List of usage examples for java.security.cert Certificate toString
public abstract String toString();
From source file:org.hyperledger.fabric.sdk.security.CryptoPrimitives.java
boolean validateCertificate(Certificate cert) { boolean isValidated; if (cert == null) { return false; }//from w w w .j a v a 2 s. c o m try { KeyStore keyStore = getTrustStore(); PKIXParameters parms = new PKIXParameters(keyStore); parms.setRevocationEnabled(false); CertPathValidator certValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); // PKIX ArrayList<Certificate> start = new ArrayList<>(); start.add(cert); CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_FORMAT); CertPath certPath = certFactory.generateCertPath(start); certValidator.validate(certPath, parms); isValidated = true; } catch (KeyStoreException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | CertificateException | CertPathValidatorException | CryptoException e) { logger.error("Cannot validate certificate. Error is: " + e.getMessage() + "\r\nCertificate" + cert.toString()); isValidated = false; } return isValidated; }
From source file:org.wso2.carbon.device.mgt.iot.agent.firealarm.enrollment.EnrollmentManager.java
/** * This method connects to the SCEP Server to fetch the signed SCEP Certificate. * * @param tempCert the temporary self-signed certificate of the client required for the initial CSR * request against the SCEP Server. * @param certSignRequest the PKCS10 Certificate-Sign-Request that is to be sent to the SCEP Server. * @return the SCEP-Certificate for the client signed by the SCEP-Server. * @throws AgentCoreOperationException if the SCEPUrl is invalid or if the flow of sending the CSR and getting * the signed certificate fails or if the signed certificate cannot be * retrieved from the reply from the server. *//* w ww. jav a2 s . c o m*/ private X509Certificate getSignedCertificateFromServer(X509Certificate tempCert, PKCS10CertificationRequest certSignRequest) throws AgentCoreOperationException { X509Certificate signedSCEPCertificate = null; URL url; EnrollmentResponse enrolResponse; CertStore certStore; try { // The URL where we are going to request our cert from url = new URL(this.SCEPUrl); /* // This is called when we get the certificate for our CSR signed by CA // Implement this handler to check the CA cert in prod. We can do cert pinning here CallbackHandler cb = new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { //throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } };*/ // I did not implement any verification of the CA cert. DO NOT DO THAT. // For testing this is OK, in Prod make sure to VERIFY the CA CertificateVerifier ocv = new OptimisticCertificateVerifier(); // Instantiate our SCEP client Client scepClient = new Client(url, ocv); // Submit our cert for signing. iosTrustpoint allows the client to specify // the SCEP CA to issue the request against, if there are multiple CAs enrolResponse = scepClient.enrol(tempCert, this.privateKey, certSignRequest); // Verify we got what we want, and just print out the cert. certStore = enrolResponse.getCertStore(); for (java.security.cert.Certificate x509Certificate : certStore.getCertificates(null)) { if (log.isDebugEnabled()) { log.debug(x509Certificate.toString()); } signedSCEPCertificate = (X509Certificate) x509Certificate; } } catch (MalformedURLException ex) { String errorMsg = "Could not create valid URL from given SCEP URI: " + SCEPUrl; log.error(errorMsg); throw new AgentCoreOperationException(errorMsg, ex); } catch (TransactionException | ClientException e) { String errorMsg = "Enrollment process to SCEP Server at: " + SCEPUrl + " failed."; log.error(errorMsg); throw new AgentCoreOperationException(errorMsg, e); } catch (CertStoreException e) { String errorMsg = "Could not retrieve [Signed-Certificate] from the response message from SCEP-Server."; log.error(errorMsg); throw new AgentCoreOperationException(errorMsg, e); } return signedSCEPCertificate; }
From source file:org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.enrollment.EnrollmentManager.java
/** * This method connects to the SCEP Server to fetch the signed SCEP Certificate. * * @param tempCert the temporary self-signed certificate of the client required for the initial CSR * request against the SCEP Server. * @param certSignRequest the PKCS10 Certificate-Sign-Request that is to be sent to the SCEP Server. * @return the SCEP-Certificate for the client signed by the SCEP-Server. * @throws AgentCoreOperationException if the SCEPUrl is invalid or if the flow of sending the CSR and getting * the signed certificate fails or if the signed certificate cannot be * retrieved from the reply from the server. *///from w w w . j a va 2 s . c o m private X509Certificate getSignedCertificateFromServer(X509Certificate tempCert, PKCS10CertificationRequest certSignRequest) throws AgentCoreOperationException { X509Certificate signedSCEPCertificate = null; URL url; EnrollmentResponse enrolResponse; CertStore certStore; try { // The URL where we are going to request our cert from url = new URL(this.SCEPUrl); /* // This is called when we get the certificate for our CSR signed by CA // Implement this handler to check the CA cert in prod. We can do cert pinning here CallbackHandler cb = new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { //throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } };*/ // Implement verification of the CA cert. VERIFY the CA CertificateVerifier ocv = new OptimisticCertificateVerifier(); // Instantiate our SCEP client Client scepClient = new Client(url, ocv); // Submit our cert for signing. SCEP server should allow the client to specify // the SCEP CA to issue the request against, if there are multiple CAs enrolResponse = scepClient.enrol(tempCert, this.privateKey, certSignRequest); // Verify we got what we want, and just print out the cert. certStore = enrolResponse.getCertStore(); for (Certificate x509Certificate : certStore.getCertificates(null)) { if (log.isDebugEnabled()) { log.debug(x509Certificate.toString()); } signedSCEPCertificate = (X509Certificate) x509Certificate; } } catch (MalformedURLException ex) { String errorMsg = "Could not create valid URL from given SCEP URI: " + SCEPUrl; log.error(errorMsg); throw new AgentCoreOperationException(errorMsg, ex); } catch (TransactionException | ClientException e) { String errorMsg = "Enrollment process to SCEP Server at: " + SCEPUrl + " failed."; log.error(errorMsg); throw new AgentCoreOperationException(errorMsg, e); } catch (CertStoreException e) { String errorMsg = "Could not retrieve [Signed-Certificate] from the response message from SCEP-Server."; log.error(errorMsg); throw new AgentCoreOperationException(errorMsg, e); } return signedSCEPCertificate; }
From source file:test.integ.be.fedict.trust.TSATest.java
@Test public void testTSA() throws Exception { // setup// w ww. java2s . com TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator(); requestGen.setCertReq(true); TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestData = request.getEncoded(); HttpClient httpClient = new HttpClient(); httpClient.getHostConfiguration().setProxy("proxy.yourict.net", 8080); PostMethod postMethod = new PostMethod(tsa_location); postMethod.setRequestEntity(new ByteArrayRequestEntity(requestData, "application/timestamp-query")); // operate int statusCode = httpClient.executeMethod(postMethod); if (statusCode != HttpStatus.SC_OK) { LOG.error("Error contacting TSP server " + tsa_location); throw new Exception("Error contacting TSP server " + tsa_location); } TimeStampResponse tspResponse = new TimeStampResponse(postMethod.getResponseBodyAsStream()); postMethod.releaseConnection(); CertStore certStore = tspResponse.getTimeStampToken().getCertificatesAndCRLs("Collection", "BC"); Collection<? extends Certificate> certificates = certStore.getCertificates(null); List<X509Certificate> certificateChain = new LinkedList<X509Certificate>(); for (Certificate certificate : certificates) { LOG.debug("certificate: " + certificate.toString()); certificateChain.add(0, (X509Certificate) certificate); } LOG.debug("token received"); // send token to trust service XKMS2Client client = new XKMS2Client("https://www.e-contract.be/eid-trust-service-ws/xkms2"); client.setProxy("proxy.yourict.net", 8080); client.validate(TrustServiceDomains.BELGIAN_TSA_TRUST_DOMAIN, certificateChain, true); }