List of usage examples for java.security.cert CertificateEncodingException getMessage
public String getMessage()
From source file:be.fedict.hsm.model.security.SecurityAuditGeneratorBean.java
private String getSubjectIdentifier(X509Certificate subjectCertificate) { try {/*ww w .j a va2s .co m*/ String subjectIdentifier = getSubjectIdentifier(subjectCertificate.getEncoded()); return subjectIdentifier; } catch (CertificateEncodingException e) { LOG.debug("X509 encoding error: " + e.getMessage()); return null; } }
From source file:org.asimba.wa.integrationtest.util.SignatureHelper.java
public String getPEMEncodedCertificateFromKeystore() { Certificate certificate = getCertificateFromKeystore(); Base64 encoder = new Base64(64); byte[] derCert; try {//from www . ja va2 s . c o m derCert = certificate.getEncoded(); return new String(encoder.encode(derCert)); } catch (CertificateEncodingException e) { _logger.error("Exception: {}", e.getMessage(), e); return "NO-CERT"; } }
From source file:net.maritimecloud.identityregistry.controllers.BaseControllerWithCertificate.java
protected PemCertificate issueCertificate(CertificateModel certOwner, Organization org, String type, HttpServletRequest request) throws McBasicRestException { // Generate keypair for user KeyPair userKeyPair = CertificateUtil.generateKeyPair(); // Find special MC attributes to put in the certificate HashMap<String, String> attrs = getAttr(certOwner); String o = org.getMrn();//from w ww .ja v a 2s .c om String name = getName(certOwner); String email = getEmail(certOwner); String uid = getUid(certOwner); if (uid == null || uid.trim().isEmpty()) { throw new McBasicRestException(HttpStatus.BAD_REQUEST, MCIdRegConstants.ENTITY_ORG_ID_MISSING, request.getServletPath()); } BigInteger serialNumber = certUtil.generateSerialNumber(); X509Certificate userCert = certUtil.generateCertForEntity(serialNumber, org.getCountry(), o, type, name, email, uid, userKeyPair.getPublic(), attrs); String pemCertificate; try { pemCertificate = CertificateUtil.getPemFromEncoded("CERTIFICATE", userCert.getEncoded()).replace("\n", "\\n"); } catch (CertificateEncodingException e) { throw new RuntimeException(e.getMessage(), e); } String pemPublicKey = CertificateUtil.getPemFromEncoded("PUBLIC KEY", userKeyPair.getPublic().getEncoded()) .replace("\n", "\\n"); String pemPrivateKey = CertificateUtil .getPemFromEncoded("PRIVATE KEY", userKeyPair.getPrivate().getEncoded()).replace("\n", "\\n"); PemCertificate ret = new PemCertificate(pemPrivateKey, pemPublicKey, pemCertificate); // Create the certificate Certificate newMCCert = new Certificate(); certOwner.assignToCert(newMCCert); newMCCert.setCertificate(pemCertificate); newMCCert.setSerialNumber(serialNumber); // The dates we extract from the cert is in localtime, so they are converted to UTC before saving into the DB Calendar cal = Calendar.getInstance(); long offset = cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET); newMCCert.setStart(new Date(userCert.getNotBefore().getTime() - offset)); newMCCert.setEnd(new Date(userCert.getNotAfter().getTime() - offset)); this.certificateService.saveCertificate(newMCCert); return ret; }
From source file:be.fedict.eid.dss.model.bean.IdentityServiceBean.java
/** * {@inheritDoc}//from w w w . j av a 2s . com */ public String getIdentityFingerprint() { PrivateKeyEntry identity = findIdentity(); if (null == identity) { return null; } X509Certificate certificate = (X509Certificate) identity.getCertificate(); if (null == certificate) { return null; } String fingerprint; try { fingerprint = DigestUtils.shaHex(certificate.getEncoded()); } catch (CertificateEncodingException e) { LOG.error("cert encoding error: " + e.getMessage(), e); return null; } return fingerprint; }
From source file:be.fedict.eid.applet.service.JSONServlet.java
@Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { LOG.debug("doGet"); HttpSession httpSession = request.getSession(); EIdData eIdData = (EIdData) httpSession.getAttribute("eid"); if (null == eIdData) { throw new ServletException("no eID data available"); }//from w ww . ja v a2 s.c o m PrintWriter writer = response.getWriter(); try { outputJSON(eIdData, writer); } catch (CertificateEncodingException e) { throw new ServletException("Certificate encoding error: " + e.getMessage(), e); } }
From source file:be.fedict.hsm.admin.webapp.security.AuthenticationController.java
public void login(ComponentSystemEvent event) { LOG.debug("login"); FacesContext facesContext = FacesContext.getCurrentInstance(); if (facesContext.getResponseComplete()) { return;//from w ww . j a v a2 s .c o m } if (null == this.authenticationCertificate) { /* * Caused by a direct navigation to post-login.jsf */ redirect(facesContext, "/index.xhtml"); return; } byte[] encodedCertificate; try { encodedCertificate = this.authenticationCertificate.getEncoded(); } catch (CertificateEncodingException e) { LOG.error("certificate encoding error: " + e.getMessage(), e); return; } /* * The challenged certificate is the unique user identifier. */ String username = DigestUtils.sha1Hex(encodedCertificate); String password = this.identity.getCardNumber(); ExternalContext externalContext = facesContext.getExternalContext(); HttpServletRequest httpServletRequest = (HttpServletRequest) externalContext.getRequest(); try { httpServletRequest.login(username, password); } catch (ServletException e) { LOG.error("login error: " + e.getMessage(), e); accessDenied(facesContext); return; } Principal userPrincipal = httpServletRequest.getUserPrincipal(); if (null == userPrincipal) { accessDenied(facesContext); return; } LOG.debug("user principal: " + userPrincipal.getName()); LOG.debug("admin role: " + httpServletRequest.isUserInRole(AdministratorRoles.ADMINISTRATOR)); if (false == httpServletRequest.isUserInRole(AdministratorRoles.ADMINISTRATOR)) { accessDenied(facesContext); return; } String targetViewId = SecurityPhaseListener.getTargetViewId(externalContext); redirect(facesContext, targetViewId); }
From source file:be.fedict.trust.service.dao.bean.CertificateAuthorityDAOBean.java
public CertificateAuthorityEntity addCertificateAuthority(X509Certificate certificate, String crlUrl) { LOG.debug("add CA: " + certificate.getSubjectX500Principal().toString()); CertificateAuthorityEntity certificateAuthority; try {/*from w ww.j av a 2s.co m*/ certificateAuthority = new CertificateAuthorityEntity(crlUrl, certificate); } catch (CertificateEncodingException e) { LOG.error("Certificate encoding exception: " + e.getMessage()); return null; } this.entityManager.persist(certificateAuthority); return certificateAuthority; }
From source file:be.fedict.trust.service.bean.TrustServiceTrustLinker.java
public TrustLinkerResult hasTrustLink(X509Certificate childCertificate, X509Certificate certificate, Date validationDate, RevocationData revocationData) { LOG.debug("certificate: " + childCertificate.getSubjectX500Principal()); LOG.debug("certificate Issuer: " + childCertificate.getIssuerX500Principal().toString()); LOG.debug("Issuer: " + certificate.getSubjectX500Principal()); BigInteger issuerSerialNumber = certificate.getSerialNumber(); String key = new String(); key += certificate.getSubjectX500Principal().toString() + "|" + issuerSerialNumber.toString(); String issuerName = childCertificate.getIssuerX500Principal().toString(); CertificateAuthorityEntity certificateAuthority = this.entityManager //.find(CertificateAuthorityEntity.class, issuerName); .find(CertificateAuthorityEntity.class, key); if (null == certificateAuthority) { LOG.debug("no data cache entry for CA: " + issuerName + " - Serial Number: " + issuerSerialNumber.toString()); /*/*from w w w.j ava 2 s .com*/ * Cache Miss */ SNMPInterceptor.increment(SnmpConstants.CACHE_MISSES, SnmpConstants.SNMP_SERVICE, 1L); /* * Lookup Root CA's trust point via parent certificates' CA entity. */ String parentIssuerName = certificate.getIssuerX500Principal().toString(); CertificateAuthorityEntity parentCertificateAuthority = this.entityManager .find(CertificateAuthorityEntity.class, parentIssuerName); if (null == parentCertificateAuthority) { logAudit("CA not found for " + parentIssuerName); LOG.error("CA not found for " + parentIssuerName + " ?!"); return null; } // create new CA try { certificateAuthority = new CertificateAuthorityEntity(getCrlUrl(childCertificate), certificate); certificateAuthority.setTrustPoint(parentCertificateAuthority.getTrustPoint()); } catch (CertificateEncodingException e) { LOG.error("certificate encoding error: " + e.getMessage(), e); return null; } this.entityManager.persist(certificateAuthority); return null; } if (Status.ACTIVE != certificateAuthority.getStatus()) { LOG.debug("CA revocation data cache not yet active: " + issuerName); /* * Harvester is still busy processing the first CRL. */ if (null == certificateAuthority.getCrlUrl()) { certificateAuthority.setCrlUrl(getCrlUrl(childCertificate)); } if (Status.NONE != certificateAuthority.getStatus()) { // none means no CRL is available so not really a cache miss SNMPInterceptor.increment(SnmpConstants.CACHE_MISSES, SnmpConstants.SNMP_SERVICE, 1L); } return null; } /* * Let's use the cached revocation data */ Date thisUpdate = certificateAuthority.getThisUpdate(); if (null == thisUpdate) { LOG.warn("no thisUpdate value: " + certificateAuthority.getName()); SNMPInterceptor.increment(SnmpConstants.CACHE_MISSES, SnmpConstants.SNMP_SERVICE, 1L); return null; } Date nextUpdate = certificateAuthority.getNextUpdate(); if (null == nextUpdate) { LOG.warn("no nextUpdate value: " + certificateAuthority.getName()); SNMPInterceptor.increment(SnmpConstants.CACHE_MISSES, SnmpConstants.SNMP_SERVICE, 1L); return null; } /* * First check whether the cached revocation data is up-to-date. */ if (thisUpdate.after(validationDate)) { LOG.warn("cached CRL data too recent: " + certificateAuthority.getName()); SNMPInterceptor.increment(SnmpConstants.CACHE_MISSES, SnmpConstants.SNMP_SERVICE, 1L); return null; } if (validationDate.after(nextUpdate)) { LOG.warn("cached CRL data too old: " + certificateAuthority.getName()); SNMPInterceptor.increment(SnmpConstants.CACHE_MISSES, SnmpConstants.SNMP_SERVICE, 1L); return null; } LOG.debug("using cached CRL data"); /* * Cache Hit */ SNMPInterceptor.increment(SnmpConstants.CACHE_HITS, SnmpConstants.SNMP_SERVICE, 1L); BigInteger serialNumber = childCertificate.getSerialNumber(); RevokedCertificateEntity revokedCertificate = findRevokedCertificate(issuerName, serialNumber); if (null == revokedCertificate) { LOG.debug("certificate valid: " + childCertificate.getSubjectX500Principal()); return new TrustLinkerResult(true); } if (revokedCertificate.getRevocationDate().after(validationDate)) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal() + " at " + validationDate); return new TrustLinkerResult(true); } LOG.debug("certificate invalid: " + childCertificate.getSubjectX500Principal()); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate revoked by cached CRL"); }
From source file:org.globus.gsi.GlobusCredential.java
/** * Saves the credential into a specified output stream. The self-signed certificates in the certificate * chain will not be saved. The output stream should always be closed after calling this function. * * @param out/*www . j av a 2 s .c om*/ * the output stream to write the credential to. * @exception IOException * if any error occurred during saving. */ public void save(OutputStream out) throws IOException { try { cred.save(out); } catch (CertificateEncodingException e) { throw new ChainedIOException(e.getMessage(), e); } }
From source file:be.e_contract.mycarenet.common.SessionKey.java
public byte[] getEncodedCertificate() { X509Certificate certificate = getCertificate(); try {//from w w w . j av a2s . c o m return certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("certificate encoding error: " + e.getMessage(), e); } }