List of usage examples for java.security.cert X509Certificate getIssuerDN
public abstract Principal getIssuerDN();
From source file:be.fedict.eidviewer.lib.X509Utilities.java
public static boolean isSelfSigned(X509Certificate certificate) { return certificate.getIssuerDN().equals(certificate.getSubjectDN()); }
From source file:PKCS12Import.java
static void dumpChain(Certificate[] chain) { for (int i = 0; i < chain.length; i++) { Certificate cert = chain[i]; if (cert instanceof X509Certificate) { X509Certificate x509 = (X509Certificate) chain[i]; System.err.println("subject: " + x509.getSubjectDN()); System.err.println("issuer: " + x509.getIssuerDN()); }// ww w . j av a 2 s. c o m } }
From source file:org.openanzo.rdf.utils.KeystoreUtils.java
/** * /*from w ww .j a va 2s .c o m*/ * @param keyStoreFile * @param keystoreType * @param password * @param alias * @param in * @throws AnzoException */ public static void addTrustedCert(String keyStoreFile, String keystoreType, String password, String alias, InputStream in) throws AnzoException { try { CertificateFactory cf = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(in); if (cert.getSubjectDN().equals(cert.getIssuerDN())) { cert.verify(cert.getPublicKey()); } addTrustedCert(keyStoreFile, keystoreType, password, alias, cert); } catch (Exception cce) { throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, cce); } }
From source file:wsattacker.library.signatureFaking.helper.CertificateHandlerTest.java
public static void testCertificateHandler() throws Exception { String certificate = FileReader.readFile(DIR + "/test-cert"); CertificateHandler ch = new CertificateHandler(certificate); ch.createFakedCertificate();//ww w. ja va2 s .c o m X509CertImpl faked = ch.getFakedCertificate(); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate original = (X509Certificate) certFactory .generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(certificate))); assertEquals(faked.getIssuerDN().getName(), original.getIssuerDN().getName()); assertEquals(faked.getSigAlgOID(), original.getSigAlgOID()); assertEquals(faked.getSubjectDN().getName(), original.getSubjectDN().getName()); faked.verify(faked.getPublicKey()); }
From source file:org.wso2.carbon.identity.relyingparty.saml.IssuerCertificateUtil.java
/** * Retrieves the CN of the subject of the given Certificate * /*from ww w . ja v a 2 s . c o m*/ * @param cert * @return */ public static String getCNOfSubject(X509Certificate cert) { String distinguishedName = cert.getIssuerDN().getName(); if (distinguishedName.contains("CN=")) { int beginIndex = distinguishedName.indexOf("CN="); int endIndex = distinguishedName.indexOf(",", beginIndex); return distinguishedName.substring(beginIndex + 3, endIndex).trim(); } return null; }
From source file:org.globus.pkcs11.PKCS11Util.java
/** * Loads a certificate onto the PKCS11 device and labels it with the specified * label//from ww w . j a v a2 s. c om */ public static PKCS11Object instantiateUserCert(X509Certificate userCert, String label, byte[] id) throws CertificateEncodingException { Name issuer = (Name) userCert.getIssuerDN(); Name subject = (Name) userCert.getSubjectDN(); byte[] issuerBytes = issuer.getEncoded(); byte[] subjectBytes = subject.getEncoded(); if (label == null) { label = subject.toString(); } logger.debug("Instantiating user cert with label " + label + " on device"); //X_509 CERTIFICATE int[] certAttributes = { PKCS11Object.CLASS, PKCS11Object.TOKEN, PKCS11Object.LABEL, PKCS11Object.CERTIFICATE_TYPE, PKCS11Object.ID, PKCS11Object.SUBJECT, PKCS11Object.ISSUER, PKCS11Object.SERIAL_NUMBER, PKCS11Object.VALUE }; Object[] certAttrValues = { PKCS11Object.CERTIFICATE, PKCS11Object.TRUE, label, PKCS11Object.X_509, id, subjectBytes, issuerBytes, userCert.getSerialNumber().toByteArray(), userCert.getEncoded() }; return session.createObject(certAttributes, certAttrValues); }
From source file:org.ejbca.extra.db.ExtRAMsgHelper.java
/** * Method used to verify signed data./* w ww . ja v a 2 s . c om*/ * * @param TrustedCACerts a Collection of trusted certificates, should contain the entire chains * @param TrustedCRLs a Collection of trusted CRLS, use null if no CRL check should be used. * @param signedData the data to verify * @param date the date used to check the validity against. * @return a ParsedSignatureResult. */ public static ParsedSignatureResult verifySignature(Collection cACertChain, Collection trustedCRLs, byte[] signedData, Date date) { boolean verifies = false; X509Certificate usercert = null; ParsedSignatureResult retval = new ParsedSignatureResult(false, null, null); byte[] content = null; try { // First verify the signature CMSSignedData sp = new CMSSignedData(signedData); CertStore certs = sp.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = sp.getSignerInfos(); ByteArrayOutputStream baos = new ByteArrayOutputStream(); ((CMSProcessableByteArray) sp.getSignedContent()).write(baos); content = baos.toByteArray(); baos.close(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = certs.getCertificates(signer.getSID()); Iterator certIt = certCollection.iterator(); usercert = (X509Certificate) certIt.next(); boolean validalg = signer.getDigestAlgOID().equals(signAlg); verifies = validalg && signer.verify(usercert.getPublicKey(), "BC"); } // Second validate the certificate X509Certificate rootCert = null; Iterator iter = cACertChain.iterator(); while (iter.hasNext()) { X509Certificate cert = (X509Certificate) iter.next(); if (cert.getIssuerDN().equals(cert.getSubjectDN())) { rootCert = cert; break; } } if (rootCert == null) { throw new CertPathValidatorException("Error Root CA cert not found in cACertChain"); } List list = new ArrayList(); list.add(usercert); list.add(cACertChain); if (trustedCRLs != null) { list.add(trustedCRLs); } CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list); CertStore store = CertStore.getInstance("Collection", ccsp); //validating path List certchain = new ArrayList(); certchain.addAll(cACertChain); certchain.add(usercert); CertPath cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain); Set trust = new HashSet(); trust.add(new TrustAnchor(rootCert, null)); CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC"); PKIXParameters param = new PKIXParameters(trust); param.addCertStore(store); param.setDate(date); if (trustedCRLs == null) { param.setRevocationEnabled(false); } else { param.setRevocationEnabled(true); } cpv.validate(cp, param); retval = new ParsedSignatureResult(verifies, usercert, content); } catch (Exception e) { log.error("Error verifying data : ", e); } return retval; }
From source file:io.hops.hopsworks.util.CertificateHelper.java
private static boolean isCertSigned(File certFile, File intermediateCertFile) throws IllegalStateException { X509Certificate cert = getX509Cert(certFile); X509Certificate caCert = getX509Cert(intermediateCertFile); String intermediateSubjectDN = caCert.getSubjectDN().getName(); String issuerDN = cert.getIssuerDN().getName(); LOG.log(Level.INFO, "sign check: {0} {1}", new Object[] { issuerDN, intermediateSubjectDN }); return issuerDN.equals(intermediateSubjectDN); }
From source file:org.glite.slcs.httpclient.ssl.ExtendedX509TrustManager.java
static private void dumpCertificate(X509Certificate cert) { LOG.debug("Certificate:"); LOG.debug(" Subject: " + cert.getSubjectDN()); LOG.debug(" Issuer: " + cert.getIssuerDN()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Fingerprint: " + getCertificateFingerprint(cert, "MD5")); }
From source file:org.wso2.carbon.identity.relyingparty.saml.IssuerCertificateUtil.java
/** * Performs the black list check//w w w. j a v a 2 s . c o m * * @param blackList Array of Lists. One Array element contains the Issuer's cert DN * @param cert * @return * @throws RelyingPartyException */ public static boolean isBlackListed(List[] blackList, X509Certificate cert) throws RelyingPartyException { if (cert == null) { throw new RelyingPartyException("noCertInToken"); } if (blackList != null && blackList.length > 0) { List certDN = getDNOfIssuer(cert.getIssuerDN().getName()); for (int i = 0; i < blackList.length; i++) { List issuerDN = blackList[i]; if (certDN.equals(issuerDN)) { return true; } } } return false; }