List of usage examples for java.security.cert Certificate equals
public boolean equals(Object other)
From source file:com.googlecode.onevre.utils.ServerClassLoader.java
private boolean verifyCertificate(X509Certificate cert) { try {// w ww . j ava 2 s . com String keypass = ""; String keystorename = System.getProperty("deployment.user.security.trusted.certs"); if (keystorename == null) { throw new IOException("No trusted certs keystore"); } KeyStore keystore = KeyStore.getInstance("JKS", "SUN"); File file = new File(keystorename); if (!file.exists()) { keystore.load(null, keypass.toCharArray()); } else { keystore.load(new FileInputStream(keystorename), keypass.toCharArray()); } boolean isInStore = false; Enumeration<String> aliases = keystore.aliases(); while (aliases.hasMoreElements() && !isInStore) { String alias = aliases.nextElement(); Certificate certificate = keystore.getCertificate(alias); if (certificate != null) { if (certificate.equals(cert)) { isInStore = true; } } } if (!isInStore) { int result = JOptionPane.showConfirmDialog(null, "Do you want to trust the bridge implementation " + "signed by\n" + cert.getSubjectX500Principal().getName(), "Trust source?", JOptionPane.YES_NO_OPTION); if (result == JOptionPane.YES_OPTION) { keystore.setEntry("deploymentusercert-" + System.currentTimeMillis(), new KeyStore.TrustedCertificateEntry(cert), null); FileOutputStream output = new FileOutputStream(keystorename); keystore.store(output, keypass.toCharArray()); output.close(); return true; } return false; } return true; } catch (Throwable t) { t.printStackTrace(); } return false; }
From source file:org.apache.ws.security.components.crypto.CryptoBase.java
/** * Return a X509 Certificate alias in the keystore according to a given Certificate * <p/>/*from w w w . j ava2 s . c o m*/ * * @param cert The certificate to lookup * @return alias name of the certificate that matches the given certificate * or null if no such certificate was found. */ public String getAliasForX509Cert(Certificate cert) throws WSSecurityException { try { if (keystore == null) { return null; } // // The following code produces the wrong alias in BouncyCastle and so // we'll just use the brute-force search // // String alias = keystore.getCertificateAlias(cert); // if (alias != null) { // return alias; // } Enumeration e = keystore.aliases(); while (e.hasMoreElements()) { String alias = (String) e.nextElement(); Certificate retrievedCert = keystore.getCertificate(alias); if (retrievedCert != null && retrievedCert.equals(cert)) { return alias; } } } catch (KeyStoreException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "keystore", null, e); } return null; }
From source file:org.apache.ws.security.components.crypto.Merlin.java
/** * Get an implementation-specific identifier that corresponds to the X509Certificate. In * this case, the identifier is the KeyStore alias. * @param cert The X509Certificate corresponding to the returned identifier * @param store The KeyStore to search/*from w w w . j a va 2 s .co m*/ * @return An implementation-specific identifier that corresponds to the X509Certificate */ private String getIdentifier(X509Certificate cert, KeyStore store) throws WSSecurityException { try { for (Enumeration<String> e = store.aliases(); e.hasMoreElements();) { String alias = e.nextElement(); Certificate[] certs = store.getCertificateChain(alias); Certificate retrievedCert = null; if (certs == null || certs.length == 0) { // no cert chain, so lets check if getCertificate gives us a result. retrievedCert = store.getCertificate(alias); if (retrievedCert == null) { continue; } } else { retrievedCert = certs[0]; } if (!(retrievedCert instanceof X509Certificate)) { continue; } if (retrievedCert.equals(cert)) { return alias; } } } catch (KeyStoreException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "keystore", null, e); } return null; }
From source file:org.hyperic.hq.security.server.session.DbKeystoreManagerImpl.java
/** * Processes a {@link DbKeyStoreSpi#PRIVATE_KEY_ENTRY} record. * //from w w w . j a v a 2s . c om * @param ctx * DB kestore processing state containing the file keystore and * persisted<BR> * PrivateKey entries as well as the the file keystore instance. * * @throws KeyStoreException * @throws NoSuchAlgorithmException * @throws CertificateException * @throws IOException * @throws UnrecoverableEntryException */ private final void handlePK(final KeystoreContext ctx) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException { // if the key is new, the store the fileKeystore as byte[] // in the file member of the newPkEntry so that other server would be // able to // share this server's private key as a cluster singleton if (ctx.persistedPKEntry == null) { // load the keystore into byte[] and store it final byte[] arrFileKeystoreContent = keyStoreToByteArray(ctx.fileKeystore, serverKeystoreConfig.getFilePasswordCharArray()); ctx.newPKEntry.setFile(arrFileKeystoreContent); } else { // extract the public key certificate from the persistentPKEntry // instance // and compare to that of the fileKeyStore's one. // if the same (server already shares the private key), do nothing, // else, load the keystore file into a keystore instance and replace // the server's // file keystore (requires JVM bounce) final Certificate persistedCertificate = ctx.persistedPKEntry.getCertificate(); if (!persistedCertificate.equals(ctx.newPKEntry.getCertificate())) { final String sPKAlias = ctx.newPKEntry.getAlias(); final String sMsg = "Private key entry with alias " + sPKAlias + " differs from persisted version"; log.warn(sMsg + ", overriding local file keystore (REQUIRES SYSTEM RESTART)."); // load the byte[] into an in-memory keystore and store in the // context's overrideKeystore so that it would replace the // original one ctx.overrideKeystore = loadKeyStore(ctx.persistedPKEntry.getFile(), serverKeystoreConfig.getFilePasswordCharArray()); // set the restartJvm flag to true to indicate // that the changes would not take hold without a restart ctx.shouldRestartJVM = true; } // EO if persisted certificate is different than the server's local // file keystore's one } // EO else if private key already exists in persistence store (not // first server to boot) }