Package org.ejbca.util.dn

Examples of org.ejbca.util.dn.DNFieldExtractor

1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
  protected String constructLDAPDN(String certDN, String userDataDN){
    if (log.isDebugEnabled()) {
      log.debug("DN in certificate '"+certDN+"'. DN in user data '"+userDataDN+"'.");
    }
    String retval = "";
    final DNFieldExtractor certExtractor = new DNFieldExtractor(certDN, DNFieldExtractor.TYPE_SUBJECTDN);
    final DNFieldExtractor userDataExtractor = userDataDN!=null ? new DNFieldExtractor(userDataDN, DNFieldExtractor.TYPE_SUBJECTDN) : null;

    Collection<Integer> usefields = getUseFieldInLdapDN();
    if(usefields instanceof List<?>){
      Collections.sort((List<Integer>) usefields);
    }
    Iterator<Integer> iter = usefields.iterator();
    while(iter.hasNext()){
      Integer next = iter.next();
      String dnField = certExtractor.getFieldString(next.intValue());
      if ( StringUtils.isEmpty(dnField) && userDataExtractor!=null ) {
        dnField = userDataExtractor.getFieldString(next.intValue());
      }
      if (StringUtils.isNotEmpty(dnField)) {
        if (dnField.startsWith("SN")) {
          // This is SN in Bouncycastle, but it should be serialNumber in LDAP
          dnField = "serialNumber"+new String(dnField.substring(2));
View Full Code Here
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
      paramPut("user.USERNAME", userData.getUsername());

      paramPut("PASSWORD", userData.getPassword());
      paramPut("user.PASSWORD", userData.getPassword());

      DNFieldExtractor dnfields = new DNFieldExtractor(userData.getDN(), DNFieldExtractor.TYPE_SUBJECTDN);
      paramPut("CN", dnfields.getField(DNFieldExtractor.CN, 0));
      paramPut("user.CN", dnfields.getField(DNFieldExtractor.CN, 0));
      paramPut("SN", dnfields.getField(DNFieldExtractor.SN, 0));
      paramPut("user.SN", dnfields.getField(DNFieldExtractor.SN, 0));
      paramPut("O", dnfields.getField(DNFieldExtractor.O, 0));
      paramPut("user.O", dnfields.getField(DNFieldExtractor.O, 0));
      paramPut("OU", dnfields.getField(DNFieldExtractor.OU, 0));
      paramPut("user.OU", dnfields.getField(DNFieldExtractor.OU, 0));
      paramPut("C", dnfields.getField(DNFieldExtractor.C, 0));
      paramPut("user.E", dnfields.getField(DNFieldExtractor.E, 0));

      String time = "(time not available)";
      if (userData.getTimeCreated() != null) {
        time = fastDateFormat(userData.getTimeCreated());
      }
View Full Code Here
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
  }
 
  protected void populateWithEmailAddresses(UserDataVO userdata, UserDataVO admin) {
    if(userdata != null) {
      paramPut("user.EE.EMAIL", userdata.getEmail());
      final DNFieldExtractor sanfields = new DNFieldExtractor(userdata.getSubjectAltName(), DNFieldExtractor.TYPE_SUBJECTALTNAME);
      paramPut("user.SAN.EMAIL", sanfields.getField(DNFieldExtractor.RFC822NAME, 0));
    }
    if(admin != null) {
      paramPut("requestAdmin.EE.EMAIL", admin.getEmail());
      final DNFieldExtractor sdnFields = new DNFieldExtractor(admin.getDN(), DNFieldExtractor.TYPE_SUBJECTDN);
      paramPut("requestAdmin.CN", sdnFields.getField(DNFieldExtractor.CN, 0));
      final DNFieldExtractor sanFields = new DNFieldExtractor(admin.getSubjectAltName(), DNFieldExtractor.TYPE_SUBJECTALTNAME);
      paramPut("requestAdmin.SAN.EMAIL", sanFields.getField(DNFieldExtractor.RFC822NAME, 0));
    }
  }
View Full Code Here
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
        String[] clientstrings=null;

        // First check that issuers match.
        if(this.caid == admincaid){
          // Determine part of certificate to match with.
          DNFieldExtractor dn = new DNFieldExtractor(certstring,DNFieldExtractor.TYPE_SUBJECTDN);
          DNFieldExtractor an = new DNFieldExtractor(anString,DNFieldExtractor.TYPE_SUBJECTALTNAME);
          DNFieldExtractor usedExtractor = dn;
          if(matchwith == WITH_SERIALNUMBER){
            if(certificate!=null){
              switch(matchtype){
                case TYPE_EQUALCASE:
                case TYPE_EQUALCASEINS:
                    try{
                      returnvalue = (new java.math.BigInteger(matchvalue,16)).equals(CertTools.getSerialNumber(certificate));
                    }catch(java.lang.NumberFormatException nfe){}
                    break;
                case TYPE_NOT_EQUALCASE:
                case TYPE_NOT_EQUALCASEINS:
                    try{
                      returnvalue = !(new java.math.BigInteger(matchvalue,16)).equals(CertTools.getSerialNumber(certificate));
                    }catch(java.lang.NumberFormatException nfe){}
                    break;
                default:
              }
            }
          }
          else{
            parameter = DNFieldExtractor.CN;
            switch(matchwith){
              case WITH_COUNTRY:
                parameter = DNFieldExtractor.C;
                break;
              case WITH_DOMAINCOMPONENT:
                parameter = DNFieldExtractor.DC;
                break;
              case WITH_STATE:
                parameter = DNFieldExtractor.L;
                break;
              case WITH_LOCALE:
                parameter = DNFieldExtractor.ST;
                break;
              case WITH_ORGANIZATION:
                parameter = DNFieldExtractor.O;
                break;
              case WITH_ORGANIZATIONUNIT:
                parameter = DNFieldExtractor.OU;
                break;
              case WITH_TITLE:
                parameter = DNFieldExtractor.T;
                break;
              case WITH_DNSERIALNUMBER:
                parameter = DNFieldExtractor.SN;
                break;
              case WITH_COMMONNAME:
                parameter = DNFieldExtractor.CN;
                break;
              case WITH_UID:
                  parameter = DNFieldExtractor.UID;
                  break;
              case WITH_DNEMAIL:
                  parameter = DNFieldExtractor.E;
                  break;
              case WITH_RFC822NAME:
                  parameter = DNFieldExtractor.RFC822NAME;
                  usedExtractor = an;
                  break;
              case WITH_UPN:
                  parameter = DNFieldExtractor.UPN;
                  usedExtractor = an;
                  break;
              default:
            }
            size = usedExtractor.getNumberOfFields(parameter);
            clientstrings = new String[size];
            for(int i=0; i < size; i++){
              clientstrings[i] = usedExtractor.getField(parameter,i);
            }

            // Determine how to match.
            if(clientstrings!=null){
              switch(matchtype){
View Full Code Here
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
        String email, final int certificateprofileid, final boolean keyrecoverable, final boolean sendnotification, final int tokentype,
        final int hardwaretokenissuerid, final int caid, final ExtendedInformation ei) throws UserDoesntFullfillEndEntityProfile {
      if (log.isTraceEnabled()) {
        log.trace(">doesUserFullfillEndEntityProfileWithoutPassword()");
      }
      final DNFieldExtractor subjectdnfields = new DNFieldExtractor(dn, DNFieldExtractor.TYPE_SUBJECTDN);
      if (subjectdnfields.isIllegal()) {
        throw new UserDoesntFullfillEndEntityProfile("Subject DN is illegal.");
      }
      final DNFieldExtractor subjectaltnames = new DNFieldExtractor(subjectaltname, DNFieldExtractor.TYPE_SUBJECTALTNAME);
      if (subjectaltnames.isIllegal()) {
        throw new UserDoesntFullfillEndEntityProfile("Subject alt names are illegal.");
      }
      final DNFieldExtractor subjectdirattrs = new DNFieldExtractor(subjectdirattr, DNFieldExtractor.TYPE_SUBJECTDIRATTR);
      if (subjectdirattrs.isIllegal()) {
        throw new UserDoesntFullfillEndEntityProfile("Subject directory attributes are illegal.");
      }
      // Check that no other than supported dn fields exists in the subject dn.
      if (subjectdnfields.existsOther()) {
        throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject DN Field found in:" + dn);
      }
      if (subjectaltnames.existsOther()) {
        throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject Alternate Name Field found in:" + subjectaltname );
      }
      if (subjectdirattrs.existsOther()) {
        throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject Directory Attribute Field found in:" + subjectdirattr );
      }
      checkIfAllRequiredFieldsExists(subjectdnfields, subjectaltnames, subjectdirattrs, username, email);
      // Make sure that there are enough fields to cover all required in profile
      checkIfForIllegalNumberOfFields(subjectdnfields, subjectaltnames, subjectdirattrs);
      // Check contents of username.
      checkIfDataFullfillProfile(USERNAME,0,username, "Username",null);
      // Check Email address.
      if (email == null) {
        email = "";
      }
      checkIfDomainFullfillProfile(EMAIL,0,email,"Email");
      // Make sure that every value has a corresponding field in the entity profile
      checkIfFieldsMatch(subjectdnfields, DNFieldExtractor.TYPE_SUBJECTDN, email);
      checkIfFieldsMatch(subjectaltnames, DNFieldExtractor.TYPE_SUBJECTALTNAME, email);
      // Check contents of Subject Directory Attributes fields.
      final HashMap<Integer,Integer> subjectdirattrnumbers = subjectdirattrs.getNumberOfFields();
      final Integer[] dirattrids = DNFieldExtractor.getUseFields(DNFieldExtractor.TYPE_SUBJECTDIRATTR);
      for (final Integer dirattrid : dirattrids) {
        final int nof = subjectdirattrnumbers.get(dirattrid).intValue();
        for (int j=0; j<nof; j++) {
          checkForIllegalChars(subjectdirattrs.getField(dirattrid.intValue(),j));
          switch (dirattrid.intValue()) {
          case DNFieldExtractor.COUNTRYOFCITIZENSHIP:
            checkIfISO3166FullfillProfile(DnComponents.COUNTRYOFCITIZENSHIP,j,subjectdirattrs.getField(dirattrid.intValue(),j),"COUNTRYOFCITIZENSHIP");
            break;
          case DNFieldExtractor.COUNTRYOFRESIDENCE:
            checkIfISO3166FullfillProfile(DnComponents.COUNTRYOFRESIDENCE,j,subjectdirattrs.getField(dirattrid.intValue(),j),"COUNTRYOFRESIDENCE");
            break;
          case DNFieldExtractor.DATEOFBIRTH:
            checkIfDateFullfillProfile(DnComponents.DATEOFBIRTH,j,subjectdirattrs.getField(dirattrid.intValue(),j),"DATEOFBIRTH");
            break;
          case DNFieldExtractor.GENDER:
            checkIfGenderFullfillProfile(DnComponents.GENDER,j,subjectdirattrs.getField(dirattrid.intValue(),j),"GENDER");
            break;
          default:
            checkIfDataFullfillProfile(DnComponents.dnIdToProfileName(dirattrid.intValue()),j,subjectdirattrs.getField(dirattrid.intValue(),j), DnComponents.getErrTextFromDnId(dirattrid.intValue()), email);
          }
        }
      }
      // Check for keyrecoverable flag.
      if (!getUse(KEYRECOVERABLE,0) && keyrecoverable) {
View Full Code Here
826
827
828
829
830
831
832
833
     * @param dn
     * @return a subset of original DN
     */
   
    public String createSubjectDNSubSet(String dn){
      DNFieldExtractor extractor = new DNFieldExtractor(dn,DNFieldExtractor.TYPE_SUBJECTDN);     
      return constructUserData(extractor, getSubjectDNSubSet(), true);
    }
View Full Code Here
866
867
868
869
870
871
872
873
     *
     * @param dn
     * @return a subset of original DN
     */
    public String createSubjectAltNameSubSet(String subjectaltname){
      DNFieldExtractor extractor = new DNFieldExtractor(subjectaltname,DNFieldExtractor.TYPE_SUBJECTALTNAME);     
      return constructUserData(extractor, getSubjectAltNameSubSet(), false);
    }
View Full Code Here
TOP

Related Classes of org.ejbca.util.dn.DNFieldExtractor

  • org.ejbca.core.model.approval.ApprovalNotificationParamGen
  • org.ejbca.core.model.authorization.AdminEntity
  • org.ejbca.core.model.ca.certificateprofiles.CertificateProfile
  • org.ejbca.core.model.ca.publisher.LdapPublisher
  • org.ejbca.core.model.hardtoken.profiles.SVGImageManipulator
  • org.ejbca.core.model.ra.raadmin.EndEntityProfile
  • org.ejbca.core.model.ra.UserNotificationParamGen
  • org.ejbca.core.protocol.xkms.generators.RequestAbstractTypeResponseGenerator
  • org.ejbca.ui.web.admin.configuration.EjbcaWebBean
  • org.ejbca.ui.web.admin.loginterface.LogEntryView
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.