List of usage examples for java.security.cert X509Certificate getSigAlgName
public abstract String getSigAlgName();
From source file:br.gov.serpro.cert.AuthSSLX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) *//*from ww w. j av a 2s. co m*/ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isInfoEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } // TODO: Implementar uma caixa de dilogo que pergunta para o usurio se ele quer aceitar o certificado do site // Implementado com try/catch usando JOptionPanel try { defaultTrustManager.checkServerTrusted(certificates, authType); } catch (CertificateException e) { //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"}; Object[] options = { "Aceitar Certificado", "Cancelar" }; switch (JOptionPane.showOptionDialog(null, "Falha na validao do seguinte certificado:\n" + certificates[0].getSubjectX500Principal().getName(), "\nO que voc quer fazer?", JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null, options, options[0])) { case 2: // Rejeita certificado! throw e; case 1: // Aceita certificado permanentemente // TODO: Adicionar cdigo para inserir o certificado como um certificado confivel break; // Aceita certificado para esta sesso } } }
From source file:com.mgmtp.perfload.core.client.web.ssl.LtSSLSocketFactory.java
private void logCertificate(final X509Certificate cert) { log.debug(" Subject DN: {}", cert.getSubjectDN()); log.debug(" Signature algorithm name: {}", cert.getSigAlgName()); log.debug(" Valid from: {}", cert.getNotBefore()); log.debug(" Valid until: {}", cert.getNotAfter()); log.debug(" Issuer DN: {}", cert.getIssuerDN()); }
From source file:org.xdi.oxauth.model.crypto.OxAuthCryptoProvider.java
public SignatureAlgorithm getSignatureAlgorithm(String alias) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { Certificate[] chain = keyStore.getCertificateChain(alias); if ((chain == null) || chain.length == 0) { return null; }// www . ja va2s. c o m X509Certificate cert = (X509Certificate) chain[0]; String sighAlgName = cert.getSigAlgName(); for (SignatureAlgorithm sa : SignatureAlgorithm.values()) { if (StringHelper.equalsIgnoreCase(sighAlgName, sa.getAlgorithm())) { return sa; } } return null; }
From source file:de.betterform.connector.http.ssl.BetterFORMKeyStoreManager.java
private X509KeyManager getCustomX509KeyManager(final URL url, final String password) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException { KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); if (url == null) { throw new IllegalArgumentException("BetterFORMKeyStoreManager: Keystore url may not be null"); }//from w w w. j a v a 2 s . co m LOGGER.debug("BetterFORMKeyStoreManager: initializing custom key store"); KeyStore customKeystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream is = null; try { is = url.openStream(); customKeystore.load(is, password != null ? password.toCharArray() : null); } finally { if (is != null) is.close(); } if (LOGGER.isTraceEnabled()) { Enumeration aliases = customKeystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); LOGGER.trace("Trusted certificate '" + alias + "':"); Certificate trustedcert = customKeystore.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) trustedcert; LOGGER.trace(" Subject DN: " + cert.getSubjectDN()); LOGGER.trace(" Signature Algorithm: " + cert.getSigAlgName()); LOGGER.trace(" Valid from: " + cert.getNotBefore()); LOGGER.trace(" Valid until: " + cert.getNotAfter()); LOGGER.trace(" Issuer: " + cert.getIssuerDN()); } } } keyManagerFactory.init(customKeystore, password.toCharArray()); KeyManager[] customX509KeyManagers = keyManagerFactory.getKeyManagers(); if (customX509KeyManagers != null && customX509KeyManagers.length > 0) { for (int i = 0; i < customX509KeyManagers.length; i++) { if (customX509KeyManagers[i] instanceof X509KeyManager) { return (X509KeyManager) customX509KeyManagers[i]; } } } return null; }
From source file:com.cordys.coe.util.cgc.ssl.AuthSSLX509TrustManager.java
/** * This method checks if the certificate can be trusted. If you do not want to accept the * certificate you need to throw an exception. * * @param certificates The certificates to check. * @param sAuthType The authentication type. * * @throws CertificateException In case the certificate should not be accepted. *//* www . j a v a 2 s. c om*/ public void checkClientTrusted(X509Certificate[] certificates, String sAuthType) throws CertificateException { if (m_xtmDefault != null) { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; if (LOG.isInfoEnabled()) { LOG.info(" Client certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } try { cert.checkValidity(); } catch (CertificateExpiredException e) { LOG.fatal("Client certificate " + cert.getSubjectDN() + " is expired."); } catch (CertificateNotYetValidException e) { LOG.fatal("Client certificate " + cert.getSubjectDN() + " is not yet valid."); } } } // Call the super to do the actual checking. m_xtmDefault.checkClientTrusted(certificates, sAuthType); } }
From source file:com.cordys.coe.util.cgc.ssl.AuthSSLX509TrustManager.java
/** * This method checks if the server certificate is trusted. * * @param certificates The list of certificates. * @param sAuthType The authentication type. * * @throws CertificateException DOCUMENTME *//* w w w . j ava 2 s .c om*/ public void checkServerTrusted(X509Certificate[] certificates, String sAuthType) throws CertificateException { if (m_xtmDefault != null) { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; if (LOG.isInfoEnabled()) { LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } try { cert.checkValidity(); } catch (CertificateExpiredException e) { LOG.fatal("Server certificate " + cert.getSubjectDN() + " is expired."); } catch (CertificateNotYetValidException e) { LOG.fatal("Server certificate " + cert.getSubjectDN() + " is not yet valid."); } } } // Call the super to do the actual checking. m_xtmDefault.checkServerTrusted(certificates, sAuthType); } }
From source file:hk.hku.cecid.ebms.admin.listener.PartnershipPageletAdaptor.java
private String getCertFingerPrint(X509Certificate cert) { try {/* w w w .j a va 2 s . co m*/ String mdAlg; if (cert.getSigAlgName().toUpperCase().startsWith("SHA")) { mdAlg = "SHA"; } else { mdAlg = "MD5"; } byte[] encCertInfo = cert.getEncoded(); MessageDigest md = MessageDigest.getInstance(mdAlg); byte[] digest = md.digest(encCertInfo); return toHexString(digest); } catch (Exception e) { return e.toString(); } }
From source file:be.fedict.commons.eid.consumer.BeIDIntegrity.java
/** * Gives back a parsed identity file after integrity verification including * the eID photo./*from www .j ava 2 s . co m*/ * * @param identityFile * @param identitySignatureFile * @param photo * @param rrnCertificate * @return * @throws NoSuchAlgorithmException */ public Identity getVerifiedIdentity(final byte[] identityFile, final byte[] identitySignatureFile, final byte[] photo, final X509Certificate rrnCertificate) throws NoSuchAlgorithmException { final PublicKey publicKey = rrnCertificate.getPublicKey(); boolean result; try { result = verifySignature(rrnCertificate.getSigAlgName(), identitySignatureFile, publicKey, identityFile); } catch (final Exception ex) { throw new SecurityException("identity signature verification error: " + ex.getMessage(), ex); } if (false == result) { throw new SecurityException("signature integrity error"); } final Identity identity = TlvParser.parse(identityFile, Identity.class); if (null != photo) { final byte[] expectedPhotoDigest = identity.getPhotoDigest(); final byte[] actualPhotoDigest = digest(getDigestAlgo(expectedPhotoDigest.length), photo); if (false == Arrays.equals(expectedPhotoDigest, actualPhotoDigest)) { throw new SecurityException("photo digest mismatch"); } } return identity; }
From source file:be.fedict.commons.eid.consumer.BeIDIntegrity.java
/** * Gives back a parsed address file after integrity verification. * /*from w w w . java2 s . co m*/ * @param addressFile * @param identitySignatureFile * @param addressSignatureFile * @param rrnCertificate * @return */ public Address getVerifiedAddress(final byte[] addressFile, final byte[] identitySignatureFile, final byte[] addressSignatureFile, final X509Certificate rrnCertificate) { final byte[] trimmedAddressFile = trimRight(addressFile); final PublicKey publicKey = rrnCertificate.getPublicKey(); boolean result; try { result = verifySignature(rrnCertificate.getSigAlgName(), addressSignatureFile, publicKey, trimmedAddressFile, identitySignatureFile); } catch (final Exception ex) { throw new SecurityException("address signature verification error: " + ex.getMessage(), ex); } if (false == result) { throw new SecurityException("address integrity error"); } final Address address = TlvParser.parse(addressFile, Address.class); return address; }
From source file:gov.nist.toolkit.soap.axis2.AuthSSLProtocolSocketFactory.java
private SSLContext createSSLContext() throws IOException { try {/*from w ww. j a v a 2 s.c o m*/ KeyManager[] keymanagers = null; TrustManager[] trustmanagers = null; if (this.keystoreUrl != null) { KeyStore keystore = createKeyStore(this.keystoreUrl, this.keystorePassword); if (LOG.isDebugEnabled()) { Enumeration aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); Certificate[] certs = keystore.getCertificateChain(alias); if (certs != null) { LOG.debug("Certificate chain '" + alias + "':"); for (int c = 0; c < certs.length; c++) { if (certs[c] instanceof X509Certificate) { X509Certificate cert = (X509Certificate) certs[c]; LOG.debug(" Certificate " + (c + 1) + ":"); LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } } } } keymanagers = createKeyManagers(keystore, this.keystorePassword); } if (this.truststoreUrl != null) { KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword); if (LOG.isDebugEnabled()) { Enumeration aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); LOG.debug("Trusted certificate '" + alias + "':"); Certificate trustedcert = keystore.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) trustedcert; LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } } trustmanagers = createTrustManagers(keystore); } SSLContext sslcontext = SSLContext.getInstance("SSL"); sslcontext.init(keymanagers, trustmanagers, null); return sslcontext; } catch (NoSuchAlgorithmException e) { LOG.error(e.getMessage(), e); throw new IOException("Unsupported algorithm exception: " + e.getMessage()); } catch (KeyStoreException e) { LOG.error(e.getMessage(), e); throw new IOException("Keystore exception: " + e.getMessage()); } catch (GeneralSecurityException e) { LOG.error(e.getMessage(), e); throw new IOException("Key management exception: " + e.getMessage()); } catch (IOException e) { LOG.error(e.getMessage(), e); throw new IOException("I/O error reading keystore/truststore file: " + e.getMessage()); } }