List of usage examples for java.security.cert X509Certificate checkValidity
public abstract void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException;
From source file:ch.truesolutions.payit.https.EasyX509TrustManager.java
public boolean isServerTrusted(X509Certificate[] certificates) { if ((certificates != null) && LOG.isDebugEnabled()) { LOG.debug("Server certificate chain:"); for (int i = 0; i < certificates.length; i++) { LOG.debug("X509Certificate[" + i + "]=" + certificates[i]); // DS validate the certificate X509Certificate certificate = certificates[i]; try { certificate.checkValidity(); /*// w ww .j a v a 2s . c om try { if(!keyStore.isCertificateEntry("paynet_"+i)) { LOG.debug("Certificate not in key store! adding it..."); keyStore.setCertificateEntry("paynet_"+i,certificate); } } catch (KeyStoreException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } */ } catch (CertificateException e) { LOG.error(e.toString()); return false; } } return true; } else { return false; } /* if ((certificates != null) && (certificates.length == 1)) { X509Certificate certificate = certificates[0]; try { certificate.checkValidity(); } catch (CertificateException e) { LOG.error(e.toString()); return false; } return true; } else { return this.standardTrustManager.isServerTrusted(certificates); } */ }
From source file:nl.clockwork.mule.ebms.cxf.XMLSecSignatureInInterceptor.java
private boolean verify(KeyStore keyStore, Document document, List<EbMSDataSource> dataSources) throws XMLSignatureException, XMLSecurityException, CertificateExpiredException, CertificateNotYetValidException, KeyStoreException { NodeList nodeList = document.getElementsByTagNameNS(org.apache.xml.security.utils.Constants.SignatureSpecNS, org.apache.xml.security.utils.Constants._TAG_SIGNATURE); if (nodeList.getLength() > 0) { XMLSignature signature = new XMLSignature((Element) nodeList.item(0), org.apache.xml.security.utils.Constants.SignatureSpecNS); EbMSDataSourceResolver resolver = new EbMSDataSourceResolver(dataSources); signature.addResourceResolver(resolver); X509Certificate certificate = signature.getKeyInfo().getX509Certificate(); if (certificate != null) { certificate.checkValidity(); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { try { Certificate c = keyStore.getCertificate(aliases.nextElement()); certificate.verify(c.getPublicKey()); return signature.checkSignatureValue(certificate); } catch (KeyStoreException e) { throw e; } catch (Exception e) { }// w ww . j av a 2 s . c om } } else { PublicKey publicKey = signature.getKeyInfo().getPublicKey(); if (publicKey != null) return signature.checkSignatureValue(publicKey); } return false; } return true; }
From source file:be.e_contract.mycarenet.etee.EncryptionToken.java
/** * RFC 3820//from www . j a v a 2 s. c o m * * @param certificate * @param issuer */ private void verifyProxyCertificate(X509Certificate certificate, X509Certificate issuer) { try { certificate.verify(issuer.getPublicKey()); issuer.checkValidity(); } catch (Exception e) { throw new SecurityException("not a proxy certificate"); } }
From source file:mx.bigdata.cfdi.CFDv3.java
public void verify() throws Exception { String certStr = document.getCertificado(); Base64 b64 = new Base64(); byte[] cbs = b64.decode(certStr); X509Certificate cert = KeyLoader.loadX509Certificate(new ByteArrayInputStream(cbs)); cert.checkValidity(); String sigStr = document.getSello(); byte[] signature = b64.decode(sigStr); byte[] bytes = getOriginalBytes(); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initVerify(cert);/*from w ww . j a v a 2 s.c om*/ sig.update(bytes); boolean bool = sig.verify(signature); if (!bool) { throw new Exception("Invalid signature"); } }
From source file:mx.bigdata.sat.cfd.CFDv2.java
public void sellar(PrivateKey key, X509Certificate cert) throws Exception { cert.checkValidity(); String signature = getSignature(key); document.setSello(signature);//from w w w. j av a 2s . c o m byte[] bytes = cert.getEncoded(); Base64 b64 = new Base64(-1); String certStr = b64.encodeToString(bytes); document.setCertificado(certStr); BigInteger bi = cert.getSerialNumber(); document.setNoCertificado(new String(bi.toByteArray())); }
From source file:org.keycloak.adapters.saml.rotation.SamlDescriptorPublicKeyLocator.java
private synchronized PublicKey refreshCertificateCacheAndGet(String kid) { if (this.descriptorUrl == null) { return null; }// ww w .j ava 2 s .co m this.lastRequestTime = Time.currentTime(); LOG.debugf("Refreshing public key cache from %s", this.descriptorUrl); List<KeyInfo> signingCerts; try { MultivaluedHashMap<String, KeyInfo> certs = HttpAdapterUtils.downloadKeysFromSamlDescriptor(client, this.descriptorUrl); signingCerts = certs.get(KeyTypes.SIGNING.value()); } catch (HttpClientAdapterException ex) { LOG.error("Could not refresh certificates from the server", ex); return null; } if (signingCerts == null) { return null; } LOG.debugf("Certificates retrieved from server, filling public key cache"); // Only clear cache after it is certain that the SAML descriptor has been read successfully this.publicKeyCache.clear(); for (KeyInfo ki : signingCerts) { KeyName keyName = KeyInfoTools.getKeyName(ki); X509Certificate x509certificate = KeyInfoTools.getX509Certificate(ki); try { x509certificate.checkValidity(); } catch (CertificateException ex) { x509certificate = null; } if (x509certificate != null && keyName != null) { LOG.tracef("Registering signing certificate %s", keyName.getName()); this.publicKeyCache.put(keyName.getName(), x509certificate.getPublicKey()); } else { LOG.tracef("Ignoring certificate %s: %s", keyName, x509certificate); } } return (kid == null ? null : this.publicKeyCache.get(kid)); }
From source file:ee.sk.hwcrypto.demo.controller.SigningController.java
@RequestMapping(value = "/identify", method = RequestMethod.POST) public Digest identifyUser(@RequestParam String certificate) { Digest digest = new Digest(); try {// www . j ava 2s . c o m CertificateFactory cf = CertificateFactory.getInstance("X.509"); byte[] bytes = Base64.decode(certificate); InputStream stream = new ByteArrayInputStream(bytes); X509Certificate cert = (X509Certificate) cf.generateCertificate(stream); cert.checkValidity(); digest.setHex(cert.getSubjectDN().getName()); digest.setResult(Result.OK); //TODO create session for user cert.getSubjectDN().getName() return digest; } catch (Exception e) { log.error("Error identify ", e); digest.setResult(Result.ERROR); } return digest; }
From source file:org.apli.modelbeans.facturacion.cfdi.CFDv32.java
@Override public void sellar(PrivateKey key, X509Certificate cert) throws Exception { cert.checkValidity(); String signature = getSignature(key); document.setSello(signature);/*from w w w .j av a 2 s . c om*/ byte[] bytes = cert.getEncoded(); Base64 b64 = new Base64(-1); String certStr = b64.encodeToString(bytes); document.setCertificado(certStr); BigInteger bi = cert.getSerialNumber(); document.setNoCertificado(new String(bi.toByteArray())); }
From source file:com.salesmanager.core.service.common.impl.EasySSLProtocolSocketFactory.java
public void checkServerTrusted(X509Certificate[] certificates, String string) throws CertificateException { if ((certificates != null) && (certificates.length == 1)) { X509Certificate certificate = certificates[0]; try {/*from w w w . j ava 2 s. c om*/ certificate.checkValidity(); } catch (CertificateException e) { e.printStackTrace(); } } else { this.standardTrustManager.checkServerTrusted(certificates, string); } }
From source file:org.opendaylight.aaa.cert.impl.ODLKeyTool.java
private X509Certificate getCertificate(String certificate) { if (certificate.isEmpty()) { return null; }// w w w . jav a2s .c o m if (certificate.contains(KeyStoreConstant.BEGIN_CERTIFICATE)) { final int fIdx = certificate.indexOf(KeyStoreConstant.BEGIN_CERTIFICATE) + KeyStoreConstant.BEGIN_CERTIFICATE.length(); final int sIdx = certificate.indexOf(KeyStoreConstant.END_CERTIFICATE); certificate = certificate.substring(fIdx, sIdx); } final byte[] byteCert = Base64.decodeBase64(certificate); final InputStream inputStreamCert = new ByteArrayInputStream(byteCert); CertificateFactory certFactory; try { certFactory = CertificateFactory.getInstance("X.509"); final X509Certificate newCert = (X509Certificate) certFactory.generateCertificate(inputStreamCert); newCert.checkValidity(); return newCert; } catch (final CertificateException e) { LOG.error("Failed to get certificate {}", e.getMessage()); return null; } }