From 979b6a2da433e97c1ada6434b432aa4aabc47ab5 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 1 Feb 2017 16:30:50 +1000 Subject: X500Name: add method to get all attributes of a given type To implement a profile default that copies the CN to a SAN dNSName, we need to examine the CN values present in the Subject DN. Specifically, we want to look at the "most specific" CN value. The 'getCommonName' method returns the "least specific" value in the name, thus is not suitable. Add the 'getAttributesForOid(ObjectIdentifier)' method, which returns an ordered list of values of the given name attribute type, from least specific to most specific. Part of: https://fedorahosted.org/pki/ticket/1710 --- base/util/src/netscape/security/x509/X500Name.java | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'base/util') diff --git a/base/util/src/netscape/security/x509/X500Name.java b/base/util/src/netscape/security/x509/X500Name.java index 0f75f481c..c8627a93c 100644 --- a/base/util/src/netscape/security/x509/X500Name.java +++ b/base/util/src/netscape/security/x509/X500Name.java @@ -19,8 +19,10 @@ package netscape.security.x509; import java.io.IOException; import java.security.Principal; +import java.util.ArrayList; import java.util.Arrays; import java.util.Enumeration; +import java.util.List; import java.util.Vector; import netscape.security.util.DerInputStream; @@ -450,6 +452,25 @@ public class X500Name implements Principal, GeneralNameInterface { return dn; } + /** + * Return a list of attributes of the given type. + * + * The "most specific" value comes last. + * + * If there are no name attributes of the given type, an empty + * list is returned. + */ + public List getAttributesForOid(ObjectIdentifier oid) + throws IOException { + List xs = new ArrayList<>(); + for (int i = 0; i < names.length; i++) { + DerValue v = names[i].findAttribute(oid); + if (v != null) + xs.add(getString(v)); + } + return xs; + } + /** * Returns a Ldap DN String from the X500Name * using the specified LdapDNStrconverter. -- cgit