List of usage examples for java.security.cert X509Certificate getPublicKey
public abstract PublicKey getPublicKey();
From source file:dk.nversion.jwt.CryptoUtils.java
public static PublicKey loadCertificate(String filename) throws FileNotFoundException, IOException, InvalidKeySpecException, NoSuchAlgorithmException, CertificateException { PublicKey key = null;// w ww . j av a2 s.co m InputStream is = null; try { is = new FileInputStream(filename); BufferedReader br = new BufferedReader(new InputStreamReader(is)); StringBuilder builder = new StringBuilder(); boolean inKey = false; String line; while ((line = br.readLine()) != null) { if (!inKey) { if (line.startsWith("-----BEGIN CERTIFICATE-----")) { inKey = true; } } else { if (line.startsWith("-----END CERTIFICATE-----")) { break; } builder.append(line); } } if (builder.length() == 0) { throw new CertificateException("Did not find a certificate in the file"); } byte[] encoded = Base64.decodeBase64(builder.toString()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) cf .generateCertificate(new ByteArrayInputStream(encoded)); key = certificate.getPublicKey(); } finally { if (is != null) { try { is.close(); } catch (IOException ex) { // Ignore } } } return key; }
From source file:oracle.custom.ui.utils.ServerUtils.java
public static PublicKey getServerPublicKey(String domainName) throws Exception { HttpClient client = getClient(domainName); PublicKey key = null;//from ww w . ja va2 s.co m String url = getIDCSBaseURL(domainName) + "/admin/v1/SigningCert/jwk"; URI uri = new URI(url); HttpHost host = new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme()); HttpGet httpGet = new HttpGet(uri); httpGet.addHeader("Authorization", "Bearer " + AccessTokenUtils.getAccessToken(domainName)); HttpResponse response = client.execute(host, httpGet); try { HttpEntity entity2 = response.getEntity(); String res = EntityUtils.toString(entity2); EntityUtils.consume(entity2); ObjectMapper mapper = new ObjectMapper(); System.out.println("result is " + res); SigningKeys signingKey = mapper.readValue(res, SigningKeys.class); String base64Cert = signingKey.getKeys().get(0).getX5c().get(0); byte encodedCert[] = Base64.getDecoder().decode(base64Cert); ByteArrayInputStream inputStream = new ByteArrayInputStream(encodedCert); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(inputStream); key = cert.getPublicKey(); } finally { if (response instanceof CloseableHttpResponse) { ((CloseableHttpResponse) response).close(); } } return key; }
From source file:Main.java
public static boolean isTrustAnchor(X509Certificate certificate) throws IOException { boolean trust_anchor = certificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal()) && certificate.getBasicConstraints() >= 0; if (trust_anchor) { try {/*from w ww . j a v a 2 s. com*/ certificate.verify(certificate.getPublicKey()); } catch (Exception e) { throw new IOException(e); } return true; } return false; }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil.java
public static PublicKey getPublicKey(X509Certificate certificate) { return certificate.getPublicKey(); }
From source file:com.eucalyptus.auth.euare.EuareServerCertificateUtil.java
public static String getEncryptedKey(final String certArn, final String certPem) throws AuthException { final ServerCertificate targetCert = lookupServerCertificate(certArn); // generate symmetric key final MessageDigest digest = Digest.SHA256.get(); final byte[] salt = new byte[32]; Crypto.getSecureRandomSupplier().get().nextBytes(salt); digest.update(salt);/* w ww. j a v a 2 s .c o m*/ final SecretKey symmKey = new SecretKeySpec(digest.digest(), "AES"); try { // encrypt the server pk using symm key Cipher cipher = Ciphers.AES_CBC.get(); final byte[] iv = new byte[16]; Crypto.getSecureRandomSupplier().get().nextBytes(iv); cipher.init(Cipher.ENCRYPT_MODE, symmKey, new IvParameterSpec(iv), Crypto.getSecureRandomSupplier().get()); final byte[] cipherText = cipher.doFinal(Base64.encode(targetCert.getPrivateKey().getBytes())); final String encPrivKey = new String(Base64.encode(Arrays.concatenate(iv, cipherText))); // encrypt the symmetric key using the certPem X509Certificate x509Cert = PEMFiles.getCert(B64.standard.dec(certPem)); cipher = Ciphers.RSA_PKCS1.get(); cipher.init(Cipher.ENCRYPT_MODE, x509Cert.getPublicKey(), Crypto.getSecureRandomSupplier().get()); byte[] symmkey = cipher.doFinal(symmKey.getEncoded()); final String b64SymKey = new String(Base64.encode(symmkey)); return String.format("%s\n%s", b64SymKey, encPrivKey); } catch (final Exception ex) { throw Exceptions.toUndeclared(ex); } }
From source file:com.easarrive.aws.plugins.common.util.SNSUtil.java
public static boolean isMessageSignatureValid(SNSMessage msg) { try {//from w ww . j ava 2 s. c o m URL url = new URL(msg.getSigningCertURL()); InputStream inStream = url.openStream(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream); inStream.close(); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initVerify(cert.getPublicKey()); sig.update(getMessageBytesToSign(msg)); return sig.verify(Base64.decodeBase64(msg.getSignature())); } catch (Exception e) { throw new SecurityException("Verify method failed.", e); } }
From source file:com.aqnote.shared.encrypt.cert.bc.cover.PKCSWriter.java
public static void storePKCS12File(X509Certificate[] chain, PrivateKey key, char[] pwd, OutputStream ostream) throws Exception { if (chain == null || key == null || ostream == null) return;//from www .j av a 2 s . c o m PKCS12SafeBag[] certSafeBags = new PKCS12SafeBag[chain.length]; for (int i = chain.length - 1; i > 0; i--) { PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(chain[i]); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(CertificateUtil.getSubjectCN(chain[i]))); certSafeBags[i] = safeBagBuilder.build(); } X509Certificate cert = (X509Certificate) chain[0]; String subjectCN = CertificateUtil.getSubjectCN(cert); SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(cert.getPublicKey()); PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(cert); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); safeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); certSafeBags[0] = safeBagBuilder.build(); PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); // desEDE/id_aes256_CBC OutputEncryptor oKeyEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd3_KeyTripleDES_CBC) .setProvider(JCE_PROVIDER).build(pwd); PKCS12SafeBagBuilder keySafeBagBuilder = new JcaPKCS12SafeBagBuilder(key, oKeyEncryptor); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); pfxPduBuilder.addData(keySafeBagBuilder.build()); OutputEncryptor oCertEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd40BitRC2_CBC) .setProvider(JCE_PROVIDER).build(pwd); pfxPduBuilder.addEncryptedData(oCertEncryptor, certSafeBags); // PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new // JcePKCS12MacCalculatorBuilder(idSHA1), pwd); PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), pwd); ostream.write(pfxPdu.getEncoded(ASN1Encoding.DER)); ostream.close(); }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSWriter.java
public static void storePKCS12File(X509Certificate[] chain, PrivateKey key, char[] pwd, OutputStream ostream) throws Exception { if (chain == null || key == null || ostream == null) return;//from w w w . ja va 2 s . c om PKCS12SafeBag[] certSafeBags = new PKCS12SafeBag[chain.length]; for (int i = chain.length - 1; i > 0; i--) { PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(chain[i]); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(CertificateUtil.getSubjectCN(chain[i]))); certSafeBags[i] = safeBagBuilder.build(); } X509Certificate cert = chain[0]; String subjectCN = CertificateUtil.getSubjectCN(cert); SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(cert.getPublicKey()); PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(cert); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); safeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); certSafeBags[0] = safeBagBuilder.build(); PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); // desEDE/id_aes256_CBC OutputEncryptor oKeyEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd3_KeyTripleDES_CBC) .setProvider(JCE_PROVIDER).build(pwd); PKCS12SafeBagBuilder keySafeBagBuilder = new JcaPKCS12SafeBagBuilder(key, oKeyEncryptor); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); pfxPduBuilder.addData(keySafeBagBuilder.build()); OutputEncryptor oCertEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd40BitRC2_CBC) .setProvider(JCE_PROVIDER).build(pwd); pfxPduBuilder.addEncryptedData(oCertEncryptor, certSafeBags); // PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new JcePKCS12MacCalculatorBuilder(idSHA1), pwd); BcPKCS12MacCalculatorBuilder builder = new BcPKCS12MacCalculatorBuilder(new SHA1Digest(), new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE)); PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(builder, pwd); ostream.write(pfxPdu.getEncoded(ASN1Encoding.DER)); ostream.close(); }
From source file:ee.ria.xroad.common.request.ManagementRequestHandler.java
private static boolean verifySignature(X509Certificate cert, byte[] signatureData, String signatureAlgorithmId, byte[] dataToVerify) throws Exception { try {//ww w .j ava 2 s . c o m Signature signature = Signature.getInstance(signatureAlgorithmId, "BC"); signature.initVerify(cert.getPublicKey()); signature.update(dataToVerify); return signature.verify(signatureData); } catch (Exception e) { log.error("Failed to verify signature", e); throw translateException(e); } }
From source file:net.unicon.cas.support.wsfederation.WsFederationUtils.java
/** * getSigningCredential loads up an X509Credential from a file. * * @param resource the signing certificate file * @return an X509 credential/*from w ww . j ava 2 s.c om*/ */ public static X509Credential getSigningCredential(final Resource resource) { try (final InputStream inputStream = resource.getInputStream()) { //grab the certificate file final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); final X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(inputStream); //get the public key from the certificate final X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec( certificate.getPublicKey().getEncoded()); //generate public key to validate signatures final KeyFactory keyFactory = KeyFactory.getInstance("RSA"); final PublicKey publicKey = keyFactory.generatePublic(publicKeySpec); //add the public key final BasicX509Credential publicCredential = new BasicX509Credential(); publicCredential.setPublicKey(publicKey); LOGGER.debug("getSigningCredential: key retrieved."); return publicCredential; } catch (final Exception ex) { LOGGER.error("I/O error retrieving the signing cert: {}", ex); return null; } }