Package org.ejbca.util.dn

Examples of org.ejbca.util.dn.DNFieldExtractor


  protected String constructLDAPDN(String certDN, String userDataDN){
    if (log.isDebugEnabled()) {
      log.debug("DN in certificate '"+certDN+"'. DN in user data '"+userDataDN+"'.");
    }
    String retval = "";
    final DNFieldExtractor certExtractor = new DNFieldExtractor(certDN, DNFieldExtractor.TYPE_SUBJECTDN);
    final DNFieldExtractor userDataExtractor = userDataDN!=null ? new DNFieldExtractor(userDataDN, DNFieldExtractor.TYPE_SUBJECTDN) : null;

    Collection<Integer> usefields = getUseFieldInLdapDN();
    if(usefields instanceof List<?>){
      Collections.sort((List<Integer>) usefields);
    }
    Iterator<Integer> iter = usefields.iterator();
    while(iter.hasNext()){
      Integer next = iter.next();
      String dnField = certExtractor.getFieldString(next.intValue());
      if ( StringUtils.isEmpty(dnField) && userDataExtractor!=null ) {
        dnField = userDataExtractor.getFieldString(next.intValue());
      }
      if (StringUtils.isNotEmpty(dnField)) {
        if (dnField.startsWith("SN")) {
          // This is SN in Bouncycastle, but it should be serialNumber in LDAP
          dnField = "serialNumber"+new String(dnField.substring(2));
View Full Code Here


      paramPut("user.USERNAME", userData.getUsername());

      paramPut("PASSWORD", userData.getPassword());
      paramPut("user.PASSWORD", userData.getPassword());

      DNFieldExtractor dnfields = new DNFieldExtractor(userData.getDN(), DNFieldExtractor.TYPE_SUBJECTDN);
      paramPut("CN", dnfields.getField(DNFieldExtractor.CN, 0));
      paramPut("user.CN", dnfields.getField(DNFieldExtractor.CN, 0));
      paramPut("SN", dnfields.getField(DNFieldExtractor.SN, 0));
      paramPut("user.SN", dnfields.getField(DNFieldExtractor.SN, 0));
      paramPut("O", dnfields.getField(DNFieldExtractor.O, 0));
      paramPut("user.O", dnfields.getField(DNFieldExtractor.O, 0));
      paramPut("OU", dnfields.getField(DNFieldExtractor.OU, 0));
      paramPut("user.OU", dnfields.getField(DNFieldExtractor.OU, 0));
      paramPut("C", dnfields.getField(DNFieldExtractor.C, 0));
      paramPut("user.E", dnfields.getField(DNFieldExtractor.E, 0));

      String time = "(time not available)";
      if (userData.getTimeCreated() != null) {
        time = fastDateFormat(userData.getTimeCreated());
      }
View Full Code Here

  }
 
  protected void populateWithEmailAddresses(UserDataVO userdata, UserDataVO admin) {
    if(userdata != null) {
      paramPut("user.EE.EMAIL", userdata.getEmail());
      final DNFieldExtractor sanfields = new DNFieldExtractor(userdata.getSubjectAltName(), DNFieldExtractor.TYPE_SUBJECTALTNAME);
      paramPut("user.SAN.EMAIL", sanfields.getField(DNFieldExtractor.RFC822NAME, 0));
    }
    if(admin != null) {
      paramPut("requestAdmin.EE.EMAIL", admin.getEmail());
      final DNFieldExtractor sdnFields = new DNFieldExtractor(admin.getDN(), DNFieldExtractor.TYPE_SUBJECTDN);
      paramPut("requestAdmin.CN", sdnFields.getField(DNFieldExtractor.CN, 0));
      final DNFieldExtractor sanFields = new DNFieldExtractor(admin.getSubjectAltName(), DNFieldExtractor.TYPE_SUBJECTALTNAME);
      paramPut("requestAdmin.SAN.EMAIL", sanFields.getField(DNFieldExtractor.RFC822NAME, 0));
    }
  }
View Full Code Here

        String[] clientstrings=null;

        // First check that issuers match.
        if(this.caid == admincaid){
          // Determine part of certificate to match with.
          DNFieldExtractor dn = new DNFieldExtractor(certstring,DNFieldExtractor.TYPE_SUBJECTDN);
          DNFieldExtractor an = new DNFieldExtractor(anString,DNFieldExtractor.TYPE_SUBJECTALTNAME);
          DNFieldExtractor usedExtractor = dn;
          if(matchwith == WITH_SERIALNUMBER){
            if(certificate!=null){
              switch(matchtype){
                case TYPE_EQUALCASE:
                case TYPE_EQUALCASEINS:
                    try{
                      returnvalue = (new java.math.BigInteger(matchvalue,16)).equals(CertTools.getSerialNumber(certificate));
                    }catch(java.lang.NumberFormatException nfe){}
                    break;
                case TYPE_NOT_EQUALCASE:
                case TYPE_NOT_EQUALCASEINS:
                    try{
                      returnvalue = !(new java.math.BigInteger(matchvalue,16)).equals(CertTools.getSerialNumber(certificate));
                    }catch(java.lang.NumberFormatException nfe){}
                    break;
                default:
              }
            }
          }
          else{
            parameter = DNFieldExtractor.CN;
            switch(matchwith){
              case WITH_COUNTRY:
                parameter = DNFieldExtractor.C;
                break;
              case WITH_DOMAINCOMPONENT:
                parameter = DNFieldExtractor.DC;
                break;
              case WITH_STATE:
                parameter = DNFieldExtractor.L;
                break;
              case WITH_LOCALE:
                parameter = DNFieldExtractor.ST;
                break;
              case WITH_ORGANIZATION:
                parameter = DNFieldExtractor.O;
                break;
              case WITH_ORGANIZATIONUNIT:
                parameter = DNFieldExtractor.OU;
                break;
              case WITH_TITLE:
                parameter = DNFieldExtractor.T;
                break;
              case WITH_DNSERIALNUMBER:
                parameter = DNFieldExtractor.SN;
                break;
              case WITH_COMMONNAME:
                parameter = DNFieldExtractor.CN;
                break;
              case WITH_UID:
                  parameter = DNFieldExtractor.UID;
                  break;
              case WITH_DNEMAIL:
                  parameter = DNFieldExtractor.E;
                  break;
              case WITH_RFC822NAME:
                  parameter = DNFieldExtractor.RFC822NAME;
                  usedExtractor = an;
                  break;
              case WITH_UPN:
                  parameter = DNFieldExtractor.UPN;
                  usedExtractor = an;
                  break;
              default:
            }
            size = usedExtractor.getNumberOfFields(parameter);
            clientstrings = new String[size];
            for(int i=0; i < size; i++){
              clientstrings[i] = usedExtractor.getField(parameter,i);
            }

            // Determine how to match.
            if(clientstrings!=null){
              switch(matchtype){
View Full Code Here

        String email, final int certificateprofileid, final boolean keyrecoverable, final boolean sendnotification, final int tokentype,
        final int hardwaretokenissuerid, final int caid, final ExtendedInformation ei) throws UserDoesntFullfillEndEntityProfile {
      if (log.isTraceEnabled()) {
        log.trace(">doesUserFullfillEndEntityProfileWithoutPassword()");
      }
      final DNFieldExtractor subjectdnfields = new DNFieldExtractor(dn, DNFieldExtractor.TYPE_SUBJECTDN);
      if (subjectdnfields.isIllegal()) {
        throw new UserDoesntFullfillEndEntityProfile("Subject DN is illegal.");
      }
      final DNFieldExtractor subjectaltnames = new DNFieldExtractor(subjectaltname, DNFieldExtractor.TYPE_SUBJECTALTNAME);
      if (subjectaltnames.isIllegal()) {
        throw new UserDoesntFullfillEndEntityProfile("Subject alt names are illegal.");
      }
      final DNFieldExtractor subjectdirattrs = new DNFieldExtractor(subjectdirattr, DNFieldExtractor.TYPE_SUBJECTDIRATTR);
      if (subjectdirattrs.isIllegal()) {
        throw new UserDoesntFullfillEndEntityProfile("Subject directory attributes are illegal.");
      }
      // Check that no other than supported dn fields exists in the subject dn.
      if (subjectdnfields.existsOther()) {
        throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject DN Field found in:" + dn);
      }
      if (subjectaltnames.existsOther()) {
        throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject Alternate Name Field found in:" + subjectaltname );
      }
      if (subjectdirattrs.existsOther()) {
        throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject Directory Attribute Field found in:" + subjectdirattr );
      }
      checkIfAllRequiredFieldsExists(subjectdnfields, subjectaltnames, subjectdirattrs, username, email);
      // Make sure that there are enough fields to cover all required in profile
      checkIfForIllegalNumberOfFields(subjectdnfields, subjectaltnames, subjectdirattrs);
      // Check contents of username.
      checkIfDataFullfillProfile(USERNAME,0,username, "Username",null);
      // Check Email address.
      if (email == null) {
        email = "";
      }
      checkIfDomainFullfillProfile(EMAIL,0,email,"Email");
      // Make sure that every value has a corresponding field in the entity profile
      checkIfFieldsMatch(subjectdnfields, DNFieldExtractor.TYPE_SUBJECTDN, email);
      checkIfFieldsMatch(subjectaltnames, DNFieldExtractor.TYPE_SUBJECTALTNAME, email);
      // Check contents of Subject Directory Attributes fields.
      final HashMap<Integer,Integer> subjectdirattrnumbers = subjectdirattrs.getNumberOfFields();
      final Integer[] dirattrids = DNFieldExtractor.getUseFields(DNFieldExtractor.TYPE_SUBJECTDIRATTR);
      for (final Integer dirattrid : dirattrids) {
        final int nof = subjectdirattrnumbers.get(dirattrid).intValue();
        for (int j=0; j<nof; j++) {
          checkForIllegalChars(subjectdirattrs.getField(dirattrid.intValue(),j));
          switch (dirattrid.intValue()) {
          case DNFieldExtractor.COUNTRYOFCITIZENSHIP:
            checkIfISO3166FullfillProfile(DnComponents.COUNTRYOFCITIZENSHIP,j,subjectdirattrs.getField(dirattrid.intValue(),j),"COUNTRYOFCITIZENSHIP");
            break;
          case DNFieldExtractor.COUNTRYOFRESIDENCE:
            checkIfISO3166FullfillProfile(DnComponents.COUNTRYOFRESIDENCE,j,subjectdirattrs.getField(dirattrid.intValue(),j),"COUNTRYOFRESIDENCE");
            break;
          case DNFieldExtractor.DATEOFBIRTH:
            checkIfDateFullfillProfile(DnComponents.DATEOFBIRTH,j,subjectdirattrs.getField(dirattrid.intValue(),j),"DATEOFBIRTH");
            break;
          case DNFieldExtractor.GENDER:
            checkIfGenderFullfillProfile(DnComponents.GENDER,j,subjectdirattrs.getField(dirattrid.intValue(),j),"GENDER");
            break;
          default:
            checkIfDataFullfillProfile(DnComponents.dnIdToProfileName(dirattrid.intValue()),j,subjectdirattrs.getField(dirattrid.intValue(),j), DnComponents.getErrTextFromDnId(dirattrid.intValue()), email);
          }
        }
      }
      // Check for keyrecoverable flag.
      if (!getUse(KEYRECOVERABLE,0) && keyrecoverable) {
View Full Code Here

     * @param dn
     * @return a subset of original DN
     */
   
    public String createSubjectDNSubSet(String dn){
      DNFieldExtractor extractor = new DNFieldExtractor(dn,DNFieldExtractor.TYPE_SUBJECTDN);     
      return constructUserData(extractor, getSubjectDNSubSet(), true);
    }
View Full Code Here

     *
     * @param dn
     * @return a subset of original DN
     */
    public String createSubjectAltNameSubSet(String subjectaltname){
      DNFieldExtractor extractor = new DNFieldExtractor(subjectaltname,DNFieldExtractor.TYPE_SUBJECTALTNAME);     
      return constructUserData(extractor, getSubjectAltNameSubSet(), false);
    }
View Full Code Here

TOP

Related Classes of org.ejbca.util.dn.DNFieldExtractor

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.