5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * of the Common Development and Distribution License
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the License). You may not use this file except in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * compliance with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header Notice in each file and include the License file
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below the CDDL Header,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the fields enclosed by brackets [] replaced by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * your own identifying information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * $Id: CertUtils.java,v 1.2 2008/06/25 05:52:46 qcheng Exp $
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * Portions Copyrighted 2014 ForgeRock AS.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * This class provides utility methods to read the certificate DN information in a format that is understandable
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * across OpenAM.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major private static final Map<String, String> OID_MAP = new HashMap<String, String>();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major private static final Debug DEBUG = Debug.getInstance("amAuthCert");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major OID_MAP.put("1.2.840.113549.1.9.1", EMAIL_ADDRESS);
0d30f19874ab0ad26676968208c00f99287c5323Peter Major OID_MAP.put("1.2.840.113549.1.9.2", "unstructuredName");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major OID_MAP.put("1.2.840.113549.1.9.8", "unstructuredAddress");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * Returns the Subject Name from the {@link X509Certificate}'s subject {@link X500Principal}.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param cert X509 Certificate Object.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * @return null if the SubjectDN can not be obtained.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static String getSubjectName(X509Certificate cert) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major return cert.getSubjectX500Principal().getName(X500Principal.RFC2253, OID_MAP);
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * Returns the Issuer Name from the {@link X509Certificate}'s issuer {@link X500Principal}.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param cert X509 Certificate Object.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * @return null if the IssuerDN can not be obtained.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static String getIssuerName(X509Certificate cert) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major return cert.getIssuerX500Principal().getName(X500Principal.RFC2253, OID_MAP);
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * Retrieves a given attribute value from the provided {@link X500Principal} even if the attribute was enclosed in
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * a multi-valued RDN.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * @param principal The principal to retrieve the value from.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * @param attributeName The non-null name of the attribute to retrieve.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * @return The attribute value from the principal.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major public static String getAttributeValue(X500Principal principal, String attributeName) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major LdapName ldapName = new LdapName(principal.getName(X500Principal.RFC2253, OID_MAP));
0d30f19874ab0ad26676968208c00f99287c5323Peter Major NamingEnumeration<? extends Attribute> values = attrs.getAll();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major if (attributeName.equalsIgnoreCase(attr.getID())) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major return attr.get() == null ? null : attr.get().toString();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major DEBUG.warning("A naming error occurred while trying to retrieve " + attributeName + " from principal: "