List of usage examples for java.security.cert CertificateFactory getInstance
public static final CertificateFactory getInstance(String type) throws CertificateException
From source file:eu.eidas.auth.engine.EIDASSAMLEngine.java
/** * Gets the alias from X.509 Certificate at keystore. * //from w ww . j ava 2 s. co m * @param keyInfo the key info * @param ownKeyStore * @param ownKeyStore * * @return the alias */ private String getAlias(final KeyInfo keyInfo, KeyStore ownKeyStore) { LOG.trace("Recover alias information"); String alias = null; try { final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo.getX509Datas().get(0) .getX509Certificates().get(0); // Transform the KeyInfo to X509Certificate. CertificateFactory certFact; certFact = CertificateFactory.getInstance("X.509"); final ByteArrayInputStream bis = new ByteArrayInputStream(Base64.decode(xmlCert.getValue())); final X509Certificate cert = (X509Certificate) certFact.generateCertificate(bis); final String tokenSerialNumber = cert.getSerialNumber().toString(HEXA); final X500Name tokenIssuerDN = new X500Name(cert.getIssuerDN().getName()); String aliasCert; X509Certificate certificate; boolean find = false; for (final Enumeration<String> e = ownKeyStore.aliases(); e.hasMoreElements() && !find;) { aliasCert = e.nextElement(); certificate = (X509Certificate) ownKeyStore.getCertificate(aliasCert); final String serialNum = certificate.getSerialNumber().toString(HEXA); X500Name issuerDN = new X500Name(certificate.getIssuerDN().getName()); if (serialNum.equalsIgnoreCase(tokenSerialNumber) && X500PrincipalUtil.principalEquals(issuerDN, tokenIssuerDN)) { alias = aliasCert; find = true; } } } catch (KeyStoreException e) { LOG.info(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getAlias from certificate associated into the signing keystore: {}", e.getMessage()); LOG.debug(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getAlias from certificate associated into the signing keystore: {}", e); } catch (CertificateException e) { LOG.info(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getAlias from certificate associated into the signing keystore: {}", e.getMessage()); LOG.debug(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getAlias from certificate associated into the signing keystore: {}", e); } catch (RuntimeException e) { LOG.info(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getAlias from certificate associated into the signing keystore: {}", e.getMessage()); LOG.debug(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getAlias from certificate associated into the signing keystore: {}", e); } return alias; }
From source file:io.swagger.client.ApiClient.java
/** * Apply SSL related settings to httpClient according to the current values of * verifyingSsl and sslCaCert.//from w w w . j a va 2 s . com */ private void applySslSettings() { try { KeyManager[] keyManagers = null; TrustManager[] trustManagers = null; HostnameVerifier hostnameVerifier = null; if (!verifyingSsl) { TrustManager trustAll = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; SSLContext sslContext = SSLContext.getInstance("TLS"); trustManagers = new TrustManager[] { trustAll }; hostnameVerifier = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }; } else if (sslCaCert != null) { char[] password = null; // Any password will work. CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(sslCaCert); if (certificates.isEmpty()) { throw new IllegalArgumentException("expected non-empty set of trusted certificates"); } KeyStore caKeyStore = newEmptyKeyStore(password); int index = 0; for (Certificate certificate : certificates) { String certificateAlias = "ca" + Integer.toString(index++); caKeyStore.setCertificateEntry(certificateAlias, certificate); } TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(caKeyStore); trustManagers = trustManagerFactory.getTrustManagers(); } if (keyManagers != null || trustManagers != null) { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers, trustManagers, new SecureRandom()); httpClient.setSslSocketFactory(sslContext.getSocketFactory()); } else { httpClient.setSslSocketFactory(null); } httpClient.setHostnameVerifier(hostnameVerifier); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } }
From source file:eu.eidas.auth.engine.EIDASSAMLEngine.java
/** * Gets the country from X.509 Certificate. * /*from w w w . j av a 2s . c o m*/ * @param keyInfo the key info * * @return the country */ private String getCountry(final KeyInfo keyInfo) { LOG.trace("Recover country information."); String result = ""; try { final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo.getX509Datas().get(0) .getX509Certificates().get(0); // Transform the KeyInfo to X509Certificate. CertificateFactory certFact; certFact = CertificateFactory.getInstance("X.509"); final ByteArrayInputStream bis = new ByteArrayInputStream(Base64.decode(xmlCert.getValue())); final X509Certificate cert = (X509Certificate) certFact.generateCertificate(bis); String distName = cert.getSubjectDN().toString(); distName = StringUtils.deleteWhitespace(StringUtils.upperCase(distName)); final String countryCode = "C="; final int init = distName.indexOf(countryCode); if (init > StringUtils.INDEX_NOT_FOUND) { // Exist country code. int end = distName.indexOf(',', init); if (end <= StringUtils.INDEX_NOT_FOUND) { end = distName.length(); } if (init < end && end > StringUtils.INDEX_NOT_FOUND) { result = distName.substring(init + countryCode.length(), end); //It must be a two characters value if (result.length() > 2) { result = result.substring(0, 2); } } } } catch (CertificateException e) { LOG.info(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getCountry from certificate. {}", e.getMessage()); LOG.debug(SAML_EXCHANGE, "BUSINESS EXCEPTION : Procces getCountry from certificate. {}", e); } return result.trim(); }
From source file:com.microsoft.azure.keyvault.test.CertificateOperationsTest.java
/** * Extracts certificates from PEM contents * /*w ww.j a va 2 s. co m*/ * @throws CertificateException * @throws IOException */ private static List<X509Certificate> extractCertificatesFromPemContents(String pemContents) throws CertificateException, IOException { Matcher matcher = _certificate.matcher(pemContents); if (!matcher.find()) { throw new IllegalArgumentException("No certificate found in PEM contents."); } List<X509Certificate> result = new ArrayList<X509Certificate>(); int offset = 0; while (true) { if (!matcher.find(offset)) { break; } byte[] certBytes = _base64.decode(matcher.group(1)); ByteArrayInputStream certStream = new ByteArrayInputStream(certBytes); CertificateFactory certificateFactory = CertificateFactory.getInstance(X509); X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(certStream); certStream.close(); result.add(x509Certificate); offset = matcher.end(); } return result; }
From source file:com.microsoft.azure.keyvault.test.CertificateOperationsTest.java
private X509Certificate loadCerToX509Certificate(CertificateBundle certificateBundle) throws CertificateException, IOException { Assert.assertNotNull(certificateBundle.cer()); ByteArrayInputStream cerStream = new ByteArrayInputStream(certificateBundle.cer()); CertificateFactory certificateFactory = CertificateFactory.getInstance(X509); X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(cerStream); cerStream.close();// w w w. ja v a2 s.co m return x509Certificate; }
From source file:ee.sk.digidoc.SignedDoc.java
/** * Reads X509 certificate from a data stream * @param data input data in Base64 form * @return X509Certificate object//from w w w .j a v a 2 s . c o m * @throws EFormException for all errors */ public static X509Certificate readCertificate(byte[] data) throws DigiDocException { X509Certificate cert = null; try { ByteArrayInputStream certStream = new ByteArrayInputStream(data); CertificateFactory cf = CertificateFactory.getInstance("X.509"); cert = (X509Certificate) cf.generateCertificate(certStream); certStream.close(); } catch (Exception ex) { m_logger.error("Error reading certificate: " + ex); //DigiDocException.handleException(ex, DigiDocException.ERR_READ_CERT); return null; } return cert; }
From source file:ee.sk.digidoc.SignedDoc.java
/** * Reads the cert from a file//from ww w .j av a 2 s .c o m * @param certFile certificates file name * @return certificate object */ public static X509Certificate readCertificate(File certFile) throws DigiDocException { X509Certificate cert = null; try { FileInputStream fis = new FileInputStream(certFile); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); cert = (X509Certificate) certificateFactory.generateCertificate(fis); fis.close(); //byte[] data = readFile(certFile); //cert = readCertificate(data); } catch (Exception ex) { DigiDocException.handleException(ex, DigiDocException.ERR_READ_FILE); } return cert; }
From source file:ee.signwise.sdk.service.SignWiseConnection.java
/** * Reads certificate from stream (FileInputStream or other stream) * @param isCert certificate input stream * @return parsed certificate/*from www .j ava 2 s . com*/ * @throws CertificateException * @throws IOException */ public X509Certificate readCertFromStream(InputStream isCert) throws CertificateException { X509Certificate cert = null; try { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); cert = (X509Certificate) certificateFactory.generateCertificate(isCert); } catch (CertificateException ex) { throw ex; } return cert; }
From source file:ee.sk.digidoc.SignedDoc.java
/** * Reads the cert from a file, URL or from another * location somewhere in the CLASSPATH such as * in the librarys jar file.//from ww w. j av a 2s . co m * @param certLocation certificates file name, * or URL. You can use url in form jar://<location> to read * a certificate from the car file or some other location in the * CLASSPATH * @return certificate object */ public static X509Certificate readCertificate(String certLocation) throws DigiDocException { X509Certificate cert = null; InputStream isCert = null; try { URL url = null; if (certLocation.startsWith("http")) { url = new URL(certLocation); isCert = url.openStream(); } else if (certLocation.startsWith("jar://")) { ClassLoader cl = ConfigManager.instance().getClass().getClassLoader(); isCert = cl.getResourceAsStream(certLocation.substring(6)); } else { isCert = new FileInputStream(certLocation); } CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); cert = (X509Certificate) certificateFactory.generateCertificate(isCert); isCert.close(); isCert = null; } catch (Exception ex) { DigiDocException.handleException(ex, DigiDocException.ERR_READ_FILE); } finally { if (isCert != null) { try { isCert.close(); } catch (Exception ex2) { m_logger.error("Error closing streams: " + ex2); } } } return cert; }
From source file:com.verisign.epp.codec.launch.EPPLaunchTst.java
/** * Loads the trust store file and the Certificate Revocation List (CRL) file * into the <code>PKIXParameters</code> used to verify the certificate chain * and verify the certificate against the CRL. Both the Java Trust Store is * loaded with the trusted root CA certificates (trust anchors) and the CRL * file is attempted to be loaded to identify the revoked certificates. If * the CRL file is not found, then no CRL checking will be done. * //www . j a va 2s .c o m * @param aTrustStoreName * Trust store file name * @param aCrls * List of Certificate Revocation List (CRL) file names * * @return Initialized <code>PKIXParameters</code> instance. * * @throws Exception * Error initializing the PKIX parameters */ public static PKIXParameters loadPKIXParameters(String aTrustStoreName, List<String> aCrls) throws Exception { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream trustStoreFile = new FileInputStream(aTrustStoreName); trustStore.load(trustStoreFile, null); PKIXParameters pkixParameters = new PKIXParameters(trustStore); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); Collection crlContentsList = new ArrayList(); for (String currCrl : aCrls) { File crlFile = new File(currCrl); if (crlFile.exists()) { InputStream inStream = null; try { inStream = new FileInputStream(currCrl); crlContentsList.add(certFactory.generateCRL(inStream)); } finally { if (inStream != null) { inStream.close(); } } } else { System.err.println("CRL file \"" + currCrl + "\" NOT found."); } } // At least 1 CRL was loaded if (crlContentsList.size() != 0) { List<CertStore> certStores = new ArrayList<CertStore>(); certStores.add(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlContentsList))); pkixParameters.setCertStores(certStores); pkixParameters.setRevocationEnabled(true); System.out.println("Revocation enabled"); } else { pkixParameters.setRevocationEnabled(false); System.out.println("Revocation disabled."); } return pkixParameters; }