List of usage examples for java.security.cert CertificateEncodingException getMessage
public String getMessage()
From source file:be.fedict.eid.idp.protocol.ws_federation.AbstractWSFederationMetadataHttpServlet.java
private void writeMetadata(HttpServletRequest request, IdentityProviderConfiguration configuration, OutputStream outputStream) throws JAXBException, ServletException, ParserConfigurationException, CertificateEncodingException, TransformerFactoryConfigurationError, TransformerException, IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { String location = getLocation(request); EntityDescriptor entityDescriptor = Saml2Util.buildXMLObject(EntityDescriptor.class, EntityDescriptor.DEFAULT_ELEMENT_NAME); entityDescriptor.setEntityID(location); entityDescriptor.setID("saml-metadata-" + UUID.randomUUID().toString()); @SuppressWarnings("unchecked") XMLObjectBuilder<SecurityTokenService> builder = Configuration.getBuilderFactory() .getBuilder(SecurityTokenService.TYPE_NAME); SecurityTokenService securityTokenService = builder.buildObject(RoleDescriptor.DEFAULT_ELEMENT_NAME, SecurityTokenService.TYPE_NAME); entityDescriptor.getRoleDescriptors().add(securityTokenService); securityTokenService.addSupportedProtocol("http://docs.oasis-open.org/wsfed/federation/200706"); PassiveRequestorEndpoint passiveRequestorEndpoint = Saml2Util.buildXMLObject(PassiveRequestorEndpoint.class, PassiveRequestorEndpoint.DEFAULT_ELEMENT_NAME); securityTokenService.getPassiveRequestorEndpoints().add(passiveRequestorEndpoint); EndpointReference endpoint = Saml2Util.buildXMLObject(EndpointReference.class, EndpointReference.ELEMENT_NAME); passiveRequestorEndpoint.setEndpointReference(endpoint); Address address = Saml2Util.buildXMLObject(Address.class, Address.ELEMENT_NAME); endpoint.setAddress(address);//from w w w . ja v a2 s . c o m address.setValue(location); IdPIdentity identity = configuration.findIdentity(); try { if (null != identity) { KeyDescriptor keyDescriptor = Saml2Util.buildXMLObject(KeyDescriptor.class, KeyDescriptor.DEFAULT_ELEMENT_NAME); securityTokenService.getKeyDescriptors().add(keyDescriptor); keyDescriptor.setUse(UsageType.SIGNING); org.opensaml.xml.signature.KeyInfo keyInfo = Saml2Util.buildXMLObject( org.opensaml.xml.signature.KeyInfo.class, org.opensaml.xml.signature.KeyInfo.DEFAULT_ELEMENT_NAME); keyDescriptor.setKeyInfo(keyInfo); KeyInfoHelper.addCertificate(keyInfo, (X509Certificate) identity.getPrivateKeyEntry().getCertificate()); } } catch (CertificateEncodingException e) { throw new RuntimeException("opensaml2 certificate encoding error: " + e.getMessage(), e); } // claims ClaimTypesOffered claimTypesOffered = Saml2Util.buildXMLObject(ClaimTypesOffered.class, ClaimTypesOffered.DEFAULT_ELEMENT_NAME); securityTokenService.setClaimTypesOffered(claimTypesOffered); List<ClaimType> claimTypes = claimTypesOffered.getClaimTypes(); for (AttributeConfig attribute : configuration .getAttributes(AbstractWSFederationProtocolService.WS_FED_PROTOCOL_ID)) { addClaimType(attribute.getUri(), attribute.getName(), attribute.getDescription(), claimTypes); } Element element; if (null != identity) { LOG.debug("sign WS-Federation Metadata"); element = Saml2Util.signAsElement(entityDescriptor, entityDescriptor, identity.getPrivateKeyEntry()); } else { LOG.warn("WS-Federation Metadata NOT signed!"); element = Saml2Util.marshall(entityDescriptor); } Saml2Util.writeDocument(element.getOwnerDocument(), outputStream); }
From source file:eu.europa.ec.markt.dss.signature.xades.XAdESProfileC.java
/** * Gives back the JAXB CertID data structure. * // w w w. j av a 2 s. c om * @param certificate * @param xadesObjectFactory * @param xmldsigObjectFactory * @param digestAlgorithm * @return */ private CertIDType getCertID(X509Certificate certificate, DigestAlgorithm digestAlgorithm) { CertIDType certId = xadesObjectFactory.createCertIDType(); X509IssuerSerialType issuerSerial = getXmldsigObjectFactory().createX509IssuerSerialType(); certId.setIssuerSerial(issuerSerial); String issuerName = certificate.getIssuerX500Principal().toString(); issuerSerial.setX509IssuerName(issuerName); issuerSerial.setX509SerialNumber(certificate.getSerialNumber()); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("certificate encoding error: " + e.getMessage(), e); } DigestAlgAndValueType certDigest = getDigestAlgAndValue(encodedCertificate, digestAlgorithm); certId.setCertDigest(certDigest); return certId; }
From source file:be.fedict.eid.idp.common.saml2.Saml2Util.java
private static KeyInfo getKeyInfo(KeyStore.PrivateKeyEntry identity) { List<X509Certificate> certificateChain = getCertificateChain(identity); KeyInfo keyInfo = Saml2Util.buildXMLObject(KeyInfo.class, KeyInfo.DEFAULT_ELEMENT_NAME); try {// w ww.jav a 2s. c o m for (X509Certificate certificate : certificateChain) { KeyInfoHelper.addCertificate(keyInfo, certificate); } } catch (CertificateEncodingException e) { throw new RuntimeException("opensaml2 certificate encoding error: " + e.getMessage(), e); } return keyInfo; }
From source file:be.fedict.eid.idp.common.saml2.Saml2Util.java
private static XMLObject sign(XMLObject xmlObject, SignableSAMLObject signableSAMLObject, KeyStore.PrivateKeyEntry privateKeyEntry) { XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory(); SignatureBuilder signatureBuilder = (SignatureBuilder) builderFactory .getBuilder(Signature.DEFAULT_ELEMENT_NAME); Signature signature = signatureBuilder.buildObject(); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); String algorithm = privateKeyEntry.getPrivateKey().getAlgorithm(); if ("RSA".equals(algorithm)) { signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA); } else if ("DSA".equals(algorithm)) { signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_DSA); }//from www .j av a2 s . co m List<X509Certificate> certificateChain = new LinkedList<X509Certificate>(); for (java.security.cert.Certificate certificate : privateKeyEntry.getCertificateChain()) { certificateChain.add((X509Certificate) certificate); } // add certificate chain as keyinfo KeyInfo keyInfo = buildXMLObject(KeyInfo.class, KeyInfo.DEFAULT_ELEMENT_NAME); try { for (X509Certificate certificate : certificateChain) { KeyInfoHelper.addCertificate(keyInfo, certificate); } } catch (CertificateEncodingException e) { throw new RuntimeException("opensaml2 certificate encoding error: " + e.getMessage(), e); } signature.setKeyInfo(keyInfo); BasicX509Credential signingCredential = new BasicX509Credential(); signingCredential.setPrivateKey(privateKeyEntry.getPrivateKey()); signingCredential.setEntityCertificateChain(certificateChain); // enable adding the cert.chain as KeyInfo X509KeyInfoGeneratorFactory factory = (X509KeyInfoGeneratorFactory) org.opensaml.xml.Configuration .getGlobalSecurityConfiguration().getKeyInfoGeneratorManager().getDefaultManager() .getFactory(signingCredential); factory.setEmitEntityCertificateChain(true); signature.setSigningCredential(signingCredential); signableSAMLObject.setSignature(signature); // Marshall so it has an XML representation. marshall(xmlObject); // Sign after marshaling so we can add a signature to the XML // representation. try { Signer.signObject(signature); } catch (SignatureException e) { throw new RuntimeException("opensaml2 signing error: " + e.getMessage(), e); } return xmlObject; }
From source file:be.fedict.eid.tsl.tool.TslInternalFrame.java
@Override public void valueChanged(TreeSelectionEvent event) { DefaultMutableTreeNode treeNode = (DefaultMutableTreeNode) tree.getLastSelectedPathComponent(); if (treeNode.isLeaf()) { TrustService trustService = (TrustService) treeNode.getUserObject(); this.serviceName.setText(trustService.getName()); this.serviceType.setText(trustService.getType() .substring(trustService.getType().indexOf("Svctype/") + "Svctype/".length())); this.serviceStatus.setText(trustService.getStatus() .substring(trustService.getStatus().indexOf("Svcstatus/") + "Svcstatus/".length())); X509Certificate certificate = trustService.getServiceDigitalIdentity(); byte[] encodedCertificate; try {/*from w w w . java 2 s . c om*/ encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("cert: " + e.getMessage(), e); } String sha1Thumbprint = DigestUtils.shaHex(encodedCertificate); this.serviceSha1Thumbprint.setText(sha1Thumbprint); String sha256Thumbprint = DigestUtils.sha256Hex(encodedCertificate); this.serviceSha256Thumbprint.setText(sha256Thumbprint); this.validityBegin.setText(certificate.getNotBefore().toString()); this.validityEnd.setText(certificate.getNotAfter().toString()); } else { this.serviceName.setText(""); this.serviceType.setText(""); this.serviceStatus.setText(""); this.serviceSha1Thumbprint.setText(""); this.serviceSha256Thumbprint.setText(""); this.validityBegin.setText(""); this.validityEnd.setText(""); } }
From source file:be.fedict.eid.idp.webapp.ProtocolExitServlet.java
private Map<String, Attribute> getAttributes(String userId, Identity identity, Address address, X509Certificate authnCertificate, byte[] photo) { Map<String, Attribute> attributes = new HashMap<String, Attribute>(); String givenName;//from w w w .j a va2s . co m String surName; if (null != identity) { givenName = identity.getFirstName(); surName = identity.getName(); } else { givenName = getGivenName(authnCertificate); surName = getSurName(authnCertificate); } attributes.put(DefaultAttribute.LAST_NAME.getUri(), getAttribute(DefaultAttribute.LAST_NAME, surName)); attributes.put(DefaultAttribute.FIRST_NAME.getUri(), getAttribute(DefaultAttribute.FIRST_NAME, givenName)); attributes.put(DefaultAttribute.NAME.getUri(), getAttribute(DefaultAttribute.NAME, givenName + " " + surName)); attributes.put(DefaultAttribute.IDENTIFIER.getUri(), getAttribute(DefaultAttribute.IDENTIFIER, userId)); if (null != authnCertificate) { /* * authnCertificate can be null for recent eID cards that can have * no certificates embedded at all. */ try { attributes.put(DefaultAttribute.AUTHN_CERT.getUri(), getAttribute(DefaultAttribute.AUTHN_CERT, authnCertificate.getEncoded())); } catch (CertificateEncodingException e) { throw new RuntimeException("X509 encoding error: " + e.getMessage(), e); } } if (null != address) { attributes.put(DefaultAttribute.ADDRESS.getUri(), getAttribute(DefaultAttribute.ADDRESS, address.getStreetAndNumber())); attributes.put(DefaultAttribute.LOCALITY.getUri(), getAttribute(DefaultAttribute.LOCALITY, address.getMunicipality())); attributes.put(DefaultAttribute.POSTAL_CODE.getUri(), getAttribute(DefaultAttribute.POSTAL_CODE, address.getZip())); } if (null != identity) { attributes.put(DefaultAttribute.GENDER.getUri(), getAttribute(DefaultAttribute.GENDER, IdpUtil.getGenderValue(identity))); attributes.put(DefaultAttribute.DATE_OF_BIRTH.getUri(), getAttribute(DefaultAttribute.DATE_OF_BIRTH, identity.getDateOfBirth())); attributes.put(DefaultAttribute.NATIONALITY.getUri(), getAttribute(DefaultAttribute.NATIONALITY, identity.getNationality())); attributes.put(DefaultAttribute.PLACE_OF_BIRTH.getUri(), getAttribute(DefaultAttribute.PLACE_OF_BIRTH, identity.getPlaceOfBirth())); attributes.put(DefaultAttribute.CARD_NUMBER.getUri(), getAttribute(DefaultAttribute.CARD_NUMBER, identity.cardNumber)); attributes.put(DefaultAttribute.CARD_VALIDITY_BEGIN.getUri(), getAttribute(DefaultAttribute.CARD_VALIDITY_BEGIN, identity.cardValidityDateBegin)); attributes.put(DefaultAttribute.CARD_VALIDITY_END.getUri(), getAttribute(DefaultAttribute.CARD_VALIDITY_END, identity.cardValidityDateEnd)); } if (null != photo) { attributes.put(DefaultAttribute.PHOTO.getUri(), getAttribute(DefaultAttribute.PHOTO, photo)); } return attributes; }
From source file:be.fedict.eid.tsl.TrustService.java
private DigitalIdentityListType createDigitalIdentityList(X509Certificate... certificates) { DigitalIdentityListType digitalIdentityList = this.objectFactory.createDigitalIdentityListType(); List<DigitalIdentityType> digitalIdentities = digitalIdentityList.getDigitalId(); for (X509Certificate certificate : certificates) { DigitalIdentityType digitalIdentity = this.objectFactory.createDigitalIdentityType(); try {//w ww. j a v a2 s.c o m digitalIdentity.setX509Certificate(certificate.getEncoded()); } catch (CertificateEncodingException e) { throw new RuntimeException("X509 encoding error: " + e.getMessage(), e); } digitalIdentities.add(digitalIdentity); } DigitalIdentityType digitalIdentity = this.objectFactory.createDigitalIdentityType(); digitalIdentity.setX509SubjectName(certificates[0].getSubjectX500Principal().getName()); digitalIdentities.add(digitalIdentity); digitalIdentity = this.objectFactory.createDigitalIdentityType(); byte[] skiValue = certificates[0].getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); SubjectKeyIdentifierStructure subjectKeyIdentifierStructure; try { subjectKeyIdentifierStructure = new SubjectKeyIdentifierStructure(skiValue); } catch (IOException e) { throw new RuntimeException("X509 SKI decoding error: " + e.getMessage(), e); } digitalIdentity.setX509SKI(subjectKeyIdentifierStructure.getKeyIdentifier()); digitalIdentities.add(digitalIdentity); return digitalIdentityList; }
From source file:com.codedx.burp.security.InvalidCertificateDialogStrategy.java
@Override public CertificateAcceptance checkAcceptance(Certificate genericCert, CertificateException certError) { if (genericCert instanceof X509Certificate && defaultHostVerifier instanceof DefaultHostnameVerifier) { X509Certificate cert = (X509Certificate) genericCert; DefaultHostnameVerifier verifier = (DefaultHostnameVerifier) defaultHostVerifier; JPanel message = new JPanel(new GridBagLayout()); GridBagConstraints gbc = new GridBagConstraints(); gbc.gridwidth = 2;// www .ja v a 2 s . c om gbc.insets = new Insets(0, 0, 10, 0); gbc.anchor = GridBagConstraints.WEST; message.add( new JLabel("Unable to establish a secure connection because the certificate is not trusted"), gbc); gbc = new GridBagConstraints(); gbc.gridy = 2; gbc.insets = new Insets(2, 0, 2, 0); gbc.anchor = GridBagConstraints.WEST; JLabel issuer = new JLabel("Issuer: "); Font defaultFont = issuer.getFont(); Font bold = new Font(defaultFont.getName(), Font.BOLD, defaultFont.getSize()); issuer.setFont(bold); message.add(issuer, gbc); gbc.gridx = 1; message.add(new JLabel(cert.getIssuerDN().toString()), gbc); try { JLabel fingerprint = new JLabel("Thumbprint: "); fingerprint.setFont(bold); gbc.gridx = 0; gbc.gridy += 1; message.add(fingerprint, gbc); gbc.gridx = 1; message.add(new JLabel(toHexString(getSHA1(cert.getEncoded()), " ")), gbc); } catch (CertificateEncodingException e) { // this shouldn't actually ever happen } try { verifier.verify(host, cert); } catch (SSLException e) { String cn = getCN(cert); JLabel mismatch = new JLabel("Host Mismatch: "); mismatch.setFont(bold); gbc.gridx = 0; gbc.gridy += 1; message.add(mismatch, gbc); String msg; if (cn != null) { msg = String.format("Expected '%s', but the certificate is for '%s'.", host, cn); } else { msg = e.getMessage(); } gbc.gridx = 1; message.add(new JLabel(msg), gbc); } // Open the dialog, and return its result int choice = JOptionPane.showOptionDialog(burpExtender.getUiComponent(), message, dialogTitle, JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.PLAIN_MESSAGE, null, dialogButtons, null); switch (choice) { case (0): return CertificateAcceptance.REJECT; case (1): return CertificateAcceptance.ACCEPT_TEMPORARILY; case (2): return CertificateAcceptance.ACCEPT_PERMANENTLY; } } return CertificateAcceptance.REJECT; }
From source file:eu.europa.ec.markt.dss.signature.xades.XAdESProfileBES.java
/** * Gives back the JAXB CertID data structure. * // w w w . ja va 2 s . c o m * @param certificate * @param xadesObjectFactory * @param xmldsigObjectFactory * @param digestAlgorithm * @return */ private CertIDType getCertID(X509Certificate certificate) { CertIDType certId = xades13ObjectFactory.createCertIDType(); X509IssuerSerialType issuerSerial = getDsObjectFactory().createX509IssuerSerialType(); certId.setIssuerSerial(issuerSerial); String issuerName = certificate.getIssuerX500Principal().toString(); issuerSerial.setX509IssuerName(issuerName); issuerSerial.setX509SerialNumber(certificate.getSerialNumber()); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("certificate encoding error: " + e.getMessage(), e); } DigestAlgAndValueType certDigest = getDigestAlgAndValue(encodedCertificate, DigestAlgorithm.SHA1); certId.setCertDigest(certDigest); return certId; }
From source file:be.fedict.eid.tsl.TrustServiceList.java
public void addXadesBes(XMLSignatureFactory signatureFactory, Document document, String signatureId, X509Certificate signingCertificate, List<Reference> references, List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { LOG.debug("preSign"); // QualifyingProperties QualifyingPropertiesType qualifyingProperties = this.xadesObjectFactory.createQualifyingPropertiesType(); qualifyingProperties.setTarget("#" + signatureId); // SignedProperties SignedPropertiesType signedProperties = this.xadesObjectFactory.createSignedPropertiesType(); String signedPropertiesId = signatureId + "-xades"; signedProperties.setId(signedPropertiesId); qualifyingProperties.setSignedProperties(signedProperties); // SignedSignatureProperties SignedSignaturePropertiesType signedSignatureProperties = this.xadesObjectFactory .createSignedSignaturePropertiesType(); signedProperties.setSignedSignatureProperties(signedSignatureProperties); // SigningTime GregorianCalendar signingTime = new GregorianCalendar(); signingTime.setTimeZone(TimeZone.getTimeZone("Z")); XMLGregorianCalendar xmlSigningTime = this.datatypeFactory.newXMLGregorianCalendar(signingTime); xmlSigningTime.setMillisecond(DatatypeConstants.FIELD_UNDEFINED); signedSignatureProperties.setSigningTime(xmlSigningTime); // SigningCertificate CertIDListType signingCertificates = this.xadesObjectFactory.createCertIDListType(); CertIDType signingCertificateId = this.xadesObjectFactory.createCertIDType(); X509IssuerSerialType issuerSerial = this.xmldsigObjectFactory.createX509IssuerSerialType(); issuerSerial.setX509IssuerName(signingCertificate.getIssuerX500Principal().toString()); issuerSerial.setX509SerialNumber(signingCertificate.getSerialNumber()); signingCertificateId.setIssuerSerial(issuerSerial); DigestAlgAndValueType certDigest = this.xadesObjectFactory.createDigestAlgAndValueType(); DigestMethodType jaxbDigestMethod = this.xmldsigObjectFactory.createDigestMethodType(); jaxbDigestMethod.setAlgorithm(DigestMethod.SHA256); certDigest.setDigestMethod(jaxbDigestMethod); MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); byte[] digestValue; try {/*from w ww . ja v a 2 s. c o m*/ digestValue = messageDigest.digest(signingCertificate.getEncoded()); } catch (CertificateEncodingException e) { throw new RuntimeException("certificate encoding error: " + e.getMessage(), e); } certDigest.setDigestValue(digestValue); signingCertificateId.setCertDigest(certDigest); signingCertificates.getCert().add(signingCertificateId); signedSignatureProperties.setSigningCertificate(signingCertificates); // marshall XAdES QualifyingProperties Node qualifyingPropertiesNode = marshallQualifyingProperties(document, qualifyingProperties); // add XAdES ds:Object List<XMLStructure> xadesObjectContent = new LinkedList<XMLStructure>(); xadesObjectContent.add(new DOMStructure(qualifyingPropertiesNode)); XMLObject xadesObject = signatureFactory.newXMLObject(xadesObjectContent, null, null, null); objects.add(xadesObject); // add XAdES ds:Reference DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA256, null); List<Transform> transforms = new LinkedList<Transform>(); Transform exclusiveTransform = signatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); transforms.add(exclusiveTransform); Reference reference = signatureFactory.newReference("#" + signedPropertiesId, digestMethod, transforms, XADES_TYPE, null); references.add(reference); }