List of usage examples for java.security.cert Certificate getEncoded
public abstract byte[] getEncoded() throws CertificateEncodingException;
From source file:org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator.java
/** * Helper method to add public certificate to JWT_HEADER to signature verification. * * @param tenantDomain//from w ww . j a va 2 s. co m * @param tenantId * @throws IdentityOAuth2Exception */ private String getThumbPrint(String tenantDomain, int tenantId) throws IdentityOAuth2Exception { try { Certificate certificate = getCertificate(tenantDomain, tenantId); // TODO: maintain a hashmap with tenants' pubkey thumbprints after first initialization //generate the SHA-1 thumbprint of the certificate MessageDigest digestValue = MessageDigest.getInstance("SHA-1"); byte[] der = certificate.getEncoded(); digestValue.update(der); byte[] digestInBytes = digestValue.digest(); String publicCertThumbprint = hexify(digestInBytes); String base64EncodedThumbPrint = new String( base64Url.encode(publicCertThumbprint.getBytes(Charsets.UTF_8)), Charsets.UTF_8); return base64EncodedThumbPrint; } catch (Exception e) { String error = "Error in obtaining certificate for tenant " + tenantDomain; throw new IdentityOAuth2Exception(error, e); } }
From source file:org.apache.hadoop.io.crypto.KeyStoreKeyProvider.java
/** * Implementation of getting keys from the key store. *///from w w w. j av a 2 s. c o m @Override public Key[] getKeys(String[] keyNames) throws CryptoException { if (keyStore == null) throw new CryptoException("Key store is not intialized."); if (keyNames == null) return null; Key[] rawKeys = new Key[keyNames.length]; try { for (int i = 0; i < keyNames.length; i++) { String keyName = keyNames[i]; String password = getKeyPassword(keyName); char[] passphase = null; if (password != null) passphase = password.toCharArray(); Key.KeyType keyType = Key.KeyType.OPAQUE; String algorithm = null; String format = null; byte[] rawKey; java.security.Key key = keyStore.getKey(keyName, passphase); if (key != null) { // secret key or private key rawKey = key.getEncoded(); algorithm = key.getAlgorithm(); format = key.getFormat(); if (key instanceof SecretKey) { keyType = Key.KeyType.SYMMETRIC_KEY; } else if (key instanceof PrivateKey) { keyType = Key.KeyType.PRIVATE_KEY; } } else { // trusted certificate Certificate certificate = keyStore.getCertificate(keyName); if (certificate == null) throw new CryptoException("Key " + keyName + " not found"); keyType = Key.KeyType.CERTIFICATE; rawKey = certificate.getEncoded(); } rawKeys[i] = new Key(keyType, algorithm, 0, format, rawKey); } } catch (KeyStoreException e) { throw new CryptoException(e); } catch (UnrecoverableEntryException e) { throw new CryptoException(e); } catch (NoSuchAlgorithmException e) { throw new CryptoException(e); } catch (CertificateException e) { throw new CryptoException(e); } return rawKeys; }
From source file:org.wso2.carbon.apimgt.impl.utils.CertificateMgtUtils.java
/** * Retrieve the certificate which is represented by the given alias. * * @param alias : The alias of the required certificate. * @return : The Certificate as a ByteArrayInputStream. * @throws CertificateManagementException : *//*ww w . j a v a 2 s.c o m*/ public ByteArrayInputStream getCertificateContent(String alias) throws CertificateManagementException { File trustStoreFile = new File(TRUST_STORE); Certificate certificate; try { localTrustStoreStream = new FileInputStream(trustStoreFile); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(localTrustStoreStream, TRUST_STORE_PASSWORD); if (trustStore.containsAlias(alias)) { certificate = trustStore.getCertificate(alias); return new ByteArrayInputStream(certificate.getEncoded()); } } catch (IOException e) { throw new CertificateManagementException("Error in loading the certificate.", e); } catch (CertificateException e) { throw new CertificateManagementException("Error loading certificate.", e); } catch (NoSuchAlgorithmException e) { throw new CertificateManagementException("Could not find the algorithm to load the certificate.", e); } catch (KeyStoreException e) { throw new CertificateManagementException("Error reading certificate contents.", e); } finally { closeStreams(localTrustStoreStream); } return null; }
From source file:test.integ.be.e_contract.sts.CXFSTSClientTest.java
@Test public void testBeIDAuthnCertToFile() throws Exception { KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);/*from w w w . j a va 2 s .co m*/ Certificate certificate = keyStore.getCertificate("Authentication"); File tmpFile = File.createTempFile("eid-authn-", ".der"); FileUtils.writeByteArrayToFile(tmpFile, certificate.getEncoded()); LOGGER.debug("eID authn cert file: {}", tmpFile.getAbsolutePath()); }
From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java
private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates) throws KeystoreEditorException { Enumeration certificateEnumeration = certificates.getObjects(); try {/* w w w .j av a 2 s .co m*/ while (certificateEnumeration.hasMoreElements()) { ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement()) .toASN1Primitive(); org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate .getInstance(asn1Primitive); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(instance.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate); setEntry = true; } } catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) { throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e); } return setEntry; }
From source file:org.ejbca.core.protocol.cmp.CrmfRAPbeMultipleKeyIdRequestTest.java
public CrmfRAPbeMultipleKeyIdRequestTest() throws Exception { CAInfo adminca1 = this.caSession.getCAInfo(ADMIN, "CmpCA1"); this.caid1 = adminca1.getCAId(); CAInfo adminca2 = this.caSession.getCAInfo(ADMIN, "CmpCA2"); this.caid2 = adminca2.getCAId(); CAInfo cainfo = this.caSession.getCAInfo(ADMIN, this.caid1); Collection<Certificate> certs = cainfo.getCertificateChain(); if (certs.size() > 0) { Iterator<Certificate> certiter = certs.iterator(); Certificate cert = certiter.next(); String subject = CertTools.getSubjectDN(cert); if (StringUtils.equals(subject, cainfo.getSubjectDN())) { // Make sure we have a BC certificate this.cacert1 = CertTools.getCertfromByteArray(cert.getEncoded()); } else {//w ww.j av a2s .co m this.cacert1 = null; } } else { log.error("NO CACERT for CmpCA1: " + this.caid1); this.cacert1 = null; } cainfo = this.caSession.getCAInfo(ADMIN, this.caid2); certs = cainfo.getCertificateChain(); if (certs.size() > 0) { Iterator<Certificate> certiter = certs.iterator(); Certificate cert = certiter.next(); String subject = CertTools.getSubjectDN(cert); if (StringUtils.equals(subject, cainfo.getSubjectDN())) { // Make sure we have a BC certificate this.cacert2 = CertTools.getCertfromByteArray(cert.getEncoded()); } else { this.cacert2 = null; } } else { log.error("NO CACERT for CmpCA2: " + this.caid2); this.cacert2 = null; } if (this.cacert1 == null || this.cacert2 == null) { throw new Exception("CAs not set up properly."); } this.issuerDN1 = CertTools.getSubjectDN(this.cacert1); this.issuerDN2 = CertTools.getSubjectDN(this.cacert2); this.keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); this.cmpConfiguration = (CmpConfiguration) this.globalConfigSession .getCachedConfiguration(CmpConfiguration.CMP_CONFIGURATION_ID); }
From source file:org.ejbca.core.model.ca.caadmin.CA.java
public void setRequestCertificateChain(Collection<Certificate> requestcertificatechain) { Iterator<Certificate> iter = requestcertificatechain.iterator(); ArrayList<String> storechain = new ArrayList<String>(); while (iter.hasNext()) { Certificate cert = iter.next(); try {//from w ww . j a v a2 s. c o m String b64Cert = new String(Base64.encode(cert.getEncoded())); storechain.add(b64Cert); } catch (Exception e) { throw new RuntimeException(e); } } data.put(REQUESTCERTCHAIN, storechain); this.requestcertchain = new ArrayList<Certificate>(); this.requestcertchain.addAll(requestcertificatechain); }
From source file:org.ejbca.core.protocol.cmp.AuthenticationModulesTest.java
private static CMPCertificate[] getCMPCert(Certificate cert) throws CertificateEncodingException, IOException { ASN1InputStream ins = new ASN1InputStream(cert.getEncoded()); ASN1Primitive pcert = ins.readObject(); ins.close();/* www . j a va 2 s. co m*/ org.bouncycastle.asn1.x509.Certificate c = org.bouncycastle.asn1.x509.Certificate .getInstance(pcert.toASN1Primitive()); CMPCertificate[] res = { new CMPCertificate(c) }; return res; }
From source file:org.wso2.carbon.mdm.mobileservices.windowspc.services.wstep.impl.CertificateEnrollmentServiceImpl.java
/** * Method for setting privateKey and rootCACertificate variables. * * @throws KeyStoreGenerationException/*from w w w . j ava 2s. c o m*/ * @throws org.wso2.carbon.mdm.mobileservices.windows.common.exceptions * .XMLFileOperationException * @throws CertificateGenerationException */ public void setRootCertAndKey(String storePassword, String keyPassword) throws KeyStoreGenerationException, XMLFileOperationException, CertificateGenerationException { File JKSFile = new File(getClass().getClassLoader() .getResource(Constants.CertificateEnrollment.WSO2_MDM_JKS_FILE).getFile()); String JKSFilePath = JKSFile.getPath(); KeyStore securityJKS; try { securityJKS = KeyStoreGenerator.getKeyStore(); } catch (KeyStoreGenerationException e) { throw new KeyStoreGenerationException("Cannot retrieve the MDM key store.", e); } try { KeyStoreGenerator.loadToStore(securityJKS, storePassword.toCharArray(), JKSFilePath); } catch (KeyStoreGenerationException e) { throw new KeyStoreGenerationException("Cannot load the MDM key store.", e); } PrivateKey CAPrivateKey; try { CAPrivateKey = (PrivateKey) securityJKS.getKey(Constants.CertificateEnrollment.CA_CERT, keyPassword.toCharArray()); } catch (KeyStoreException e) { throw new CertificateGenerationException("Cannot generate private key due to Key store error.", e); } catch (NoSuchAlgorithmException e) { throw new CertificateGenerationException( "Requested cryptographic algorithm is not available in the environment.", e); } catch (UnrecoverableKeyException e) { throw new CertificateGenerationException("Cannot recover private key.", e); } privateKey = CAPrivateKey; Certificate CACertificate; try { CACertificate = securityJKS.getCertificate(Constants.CertificateEnrollment.CA_CERT); } catch (KeyStoreException e) { throw new KeyStoreGenerationException("Keystore cannot be accessed.", e); } CertificateFactory certificateFactory; try { certificateFactory = CertificateFactory.getInstance(Constants.CertificateEnrollment.X_509); } catch (CertificateException e) { throw new CertificateGenerationException("Cannot initiate certificate factory.", e); } ByteArrayInputStream byteArrayInputStream; try { byteArrayInputStream = new ByteArrayInputStream(CACertificate.getEncoded()); } catch (CertificateEncodingException e) { throw new CertificateGenerationException("CA certificate cannot be encoded.", e); } X509Certificate X509CACertificate; try { X509CACertificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream); } catch (CertificateException e) { throw new CertificateGenerationException("X509 CA certificate cannot be generated.", e); } rootCACertificate = X509CACertificate; }
From source file:org.cesecore.certificates.ca.CA.java
public void setCertificateChain(Collection<Certificate> certificatechain) { Iterator<Certificate> iter = certificatechain.iterator(); ArrayList<String> storechain = new ArrayList<String>(); while (iter.hasNext()) { Certificate cert = iter.next(); try {/*from w w w .j a v a2 s . co m*/ String b64Cert = new String(Base64.encode(cert.getEncoded())); storechain.add(b64Cert); } catch (Exception e) { throw new RuntimeException(e); } } data.put(CERTIFICATECHAIN, storechain); this.certificatechain = new ArrayList<Certificate>(); this.certificatechain.addAll(certificatechain); this.cainfo.setCertificateChain(certificatechain); }