Package org.jivesoftware.util.cert

Class SANCertificateIdentityMapping

  • All Implemented Interfaces:
    CertificateIdentityMapping
    public class SANCertificateIdentityMapping
extends Object
implements CertificateIdentityMapping
    Certificate identity mapping that uses SubjectAlternativeName as the identity credentials. This implementation returns all subjectAltName entries that are a:
    • GeneralName of type otherName with the "id-on-xmppAddr" Object Identifier
    • GeneralName of type otherName with the "id-on-dnsSRV" Object Identifier
    • GeneralName of type DNSName
    • GeneralName of type UniformResourceIdentifier
    Author:
    Victor Hong, Guus der Kinderen, guus@goodbytes.nl

    • Constructor Detail

      • SANCertificateIdentityMapping

        public SANCertificateIdentityMapping()

    • Method Detail

      • mapIdentity

        public List<String> mapIdentity​(X509Certificate certificate)
        Returns the JID representation of an XMPP entity contained as a SubjectAltName extension in the certificate. If none was found then return an empty list.
        Specified by:
        mapIdentity in interface CertificateIdentityMapping
        Parameters:
        certificate - the certificate presented by the remote entity.
        Returns:
        the JID representation of an XMPP entity contained as a SubjectAltName extension in the certificate. If none was found then return an empty list.

      • parseOtherName

        public String parseOtherName​(byte[] item)
        Parses the byte-array representation of a subjectAltName 'otherName' entry.

        The provided 'OtherName' is expected to have this format: 

        
 OtherName ::= SEQUENCE {
 type-id    OBJECT IDENTIFIER,
 value      [0] EXPLICIT ANY DEFINED BY type-id }
        Parameters:
        item - A byte array representation of a subjectAltName 'otherName' entry (cannot be null).
        Returns:
        an xmpp address, or null when the otherName entry does not relate to XMPP (or fails to parse).

      • parseOtherName

        protected String parseOtherName​(org.bouncycastle.asn1.ASN1ObjectIdentifier typeId,
                                org.bouncycastle.asn1.ASN1Primitive value)
        Allow sub-class to support additional OID values, possibly taking typeId into account
        Parameters:
        typeId - The ASN.1 object identifier (cannot be null).
        value - The ASN.1 representation of the value (cannot be null).
        Returns:
        The parsed otherName String value.

      • parseOtherNameDnsSrv

        protected String parseOtherNameDnsSrv​(org.bouncycastle.asn1.ASN1Primitive srvName)
        Parses a SRVName value as specified by RFC 4985. This method parses the argument value as a DNS SRV Resource Record. Only when the parsed value refers to an XMPP related service, the corresponding DNS domain name is returned (minus the service name).
        Parameters:
        srvName - The ASN.1 representation of the srvName value (cannot be null).
        Returns:
        an XMPP address value, or null when the record does not relate to XMPP.

      • parseOtherNameXmppAddr

        protected String parseOtherNameXmppAddr​(org.bouncycastle.asn1.ASN1Primitive xmppAddr)
        Parse a XmppAddr value as specified in RFC 6120.
        Parameters:
        xmppAddr - The ASN.1 representation of the xmppAddr value (cannot be null).
        Returns:
        The parsed xmppAddr value.

      • parseOtherNameUpn

        protected String parseOtherNameUpn​(org.bouncycastle.asn1.ASN1Primitive value)
        Parse a UPN value
        Parameters:
        value - The ASN.1 representation of the UPN (cannot be null).
        Returns:
        The parsed UPN value.