Examples of org.bouncycastle.asn1.x509.X509Name

• org.bouncycastle.asn1.x509.X509Name

   RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type  OBJECT IDENTIFIER, value ANY } 

  @deprecated use org.bouncycastle.asn1.x500.X500Name.

          if (log.isDebugEnabled()) {
            log.debug("Using POPOSigningKeyInput as POPO input.");
          }
          final CertRequest req = getReq().getCertReq();
          // If subject is present in cert template it must be the same as in POPOSigningKeyInput
          final X509Name subject = req.getCertTemplate().getSubject();
          if (subject != null && !subject.toString().equals(pski.getSender().getName().toString())) {
            log.info("Subject '"+subject.toString()+"̈́', is not equal to '"+pski.getSender().toString()+"'.");
            protObject = null;  // pski is not a valid protection object
          }
          // If public key is present in cert template it must be the same as in POPOSigningKeyInput
          final SubjectPublicKeyInfo pk = req.getCertTemplate().getPublicKey();
          if (pk != null && !Arrays.areEqual(pk.getEncoded(), pski.getPublicKey().getEncoded())) {

  // Returns the subject DN from the request, used from CrmfMessageHandler
  public String getSubjectDN() {
    String ret = null;
    final CertTemplate templ = getReq().getCertReq().getCertTemplate();
    final X509Name name = templ.getSubject();
    if (name != null) {
      ret = CertTools.stringToBCDNString(name.toString());
    }
    return ret;
  }

    } else {
      issuer = "CN=fooIssuer";
      subject = "CN=fooSubject";
    }

    X509Name issuerName = new X509Name(issuer);
    X509Name subjectName = new X509Name(subject);
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(issuerName, subjectName, senderNonce, recipientNonce, transactionId);

    try {
      if (status.equals(ResponseStatus.SUCCESS)) {
        if (cert != null) {

      }
      RevReqContent rr = body.getRr();
      RevDetails rd = rr.getRevDetails(0);
      CertTemplate ct = rd.getCertDetails();
      DERInteger serno = ct.getSerialNumber();
      X509Name issuer = ct.getIssuer();
      if ( (serno != null) && (issuer != null) ) {
        String errMsg = intres.getLocalizedMessage("cmp.receivedrevreq", issuer.toString(), serno.getValue().toString(16));
        log.info(errMsg);
      } else {
        String errMsg = intres.getLocalizedMessage("cmp.receivedrevreqnoissuer");
        log.info(errMsg);
      }

  public boolean create() throws IOException, InvalidKeyException,
      NoSuchAlgorithmException, NoSuchProviderException,
      SignRequestException, NotFoundException {

    X509Name sender = X509Name.getInstance(getSender().getName());
    X509Name recipient = X509Name.getInstance(getRecipient().getName());
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(sender, recipient, getSenderNonce(), getRecipientNonce(), getTransactionId());
    PKIBody myPKIBody = new PKIBody(new DERNull(), 19);
    PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody);

    if ((getPbeDigestAlg() != null) && (getPbeMacAlg() != null) && (getPbeKeyId() != null) && (getPbeKey() != null) ) {

          PKIBody body = pkimsg.getBody();
          RevReqContent rr = body.getRr();
          RevDetails rd = rr.getRevDetails(0);
          CertTemplate ct = rd.getCertDetails();
          DERInteger serno = ct.getSerialNumber();
          X509Name issuer = ct.getIssuer();
          // Get the revocation reason.
          // For CMPv1 this can be a simple DERBitString or it can be a requested CRL Entry Extension
          // If there exists CRL Entry Extensions we will use that, because it's the only thing allowed in CMPv2
          int reason = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED;
          DERBitString reasonbits = rd.getRevocationReason();
          if (reasonbits != null) {
            reason = CertTools.bitStringToRevokedCertInfo(reasonbits);
            LOG.debug("CMPv1 revocation reason: "+reason);
          } else {
            LOG.debug("CMPv1 revocation reason is null");
          }
          X509Extensions crlExt = rd.getCrlEntryDetails();
          if (crlExt != null) {
            X509Extension ext = crlExt.getExtension(X509Extensions.ReasonCode);
            if (ext != null) {
              try {
                ASN1InputStream ai = new ASN1InputStream(ext.getValue().getOctets());
                DERObject obj = ai.readObject();
                DEREnumerated crlreason = DEREnumerated.getInstance(obj);
                // RevokedCertInfo.REVOCATION_REASON_AACOMPROMISE are the same integer values as the CRL reason extension code
                reason = crlreason.getValue().intValue();
                LOG.debug("CRLReason extension: "+reason);
              } catch (IOException e) {
                LOG.info("Exception parsin CRL reason extension: ", e);
              }
            } else {
              LOG.debug("No CRL reason code extension present.");
            }
          } else {
            LOG.debug("No CRL entry extensions present");
          }

          if ( (serno != null) && (issuer != null) ) {
            String iMsg = INTRES.getLocalizedMessage("cmp.receivedrevreq", issuer.toString(), serno.getValue().toString(16));
            LOG.info(iMsg);
            try {
              userAdminSession.revokeCert(admin, serno.getValue(), issuer.toString(), reason);
              status = ResponseStatus.SUCCESS;
            } catch (AuthorizationDeniedException e) {
              failInfo = FailInfo.NOT_AUTHORIZED;
              String errMsg = INTRES.getLocalizedMessage("cmp.errornotauthrevoke", issuer.toString(), serno.getValue().toString(16));
              failText = errMsg;
              LOG.error(failText);
            } catch (FinderException e) {
              failInfo = FailInfo.BAD_CERTIFICATE_ID;
              String errMsg = INTRES.getLocalizedMessage("cmp.errorcertnofound", issuer.toString(), serno.getValue().toString(16));
              failText = errMsg;
              LOG.error(failText);
            } catch (WaitingForApprovalException e) {
              status = ResponseStatus.GRANTED_WITH_MODS;
            } catch (ApprovalException e) {
              failInfo = FailInfo.BAD_REQUEST;
              String errMsg = INTRES.getLocalizedMessage("cmp.erroralreadyrequested");
              failText = errMsg;
              LOG.error(failText);
            } catch (AlreadyRevokedException e) {
              failInfo = FailInfo.BAD_REQUEST;
              String errMsg = INTRES.getLocalizedMessage("cmp.erroralreadyrevoked");
              failText = errMsg;
              LOG.error(failText);
            }
          } else {
            failInfo = FailInfo.BAD_CERTIFICATE_ID;
            String errMsg = INTRES.getLocalizedMessage("cmp.errormissingissuerrevoke", issuer.toString(), serno.getValue().toString(16));
            failText = errMsg;
            LOG.error(failText);
          }
        } else {
          String errMsg = INTRES.getLocalizedMessage("cmp.errorauthmessage");

    final ArrayList<GeneralNames> issuers = new ArrayList<GeneralNames>();
    if (StringUtils.isNotEmpty(crlissuer)) {
      final StringTokenizer tokenizer = new StringTokenizer(crlissuer, ";", false);
      while (tokenizer.hasMoreTokens()) {
        final String issuer = tokenizer.nextToken();
        final GeneralName gn = new GeneralName(new X509Name(issuer));
        if (log.isDebugEnabled()) {
          log.debug("Added CRL issuer: "+issuer);
        }
        final ASN1EncodableVector vec = new ASN1EncodableVector();
        vec.add(gn);

        byte[] proxyByte = Base64Util.decode(encStr);

        try {
            PKCS10CertificationRequest req = new PKCS10CertificationRequest(
                    proxyByte);
            X509Name proxyDN = req.getCertificationRequestInfo().getSubject();
            X500Principal userDN = cert.getSubjectX500Principal();

            ByteArrayInputStream bIn = new ByteArrayInputStream(
                    userDN.getEncoded());
            DERInputStream dIn = new DERInputStream(bIn);
            ASN1Sequence      seq = (ASN1Sequence) dIn.readObject();
            X509Name uDN = new X509Name(seq);

            Log.debug(CLASS_NAME,
                    "user's subjectDN: " + uDN.toString()
                    + "\nproxy's subjectDN: " + proxyDN.toString());

            if (!compairDN(uDN.toString(), proxyDN.toString())) {
                Log.info(CLASS_NAME, "proxy's DN does not match user's DN!");
                return false;
            }
        } catch (Exception e) {
            Log.error(CLASS_NAME, "", e);

            ext = extensions.getExtension(X509Extensions.ExtendedKeyUsage);
            addExtendedKeyUsage(ext);
        }

        X509Name issuerDn = issuerTbsCert.getSubject();
        X509Name subjectDn = buildSubjectDn(issuerDn, newCn);

        generator.setSubjectDN(subjectDn);
        generator.setIssuerDN(issuerDn);
        generator.setSerialNumber(serialNum);
        generator.setPublicKey(pkcs10Req.getPublicKey());

        int size = seq.size();
        for (int i = 0; i < size; i++) {
            newSeq.add(seq.getObjectAt(i));
        }
        newSeq.add(rdn);
        return new X509Name(new DERSequence(newSeq));
    }