Package org.jivesoftware.util.cert

Class SANCertificateIdentityMapping

java.lang.Object
org.jivesoftware.util.cert.SANCertificateIdentityMapping
All Implemented Interfaces:
CertificateIdentityMapping
public class SANCertificateIdentityMapping extends Object implements CertificateIdentityMapping
Certificate identity mapping that uses SubjectAlternativeName as the identity credentials. This implementation returns all subjectAltName entries that are a:
  • GeneralName of type otherName with the "id-on-xmppAddr" Object Identifier
  • GeneralName of type otherName with the "id-on-dnsSRV" Object Identifier
  • GeneralName of type DNSName
  • GeneralName of type UniformResourceIdentifier
Author:
Victor Hong, Guus der Kinderen, guus@goodbytes.nl

  • Field Details

  • Constructor Details

    • SANCertificateIdentityMapping

      public SANCertificateIdentityMapping()

  • Method Details

    • mapIdentity

      public List<String> mapIdentity(X509Certificate certificate)
      Returns the JID representation of an XMPP entity contained as a SubjectAltName extension in the certificate. If none was found then return an empty list.
      Specified by:
      mapIdentity in interface CertificateIdentityMapping
      Parameters:
      certificate - the certificate presented by the remote entity.
      Returns:
      the JID representation of an XMPP entity contained as a SubjectAltName extension in the certificate. If none was found then return an empty list.

    • name

      public String name()
      Returns the short name of mapping.
      Specified by:
      name in interface CertificateIdentityMapping
      Returns:
      The short name of the mapping (never null).

    • parseOtherName

      public String parseOtherName(byte[] item)
      Parses the byte-array representation of a subjectAltName 'otherName' entry.

      The provided 'OtherName' is expected to have this format: 

      
 OtherName ::= SEQUENCE {
 type-id    OBJECT IDENTIFIER,
 value      [0] EXPLICIT ANY DEFINED BY type-id }
      Parameters:
      item - A byte array representation of a subjectAltName 'otherName' entry (cannot be null).
      Returns:
      an xmpp address, or null when the otherName entry does not relate to XMPP (or fails to parse).

    • parseOtherName

      protected String parseOtherName(org.bouncycastle.asn1.ASN1ObjectIdentifier typeId, org.bouncycastle.asn1.ASN1Primitive value)
      Allow sub-class to support additional OID values, possibly taking typeId into account
      Parameters:
      typeId - The ASN.1 object identifier (cannot be null).
      value - The ASN.1 representation of the value (cannot be null).
      Returns:
      The parsed otherName String value.

    • parseOtherNameDnsSrv

      protected String parseOtherNameDnsSrv(org.bouncycastle.asn1.ASN1Primitive srvName)
      Parses a SRVName value as specified by RFC 4985. This method parses the argument value as a DNS SRV Resource Record. Only when the parsed value refers to an XMPP related service, the corresponding DNS domain name is returned (minus the service name).
      Parameters:
      srvName - The ASN.1 representation of the srvName value (cannot be null).
      Returns:
      an XMPP address value, or null when the record does not relate to XMPP.

    • parseOtherNameXmppAddr

      protected String parseOtherNameXmppAddr(org.bouncycastle.asn1.ASN1Primitive xmppAddr)
      Parse a XmppAddr value as specified in RFC 6120.
      Parameters:
      xmppAddr - The ASN.1 representation of the xmppAddr value (cannot be null).
      Returns:
      The parsed xmppAddr value.

    • parseOtherNameUpn

      protected String parseOtherNameUpn(org.bouncycastle.asn1.ASN1Primitive value)
      Parse a UPN value
      Parameters:
      value - The ASN.1 representation of the UPN (cannot be null).
      Returns:
      The parsed UPN value.