List of usage examples for java.security.cert X509Certificate getNotBefore
public abstract Date getNotBefore();
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test conversion to byte array and back. *///from w w w . j a v a2 s . c om @Test public void testTestRoundtrip() throws GeneralSecurityException { populate(builder); X509Certificate expected = builder.build(keyPair.getPrivate()); X509Certificate actual = certUtil.getCertificate(expected.getEncoded()); assertEquals(actual.getSerialNumber(), expected.getSerialNumber()); assertEquals(actual.getIssuerDN().toString(), expected.getIssuerDN().toString()); assertEquals(actual.getSubjectDN().toString(), expected.getSubjectDN().toString()); assertEquals(actual.getNotBefore(), expected.getNotBefore()); assertEquals(actual.getNotAfter(), expected.getNotAfter()); }
From source file:be.fedict.eid.tsl.TrustService.java
public TrustService(String serviceName, String serviceTypeIdentifier, String serviceStatus, DateTime statusStartingDate, X509Certificate... certificates) { this.serviceName = serviceName; this.statusStartingDate = statusStartingDate; this.objectFactory = new ObjectFactory(); try {/*from w ww. j a v a2s.c o m*/ this.datatypeFactory = DatatypeFactory.newInstance(); } catch (DatatypeConfigurationException e) { throw new RuntimeException("datatype config error: " + e.getMessage(), e); } this.eccObjectFactory = new be.fedict.eid.tsl.jaxb.ecc.ObjectFactory(); this.xadesObjectFactory = new be.fedict.eid.tsl.jaxb.xades.ObjectFactory(); this.tspService = this.objectFactory.createTSPServiceType(); TSPServiceInformationType tspServiceInformation = this.objectFactory.createTSPServiceInformationType(); this.tspService.setServiceInformation(tspServiceInformation); tspServiceInformation.setServiceTypeIdentifier(serviceTypeIdentifier); InternationalNamesType i18nServiceName = this.objectFactory.createInternationalNamesType(); List<MultiLangNormStringType> serviceNames = i18nServiceName.getName(); MultiLangNormStringType serviceNameJaxb = this.objectFactory.createMultiLangNormStringType(); serviceNames.add(serviceNameJaxb); serviceNameJaxb.setLang(Locale.ENGLISH.getLanguage()); X509Certificate certificate = certificates[0]; if (null == this.serviceName) { serviceNameJaxb.setValue(certificate.getSubjectX500Principal().toString()); } else { serviceNameJaxb.setValue(this.serviceName); } tspServiceInformation.setServiceName(i18nServiceName); DigitalIdentityListType digitalIdentityList = createDigitalIdentityList(certificates); tspServiceInformation.setServiceDigitalIdentity(digitalIdentityList); tspServiceInformation.setServiceStatus(serviceStatus); GregorianCalendar statusStartingCalendar; if (null == this.statusStartingDate) { statusStartingCalendar = new DateTime(certificate.getNotBefore()).toGregorianCalendar(); } else { statusStartingCalendar = this.statusStartingDate.toGregorianCalendar(); } statusStartingCalendar.setTimeZone(TimeZone.getTimeZone("Z")); XMLGregorianCalendar statusStartingTime = this.datatypeFactory .newXMLGregorianCalendar(statusStartingCalendar); tspServiceInformation.setStatusStartingTime(statusStartingTime); /* if (null != serviceHistoryStatus){ this.tspService.setServiceHistory(serviceHistoryStatus); } */ }
From source file:be.fedict.eid.tsl.TrustService.java
public void addServiceHistory(String serviceTypeIdentifier, String serviceName, String servicePreviousStatus, DateTime statusPreviousStartingDate, X509Certificate... certificates) { ServiceHistoryType serviceHistoryType; ServiceHistoryInstanceType serviceHistoryInstanceType; if (this.tspService.getServiceHistory() == null) { serviceHistoryType = this.objectFactory.createServiceHistoryType(); this.tspService.setServiceHistory(serviceHistoryType); } else {/*from www.ja v a 2 s .c om*/ serviceHistoryType = this.tspService.getServiceHistory(); } serviceHistoryInstanceType = this.objectFactory.createServiceHistoryInstanceType(); serviceHistoryInstanceType.setServiceTypeIdentifier(serviceTypeIdentifier); InternationalNamesType i18nServiceName = this.objectFactory.createInternationalNamesType(); List<MultiLangNormStringType> serviceNames = i18nServiceName.getName(); MultiLangNormStringType serviceNameJaxb = this.objectFactory.createMultiLangNormStringType(); serviceNames.add(serviceNameJaxb); serviceNameJaxb.setLang(Locale.ENGLISH.getLanguage()); X509Certificate certificate = certificates[0]; if (null == serviceName) { serviceNameJaxb.setValue(certificate.getSubjectX500Principal().toString()); } else { serviceNameJaxb.setValue(serviceName); } serviceHistoryInstanceType.setServiceName(i18nServiceName); DigitalIdentityListType digitalIdentityList = createDigitalIdentityList(certificates); serviceHistoryInstanceType.setServiceDigitalIdentity(digitalIdentityList); serviceHistoryInstanceType.setServiceStatus(servicePreviousStatus); GregorianCalendar statusStartingCalendar; if (null == this.statusStartingDate) { statusStartingCalendar = new DateTime(certificate.getNotBefore()).toGregorianCalendar(); } else { statusStartingCalendar = this.statusStartingDate.toGregorianCalendar(); } statusStartingCalendar.setTimeZone(TimeZone.getTimeZone("Z")); XMLGregorianCalendar statusStartingTime = this.datatypeFactory .newXMLGregorianCalendar(statusStartingCalendar); serviceHistoryInstanceType.setStatusStartingTime(statusStartingTime); serviceHistoryType.getServiceHistoryInstance().add(serviceHistoryInstanceType); }
From source file:eu.europa.ec.markt.dss.report.Tsl2PdfExporter.java
/** * Produce a human readable export of the given tsl to the given file. * //from w ww . ja v a2 s. co m * @param tsl * the TrustServiceList to export * @param pdfFile * the file to generate * @return * @throws IOException */ public void humanReadableExport(final TrustServiceList tsl, final File pdfFile) { Document document = new Document(); OutputStream outputStream; try { outputStream = new FileOutputStream(pdfFile); } catch (FileNotFoundException e) { throw new RuntimeException("file not found: " + pdfFile.getAbsolutePath(), e); } try { final PdfWriter pdfWriter = PdfWriter.getInstance(document, outputStream); pdfWriter.setPDFXConformance(PdfWriter.PDFA1B); // title final EUCountry country = EUCountry.valueOf(tsl.getSchemeTerritory()); final String title = country.getShortSrcLangName() + " (" + country.getShortEnglishName() + "): Trusted List"; Phrase footerPhrase = new Phrase("PDF document generated on " + new Date().toString() + ", page ", headerFooterFont); HeaderFooter footer = new HeaderFooter(footerPhrase, true); document.setFooter(footer); Phrase headerPhrase = new Phrase(title, headerFooterFont); HeaderFooter header = new HeaderFooter(headerPhrase, false); document.setHeader(header); document.open(); addTitle(title, title0Font, Paragraph.ALIGN_CENTER, 0, 20, document); addLongItem("Scheme name", tsl.getSchemeName(), document); addLongItem("Legal Notice", tsl.getLegalNotice(), document); // information table PdfPTable informationTable = createInfoTable(); addItemRow("Scheme territory", tsl.getSchemeTerritory(), informationTable); addItemRow("Scheme status determination approach", substringAfter(tsl.getStatusDeterminationApproach(), "StatusDetn/"), informationTable); final List<String> schemeTypes = new ArrayList<String>(); for (final String schemeType : tsl.getSchemeTypes()) { schemeTypes.add(schemeType); } addItemRow("Scheme type community rules", schemeTypes, informationTable); addItemRow("Issue date", tsl.getListIssueDateTime().toString(), informationTable); addItemRow("Next update", tsl.getNextUpdate().toString(), informationTable); addItemRow("Historical information period", tsl.getHistoricalInformationPeriod().toString() + " days", informationTable); addItemRow("Sequence number", tsl.getSequenceNumber().toString(), informationTable); addItemRow("Scheme information URIs", tsl.getSchemeInformationUris(), informationTable); document.add(informationTable); addTitle("Scheme Operator", title1Font, Paragraph.ALIGN_CENTER, 0, 10, document); informationTable = createInfoTable(); addItemRow("Scheme operator name", tsl.getSchemeOperatorName(), informationTable); PostalAddressType schemeOperatorPostalAddress = tsl.getSchemeOperatorPostalAddress(Locale.ENGLISH); addItemRow("Scheme operator street address", schemeOperatorPostalAddress.getStreetAddress(), informationTable); addItemRow("Scheme operator postal code", schemeOperatorPostalAddress.getPostalCode(), informationTable); addItemRow("Scheme operator locality", schemeOperatorPostalAddress.getLocality(), informationTable); addItemRow("Scheme operator state", schemeOperatorPostalAddress.getStateOrProvince(), informationTable); addItemRow("Scheme operator country", schemeOperatorPostalAddress.getCountryName(), informationTable); List<String> schemeOperatorElectronicAddressess = tsl.getSchemeOperatorElectronicAddresses(); addItemRow("Scheme operator contact", schemeOperatorElectronicAddressess, informationTable); document.add(informationTable); addTitle("Trust Service Providers", title1Font, Paragraph.ALIGN_CENTER, 10, 2, document); List<TrustServiceProvider> trustServiceProviders = tsl.getTrustServiceProviders(); for (TrustServiceProvider trustServiceProvider : trustServiceProviders) { addTitle(trustServiceProvider.getName(), title1Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable providerTable = createInfoTable(); addItemRow("Service provider trade name", trustServiceProvider.getTradeName(), providerTable); addItemRow("Information URI", trustServiceProvider.getInformationUris(), providerTable); PostalAddressType postalAddress = trustServiceProvider.getPostalAddress(); addItemRow("Service provider street address", postalAddress.getStreetAddress(), providerTable); addItemRow("Service provider postal code", postalAddress.getPostalCode(), providerTable); addItemRow("Service provider locality", postalAddress.getLocality(), providerTable); addItemRow("Service provider state", postalAddress.getStateOrProvince(), providerTable); addItemRow("Service provider country", postalAddress.getCountryName(), providerTable); document.add(providerTable); List<TrustService> trustServices = trustServiceProvider.getTrustServices(); for (TrustService trustService : trustServices) { addTitle(trustService.getName(), title2Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable serviceTable = createInfoTable(); addItemRow("Type", substringAfter(trustService.getType(), "Svctype/"), serviceTable); addItemRow("Status", substringAfter(trustService.getStatus(), "Svcstatus/"), serviceTable); addItemRow("Status starting time", trustService.getStatusStartingTime().toString(), serviceTable); document.add(serviceTable); addTitle("Service digital identity (X509)", title3Font, Paragraph.ALIGN_LEFT, 2, 0, document); final X509Certificate certificate = trustService.getServiceDigitalIdentity(); final PdfPTable serviceIdentityTable = createInfoTable(); addItemRow("Version", Integer.toString(certificate.getVersion()), serviceIdentityTable); addItemRow("Serial number", certificate.getSerialNumber().toString(), serviceIdentityTable); addItemRow("Signature algorithm", certificate.getSigAlgName(), serviceIdentityTable); addItemRow("Issuer", certificate.getIssuerX500Principal().toString(), serviceIdentityTable); addItemRow("Valid from", certificate.getNotBefore().toString(), serviceIdentityTable); addItemRow("Valid to", certificate.getNotAfter().toString(), serviceIdentityTable); addItemRow("Subject", certificate.getSubjectX500Principal().toString(), serviceIdentityTable); addItemRow("Public key", certificate.getPublicKey().toString(), serviceIdentityTable); // TODO certificate policies addItemRow("Subject key identifier", toHex(getSKId(certificate)), serviceIdentityTable); addItemRow("CRL distribution points", getCrlDistributionPoints(certificate), serviceIdentityTable); addItemRow("Authority key identifier", toHex(getAKId(certificate)), serviceIdentityTable); addItemRow("Key usage", getKeyUsage(certificate), serviceIdentityTable); addItemRow("Basic constraints", getBasicConstraints(certificate), serviceIdentityTable); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("cert: " + e.getMessage(), e); } addItemRow("SHA1 Thumbprint", DigestUtils.shaHex(encodedCertificate), serviceIdentityTable); addItemRow("SHA256 Thumbprint", DigestUtils.sha256Hex(encodedCertificate), serviceIdentityTable); document.add(serviceIdentityTable); List<ExtensionType> extensions = trustService.getExtensions(); for (ExtensionType extension : extensions) { printExtension(extension, document); } addLongMonoItem("The decoded certificate:", certificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(certificate), document); } } X509Certificate signerCertificate = tsl.verifySignature(); if (null != signerCertificate) { Paragraph tslSignerTitle = new Paragraph("Trusted List Signer", title1Font); tslSignerTitle.setAlignment(Paragraph.ALIGN_CENTER); document.add(tslSignerTitle); final PdfPTable signerTable = createInfoTable(); addItemRow("Subject", signerCertificate.getSubjectX500Principal().toString(), signerTable); addItemRow("Issuer", signerCertificate.getIssuerX500Principal().toString(), signerTable); addItemRow("Not before", signerCertificate.getNotBefore().toString(), signerTable); addItemRow("Not after", signerCertificate.getNotAfter().toString(), signerTable); addItemRow("Serial number", signerCertificate.getSerialNumber().toString(), signerTable); addItemRow("Version", Integer.toString(signerCertificate.getVersion()), signerTable); byte[] encodedPublicKey = signerCertificate.getPublicKey().getEncoded(); addItemRow("Public key SHA1 Thumbprint", DigestUtils.shaHex(encodedPublicKey), signerTable); addItemRow("Public key SHA256 Thumbprint", DigestUtils.sha256Hex(encodedPublicKey), signerTable); document.add(signerTable); addLongMonoItem("The decoded certificate:", signerCertificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(signerCertificate), document); addLongMonoItem("The public key in PEM format:", toPem(signerCertificate.getPublicKey()), document); } document.close(); } catch (DocumentException e) { throw new RuntimeException("PDF document error: " + e.getMessage(), e); } catch (Exception e) { throw new RuntimeException("Exception: " + e.getMessage(), e); } }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with issuer certificate. * /*from w ww. j a v a 2 s . c om*/ * @throws Exception */ @Test public void testBuilderCertWithValidIssuer() throws GeneralSecurityException { // create issuer certificate populate(builder); builder.setSubject(ISSUER_NAME); builder.setIssuer(ISSUER_NAME); builder.setPublicKey(issuerKeyPair.getPublic()); builder.setBasicConstraints(true); X509Certificate issuer = builder.build(issuerKeyPair.getPrivate()); // perform basic validation. issuer.verify(issuerKeyPair.getPublic()); // verify the basics assertEquals(issuer.getSerialNumber(), serial); assertEquals(issuer.getSubjectDN().getName(), ISSUER_NAME); assertEquals(issuer.getIssuerDN().getName(), ISSUER_NAME); assertEquals(issuer.getNotBefore(), notBefore.getTime()); assertEquals(issuer.getNotAfter(), notAfter.getTime()); // assertEquals(issuer.getPublicKey(), issuerKeyPair.getPublic()); // FIXME: returns null builder.reset(); // create subject certificate populate(builder); builder.setIssuer(issuer); X509Certificate cert = builder.build(keyPair.getPrivate()); // perform basic validation. cert.verify(keyPair.getPublic()); // verify the basics assertEquals(cert.getSerialNumber(), serial); assertEquals(cert.getSubjectDN().getName(), SUBJECT_NAME); assertEquals(cert.getIssuerDN().getName(), ISSUER_NAME); assertEquals(cert.getNotBefore(), notBefore.getTime()); assertEquals(cert.getNotAfter(), notAfter.getTime()); // assertEquals(cert.getPublicKey(), keyPair.getPublic()); FIXME: // returns null }
From source file:com.vmware.bdd.cli.http.DefaultTrustManager.java
@Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { String errorMsg = ""; InputStream in = null;// w w w . j av a 2s .c o m OutputStream out = null; // load key store file try { char[] pwd = cliProperties.readKeyStorePwd(); File file = new File(KEY_STORE_FILE); if (file.exists() && file.isFile()) { keyStore.load(new FileInputStream(file), pwd); } else { //init an empty keystore keyStore.load(null, pwd); } // show certificate informations MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest md5 = MessageDigest.getInstance("MD5"); String md5Fingerprint = ""; String sha1Fingerprint = ""; SimpleDateFormat dateFormate = new SimpleDateFormat("yyyy/MM/dd"); for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; sha1.update(cert.getEncoded()); md5.update(cert.getEncoded()); md5Fingerprint = ByteArrayUtils.byteArrayToHexString(md5.digest()); sha1Fingerprint = ByteArrayUtils.byteArrayToHexString(sha1.digest()); if (keyStore.getCertificate(md5Fingerprint) != null) { if (i == chain.length - 1) { return; } else { continue; } } System.out.println(); System.out.println("Server Certificate"); System.out.println("================================================================"); System.out.println("Subject: " + cert.getSubjectDN()); System.out.println("Issuer: " + cert.getIssuerDN()); System.out.println("SHA Fingerprint: " + sha1Fingerprint); System.out.println("MD5 Fingerprint: " + md5Fingerprint); System.out.println("Issued on: " + dateFormate.format(cert.getNotBefore())); System.out.println("Expires on: " + dateFormate.format(cert.getNotAfter())); System.out.println("Signature: " + cert.getSignature()); System.out.println(); if (checkExpired(cert.getNotBefore(), cert.getNotAfter())) { throw new CertificateException("The security certificate has expired."); } ConsoleReader reader = new ConsoleReader(); // Set prompt message reader.setPrompt(Constants.PARAM_PROMPT_ADD_CERTIFICATE_MESSAGE); // Read user input String readMsg; if (RunWayConfig.getRunType().equals(RunWayConfig.RunType.MANUAL)) { readMsg = reader.readLine().trim(); } else { readMsg = "yes"; } if ("yes".equalsIgnoreCase(readMsg) || "y".equalsIgnoreCase(readMsg)) { { // add new certificate into key store file. keyStore.setCertificateEntry(md5Fingerprint, cert); out = new FileOutputStream(KEY_STORE_FILE); keyStore.store(out, pwd); CommonUtil.setOwnerOnlyReadWrite(KEY_STORE_FILE); // save keystore password cliProperties.saveKeyStorePwd(pwd); } } else { if (i == chain.length - 1) { throw new CertificateException("Could not find a valid certificate in the keystore."); } else { continue; } } } } catch (FileNotFoundException e) { errorMsg = "Cannot find the keystore file: " + e.getMessage(); } catch (NoSuchAlgorithmException e) { errorMsg = "SSL Algorithm not supported: " + e.getMessage(); } catch (IOException e) { e.printStackTrace(); errorMsg = "IO error: " + e.getMessage(); } catch (KeyStoreException e) { errorMsg = "Keystore error: " + e.getMessage(); } catch (ConfigurationException e) { errorMsg = "cli.properties access error: " + e.getMessage(); } finally { if (!CommandsUtils.isBlank(errorMsg)) { System.out.println(errorMsg); logger.error(errorMsg); } if (in != null) { try { in.close(); } catch (IOException e) { logger.warn("Input stream of serengeti.keystore close failed."); } } if (out != null) { try { out.close(); } catch (IOException e) { logger.warn("Output stream of serengeti.keystore close failed."); } } } }
From source file:org.gluu.oxtrust.action.ManageCertificateAction.java
private void loadCert(X509Certificate cert) { if (cert != null) { String issuerDN = cert.getIssuerX500Principal().getName(); String[] values = issuerDN.split("(?<!\\\\),"); for (String value : values) { String[] keyValue = value.split("="); issuer.put(keyValue[0], keyValue[1]); }// w w w . j av a2 s.c o m String subjectDN = cert.getSubjectX500Principal().getName(); values = subjectDN.split("(?<!\\\\),"); for (String value : values) { String[] keyValue = value.split("="); subject.put(keyValue[0], keyValue[1]); } subject.put("validUntil", StringHelper.toString(cert.getNotAfter())); subject.put("validAfter", StringHelper.toString(cert.getNotBefore())); } }
From source file:org.signserver.admin.gui.ViewCertificateFrame.java
private void viewCertificate(final X509Certificate certificate) { this.certificate = certificate; if (certificate == null) { fields = null;/* w w w . jav a 2 s .c o m*/ } else { fields = new ArrayList<Field>(); fields.add(new Field("Version", String.valueOf(certificate.getVersion()))); fields.add(new Field("Serial Number", certificate.getSerialNumber().toString(16))); fields.add(new Field("Certificate Signature Algorithm", String.valueOf(certificate.getSigAlgName()))); fields.add(new Field("Issuer", String.valueOf(certificate.getIssuerDN()))); fields.add(new Field("Validity Not Before", String.valueOf(certificate.getNotBefore()))); fields.add(new Field("Validity Not After", String.valueOf(certificate.getNotAfter()))); fields.add(new Field("Subject", String.valueOf(certificate.getSubjectDN()))); fields.add(new Field("Subject Public Key Algorithm", String.valueOf(certificate.getPublicKey().getAlgorithm()))); fields.add(new Field("Subject's Public Key", new String(Hex.encode(certificate.getPublicKey().getEncoded())))); if (certificate.getCriticalExtensionOIDs() != null) { for (String extensionOid : certificate.getCriticalExtensionOIDs()) { fields.add(new Field("Critical extension: " + extensionOid, "<Not supported yet>")); } } if (certificate.getNonCriticalExtensionOIDs() != null) { for (String extensionOid : certificate.getNonCriticalExtensionOIDs()) { fields.add(new Field("Non critical extension: " + extensionOid, "<Not supported yet>")); } } fields.add(new Field("Certificate Signature Algorithm", String.valueOf(certificate.getSigAlgName()))); fields.add( new Field("Certificate Signature Value", new String(Hex.encode(certificate.getSignature())))); fieldsList.setModel(new AbstractListModel() { @Override public int getSize() { return fields.size(); } @Override public Object getElementAt(int index) { return fields.get(index); } }); } }
From source file:org.wso2.carbon.security.keystore.KeyStoreAdmin.java
private CertData fillCertData(X509Certificate cert, String alise, Format formatter) throws CertificateEncodingException { CertData certData = null;//from w w w . ja va2s .c o m if (includeCert) { certData = new CertDataDetail(); } else { certData = new CertData(); } certData.setAlias(alise); certData.setSubjectDN(cert.getSubjectDN().getName()); certData.setIssuerDN(cert.getIssuerDN().getName()); certData.setSerialNumber(cert.getSerialNumber()); certData.setVersion(cert.getVersion()); certData.setNotAfter(formatter.format(cert.getNotAfter())); certData.setNotBefore(formatter.format(cert.getNotBefore())); certData.setPublicKey(Base64.encode(cert.getPublicKey().getEncoded())); if (includeCert) { ((CertDataDetail) certData).setCertificate(cert); } return certData; }
From source file:info.guardianproject.onionkit.trust.StrongTrustManager.java
private void showCertMessage(String title, String msg, X509Certificate cert, String fingerprint) { Intent nIntent = new Intent(mContext, CertDisplayActivity.class); nIntent.putExtra("issuer", cert.getIssuerDN().getName()); nIntent.putExtra("subject", cert.getSubjectDN().getName()); if (fingerprint != null) nIntent.putExtra("fingerprint", fingerprint); SimpleDateFormat df = new SimpleDateFormat("dd MMM yyyy HH:mm:ss", Locale.US); df.setTimeZone(TimeZone.getTimeZone("UTC")); nIntent.putExtra("issued", df.format(cert.getNotBefore()) + " GMT"); nIntent.putExtra("expires", df.format(cert.getNotAfter()) + " GMT"); nIntent.putExtra("msg", title + ": " + msg); showToolbarNotification(title, msg, DEFAULT_NOTIFY_ID, mAppIcon, Notification.FLAG_AUTO_CANCEL, nIntent); }