Example usage for java.security.cert Certificate toString

List of usage examples for java.security.cert Certificate toString

Introduction

In this page you can find the example usage for java.security.cert Certificate toString.

Prototype

public abstract String toString();

Source Link

Document

Returns a string representation of this certificate.

Usage

From source file:org.hyperledger.fabric.sdk.security.CryptoPrimitives.java

boolean validateCertificate(Certificate cert) {
    boolean isValidated;

    if (cert == null) {
        return false;
    }//from  w  w  w .j a v  a  2 s. c o  m

    try {
        KeyStore keyStore = getTrustStore();

        PKIXParameters parms = new PKIXParameters(keyStore);
        parms.setRevocationEnabled(false);

        CertPathValidator certValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); // PKIX

        ArrayList<Certificate> start = new ArrayList<>();
        start.add(cert);
        CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_FORMAT);
        CertPath certPath = certFactory.generateCertPath(start);

        certValidator.validate(certPath, parms);
        isValidated = true;
    } catch (KeyStoreException | InvalidAlgorithmParameterException | NoSuchAlgorithmException
            | CertificateException | CertPathValidatorException | CryptoException e) {
        logger.error("Cannot validate certificate. Error is: " + e.getMessage() + "\r\nCertificate"
                + cert.toString());
        isValidated = false;
    }

    return isValidated;
}

From source file:org.wso2.carbon.device.mgt.iot.agent.firealarm.enrollment.EnrollmentManager.java

/**
 * This method connects to the SCEP Server to fetch the signed SCEP Certificate.
 *
 * @param tempCert        the temporary self-signed certificate of the client required for the initial CSR
 *                        request against the SCEP Server.
 * @param certSignRequest the PKCS10 Certificate-Sign-Request that is to be sent to the SCEP Server.
 * @return the SCEP-Certificate for the client signed by the SCEP-Server.
 * @throws AgentCoreOperationException if the SCEPUrl is invalid or if the flow of sending the CSR and getting
 *                                     the signed certificate fails or if the signed certificate cannot be
 *                                     retrieved from the reply from the server.
 *//* w  ww. jav a2 s  .  c o m*/
private X509Certificate getSignedCertificateFromServer(X509Certificate tempCert,
        PKCS10CertificationRequest certSignRequest) throws AgentCoreOperationException {

    X509Certificate signedSCEPCertificate = null;
    URL url;
    EnrollmentResponse enrolResponse;
    CertStore certStore;

    try {
        // The URL where we are going to request our cert from
        url = new URL(this.SCEPUrl);

        /*  // This is called when we get the certificate for our CSR signed by CA
        // Implement this handler to check the CA cert in prod. We can do cert pinning here
        CallbackHandler cb = new CallbackHandler() {
        @Override
        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            //throw new UnsupportedOperationException("Not supported yet."); //To change body of generated
            methods, choose Tools | Templates.
        }
        };*/

        // I did not implement any verification of the CA cert. DO NOT DO THAT.
        // For testing this is OK, in Prod make sure to VERIFY the CA
        CertificateVerifier ocv = new OptimisticCertificateVerifier();

        // Instantiate our SCEP client
        Client scepClient = new Client(url, ocv);

        // Submit our cert for signing. iosTrustpoint allows the client to specify
        // the SCEP CA to issue the request against, if there are multiple CAs
        enrolResponse = scepClient.enrol(tempCert, this.privateKey, certSignRequest);

        // Verify we got what we want, and just print out the cert.
        certStore = enrolResponse.getCertStore();

        for (java.security.cert.Certificate x509Certificate : certStore.getCertificates(null)) {
            if (log.isDebugEnabled()) {
                log.debug(x509Certificate.toString());
            }
            signedSCEPCertificate = (X509Certificate) x509Certificate;
        }

    } catch (MalformedURLException ex) {
        String errorMsg = "Could not create valid URL from given SCEP URI: " + SCEPUrl;
        log.error(errorMsg);
        throw new AgentCoreOperationException(errorMsg, ex);
    } catch (TransactionException | ClientException e) {
        String errorMsg = "Enrollment process to SCEP Server at: " + SCEPUrl + " failed.";
        log.error(errorMsg);
        throw new AgentCoreOperationException(errorMsg, e);
    } catch (CertStoreException e) {
        String errorMsg = "Could not retrieve [Signed-Certificate] from the response message from SCEP-Server.";
        log.error(errorMsg);
        throw new AgentCoreOperationException(errorMsg, e);
    }

    return signedSCEPCertificate;
}

From source file:org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.enrollment.EnrollmentManager.java

/**
 * This method connects to the SCEP Server to fetch the signed SCEP Certificate.
 *
 * @param tempCert        the temporary self-signed certificate of the client required for the initial CSR
 *                        request against the SCEP Server.
 * @param certSignRequest the PKCS10 Certificate-Sign-Request that is to be sent to the SCEP Server.
 * @return the SCEP-Certificate for the client signed by the SCEP-Server.
 * @throws AgentCoreOperationException if the SCEPUrl is invalid or if the flow of sending the CSR and getting
 *                                     the signed certificate fails or if the signed certificate cannot be
 *                                     retrieved from the reply from the server.
 *///from  w w w  .  j  a  va 2 s .  c o m
private X509Certificate getSignedCertificateFromServer(X509Certificate tempCert,
        PKCS10CertificationRequest certSignRequest) throws AgentCoreOperationException {

    X509Certificate signedSCEPCertificate = null;
    URL url;
    EnrollmentResponse enrolResponse;
    CertStore certStore;

    try {
        // The URL where we are going to request our cert from
        url = new URL(this.SCEPUrl);

        /*  // This is called when we get the certificate for our CSR signed by CA
        // Implement this handler to check the CA cert in prod. We can do cert pinning here
        CallbackHandler cb = new CallbackHandler() {
        @Override
        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            //throw new UnsupportedOperationException("Not supported yet."); //To change body of generated
            methods, choose Tools | Templates.
        }
        };*/

        // Implement verification of the CA cert. VERIFY the CA
        CertificateVerifier ocv = new OptimisticCertificateVerifier();

        // Instantiate our SCEP client
        Client scepClient = new Client(url, ocv);

        // Submit our cert for signing. SCEP server should allow the client to specify
        // the SCEP CA to issue the request against, if there are multiple CAs
        enrolResponse = scepClient.enrol(tempCert, this.privateKey, certSignRequest);

        // Verify we got what we want, and just print out the cert.
        certStore = enrolResponse.getCertStore();

        for (Certificate x509Certificate : certStore.getCertificates(null)) {
            if (log.isDebugEnabled()) {
                log.debug(x509Certificate.toString());
            }
            signedSCEPCertificate = (X509Certificate) x509Certificate;
        }

    } catch (MalformedURLException ex) {
        String errorMsg = "Could not create valid URL from given SCEP URI: " + SCEPUrl;
        log.error(errorMsg);
        throw new AgentCoreOperationException(errorMsg, ex);
    } catch (TransactionException | ClientException e) {
        String errorMsg = "Enrollment process to SCEP Server at: " + SCEPUrl + " failed.";
        log.error(errorMsg);
        throw new AgentCoreOperationException(errorMsg, e);
    } catch (CertStoreException e) {
        String errorMsg = "Could not retrieve [Signed-Certificate] from the response message from SCEP-Server.";
        log.error(errorMsg);
        throw new AgentCoreOperationException(errorMsg, e);
    }

    return signedSCEPCertificate;
}

From source file:test.integ.be.fedict.trust.TSATest.java

@Test
public void testTSA() throws Exception {

    // setup// w  ww. java2s  . com
    TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator();
    requestGen.setCertReq(true);
    TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
    byte[] requestData = request.getEncoded();

    HttpClient httpClient = new HttpClient();
    httpClient.getHostConfiguration().setProxy("proxy.yourict.net", 8080);
    PostMethod postMethod = new PostMethod(tsa_location);
    postMethod.setRequestEntity(new ByteArrayRequestEntity(requestData, "application/timestamp-query"));

    // operate
    int statusCode = httpClient.executeMethod(postMethod);
    if (statusCode != HttpStatus.SC_OK) {
        LOG.error("Error contacting TSP server " + tsa_location);
        throw new Exception("Error contacting TSP server " + tsa_location);
    }

    TimeStampResponse tspResponse = new TimeStampResponse(postMethod.getResponseBodyAsStream());
    postMethod.releaseConnection();

    CertStore certStore = tspResponse.getTimeStampToken().getCertificatesAndCRLs("Collection", "BC");

    Collection<? extends Certificate> certificates = certStore.getCertificates(null);
    List<X509Certificate> certificateChain = new LinkedList<X509Certificate>();
    for (Certificate certificate : certificates) {
        LOG.debug("certificate: " + certificate.toString());
        certificateChain.add(0, (X509Certificate) certificate);
    }

    LOG.debug("token received");
    // send token to trust service
    XKMS2Client client = new XKMS2Client("https://www.e-contract.be/eid-trust-service-ws/xkms2");
    client.setProxy("proxy.yourict.net", 8080);
    client.validate(TrustServiceDomains.BELGIAN_TSA_TRUST_DOMAIN, certificateChain, true);
}