List of usage examples for java.security.cert X509Certificate getSubjectDN
public abstract Principal getSubjectDN();
From source file:com.thoughtworks.go.security.AuthSSLX509TrustManagerFactory.java
private void logKeyStore(KeyStore store) throws KeyStoreException { Enumeration aliases = store.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); LOG.debug("Trusted certificate '" + alias + "':"); Certificate trustedcert = store.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) trustedcert; LOG.trace(" Subject DN: " + cert.getSubjectDN()); LOG.trace(" Signature Algorithm: " + cert.getSigAlgName()); LOG.trace(" Valid from: " + cert.getNotBefore()); LOG.trace(" Valid until: " + cert.getNotAfter()); LOG.trace(" Issuer: " + cert.getIssuerDN()); }// www . j a v a 2 s .c om } }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator.java
public static void extractCertificateDetails(byte[] certificateBytes, CertificateResponse certificateResponse) throws CertificateManagementDAOException { try {//from w ww. jav a 2s. c om if (certificateBytes != null) { java.security.cert.Certificate x509Certificate = (java.security.cert.Certificate) Serializer .deserialize(certificateBytes); if (x509Certificate instanceof X509Certificate) { X509Certificate certificate = (X509Certificate) x509Certificate; certificateResponse.setNotAfter(certificate.getNotAfter().getTime()); certificateResponse.setNotBefore(certificate.getNotBefore().getTime()); certificateResponse.setCertificateserial(certificate.getSerialNumber()); certificateResponse.setIssuer(certificate.getIssuerDN().getName()); certificateResponse.setSubject(certificate.getSubjectDN().getName()); certificateResponse.setCertificateVersion(certificate.getVersion()); } } } catch (ClassNotFoundException | IOException e) { String errorMsg = "Error while during deserialization of the certificate."; throw new CertificateManagementDAOException(errorMsg, e); } }
From source file:org.acegisecurity.providers.x509.cache.EhCacheBasedX509UserCache.java
public void removeUserFromCache(X509Certificate userCert) { if (logger.isDebugEnabled()) { logger.debug("Cache remove: " + userCert.getSubjectDN()); }/*from ww w . j a va 2 s. c o m*/ cache.remove(userCert); }
From source file:org.springframework.security.saml.trust.UntrustedCertificateException.java
@Override public String getMessage() { StringBuilder sb = new StringBuilder(150); sb.append(super.getMessage()); if (x509Certificates != null && x509Certificates.length > 0) { sb.append(/*from w w w .j a v a2 s . c o m*/ "\n\nFollow certificates (in PEM format) presented by the peer. Content between being/end certificate (including) can be stored in a file and imported using keytool, e.g. 'keytool -importcert -file cert.cer -alias certAlias -keystore keystore.jks'). Make sure the presented certificates are issued by your trusted CA before adding them to the keystore.\n\n"); for (X509Certificate cert : x509Certificates) { sb.append("Subject: ").append(cert.getSubjectDN()).append("\n"); sb.append("Serial number: ").append(cert.getSerialNumber()).append("\n"); appendThumbPrint(cert, sb); sb.append("\n"); appendCertificate(cert, sb); sb.append("\n"); } } return sb.toString(); }
From source file:org.springframework.ws.soap.security.x509.populator.DaoX509AuthoritiesPopulator.java
public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException { String subjectDN = clientCert.getSubjectDN().getName(); Matcher matcher = subjectDNPattern.matcher(subjectDN); if (!matcher.find()) { throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching", new Object[] { subjectDN }, "No matching pattern was found in subjectDN: {0}")); }// www. j a va 2 s . c o m if (matcher.groupCount() != 1) { throw new IllegalArgumentException("Regular expression must contain a single group "); } String userName = matcher.group(1); UserDetails user = this.userDetailsService.loadUserByUsername(userName); if (user == null) { throw new AuthenticationServiceException( "UserDetailsService returned null, which is an interface contract violation"); } return user; }
From source file:org.acegisecurity.providers.x509.populator.DaoX509AuthoritiesPopulator.java
public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException { String subjectDN = clientCert.getSubjectDN().getName(); PatternMatcher matcher = new Perl5Matcher(); if (!matcher.contains(subjectDN, subjectDNPattern)) { throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching", new Object[] { subjectDN }, "No matching pattern was found in subjectDN: {0}")); }/*w w w . jav a2 s .co m*/ MatchResult match = matcher.getMatch(); if (match.groups() != 2) { // 2 = 1 + the entire match throw new IllegalArgumentException("Regular expression must contain a single group "); } String userName = match.group(1); UserDetails user = this.userDetailsService.loadUserByUsername(userName); if (user == null) { throw new AuthenticationServiceException( "UserDetailsService returned null, which is an interface contract violation"); } return user; }
From source file:org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor.java
public Object extractPrincipal(X509Certificate clientCert) { // String subjectDN = clientCert.getSubjectX500Principal().getName(); String subjectDN = clientCert.getSubjectDN().getName(); logger.debug("Subject DN is '" + subjectDN + "'"); Matcher matcher = subjectDnPattern.matcher(subjectDN); if (!matcher.find()) { throw new BadCredentialsException(messages.getMessage("SubjectDnX509PrincipalExtractor.noMatching", new Object[] { subjectDN }, "No matching pattern was found in subject DN: {0}")); }//from www . ja v a 2 s . com if (matcher.groupCount() != 1) { throw new IllegalArgumentException("Regular expression must contain a single group "); } String username = matcher.group(1); logger.debug("Extracted Principal name is '" + username + "'"); return username; }
From source file:org.soasecurity.wso2.oauth2.x509.grant.X509GrantHandler.java
/** * TODO/*w ww. java 2 s .c o m*/ * * You need to implement how to validate the certificate * * @param certificate * @return */ protected String validCertificate(String certificate) { // just demo validation // retrieve the certificate object byte[] byteArray = Base64.decodeBase64(certificate); try { X509Certificate x509Certificate = new X509CertImpl(byteArray); Principal principal = x509Certificate.getSubjectDN(); String subjectDN = principal.getName(); if (subjectDN.contains("CN=soasecurity.org")) { // username related to the certificate return "asela"; } } catch (CertificateException e) { log.error(e); } return null; }
From source file:com.ab.http.AuthSSLX509TrustManager.java
/*** * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String * authType)//from www.java 2s .c o m */ public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; Log.i(TAG, " Client certificate " + (c + 1) + ":"); Log.i(TAG, " Subject DN: " + cert.getSubjectDN()); Log.i(TAG, " Signature Algorithm: " + cert.getSigAlgName()); Log.i(TAG, " Valid from: " + cert.getNotBefore()); Log.i(TAG, " Valid until: " + cert.getNotAfter()); Log.i(TAG, " Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkClientTrusted(certificates, authType); }
From source file:com.ab.http.AuthSSLX509TrustManager.java
/*** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String * authType)//from w w w. j ava 2 s . c o m */ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; Log.i(TAG, " Server certificate " + (c + 1) + ":"); Log.i(TAG, " Subject DN: " + cert.getSubjectDN()); Log.i(TAG, " Signature Algorithm: " + cert.getSigAlgName()); Log.i(TAG, " Valid from: " + cert.getNotBefore()); Log.i(TAG, " Valid until: " + cert.getNotAfter()); Log.i(TAG, " Issuer: " + cert.getIssuerDN()); } } defaultTrustManager.checkServerTrusted(certificates, authType); }