List of usage examples for java.security.cert X509Certificate getIssuerX500Principal
public X500Principal getIssuerX500Principal()
From source file:mitm.common.security.certificate.X509CertificateInspector.java
/** * Returns the issuer DN in a canonical RFC2253 format * @param certificate/* ww w . j a va2s . c om*/ * @return */ public static String getIssuerCanonical(X509Certificate certificate) { return X500PrincipalInspector.getCanonical(certificate.getIssuerX500Principal()); }
From source file:mitm.common.security.certificate.X509CertificateInspector.java
/** * Returns true if the certificate is self signed ie. subject == issuer. *///from w w w.jav a 2 s . c om public static boolean isSelfSigned(X509Certificate certificate) { return certificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal()); }
From source file:ru.codeinside.gws.crypto.cryptopro.SunPkcs7.java
public static Signature fromPkcs7(final byte[] bytes) { final PKCS7 pkcs7; try {/*from w w w . jav a2 s . c o m*/ pkcs7 = new PKCS7(bytes); } catch (ParsingException e) { log.info("fail parse pkcs7: ", e); return new Signature(null, null, null, false); } final AlgorithmId digestAlgorithmId = new AlgorithmId(GOST3411); final AlgorithmId signAlgorithmId = new AlgorithmId(GOST3410); final AlgorithmId[] digestAlgorithmIds = pkcs7.getDigestAlgorithmIds(); if (digestAlgorithmIds == null || digestAlgorithmIds.length == 0) { log.info("no digestAlgorithm in pkcs7"); } else if (!digestAlgorithmIds[0].equals(digestAlgorithmId)) { log.info("no GOST3411 in pkcs7"); } else { final X509Certificate[] certificates = pkcs7.getCertificates(); if (certificates == null || certificates.length == 0) { log.info("no certificate in pkcs7"); } else { final X509Certificate certificate = certificates[0]; final SignerInfo[] signerInfos = pkcs7.getSignerInfos(); if (signerInfos == null || signerInfos.length == 0) { log.info("no signerInfos in pkcs7"); } else { final SignerInfo signerInfo = signerInfos[0]; if (!signerInfo.getIssuerName() .equals(X500Name.asX500Name(certificate.getIssuerX500Principal()))) { log.info("invalid issuerX500Principal in pkcs7"); } else if (!signerInfo.getDigestAlgorithmId().equals(digestAlgorithmId)) { log.info("no GOST3411 in pkcs7"); } else if (!signerInfo.getDigestEncryptionAlgorithmId().equals(signAlgorithmId)) { log.info("no GOST3410 in pkcs7"); } else if (!signerInfo.getCertificateSerialNumber().equals(certificate.getSerialNumber())) { log.info("invalid certificate serial number in pkcs7"); } else { return new Signature(certificate, null, signerInfo.getEncryptedDigest(), true); } } } } return new Signature(null, null, null, false); }
From source file:ee.ria.xroad.signer.certmanager.OcspClient.java
static OCSPResp fetchResponse(String responderURI, X509Certificate subject, X509Certificate issuer, PrivateKey signerKey, X509Certificate signer, String signAlgoId) throws Exception { HttpURLConnection connection = createConnection(responderURI); OCSPReq ocspRequest = createRequest(subject, issuer, signerKey, signer, signAlgoId); log.debug("Fetching certificate '{}' status from responder: {}", subject.getIssuerX500Principal(), connection.getURL());/*from ww w . ja va2 s .c o m*/ sendRequest(connection, ocspRequest); verifyResponseCode(connection); byte[] responseData = getResponseData(connection); OCSPResp response = parseResponse(responseData); verifyResponse(response); return response; }
From source file:eu.europa.ejusticeportal.dss.applet.model.token.CertificateDisplayUtils.java
/** * Get the information from the certificate to allow it to be displayed in human readable form. * /*ww w . j ava 2 s . c o m*/ * @param keyEntry the DSSPrivateKeyEntry * @return the CertificateDisplayName */ public static CertificateDisplayDetails getDisplayDetails(DSSPrivateKeyEntry keyEntry, CardProfile cp) { final X509Certificate cert = (X509Certificate) keyEntry.getCertificate(); String subjectDN = cert.getSubjectDN().getName(); Map<String, String> parts = parseLdapName(subjectDN); if (parts.get("CN") != null) { subjectDN = parts.get("CN"); } String issuerDN = cert.getIssuerX500Principal() == null ? "" : cert.getIssuerX500Principal().getName(); parts = parseLdapName(issuerDN); String issuerCountry = parts.get("C") == null ? "" : parts.get("C"); String issuerName = parts.get("CN") == null ? "" : parts.get("CN"); if (parts.get("O") != null) { issuerName += ", " + parts.get("O"); } String serialNumber = formatSerialNumber(cert.getSerialNumber()); CertificateDisplayDetails cdd = new CertificateDisplayDetails(subjectDN, issuerName, issuerCountry, serialNumber, digest(cert), qualified(cert), sscd(cert), cert.getKeyUsage(), cert, cp, extensions(cert)); //check the expiration/start date valid(cdd); cdd.setSummaryInfo(summaryInfo(subjectDN, issuerName, issuerCountry, serialNumber, cdd.getStartDate(), cdd.getExpirationDate())); return cdd; }
From source file:org.opensc.pkcs11.spi.PKCS11KeyStoreSpi.java
private static boolean isRootCA(X509Certificate cert) throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException { if (!cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) return false; cert.verify(cert.getPublicKey());/*from w w w .j a v a 2 s. c o m*/ return true; }
From source file:org.sandrob.android.net.http.HttpsConnection.java
private static String getCertificateAlias(X509Certificate cert) { X500Principal subject = cert.getSubjectX500Principal(); X500Principal issuer = cert.getIssuerX500Principal(); String sSubjectCN = getCommonName(subject); // Could not get a subject CN - return blank if (sSubjectCN == null) { return ""; }/* ww w .ja v a 2 s. c o m*/ String sIssuerCN = getCommonName(issuer); // Self-signed certificate or could not get an issuer CN if (subject.equals(issuer) || sIssuerCN == null) { // Alias is the subject CN return sSubjectCN; } // else non-self-signed certificate // Alias is the subject CN followed by the issuer CN in parenthesis return MessageFormat.format("{0} ({1})", sSubjectCN, sIssuerCN); }
From source file:wptools.cmds.DumpCerts.java
private static void dumpCert(X509Certificate cert) { System.out.println("Serial No.: " + formatFing(cert.getSerialNumber().toByteArray())); try {//from w ww . j a v a 2 s. c om for (String ftype : FTYPES) { MessageDigest md = MessageDigest.getInstance(ftype); md.reset(); System.out.format("%s: %s%n", ftype, formatFing(md.digest(cert.getEncoded()))); } } catch (NoSuchAlgorithmException | CertificateException e) { Misc.die(e.getMessage()); } System.out.println("Issued To: " + cert.getSubjectX500Principal()); System.out.println("Issued By: " + cert.getIssuerX500Principal()); System.out.format("Valid: from %tFT%<tT%<tz to %tFT%<tT%<tz%n%n", cert.getNotBefore(), cert.getNotAfter()); }
From source file:be.fedict.eid.dss.spi.utils.XAdESUtils.java
public static void verifyTimeStampTokenSignature(TimeStampToken timeStampToken) throws XAdESValidationException { try {/*ww w . j av a 2s . c o m*/ SignerId signerId = timeStampToken.getSID(); BigInteger signerCertSerialNumber = signerId.getSerialNumber(); //X500Principal signerCertIssuer = signerId.getIssuer(); X500Principal signerCertIssuer = new X500Principal(signerId.getIssuer().getEncoded()); CertStore certStore = timeStampToken.getCertificatesAndCRLs("Collection", BouncyCastleProvider.PROVIDER_NAME); Collection<? extends Certificate> certificates = certStore.getCertificates(null); X509Certificate tsaCertificate = null; for (Certificate certificate : certificates) { X509Certificate x509Certificate = (X509Certificate) certificate; if (signerCertIssuer.equals(x509Certificate.getIssuerX500Principal()) && signerCertSerialNumber.equals(x509Certificate.getSerialNumber())) { tsaCertificate = x509Certificate; break; } } if (null == tsaCertificate) { throw new XAdESValidationException("TSA certificate not present in TST"); } timeStampToken.validate(tsaCertificate, BouncyCastleProvider.PROVIDER_NAME); } catch (Exception e) { throw new XAdESValidationException(e); } }
From source file:test.integ.be.fedict.trust.util.TestUtils.java
public static List<X509Certificate> getNationalRegistryCertificateChain() throws Exception { Messages messages = new Messages(Locale.getDefault()); View view = new LogTestView(LOG); PcscEid pcscEid = new PcscEid(view, messages); if (!pcscEid.isEidPresent()) { LOG.debug("insert eID card..."); pcscEid.waitForEidPresent();//w w w . j a v a 2 s . c o m } CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); List<X509Certificate> nrCertificateChain = new LinkedList<X509Certificate>(); try { byte[] nrCertData = pcscEid.readFile(PcscEid.RRN_CERT_FILE_ID); X509Certificate nrCert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(nrCertData)); nrCertificateChain.add(nrCert); LOG.debug("national registry certificate issuer: " + nrCert.getIssuerX500Principal()); byte[] rootCaCertData = pcscEid.readFile(PcscEid.ROOT_CERT_FILE_ID); X509Certificate rootCaCert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(rootCaCertData)); nrCertificateChain.add(rootCaCert); } finally { pcscEid.close(); } return nrCertificateChain; }