSerial = storeUnidFrnAndGetNewSerialNr(v.get(i), unidPrefix);
        if ( newSerial!=null ) {
          v.set(i, newSerial);
          return new RequestMessageSubjectDnAdapter( req, new X509Name(o,v) );
        }
      }
    }
    return req;
  }

    /**
     * @see IRequestMessage#getRequestX509Name()
     */
    public X509Name getRequestX509Name() {
      String dn = getRequestDN();
      X509Name name = new X509Name(dn);
      return name;
    }

     *
     */
    public byte[] generateCrlReq(String dn, X509Certificate ca) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CMSException, InvalidAlgorithmParameterException, CertStoreException, CertificateEncodingException, IllegalStateException {
        this.cacert = ca;
        this.reqdn = dn;
        X509Name name = CertTools.stringToBcX509Name(cacert.getIssuerDN().getName());
        IssuerAndSerialNumber ias = new IssuerAndSerialNumber(name, cacert.getSerialNumber());
        // Create self signed cert, validity 1 day
        cert = CertTools.genSelfCert(reqdn,24*60*60*1000,null,keys.getPrivate(),keys.getPublic(),AlgorithmConstants.SIGALG_SHA1_WITH_RSA,false);

        // wrap message in pkcs#7

        }
        // Special if the DN contains unstructuredAddress where it becomes:
        // CN=pix.primekey.se + unstructuredAddress=pix.primekey.se
        // We only want the CN and not the oid-part.
        // Luckily for us this is handles automatically by BC X509Name class
        X509Name xname = getRequestX509Name();
        String ret = null;
        if (xname == null) {
          log.info("No requestDN in request, probably we could not read/parse/decrypt request.");
        } else {
            Vector cnValues = xname.getValues(X509Name.CN);
            if (cnValues.size() == 0) {
              log.info("No CN in DN: "+xname.toString());
            } else {
                ret = cnValues.firstElement().toString();
                // If we have a CN with a normal name like "Test Testsson" we only want to
                // use the first part as the username
              int index = ret.indexOf(' ');

     *
     * @return subject DN from certification request or null.
     */
    public String getRequestDN() {
      String ret = null;
      X509Name name = getRequestX509Name();
      if (name != null) {
        String dn = name.toString();
        // We have to make special handling again for Cisco devices.
        // they will submit requests like: SN=FFFFFF+unstructuredName=Router
        // EJBCA does not handle this very well so we will change it to: SN=FFFFFF,unstructuredName=Router
        dn = dn.replace("+unstructuredName=", ",unstructuredName=");
        dn = dn.replace(" + unstructuredName=", ",unstructuredName=");