List of usage examples for java.security.cert X509Certificate getPublicKey
public abstract PublicKey getPublicKey();
From source file:com.archivas.clienttools.arcutils.utils.net.SSLCertChain.java
public String getPublicKeyAlgorithm() { X509Certificate cert = getCertificateList().get(0); return cert.getPublicKey().getAlgorithm(); }
From source file:org.appverse.web.framework.backend.frontfacade.rest.authentication.JWSAuthenticationProvider.java
/** * Tries to load the client certificate on initialization * @throws Exception/*from w w w . j a va2s . com*/ */ @Override public void afterPropertiesSet() throws Exception { if (this.certService == null) { logger.error("Invalid configuration: CertService"); throw new BeanCreationException("Invalid configuration, CertService not found"); } if (certificatePath == null) { logger.error("Invalid configuration: certificate Path not found"); throw new BeanCreationException("Invalid configuration, certificatePath not found"); } try { X509Certificate cert = certService.getCertificateFromInput(certificatePath.getInputStream()); cn = certService.getName(cert); PublicKey publicKey = cert.getPublicKey(); verifier = new RSASSAVerifier((RSAPublicKey) publicKey); verifier.setProvider(new BouncyCastleProvider()); } catch (Exception exc) { logger.error("Couldn't instantiate X.509 certificate", exc); throw new BeanCreationException("Invalid configuration, certificatePath not found", exc); } }
From source file:be.fedict.commons.eid.consumer.BeIDIntegrity.java
/** * Verifies an authentication signature. * /*w w w . jav a2 s . c o m*/ * @param toBeSigned * @param signatureValue * @param authnCertificate * @return */ public boolean verifyAuthnSignature(final byte[] toBeSigned, final byte[] signatureValue, final X509Certificate authnCertificate) { final PublicKey publicKey = authnCertificate.getPublicKey(); boolean result; try { result = this.verifySignature(signatureValue, publicKey, toBeSigned); } catch (final InvalidKeyException ikex) { LOG.warn("invalid key: " + ikex.getMessage(), ikex); return false; } catch (final NoSuchAlgorithmException nsaex) { LOG.warn("no such algo: " + nsaex.getMessage(), nsaex); return false; } catch (final SignatureException sigex) { LOG.warn("signature error: " + sigex.getMessage(), sigex); return false; } return result; }
From source file:com.archivas.clienttools.arcutils.utils.net.SSLCertChain.java
public String getPublicKeyString() { X509Certificate cert = getCertificateList().get(0); return byteArrayToColonSeparatedHexString(cert.getPublicKey().getEncoded(), ":"); }
From source file:mitm.common.security.crl.CRLLocator.java
private boolean acceptCRL(X509Certificate issuer, X509CRL crl) throws NoSuchProviderException { boolean accept = false; try {//from w w w. j a v a 2 s . c o m /* * make sure the CRL is signed by the issuer. */ crl.verify(issuer.getPublicKey(), securityFactory.getNonSensitiveProvider()); accept = true; } catch (InvalidKeyException e) { logger.error("CRL could not be verified.", e); accept = false; } catch (CRLException e) { logger.error("CRL could not be verified.", e); accept = false; } catch (NoSuchAlgorithmException e) { logger.error("CRL could not be verified.", e); accept = false; } catch (SignatureException e) { /* * This can happen if a CRL is found that is not issued by the issuer. The CRL * is found because the subject is equal to the issuer but it is not really * issued by the issuer. Can happen for example if you have multiple CAs with * the same subject */ if (logger.isDebugEnabled()) { logger.error("CRL could not be verified. Hash not correct", e); } else { logger.error("CRL could not be verified. Hash not correct. Message: " + ExceptionUtils.getRootCauseMessage(e)); } accept = false; } return accept; }
From source file:be.fedict.commons.eid.consumer.BeIDIntegrity.java
/** * Gives back a parsed identity file after integrity verification including * the eID photo.//from w ww .j av a 2 s . c om * * @param identityFile * @param identitySignatureFile * @param photo * @param rrnCertificate * @return * @throws NoSuchAlgorithmException */ public Identity getVerifiedIdentity(final byte[] identityFile, final byte[] identitySignatureFile, final byte[] photo, final X509Certificate rrnCertificate) throws NoSuchAlgorithmException { final PublicKey publicKey = rrnCertificate.getPublicKey(); boolean result; try { result = verifySignature(rrnCertificate.getSigAlgName(), identitySignatureFile, publicKey, identityFile); } catch (final Exception ex) { throw new SecurityException("identity signature verification error: " + ex.getMessage(), ex); } if (false == result) { throw new SecurityException("signature integrity error"); } final Identity identity = TlvParser.parse(identityFile, Identity.class); if (null != photo) { final byte[] expectedPhotoDigest = identity.getPhotoDigest(); final byte[] actualPhotoDigest = digest(getDigestAlgo(expectedPhotoDigest.length), photo); if (false == Arrays.equals(expectedPhotoDigest, actualPhotoDigest)) { throw new SecurityException("photo digest mismatch"); } } return identity; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
public static PKCS10CertificationRequest generateCertificateRequest(X509Certificate cert, PrivateKey signingKey) throws Exception { ASN1EncodableVector attributes = new ASN1EncodableVector(); Set<String> nonCriticalExtensionOIDs = cert.getNonCriticalExtensionOIDs(); for (String nceoid : nonCriticalExtensionOIDs) { byte[] derBytes = cert.getExtensionValue(nceoid); ByteArrayInputStream bis = new ByteArrayInputStream(derBytes); ASN1InputStream dis = new ASN1InputStream(bis); try {/*from w w w .jav a2 s.c om*/ DERObject derObject = dis.readObject(); DERSet value = new DERSet(derObject); Attribute attr = new Attribute(new DERObjectIdentifier(nceoid), value); attributes.add(attr); } finally { IOUtils.closeQuietly(dis); } } PKCS10CertificationRequest certificationRequest = new PKCS10CertificationRequest(getSignatureAlgorithm(), cert.getSubjectX500Principal(), cert.getPublicKey(), new DERSet(attributes), signingKey); return certificationRequest; }
From source file:be.fedict.commons.eid.consumer.BeIDIntegrity.java
/** * Gives back a parsed address file after integrity verification. * //from ww w .j av a 2s . c o m * @param addressFile * @param identitySignatureFile * @param addressSignatureFile * @param rrnCertificate * @return */ public Address getVerifiedAddress(final byte[] addressFile, final byte[] identitySignatureFile, final byte[] addressSignatureFile, final X509Certificate rrnCertificate) { final byte[] trimmedAddressFile = trimRight(addressFile); final PublicKey publicKey = rrnCertificate.getPublicKey(); boolean result; try { result = verifySignature(rrnCertificate.getSigAlgName(), addressSignatureFile, publicKey, trimmedAddressFile, identitySignatureFile); } catch (final Exception ex) { throw new SecurityException("address signature verification error: " + ex.getMessage(), ex); } if (false == result) { throw new SecurityException("address integrity error"); } final Address address = TlvParser.parse(addressFile, Address.class); return address; }
From source file:com.torresbueno.RSAEncryptionDecryptionUtil.java
/** * Get a public key from a certificate.//from w w w. j av a2 s .c o m * @param certPath * @return * @throws Exception */ public PublicKey readPublicKeyFromCertificate(String certPath) throws Exception { FileInputStream fin = new FileInputStream(certPath); CertificateFactory f = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) f.generateCertificate(fin); return certificate.getPublicKey(); }
From source file:ddf.security.samlp.SimpleSign.java
private String getSignatureAlgorithmURI(X509Certificate certificate) { String sigAlgoUri = ("DSA".equalsIgnoreCase(certificate.getPublicKey().getAlgorithm())) ? DSA_ALGO_URI : RSA_ALGO_URI;/*w w w. j a v a 2 s . c o m*/ LOGGER.debug("Using Signature algorithm {}", sigAlgoUri); return sigAlgoUri; }