List of usage examples for java.security.cert X509Certificate getIssuerX500Principal
public X500Principal getIssuerX500Principal()
From source file:net.sf.keystore_explorer.crypto.x509.X509CertUtil.java
/** * Is the supplied X.509 certificate self-signed? * * @param cert/*from ww w.java2 s .c om*/ * The certificate * @return True if it is */ public static boolean isCertificateSelfSigned(X509Certificate cert) { return cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal()); }
From source file:net.sf.keystore_explorer.crypto.x509.X509CertUtil.java
/** * For a given X.509 certificate get a representative alias for it in a * KeyStore. For a self-signed certificate this will be the subject's common * name (if any). For a non-self-signed certificate it will be the subject's * common name followed by the issuer's common name in brackets. Aliases * will always be in lower case./*from w w w . j a va2s . co m*/ * * @param cert * The certificate * @return The alias or a blank string if none could be worked out */ public static String getCertificateAlias(X509Certificate cert) { X500Principal subject = cert.getSubjectX500Principal(); X500Principal issuer = cert.getIssuerX500Principal(); String subjectCn = extractCommonName(X500NameUtils.x500PrincipalToX500Name(subject)); String issuerCn = extractCommonName(X500NameUtils.x500PrincipalToX500Name(issuer)); if (subjectCn == null) { return ""; } if (issuerCn == null || subjectCn.equals(issuerCn)) { return subjectCn; } return MessageFormat.format("{0} ({1})", subjectCn, issuerCn); }
From source file:com.xwiki.authentication.sts.STSTokenValidator.java
/** * validateToken(SignableSAMLObject samlToken) * Validates Token from SAMLlObject - returns boolen * Validates Token - exitracting sertificate from samlToken. * And validates it. Returning true or false according on validation results. * @param samlToken SignableSAMLObject// www .j a v a 2 s . c o m * @return boolean valid => true, not valid => false */ private static boolean validateToken(SignableSAMLObject samlToken) throws SecurityException, ValidationException, ConfigurationException, UnmarshallingException, CertificateException, KeyException { // Validate XML structure samlToken.validate(true); Signature signature = samlToken.getSignature(); X509Certificate certificate = certFromToken(samlToken); // Certificate data log.debug("certificate issuerDN: " + certificate.getIssuerDN()); log.debug("certificate issuerUniqueID: " + certificate.getIssuerUniqueID()); log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal()); log.debug("certificate notBefore: " + certificate.getNotBefore()); log.debug("certificate notAfter: " + certificate.getNotAfter()); log.debug("certificate serialNumber: " + certificate.getSerialNumber()); log.debug("certificate sigAlgName: " + certificate.getSigAlgName()); log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID()); log.debug("certificate signature: " + new String(certificate.getSignature())); log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal().toString()); log.debug("certificate publicKey: " + certificate.getPublicKey()); log.debug("certificate subjectDN: " + certificate.getSubjectDN()); log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID()); log.debug("certificate version: " + certificate.getVersion()); BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(certificate); // Credential data cred.setEntityId(entityId); log.debug("cred entityId: " + cred.getEntityId()); log.debug("cred usageType: " + cred.getUsageType()); log.debug("cred credentalContextSet: " + cred.getCredentalContextSet()); log.debug("cred hashCode: " + cred.hashCode()); log.debug("cred privateKey: " + cred.getPrivateKey()); log.debug("cred publicKey: " + cred.getPublicKey()); log.debug("cred secretKey: " + cred.getSecretKey()); log.debug("cred entityCertificateChain: " + cred.getEntityCertificateChain()); ArrayList<Credential> trustedCredentials = new ArrayList<Credential>(); trustedCredentials.add(cred); CollectionCredentialResolver credResolver = new CollectionCredentialResolver(trustedCredentials); KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver(); ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(entityId)); Base64 decoder = new Base64(); // In trace mode write certificate in the file if (log.isTraceEnabled()) { String certEncoded = new String(decoder.encode(certificate.getEncoded())); try { FileUtils.writeStringToFile(new File("/tmp/Certificate.cer"), "-----BEGIN CERTIFICATE-----\n" + certEncoded + "\n-----END CERTIFICATE-----"); log.trace("Certificate file was saved in: /tmp/Certificate.cer"); } catch (IOException e1) { log.error(e1); } } return engine.validate(signature, criteriaSet); }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
/** * This method loads the issuer certificate from the given location (AIA). The certificate must be DER-encoded and may be supplied in binary or * printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN * CERTIFICATE-----, and must be bounded at the end by -----END CERTIFICATE-----. It throws an * <code>DSSException</code> or return <code>null</code> when the certificate cannot be loaded. * * @param cert certificate for which the issuer should be loaded * @param loader the loader to use/* w ww . jav a 2 s.c o m*/ * @return */ public static X509Certificate loadIssuerCertificate(final X509Certificate cert, final HTTPDataLoader loader) { final String url = getAccessLocation(cert, X509ObjectIdentifiers.id_ad_caIssuers); if (url != null) { try { InputStream inputStream = loader.get(url); final X509Certificate issuerCert = (X509Certificate) certificateFactory .generateCertificate(inputStream); if (cert.getIssuerX500Principal().equals(issuerCert.getSubjectX500Principal())) { return cert; } } catch (Exception e) { throw new DSSException("!!! Cannot load the issuer certificate", e); } } return null; }
From source file:mitm.common.security.cms.SignerIdentifierImpl.java
public SignerIdentifierImpl(X509Certificate certificate) throws IOException { this(certificate.getIssuerX500Principal(), certificate.getSerialNumber(), X509CertificateInspector.getSubjectKeyIdentifier(certificate)); }
From source file:net.sf.keystore_explorer.crypto.x509.X509CertUtil.java
private static X509Certificate findIssuedCert(X509Certificate issuerCert, X509Certificate[] certs) { // Find a certificate issued by the supplied certificate based on distiguished name for (int i = 0; i < certs.length; i++) { X509Certificate cert = certs[i]; if (issuerCert.getSubjectX500Principal().equals(cert.getSubjectX500Principal()) && issuerCert.getIssuerX500Principal().equals(cert.getIssuerX500Principal())) { // Checked certificate is issuer - ignore it continue; }/* w ww . jav a 2 s . c o m*/ if (issuerCert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) { return cert; } } return null; }
From source file:org.apigw.authserver.x509.ClientX509PrincipalExtractor.java
@Override public X509ClientPrincipal extractPrincipal(X509Certificate cert) { String subjectDN = cert.getSubjectX500Principal().getName(X500Principal.RFC1779); String issuerDN = cert.getIssuerX500Principal().getName(X500Principal.RFC1779); X509ClientPrincipal x509ClientPrincipal = new X509ClientPrincipal(subjectDN, issuerDN); log.trace("created principal: {}", x509ClientPrincipal); return x509ClientPrincipal; }
From source file:org.jasig.cas.adaptors.x509.authentication.handler.support.ResourceCRLRevocationChecker.java
/** * @see AbstractCRLRevocationChecker#getCRL(X509Certificate) *///from w w w .j ava 2 s . com protected X509CRL getCRL(final X509Certificate cert) { return this.crlIssuerMap.get(cert.getIssuerX500Principal()); }
From source file:org.eclipse.smarthome.io.net.http.internal.ExtensibleTrustManagerImplTest.java
private void mockIssuerForCertificate(X509Certificate certificate, String principal) { when(certificate.getIssuerX500Principal()).thenReturn(new X500Principal(principal)); }
From source file:test.integ.be.e_contract.mycarenet.etk.EtkDepotClientTest.java
@Test public void testClient() throws Exception { EtkDepotClient etkDepotClient = new EtkDepotClient( "https://wwwacc.ehealth.fgov.be/etkdepot_1_0/EtkDepotService"); BeIDCards beIDCards = new BeIDCards(); BeIDCard beIDCard = beIDCards.getOneBeIDCard(); byte[] identityData = beIDCard.readFile(FileType.Identity); Identity identity = TlvParser.parse(identityData, Identity.class); String inss = identity.getNationalNumber(); byte[] etk = etkDepotClient.getEtk("SSIN", inss); assertNotNull(etk);/*from w ww . j a v a2s. com*/ File tmpFile = File.createTempFile("etk-", ".der"); FileUtils.writeByteArrayToFile(tmpFile, etk); LOG.debug("ETK file: " + tmpFile.getAbsolutePath()); EncryptionToken encryptionToken = new EncryptionToken(etk); X509Certificate encryptionCertificate = encryptionToken.getEncryptionCertificate(); LOG.debug("encryption certificate issuer: " + encryptionCertificate.getIssuerX500Principal()); LOG.debug("encryption certificate subject: " + encryptionCertificate.getSubjectX500Principal()); X509Certificate authenticationCertificate = encryptionToken.getAuthenticationCertificate(); LOG.debug("authentication certificate issuer: " + authenticationCertificate.getIssuerX500Principal()); LOG.debug("authentication certificate subject: " + authenticationCertificate.getSubjectX500Principal()); }