List of usage examples for java.security.cert X509Certificate getIssuerX500Principal
public X500Principal getIssuerX500Principal()
From source file:com.archivas.clienttools.arcutils.utils.net.SSLCertChain.java
public Map<String, String> getIssuedByDNInfo() { X509Certificate cert = getCertificateList().get(0); return getDNInfo(cert.getIssuerX500Principal()); }
From source file:edu.vt.middleware.crypt.x509.LDAPv3DNFormatterTest.java
/** * @param certFile File containing X.509 certificate data. * @param expectedSubjectDn Expected certficate subject DN. * @param expectedIssuerDn Expected certficate issuer DN. * * @throws Exception On test failure.//from w w w .java 2 s . c o m */ @Test(groups = { "functest", "x509" }, dataProvider = "certdata") public void testFormat(final File certFile, final String expectedSubjectDn, final String expectedIssuerDn) throws Exception { logger.info("Testing formatting subject and issuer DNs of " + certFile); final X509Certificate cert = (X509Certificate) CryptReader.readCertificate(certFile); final LDAPv3DNFormatter formatter = new LDAPv3DNFormatter(); AssertJUnit.assertEquals(expectedSubjectDn, formatter.format(cert.getSubjectX500Principal())); AssertJUnit.assertEquals(expectedIssuerDn, formatter.format(cert.getIssuerX500Principal())); }
From source file:test.unit.be.fedict.eid.tsl.FingerprintTest.java
@Test public void testNewCertipostCAs() throws Exception { X509Certificate caQS_VG = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - VG root signed.cer"); assertNotNull(caQS_VG);/*from w w w. ja va 2 s . c om*/ LOG.debug("CA subject: " + caQS_VG.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_VG.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_VG.getNotBefore()); LOG.debug("CA not after: " + caQS_VG.getNotAfter()); X509Certificate caQS_BCT = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - BCT root signed.cer"); assertNotNull(caQS_BCT); LOG.debug("CA subject: " + caQS_BCT.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_BCT.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_BCT.getNotBefore()); LOG.debug("CA not after: " + caQS_BCT.getNotAfter()); }
From source file:be.fedict.trust.PublicKeyTrustLinker.java
public TrustLinkerResult hasTrustLink(X509Certificate childCertificate, X509Certificate certificate, Date validationDate, RevocationData revocationData) { if (false == childCertificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) { LOG.debug("child certificate issuer not the same as the issuer certificate subject"); LOG.debug("child certificate: " + childCertificate.getSubjectX500Principal()); LOG.debug("certificate: " + certificate.getSubjectX500Principal()); LOG.debug("child certificate issuer: " + childCertificate.getIssuerX500Principal()); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "child certificate issuer not the same as the issuer certificate subject"); }/*w w w. j a v a 2 s . com*/ try { childCertificate.verify(certificate.getPublicKey()); } catch (Exception e) { LOG.debug("verification error: " + e.getMessage(), e); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_SIGNATURE, "verification error: " + e.getMessage()); } if (true == childCertificate.getNotAfter().after(certificate.getNotAfter())) { LOG.warn("child certificate validity end is after certificate validity end"); LOG.warn("child certificate validity end: " + childCertificate.getNotAfter()); LOG.warn("certificate validity end: " + certificate.getNotAfter()); } if (true == childCertificate.getNotBefore().before(certificate.getNotBefore())) { LOG.warn("child certificate validity begin before certificate validity begin"); LOG.warn("child certificate validity begin: " + childCertificate.getNotBefore()); LOG.warn("certificate validity begin: " + certificate.getNotBefore()); } if (true == validationDate.before(childCertificate.getNotBefore())) { LOG.debug("certificate is not yet valid"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_VALIDITY_INTERVAL, "certificate is not yet valid"); } if (true == validationDate.after(childCertificate.getNotAfter())) { LOG.debug("certificate already expired"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_VALIDITY_INTERVAL, "certificate already expired"); } if (-1 == certificate.getBasicConstraints()) { LOG.debug("certificate not a CA"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "certificate not a CA"); } if (0 == certificate.getBasicConstraints() && -1 != childCertificate.getBasicConstraints()) { LOG.debug("child should not be a CA"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "child should not be a CA"); } /* * SKID/AKID sanity check */ boolean isCa = isCa(certificate); boolean isChildCa = isCa(childCertificate); byte[] subjectKeyIdentifierData = certificate .getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); byte[] authorityKeyIdentifierData = childCertificate .getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); if (isCa && null == subjectKeyIdentifierData) { LOG.debug("certificate is CA and MUST contain a Subject Key Identifier"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "certificate is CA and MUST contain a Subject Key Identifier"); } if (isChildCa && null == authorityKeyIdentifierData) { LOG.debug("child certificate is CA and MUST contain an Authority Key Identifier"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "child certificate is CA and MUST contain an Authority Key Identifier"); } if (null != subjectKeyIdentifierData && null != authorityKeyIdentifierData) { AuthorityKeyIdentifierStructure authorityKeyIdentifierStructure; try { authorityKeyIdentifierStructure = new AuthorityKeyIdentifierStructure(authorityKeyIdentifierData); } catch (IOException e) { LOG.debug("Error parsing authority key identifier structure"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "Error parsing authority key identifier structure"); } String akidId = new String(Hex.encodeHex(authorityKeyIdentifierStructure.getKeyIdentifier())); SubjectKeyIdentifierStructure subjectKeyIdentifierStructure; try { subjectKeyIdentifierStructure = new SubjectKeyIdentifierStructure(subjectKeyIdentifierData); } catch (IOException e) { LOG.debug("Error parsing subject key identifier structure"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "Error parsing subject key identifier structure"); } String skidId = new String(Hex.encodeHex(subjectKeyIdentifierStructure.getKeyIdentifier())); if (!skidId.equals(akidId)) { LOG.debug( "certificate's subject key identifier does not match child certificate's authority key identifier"); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "certificate's subject key identifier does not match child certificate's authority key identifier"); } } /* * We don't check pathLenConstraint since this one is only there to * protect the PKI business. */ return null; }
From source file:org.glite.security.voms.admin.persistence.dao.CertificateDAO.java
public Certificate find(X509Certificate cert) { assert cert != null : "Null certificate passed as argument!"; String subjectString = DNUtil.normalizeDN(DNUtil.getOpenSSLSubject(cert.getSubjectX500Principal())); String issuerString = DNUtil.normalizeDN(DNUtil.getOpenSSLSubject(cert.getIssuerX500Principal())); return lookup(subjectString, issuerString); }
From source file:org.apache.ws.security.validate.SignatureTrustValidator.java
/** * Check to see if the certificate argument is in the keystore * @param crypto A Crypto instance to use for trust validation * @param cert The certificate to check//from w w w . j av a2 s . c om * @return true if cert is in the keystore * @throws WSSecurityException */ protected boolean isCertificateInKeyStore(Crypto crypto, X509Certificate cert) throws WSSecurityException { String issuerString = cert.getIssuerX500Principal().getName(); BigInteger issuerSerial = cert.getSerialNumber(); CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL); cryptoType.setIssuerSerial(issuerString, issuerSerial); X509Certificate[] foundCerts = crypto.getX509Certificates(cryptoType); // // If a certificate has been found, the certificates must be compared // to ensure against phony DNs (compare encoded form including signature) // if (foundCerts != null && foundCerts[0] != null && foundCerts[0].equals(cert)) { if (LOG.isDebugEnabled()) { LOG.debug("Direct trust for certificate with " + cert.getSubjectX500Principal().getName()); } return true; } if (LOG.isDebugEnabled()) { LOG.debug("No certificate found for subject from issuer with " + issuerString + " (serial " + issuerSerial + ")"); } return false; }
From source file:org.openhealthtools.openatna.net.MailConnection.java
public MimeBodyPart decryptMessage(Message message) throws MessagingException { try {// ww w.ja v a 2 s .com /* Add BC */ Security.addProvider(new BouncyCastleProvider()); // Open the key store KeyStore ks = KeyStore.getInstance("PKCS12", "BC"); ks.load(new FileInputStream(getSenderKeystoreFile()), getSenderKeystorePassword().toCharArray()); // find the certificate for the private key and generate a // suitable recipient identifier. X509Certificate cert = (X509Certificate) ks.getCertificate(getSenderKeyAlias()); RecipientId recId = new RecipientId(); recId.setSerialNumber(cert.getSerialNumber()); recId.setIssuer(cert.getIssuerX500Principal().getEncoded()); SMIMEEnveloped m = new SMIMEEnveloped((MimeMessage) message); RecipientInformationStore recipients = m.getRecipientInfos(); // TODO figure out why this doesn't work... //RecipientInformation recipient = recipients.get(recId); RecipientInformation recipient = (RecipientInformation) recipients.getRecipients().iterator().next(); Key key = ks.getKey(getSenderKeyAlias(), getSenderKeystorePassword().toCharArray()); byte[] byteContent = recipient.getContent(key, "BC"); MimeBodyPart res = SMIMEUtil.toMimeBodyPart(byteContent); return res; } catch (Exception e) { log.error("Problem decrypting message: ", e); throw new MessagingException(e.getMessage()); } }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateManagementServiceImplTests.java
@Test(description = "This test case tests DN verification of a Certificate against the keystore") public void testVerifySubjectDN() throws DeviceManagementException, KeystoreException { DeviceConfigurationManager.getInstance().initConfig(); X509Certificate x509Certificate = managementService.generateX509Certificate(); log.info(x509Certificate.getIssuerX500Principal().getName()); managementService.verifySubjectDN(x509Certificate.getIssuerDN().getName()); }
From source file:org.taverna.server.master.localworker.SecurityContextDelegateImpl.java
/** * Adds a key-pair to the current keystore. * // ww w . j av a2 s . co m * @param c * The key-pair. * @throws KeyStoreException */ protected void addKeypairToKeystore(Credential.KeyPair c) throws KeyStoreException { X509Certificate subjectCert = (X509Certificate) c.loadedTrustChain[0]; String alias = format("keypair#%s#%s#%s", getPrincipalName(subjectCert.getSubjectX500Principal()), getPrincipalName(subjectCert.getIssuerX500Principal()), x500Utils.getSerial(subjectCert)); addKeypairToKeystore(alias, c); }