From 9a7725cc89500efd7685a70ad2b295f3e33b68bc Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 1 Feb 2017 16:30:50 +1000 Subject: [PATCH 154/155] X500Name: add method to get all attributes of a given type To implement a profile default that copies the CN to a SAN dNSName, we need to examine the CN values present in the Subject DN. Specifically, we want to look at the "most specific" CN value. The 'getCommonName' method returns the "least specific" value in the name, thus is not suitable. Add the 'getAttributesForOid(ObjectIdentifier)' method, which returns an ordered list of values of the given name attribute type, from least specific to most specific. Part of: https://fedorahosted.org/pki/ticket/1710 --- base/util/src/netscape/security/x509/X500Name.java | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/base/util/src/netscape/security/x509/X500Name.java b/base/util/src/netscape/security/x509/X500Name.java index 0f75f481c1a95960574246225ceae2774e0aca2d..c8627a93c5f36f39d0484867e2a4b8c68fea0fc9 100644 --- a/base/util/src/netscape/security/x509/X500Name.java +++ b/base/util/src/netscape/security/x509/X500Name.java @@ -19,8 +19,10 @@ package netscape.security.x509; import java.io.IOException; import java.security.Principal; +import java.util.ArrayList; import java.util.Arrays; import java.util.Enumeration; +import java.util.List; import java.util.Vector; import netscape.security.util.DerInputStream; @@ -451,6 +453,25 @@ public class X500Name implements Principal, GeneralNameInterface { } /** + * Return a list of attributes of the given type. + * + * The "most specific" value comes last. + * + * If there are no name attributes of the given type, an empty + * list is returned. + */ + public List getAttributesForOid(ObjectIdentifier oid) + throws IOException { + List xs = new ArrayList<>(); + for (int i = 0; i < names.length; i++) { + DerValue v = names[i].findAttribute(oid); + if (v != null) + xs.add(getString(v)); + } + return xs; + } + + /** * Returns a Ldap DN String from the X500Name * using the specified LdapDNStrconverter. * For example, RFC1779String converter can be passed to convert the -- 2.9.3