Example usage for java.security.cert X509Certificate getIssuerUniqueID

List of usage examples for java.security.cert X509Certificate getIssuerUniqueID

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. X509Certificate
  6. getIssuerUniqueID

Introduction

In this page you can find the example usage for java.security.cert X509Certificate getIssuerUniqueID.

Prototype

public abstract boolean[] getIssuerUniqueID();

Source Link

Document

Gets the issuerUniqueID value from the certificate.

Usage

From source file:com.xwiki.authentication.sts.STSTokenValidator.java

/**
  * validateToken(SignableSAMLObject samlToken)
  * Validates Token from SAMLlObject - returns boolen
  * Validates Token - exitracting sertificate from samlToken.
  * And validates it. Returning true or false according on validation results.
  * @param samlToken SignableSAMLObject/*w  w w.j  a v  a 2  s .  co  m*/
  * @return boolean valid => true, not valid => false
  */
private static boolean validateToken(SignableSAMLObject samlToken)
        throws SecurityException, ValidationException, ConfigurationException, UnmarshallingException,
        CertificateException, KeyException {

    // Validate XML structure
    samlToken.validate(true);

    Signature signature = samlToken.getSignature();
    X509Certificate certificate = certFromToken(samlToken);

    // Certificate data
    log.debug("certificate issuerDN: " + certificate.getIssuerDN());
    log.debug("certificate issuerUniqueID: " + certificate.getIssuerUniqueID());
    log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal());
    log.debug("certificate notBefore: " + certificate.getNotBefore());
    log.debug("certificate notAfter: " + certificate.getNotAfter());
    log.debug("certificate serialNumber: " + certificate.getSerialNumber());
    log.debug("certificate sigAlgName: " + certificate.getSigAlgName());
    log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID());
    log.debug("certificate signature: " + new String(certificate.getSignature()));
    log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal().toString());
    log.debug("certificate publicKey: " + certificate.getPublicKey());
    log.debug("certificate subjectDN: " + certificate.getSubjectDN());
    log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID());
    log.debug("certificate version: " + certificate.getVersion());

    BasicX509Credential cred = new BasicX509Credential();
    cred.setEntityCertificate(certificate);

    // Credential data
    cred.setEntityId(entityId);
    log.debug("cred entityId: " + cred.getEntityId());
    log.debug("cred usageType: " + cred.getUsageType());
    log.debug("cred credentalContextSet: " + cred.getCredentalContextSet());
    log.debug("cred hashCode: " + cred.hashCode());
    log.debug("cred privateKey: " + cred.getPrivateKey());
    log.debug("cred publicKey: " + cred.getPublicKey());
    log.debug("cred secretKey: " + cred.getSecretKey());
    log.debug("cred entityCertificateChain: " + cred.getEntityCertificateChain());

    ArrayList<Credential> trustedCredentials = new ArrayList<Credential>();
    trustedCredentials.add(cred);

    CollectionCredentialResolver credResolver = new CollectionCredentialResolver(trustedCredentials);
    KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver();
    ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);

    CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new EntityIDCriteria(entityId));

    Base64 decoder = new Base64();
    // In trace mode write certificate in the file
    if (log.isTraceEnabled()) {
        String certEncoded = new String(decoder.encode(certificate.getEncoded()));
        try {
            FileUtils.writeStringToFile(new File("/tmp/Certificate.cer"),
                    "-----BEGIN CERTIFICATE-----\n" + certEncoded + "\n-----END CERTIFICATE-----");
            log.trace("Certificate file was saved in: /tmp/Certificate.cer");
        } catch (IOException e1) {
            log.error(e1);
        }
    }
    return engine.validate(signature, criteriaSet);
}

From source file:it.cnr.icar.eric.server.security.authentication.AuthenticationServiceImpl.java

/**
 * Compares two certificates. It will compare the issuerUniqueID and
 * subjectUniqueID fields of the certificates. If either certificate does
 * not contain either field, it will return false.
 *//*from ww  w.  ja  va2s.  co  m*/
private boolean certificatesAreSame(X509Certificate cert, X509Certificate oldCert) throws RegistryException {
    boolean[] certIssuerID = cert.getIssuerUniqueID();
    boolean[] oldCertIssuerID = oldCert.getIssuerUniqueID();

    if ((certIssuerID == null) || (oldCertIssuerID == null)
            || (certIssuerID.length != oldCertIssuerID.length)) {
        return false;
    }

    for (int i = 0; i < certIssuerID.length; i++) {
        if (certIssuerID[i] != oldCertIssuerID[i]) {
            return false;
        }
    }

    boolean[] certSubjectID = cert.getSubjectUniqueID();
    boolean[] oldCertSubjectID = oldCert.getSubjectUniqueID();

    if ((certSubjectID == null) || (oldCertSubjectID == null)
            || (certSubjectID.length != oldCertSubjectID.length)) {
        return false;
    }

    for (int i = 0; i < certSubjectID.length; i++) {
        if (certSubjectID[i] != oldCertSubjectID[i]) {
            return false;
        }
    }

    return true;
}