org.jivesoftware.util.cert

Class SANCertificateIdentityMapping

java.lang.Object

org.jivesoftware.util.cert.SANCertificateIdentityMapping

All Implemented Interfaces:

CertificateIdentityMapping

public class SANCertificateIdentityMapping
extends Object
implements CertificateIdentityMapping

Certificate identity mapping that uses SubjectAlternativeName as the identity credentials. This implementation returns all subjectAltName entries that are a:

• GeneralName of type otherName with the "id-on-xmppAddr" Object Identifier
• GeneralName of type otherName with the "id-on-dnsSRV" Object Identifier
• GeneralName of type DNSName
• GeneralName of type UniformResourceIdentifier

Author:

Victor Hong, Guus der Kinderen, guus@goodbytes.nl

Field Summary

Fields

Modifier and Type	Field and Description
static String	OTHERNAME_SRV_OID id-on-dnsSRV Object Identifier.
static String	OTHERNAME_UPN_OID User Principal Name (UPN) Object Identifier.
static String	OTHERNAME_XMPP_OID id-on-xmppAddr Object Identifier.

Constructor Summary

Constructors

Constructor and Description
SANCertificateIdentityMapping()

Method Summary

Modifier and Type	Method and Description
List<String>	mapIdentity(X509Certificate certificate) Returns the JID representation of an XMPP entity contained as a SubjectAltName extension in the certificate.
String	name() Returns the short name of mapping.
protected String	parseOtherName(org.bouncycastle.asn1.ASN1ObjectIdentifier typeId, org.bouncycastle.asn1.ASN1Primitive value) Allow sub-class to support additional OID values, possibly taking typeId into account
String	parseOtherName(byte[] item) Parses the byte-array representation of a subjectAltName 'otherName' entry.
protected String	parseOtherNameDnsSrv(org.bouncycastle.asn1.ASN1Primitive srvName) Parses a SRVName value as specified by RFC 4985.
protected String	parseOtherNameUpn(org.bouncycastle.asn1.ASN1Primitive value) Parse a UPN value
protected String	parseOtherNameXmppAddr(org.bouncycastle.asn1.ASN1Primitive xmppAddr) Parse a XmppAddr value as specified in RFC 6120.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

OTHERNAME_XMPP_OID

public static final String OTHERNAME_XMPP_OID

id-on-xmppAddr Object Identifier.

See Also:

RFC 6120, Constant Field Values

OTHERNAME_SRV_OID

public static final String OTHERNAME_SRV_OID

id-on-dnsSRV Object Identifier.

See Also:

RFC 4985, Constant Field Values

OTHERNAME_UPN_OID

public static final String OTHERNAME_UPN_OID

User Principal Name (UPN) Object Identifier.

See Also:

User Principal Name (UPN), Constant Field Values

Constructor Detail

SANCertificateIdentityMapping

public SANCertificateIdentityMapping()

Method Detail

mapIdentity

public List<String> mapIdentity(X509Certificate certificate)

Returns the JID representation of an XMPP entity contained as a SubjectAltName extension in the certificate. If none was found then return an empty list.

Specified by:

mapIdentity in interface CertificateIdentityMapping

Parameters:

certificate - the certificate presented by the remote entity.

Returns:

the JID representation of an XMPP entity contained as a SubjectAltName extension in the certificate. If none was found then return an empty list.

name

public String name()

Returns the short name of mapping.

Specified by:

name in interface CertificateIdentityMapping

Returns:

The short name of the mapping (never null).

parseOtherName

public String parseOtherName(byte[] item)

Parses the byte-array representation of a subjectAltName 'otherName' entry.

The provided 'OtherName' is expected to have this format:

 OtherName ::= SEQUENCE {
 type-id    OBJECT IDENTIFIER,
 value      [0] EXPLICIT ANY DEFINED BY type-id }
 

Parameters:

item - A byte array representation of a subjectAltName 'otherName' entry (cannot be null).

Returns:

an xmpp address, or null when the otherName entry does not relate to XMPP (or fails to parse).

parseOtherName

protected String parseOtherName(org.bouncycastle.asn1.ASN1ObjectIdentifier typeId,
                                org.bouncycastle.asn1.ASN1Primitive value)

Allow sub-class to support additional OID values, possibly taking typeId into account

Parameters:

typeId - The ASN.1 object identifier (cannot be null).

value - The ASN.1 representation of the value (cannot be null).

Returns:

The parsed otherName String value.

parseOtherNameDnsSrv

protected String parseOtherNameDnsSrv(org.bouncycastle.asn1.ASN1Primitive srvName)

Parses a SRVName value as specified by RFC 4985. This method parses the argument value as a DNS SRV Resource Record. Only when the parsed value refers to an XMPP related service, the corresponding DNS domain name is returned (minus the service name).

Parameters:

srvName - The ASN.1 representation of the srvName value (cannot be null).

Returns:

an XMPP address value, or null when the record does not relate to XMPP.

parseOtherNameXmppAddr

protected String parseOtherNameXmppAddr(org.bouncycastle.asn1.ASN1Primitive xmppAddr)

Parse a XmppAddr value as specified in RFC 6120.

Parameters:

xmppAddr - The ASN.1 representation of the xmppAddr value (cannot be null).

Returns:

The parsed xmppAddr value.

parseOtherNameUpn

protected String parseOtherNameUpn(org.bouncycastle.asn1.ASN1Primitive value)

Parse a UPN value

Parameters:

value - The ASN.1 representation of the UPN (cannot be null).

Returns:

The parsed UPN value.