SubjectDirAttrExtension


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13  
14  package org.ejbca.util.cert;
15  
16  import java.security.cert.X509Certificate  ;
17  import java.text.SimpleDateFormat  ;
18  import java.util.ArrayList  ;
19  import java.util.Collection  ;
20  import java.util.Date  ;
21  
22  import org.apache.commons.lang.StringUtils;
23  import org.apache.log4j.Logger;
24  import org.bouncycastle.asn1.ASN1EncodableVector;
25  import org.bouncycastle.asn1.ASN1Sequence;
26  import org.bouncycastle.asn1.ASN1Set;
27  import org.bouncycastle.asn1.DERGeneralizedTime;
28  import org.bouncycastle.asn1.DERObject;
29  import org.bouncycastle.asn1.DERObjectIdentifier;
30  import org.bouncycastle.asn1.DERPrintableString;
31  import org.bouncycastle.asn1.DERSet;
32  import org.bouncycastle.asn1.DERString;
33  import org.bouncycastle.asn1.x509.Attribute;
34  import org.bouncycastle.asn1.x509.X509DefaultEntryConverter;
35  import org.bouncycastle.asn1.x509.X509Extensions;
36  import org.ejbca.util.CertTools;
37  
38  /**
39   * A class for reading values from SubjectDirectoryAttributes extension.
40   *
41   * @author  Tomas Gustavsson
42   * @version $Id: SubjectDirAttrExtension.java,v 1.5 2006/12/29 08:09:14 anatom Exp $
43   */
44  public class SubjectDirAttrExtension extends CertTools {
45  
46      private static Logger log = Logger.getLogger(SubjectDirAttrExtension.class);
47      
48      /**
49       * inhibits creation of new SubjectDirAttrExtension
50       */
51      private SubjectDirAttrExtension() {
52      }
53  
54      /**
55       * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
56       *
57       * Attribute ::= SEQUENCE {
58       *  type AttributeType,
59       *  values SET OF AttributeValue }
60       *  -- at least one value is required
61       * 
62       * AttributeType ::= OBJECT IDENTIFIER
63       * AttributeValue ::= ANY
64       * 
65       * SubjectDirectoryAttributes is of form 
66       * dateOfBirth=<19590927>, placeOfBirth=<string>, gender=<M/F>, countryOfCitizenship=<two letter ISO3166>, countryOfResidence=<two letter ISO3166>
67       * 
68       * Supported subjectDirectoryAttributes are the ones above 
69       *
70       * @param certificate containing subject directory attributes
71       * @return String containing directoryAttributes of form the form specified above or null if no directoryAttributes exist. 
72       *   Values in returned String is from CertTools constants. 
73       *   DirectoryAttributes not supported are simply not shown in the resulting string.  
74       * @throws java.lang.Exception
75       */
76      public static String   getSubjectDirectoryAttributes(X509Certificate   certificate) throws Exception   {
77          log.debug("Search for SubjectAltName");
78          DERObject obj = CertTools.getExtensionValue(certificate, X509Extensions.SubjectDirectoryAttributes.getId());
79          if (obj == null) {
80              return null;
81          }
82          ASN1Sequence seq = (ASN1Sequence)obj;
83          
84          String   result = "";
85          String   prefix = "";
86          SimpleDateFormat   dateF = new SimpleDateFormat  ("yyyyMMdd");
87          for (int i = 0; i < seq.size(); i++) {
88              Attribute attr = Attribute.getInstance(seq.getObjectAt(i));
89              if (!StringUtils.isEmpty(result)) {
90                  prefix = ", ";
91              }
92              if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) {
93                  ASN1Set set = attr.getAttrValues();
94                  // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates
95                  DERGeneralizedTime time = DERGeneralizedTime.getInstance(set.getObjectAt(0));
96                  Date   date = time.getDate();
97                  String   dateStr = dateF.format(date);
98                  result += prefix + "dateOfBirth="+dateStr; 
99              }
100             if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) {
101                 ASN1Set set = attr.getAttrValues();
102                 // same here only one placeOfBirth
103                 String   pb = ((DERString)set.getObjectAt(0)).getString();
104                 result += prefix + "placeOfBirth="+pb;                  
105             }
106             if (attr.getAttrType().getId().equals(id_pda_gender)) {
107                 ASN1Set set = attr.getAttrValues();
108                 // same here only one gender
109                 String   g = ((DERString)set.getObjectAt(0)).getString();
110                 result += prefix + "gender="+g;                 
111             }
112             if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) {
113                 ASN1Set set = attr.getAttrValues();
114                 // same here only one citizenship
115                 String   g = ((DERString)set.getObjectAt(0)).getString();
116                 result += prefix + "countryOfCitizenship="+g;                   
117             }
118             if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) {
119                 ASN1Set set = attr.getAttrValues();
120                 // same here only one residence
121                 String   g = ((DERString)set.getObjectAt(0)).getString();
122                 result += prefix + "countryOfResidence="+g;                 
123             }
124         }
125 
126         if (StringUtils.isEmpty(result)) {
127             return null;
128         }
129         return result;            
130     }
131 
132     /**
133      * From subjectDirAttributes string as defined in getSubjectDirAttribute 
134      * @param string of SubjectDirectoryAttributes
135      * @return A Collection of ASN.1 Attribute (org.bouncycastle.asn1.x509), or an empty Collection, never null
136      * @see #getSubjectDirectoryAttributes(X509Certificate)
137      */
138     public static Collection   getSubjectDirectoryAttributes(String   dirAttr) {
139         ArrayList   ret = new ArrayList  ();
140         Attribute attr = null;
141         String   value = CertTools.getPartFromDN(dirAttr, "countryOfResidence");
142         if (!StringUtils.isEmpty(value)) {
143             ASN1EncodableVector vec = new ASN1EncodableVector();
144             vec.add(new DERPrintableString(value));
145             attr = new Attribute(new DERObjectIdentifier(id_pda_countryOfResidence),new DERSet(vec));
146             ret.add(attr);
147         }
148         value = CertTools.getPartFromDN(dirAttr, "countryOfCitizenship");
149         if (!StringUtils.isEmpty(value)) {
150             ASN1EncodableVector vec = new ASN1EncodableVector();
151             vec.add(new DERPrintableString(value));
152             attr = new Attribute(new DERObjectIdentifier(id_pda_countryOfCitizenship),new DERSet(vec));
153             ret.add(attr);
154         }
155         value = CertTools.getPartFromDN(dirAttr, "gender");
156         if (!StringUtils.isEmpty(value)) {
157             ASN1EncodableVector vec = new ASN1EncodableVector();
158             vec.add(new DERPrintableString(value));
159             attr = new Attribute(new DERObjectIdentifier(id_pda_gender),new DERSet(vec));
160             ret.add(attr);
161         }
162         value = CertTools.getPartFromDN(dirAttr, "placeOfBirth");
163         if (!StringUtils.isEmpty(value)) {
164             ASN1EncodableVector vec = new ASN1EncodableVector();
165             X509DefaultEntryConverter conv = new X509DefaultEntryConverter();
166             DERObject obj = conv.getConvertedValue(new DERObjectIdentifier(id_pda_placeOfBirth), value);
167             vec.add(obj);
168             attr = new Attribute(new DERObjectIdentifier(id_pda_placeOfBirth),new DERSet(vec));
169             ret.add(attr);
170         }        
171         // dateOfBirth that is a GeneralizedTime
172         // The correct format for this is YYYYMMDD, it will be padded to YYYYMMDD120000Z
173         value = CertTools.getPartFromDN(dirAttr, "dateOfBirth");
174         if (!StringUtils.isEmpty(value)) {
175             if (value.length() == 8) {
176                 value += "120000Z"; // standard format according to rfc3739
177                 ASN1EncodableVector vec = new ASN1EncodableVector();
178                 vec.add(new DERGeneralizedTime(value));
179                 attr = new Attribute(new DERObjectIdentifier(id_pda_dateOfBirth),new DERSet(vec));
180                 ret.add(attr);                
181             } else {
182                 log.error("Wrong length of data for 'dateOfBirth', should be of format YYYYMMDD, skipping...");
183             }
184         }
185         return ret;
186     }
187     
188 
189 }
190
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags