security/x509/CertUtils.java

5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * of the Common Development and Distribution License
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the License). You may not use this file except in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * compliance with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * opensso/legal/CDDLv1.0.txt
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header Notice in each file and include the License file
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * at opensso/legal/CDDLv1.0.txt.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below the CDDL Header,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the fields enclosed by brackets [] replaced by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * your own identifying information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * $Id: CertUtils.java,v 1.2 2008/06/25 05:52:46 qcheng Exp $
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * Portions Copyrighted 2014 ForgeRock AS.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpackage com.iplanet.security.x509;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport com.sun.identity.shared.debug.Debug;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.security.cert.X509Certificate;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport java.util.HashMap;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport java.util.Map;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport javax.naming.NamingEnumeration;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport javax.naming.NamingException;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport javax.naming.directory.Attribute;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport javax.naming.directory.Attributes;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport javax.naming.ldap.LdapName;
0d30f19874ab0ad26676968208c00f99287c5323Peter Majorimport javax.naming.ldap.Rdn;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport javax.security.auth.x500.X500Principal;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * This class provides utility methods to read the certificate DN information in a format that is understandable
0d30f19874ab0ad26676968208c00f99287c5323Peter Major * across OpenAM.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpublic class CertUtils {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    public static final String COMMON_NAME = "CN";
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    public static final String MAIL = "MAIL";
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    public static final String EMAIL_ADDRESS = "E";
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    public static final String UID = "uid";
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    private static final Map<String, String> OID_MAP = new HashMap<String, String>();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    private static final Debug DEBUG = Debug.getInstance("amAuthCert");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    static {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("1.2.840.113549.1.9.1", EMAIL_ADDRESS);
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("1.2.840.113549.1.9.2", "unstructuredName");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("1.2.840.113549.1.9.8", "unstructuredAddress");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("2.5.4.4", "sn");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("2.5.4.5", "serialNumber");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("2.5.4.12", "title");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("2.5.4.42", "givenName");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("2.5.4.43", "initials");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("2.5.4.44", "generationQualifier");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        OID_MAP.put("2.5.4.46", "dnQualifier");
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * Returns the Subject Name from the {@link X509Certificate}'s subject {@link X500Principal}.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param cert X509 Certificate Object.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * @return null if the SubjectDN can not be obtained.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public static String getSubjectName(X509Certificate cert) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        if (cert == null) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        return cert.getSubjectX500Principal().getName(X500Principal.RFC2253, OID_MAP);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * Returns the Issuer Name from the {@link X509Certificate}'s issuer {@link X500Principal}.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param cert X509 Certificate Object.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * @return null if the IssuerDN can not be obtained.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public static String getIssuerName(X509Certificate cert) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        if (cert == null) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        return cert.getIssuerX500Principal().getName(X500Principal.RFC2253, OID_MAP);
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    /**
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * Retrieves a given attribute value from the provided {@link X500Principal} even if the attribute was enclosed in
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * a multi-valued RDN.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     *
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * @param principal The principal to retrieve the value from.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * @param attributeName The non-null name of the attribute to retrieve.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     * @return The attribute value from the principal.
0d30f19874ab0ad26676968208c00f99287c5323Peter Major     */
0d30f19874ab0ad26676968208c00f99287c5323Peter Major    public static String getAttributeValue(X500Principal principal, String attributeName) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        try {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major            LdapName ldapName = new LdapName(principal.getName(X500Principal.RFC2253, OID_MAP));
0d30f19874ab0ad26676968208c00f99287c5323Peter Major            for (Rdn rdn : ldapName.getRdns()) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                Attributes attrs = rdn.toAttributes();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                NamingEnumeration<? extends Attribute> values = attrs.getAll();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                while (values.hasMoreElements()) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                    Attribute attr = values.next();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                    if (attributeName.equalsIgnoreCase(attr.getID())) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                        return attr.get() == null ? null : attr.get().toString();
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                    }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major            }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        } catch (NamingException ne) {
0d30f19874ab0ad26676968208c00f99287c5323Peter Major            DEBUG.warning("A naming error occurred while trying to retrieve " + attributeName + " from principal: "
0d30f19874ab0ad26676968208c00f99287c5323Peter Major                    + principal, ne);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
0d30f19874ab0ad26676968208c00f99287c5323Peter Major        return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster}