/**
* Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.glite.security.voms.admin.util;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import org.glite.security.voms.admin.error.VOMSException;
import eu.emi.security.authn.x509.impl.OpensslNameUtils;
import eu.emi.security.authn.x509.impl.X500NameUtils;
/**
* Utility class to convert principal names to convenient format.
*
* @see DNUtil
*
*/
public class DNUtil {
/**
* Converts BouncyCastle's X500 principal to something, which is used in the
* Globus libraries by default (whatever it is).
*
* @param principal
* the subject's or the issuer's X500 principal
* @return the proper string represetnation
*/
public static String getOpenSSLSubject(X500Principal principal) {
return OpensslNameUtils.convertFromRfc2253(
X500NameUtils.getReadableForm(principal), false);
}
public static String normalizeEmailAddressInDN(String dn) {
return dn.replaceAll(
"/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=",
"/Email=");
}
public static String normalizeUIDInDN(String dn) {
return dn.replaceAll("/(UserId|USERID|userId|userid|uid|Uid)=", "/UID=");
}
public static String normalizeDN(String dn) {
return normalizeUIDInDN(normalizeEmailAddressInDN(dn));
}
public static String getEmailAddressFromDN(String dn) {
Pattern emailPattern = Pattern.compile("Email=([^/]*)");
Matcher m = emailPattern.matcher(dn);
if (m.find()) {
return m.group(1);
}
return null;
}
public static String getEmailAddressFromExtensions(X509Certificate cert) {
try {
Collection<List<?>> altNames = cert.getSubjectAlternativeNames();
if (altNames == null)
return null;
// Iterate over alternative names
for (List<?> entry : altNames) {
// First item in the list is an integer specify the altName
// 'kind'
int entryType = (Integer) entry.get(0);
// 1 is the code for rfc822 name, we consider only the first
// address
// in the list.
if (entryType == 1)
return (String) entry.get(1);
else
continue;
}
} catch (CertificateParsingException e) {
throw new VOMSException("Error accessing subject alternative names: "
+ e.getMessage(), e);
}
return null;
}
public static boolean isRFC2253Conformant(String subjectNameIDValue) {
// TODO: Migrate this method from old VOMS SAML codebase
return true;
}
public static String getBCasX500(String principalString) {
return getOpenSSLSubject(new X500Principal(principalString));
}
}
// Please do not change this line.
// arch-tag: b7901446-4a9f-4e35-b334-55e4ef43d304