List of usage examples for java.security.cert X509Certificate getIssuerDN
public abstract Principal getIssuerDN();
From source file:org.ovirt.engine.core.utils.ssl.AuthSSLX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String authType) */// ww w .j av a 2s . com public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isDebugEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.debug(" Server certificate " + (c + 1) + ":"); LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkServerTrusted(certificates, authType); }
From source file:com.ab.http.AuthSSLX509TrustManager.java
/*** * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String * authType)//w ww. j a va2 s .c o m */ public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; Log.i(TAG, " Client certificate " + (c + 1) + ":"); Log.i(TAG, " Subject DN: " + cert.getSubjectDN()); Log.i(TAG, " Signature Algorithm: " + cert.getSigAlgName()); Log.i(TAG, " Valid from: " + cert.getNotBefore()); Log.i(TAG, " Valid until: " + cert.getNotAfter()); Log.i(TAG, " Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkClientTrusted(certificates, authType); }
From source file:com.ab.http.AuthSSLX509TrustManager.java
/*** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String * authType)/*from ww w. j a v a2 s . c om*/ */ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; Log.i(TAG, " Server certificate " + (c + 1) + ":"); Log.i(TAG, " Subject DN: " + cert.getSubjectDN()); Log.i(TAG, " Signature Algorithm: " + cert.getSigAlgName()); Log.i(TAG, " Valid from: " + cert.getNotBefore()); Log.i(TAG, " Valid until: " + cert.getNotAfter()); Log.i(TAG, " Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkServerTrusted(certificates, authType); }
From source file:org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler.java
protected final boolean doAuthentication(final Credentials credentials) throws AuthenticationException { final X509CertificateCredentials x509Credentials = (X509CertificateCredentials) credentials; final X509Certificate[] certificates = x509Credentials.getCertificates(); /*// w w w . j a v a 2 s. c om * the certificate that was fully authenticated succesfully will be set * as the user credentials for CAS last certificate that can be set is * the end-user certificate */ X509Certificate certificateCredentialsCandidate = null; // flag to check whether a trusted issuer is in the certificate chain boolean hasTrustedIssuerInChain = false; /* * reverse transversal of certificates (should be from root to end-user * cert) */ for (int i = (certificates.length - 1); i >= 0; i--) { final X509Certificate certificate = certificates[i]; try { final Principal issuerPrincipal = certificate.getIssuerDN(); // flag that is set when this cert is an end user cert (no CA // cert) boolean isEndUserCertificate = false; if (log.isDebugEnabled()) { log.debug("--examining cert[" + certificate.getSerialNumber().toString() + "] " + certificate.getSubjectDN() + "\"" + " from issuer \"" + issuerPrincipal.getName() + "\""); } // check basic validity of the current certificate certificate.checkValidity(); log.debug("certificate is valid"); // initial check for trusted issuer in certificate chain // final check is done outside for loop if (isCertificateFromTrustedIssuer(issuerPrincipal)) { hasTrustedIssuerInChain = true; log.debug("certificate was issued by trusted issuer"); } // getBasicConstraints returns pathLenContraint which is // >=0 when this is a CA cert and -1 when it's not int pathLength = certificate.getBasicConstraints(); if (pathLength != -1) { log.debug("this is a CA certificate"); // check pathLength when CA cert //if unlimited/unspecified and unlimited/unspecified not allowed: warn+stop if (pathLength == Integer.MAX_VALUE && this.maxPathLength_allowUnspecified != true) { if (log.isWarnEnabled()) { log.warn("authentication failed; cert pathLength not specified" + " and unlimited/unspecified not allowed by config [see maxPathLength_allow_unlimited]"); } return false; //else if more than allowed length but not unlimited/unspecified: warn+stop } else if (pathLength > this.maxPathLength && pathLength < Integer.MAX_VALUE) { if (log.isWarnEnabled()) { log.warn("authentication failed; cert pathLength [" + pathLength + "] is more than allowed by config [" + this.maxPathLength + "]"); } return false; } } else { isEndUserCertificate = true; log.debug("this is an end-user certificate"); } /* * set this certificate as the user credentials if there is an * issuer in the cert (always so if valid cert) and this is an * end-user or CA certificate (so not a CA cert) and optional * KeyUsage check */ if (issuerPrincipal != null && isEndUserCertificate && this.doesCertificateSubjectDnMatchPattern(certificate.getSubjectDN()) && (!this.checkKeyUsage || (this.checkKeyUsage && this.doesCertificateKeyUsageMatch(certificate)))) { if (log.isDebugEnabled()) { log.debug("cert[" + certificate.getSerialNumber().toString() + "] ok, setting as credentials candidate"); } certificateCredentialsCandidate = certificate; } } catch (final CertificateExpiredException e) { log.warn("authentication failed; certficiate expired [" + certificate.toString() + "]"); certificateCredentialsCandidate = null; } catch (final CertificateNotYetValidException e) { log.warn("authentication failed; certficate not yet valid [" + certificate.toString() + "]"); certificateCredentialsCandidate = null; } } // check whether one of the certificates in the chain was // from the trusted issuer; else => fail auth if (certificateCredentialsCandidate != null && hasTrustedIssuerInChain) { if (log.isInfoEnabled()) { log.info("authentication OK; SSL client authentication data meets criteria for cert[" + certificateCredentialsCandidate.getSerialNumber().toString() + "]"); } x509Credentials.setCertificate(certificateCredentialsCandidate); return true; } if (log.isInfoEnabled()) { if (!hasTrustedIssuerInChain) { log.info("client cert did not have trusted issuer pattern \"" + this.regExTrustedIssuerDnPattern.pattern() + "\" in chain; authentication failed"); } else { log.info("authentication failed; SSL client authentication data doesn't meet criteria"); } } return false; }
From source file:gov.va.med.imaging.proxy.ssl.AuthSSLX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType) *///from w w w . j a v a 2s . co m public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isInfoEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.debug(" Client certificate " + (c + 1) + ":"); LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkClientTrusted(certificates, authType); }
From source file:gov.va.med.imaging.proxy.ssl.AuthSSLX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) *//*ww w . j a v a 2 s . c o m*/ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isInfoEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.debug(" Server certificate " + (c + 1) + ":"); LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkServerTrusted(certificates, authType); }
From source file:edu.vt.middleware.crypt.KeyStoreCli.java
/** * Prints a string representation of the given certificate to STDOUT. For an * X.509 certificate, prints important fields. * * @param cert Certificate to print./* ww w. ja v a2 s .co m*/ * * @throws Exception On print errors. */ protected void printCertificate(final Certificate cert) throws Exception { if (cert instanceof X509Certificate) { final X509Certificate xCert = (X509Certificate) cert; final byte[] encodedCert = xCert.getEncoded(); System.out.println("Subject: " + xCert.getSubjectDN()); System.out.println("Issuer: " + xCert.getIssuerDN()); System.out.println("Serial: " + hexConv.fromBytes(xCert.getSerialNumber().toByteArray())); System.out.println("Valid not before: " + xCert.getNotBefore()); System.out.println("Valid not after: " + xCert.getNotAfter()); System.out.println("MD5 fingerprint: " + md5.digest(encodedCert, hexConv)); System.out.println("SHA1 fingerprint: " + sha1.digest(encodedCert, hexConv)); } else { System.out.println(cert); } }
From source file:com.thoughtworks.go.security.SelfSignedCertificateX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType) *//*from w w w. j ava2 s . c om*/ public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isDebugEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Client certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkClientTrusted(certificates, authType); }
From source file:com.mgmtp.perfload.core.client.web.ssl.LtSSLSocketFactory.java
private void logCertificate(final X509Certificate cert) { log.debug(" Subject DN: {}", cert.getSubjectDN()); log.debug(" Signature algorithm name: {}", cert.getSigAlgName()); log.debug(" Valid from: {}", cert.getNotBefore()); log.debug(" Valid until: {}", cert.getNotAfter()); log.debug(" Issuer DN: {}", cert.getIssuerDN()); }
From source file:com.thoughtworks.go.security.AuthSSLKeyManagerFactory.java
private void logKeyStore(KeyStore store) throws KeyStoreException { LOG.trace("Certificates count: " + store.size()); Enumeration aliases = store.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); Certificate[] certs = store.getCertificateChain(alias); if (certs != null) { LOG.debug("Certificate chain '" + alias + "':"); for (int c = 0; c < certs.length; c++) { if (certs[c] instanceof X509Certificate) { X509Certificate cert = (X509Certificate) certs[c]; LOG.trace(" Certificate " + (c + 1) + ":"); LOG.trace(" Subject DN: " + cert.getSubjectDN()); LOG.trace(" Signature Algorithm: " + cert.getSigAlgName()); LOG.trace(" Valid from: " + cert.getNotBefore()); LOG.trace(" Valid until: " + cert.getNotAfter()); LOG.trace(" Issuer: " + cert.getIssuerDN()); }/*from w w w . jav a 2 s .co m*/ } } } }