Example usage for java.security.cert X509Certificate getSubjectDN

List of usage examples for java.security.cert X509Certificate getSubjectDN

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. X509Certificate
  6. getSubjectDN

Introduction

In this page you can find the example usage for java.security.cert X509Certificate getSubjectDN.

Prototype

public abstract Principal getSubjectDN();

Source Link

Document

Denigrated, replaced by #getSubjectX500Principal() .

Usage

From source file:com.thoughtworks.go.security.SelfSignedCertificateX509TrustManager.java

/**
 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
 *//*  w  ww. j  av a 2  s .c o m*/
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
    if (LOG.isDebugEnabled() && certificates != null) {
        for (int c = 0; c < certificates.length; c++) {
            X509Certificate cert = certificates[c];
            LOG.info(" Server certificate " + (c + 1) + ":");
            LOG.info("  Subject DN: " + cert.getSubjectDN());
            LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
            LOG.info("  Valid from: " + cert.getNotBefore());
            LOG.info("  Valid until: " + cert.getNotAfter());
            LOG.info("  Issuer: " + cert.getIssuerDN());
        }
    }

    try {
        if ((certificates != null) && (certificates.length == 1) && !truststore.containsAlias(CRUISE_SERVER)) {
            certificates[0].checkValidity();
            updateKeystore(CRUISE_SERVER, certificates[0]);
        } else {
            defaultTrustManager.checkServerTrusted(certificates, authType);
        }
    } catch (KeyStoreException ke) {
        throw new RuntimeException("Couldn't access keystore while checking server's certificate", ke);
    }
}

From source file:br.gov.serpro.cert.AuthSSLX509TrustManager.java

/**
 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
 *///ww  w . jav a2 s. co m
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
    if (LOG.isInfoEnabled() && certificates != null) {
        for (int c = 0; c < certificates.length; c++) {
            X509Certificate cert = certificates[c];
            LOG.info(" Server certificate " + (c + 1) + ":");
            LOG.info("  Subject DN: " + cert.getSubjectDN());
            LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
            LOG.info("  Valid from: " + cert.getNotBefore());
            LOG.info("  Valid until: " + cert.getNotAfter());
            LOG.info("  Issuer: " + cert.getIssuerDN());
        }
    }
    // TODO: Implementar uma caixa de dilogo que pergunta para o usurio se ele quer aceitar o certificado do site
    // Implementado com try/catch usando JOptionPanel

    try {
        defaultTrustManager.checkServerTrusted(certificates, authType);
    } catch (CertificateException e) {
        //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"};
        Object[] options = { "Aceitar Certificado", "Cancelar" };
        switch (JOptionPane.showOptionDialog(null,
                "Falha na validao do seguinte certificado:\n"
                        + certificates[0].getSubjectX500Principal().getName(),
                "\nO que voc quer fazer?", JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null,
                options, options[0])) {
        case 2:
            // Rejeita certificado!
            throw e;
        case 1:
            // Aceita certificado permanentemente
            // TODO: Adicionar cdigo para inserir o certificado como um certificado confivel
            break;
        // Aceita certificado para esta sesso

        }
    }
}

From source file:com.mgmtp.perfload.core.client.web.ssl.LtSSLSocketFactory.java

private void logCertificate(final X509Certificate cert) {
    log.debug("  Subject DN: {}", cert.getSubjectDN());
    log.debug("  Signature algorithm name: {}", cert.getSigAlgName());
    log.debug("  Valid from: {}", cert.getNotBefore());
    log.debug("  Valid until: {}", cert.getNotAfter());
    log.debug("  Issuer DN: {}", cert.getIssuerDN());
}

From source file:org.openremote.controller.rest.FindCertificateByID.java

protected String getChain(String username) throws Exception {
    username = URLDecoder.decode(username, "UTF-8");
    String rootCAPath = configurationService.getItem("ca_path");
    String keystore = rootCAPath + "/server.jks";

    StringBuffer sb = new StringBuffer();
    sb.append(Constants.STATUS_XML_HEADER);

    sb.append("\n<chain>\n<server>\n");

    try {/*from  w  ww .j a  v  a2  s  .co m*/
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new FileInputStream(keystore), "password".toCharArray());
        Certificate certificate = ks.getCertificate(CA_ALIAS);
        sb.append(new String(Base64.encodeBase64(certificate.getEncoded())));
    } catch (KeyStoreException e) {
        logger.error(e.getMessage());
    } catch (NoSuchAlgorithmException e) {
        logger.error(e.getMessage());
    } catch (CertificateException e) {
        logger.error(e.getMessage());
    }

    sb.append("</server>\n<client>\n");

    try {
        Certificate certificate = clientService.getClientCertificate(username);
        if (certificate != null) {
            // Check client certificate
            //if(clientService.(dn, datum)
            X509Certificate x509cert = (X509Certificate) certificate;
            Principal dname = x509cert.getSubjectDN();
            Date notAfterDate = x509cert.getNotAfter();

            if (clientService.isClientValid(dname.toString())) {
                if (clientService.isClientDateValid(notAfterDate)) {
                    sb.append(new String(Base64.encodeBase64(certificate.getEncoded())));
                } else {
                    throw new Exception(ERROR_DATE_EXPIRED);
                }
            } else {
                throw new Exception(ERROR_INVALID_DN);
            }
        } else {
            logger.error("Client certificate is not found/null.");
        }
    } catch (CertificateEncodingException e) {
        logger.error(e.getMessage());
    }

    sb.append("</client>\n</chain>");
    sb.append(Constants.STATUS_XML_TAIL);

    return sb.toString();
}

From source file:org.security4java.X509SubjectDnRetriever.java

/**
 * @param clientCert//from ww w  . jav  a 2  s. c om
 * @return the whole SubjectSN of the X509Certificate
 */
protected String getSubjectDN(X509Certificate clientCert) {
    String subject = null;
    if (clientCert != null) {
        if ((clientCert.getSubjectDN() != null) && (clientCert.getSubjectDN().getName() != null)) {
            subject = clientCert.getSubjectDN().getName();
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Can not getSubjectDN, SubjectDN is null");
            }
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug("Can not getSubjectDN, clientCert is null");
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("getSubjectDN(X509Certificate) - end; Ret is [" + subject + "].");
    }
    return subject;

}

From source file:org.ejbca.core.protocol.certificatestore.CacheTester.java

public void run() {
    for (int i = 0; i < 1000; i++) {
        X509Certificate cert = cache.findLatestBySubjectDN(HashID.getFromDNString(dn));
        // The cache tests will not return any CV Certificates because this OCSP cache 
        // only handles X.509 Certificates.
        if (!StringUtils.contains(dn, "CVCTest")) {
            cert.getSubjectDN(); // just to see that we did receive a cert, will throw NPE if no cert was returned            
        }//from w ww  .  j a  v  a2s . c om
    }
}

From source file:org.apache.nifi.web.security.x509.X509AuthenticationProviderTest.java

private X509Certificate getX509Certificate(final String identity) {
    final X509Certificate certificate = mock(X509Certificate.class);
    when(certificate.getSubjectDN()).then(invocation -> {
        final Principal principal = mock(Principal.class);
        when(principal.getName()).thenReturn(identity);
        return principal;
    });/*from  w  ww.ja  v a 2  s .com*/
    return certificate;
}

From source file:psiprobe.controllers.certificates.ListCertificatesController.java

/**
 * Adds the to store.//from w w w.  ja  v  a2  s.  co  m
 *
 * @param certs the certs
 * @param alias the alias
 * @param x509Cert the x509 cert
 */
private void addToStore(List<Cert> certs, String alias, X509Certificate x509Cert) {
    Cert cert = new Cert();

    cert.setAlias(alias);
    cert.setSubjectDistinguishedName(x509Cert.getSubjectDN().toString());
    cert.setNotBefore(x509Cert.getNotBefore());
    cert.setNotAfter(x509Cert.getNotAfter());
    cert.setIssuerDistinguishedName(x509Cert.getIssuerDN().toString());

    certs.add(cert);
}

From source file:de.betterform.connector.http.ssl.BetterFORMKeyStoreManager.java

private X509KeyManager getCustomX509KeyManager(final URL url, final String password)
        throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException,
        UnrecoverableKeyException {
    KeyManagerFactory keyManagerFactory = KeyManagerFactory
            .getInstance(KeyManagerFactory.getDefaultAlgorithm());
    if (url == null) {
        throw new IllegalArgumentException("BetterFORMKeyStoreManager: Keystore url may not be null");
    }/*from  w  ww  . java  2 s .  c om*/

    LOGGER.debug("BetterFORMKeyStoreManager: initializing custom key store");
    KeyStore customKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
    InputStream is = null;
    try {
        is = url.openStream();
        customKeystore.load(is, password != null ? password.toCharArray() : null);
    } finally {
        if (is != null)
            is.close();
    }

    if (LOGGER.isTraceEnabled()) {
        Enumeration aliases = customKeystore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = (String) aliases.nextElement();
            LOGGER.trace("Trusted certificate '" + alias + "':");
            Certificate trustedcert = customKeystore.getCertificate(alias);
            if (trustedcert != null && trustedcert instanceof X509Certificate) {
                X509Certificate cert = (X509Certificate) trustedcert;
                LOGGER.trace("  Subject DN: " + cert.getSubjectDN());
                LOGGER.trace("  Signature Algorithm: " + cert.getSigAlgName());
                LOGGER.trace("  Valid from: " + cert.getNotBefore());
                LOGGER.trace("  Valid until: " + cert.getNotAfter());
                LOGGER.trace("  Issuer: " + cert.getIssuerDN());
            }
        }
    }
    keyManagerFactory.init(customKeystore, password.toCharArray());

    KeyManager[] customX509KeyManagers = keyManagerFactory.getKeyManagers();
    if (customX509KeyManagers != null && customX509KeyManagers.length > 0) {
        for (int i = 0; i < customX509KeyManagers.length; i++) {
            if (customX509KeyManagers[i] instanceof X509KeyManager) {
                return (X509KeyManager) customX509KeyManagers[i];
            }
        }
    }

    return null;
}

From source file:org.apache.cxf.ws.security.sts.provider.token.Saml2TokenProvider.java

private Subject createSubject(X509Certificate certificate) throws Exception {
    DefaultBootstrap.bootstrap();/*  w  w w.  j  a v  a 2s  .c  om*/
    NameID nameID = (new NameIDBuilder()).buildObject();
    nameID.setValue(certificate.getSubjectDN().getName());
    String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
    if (format != null) {
        nameID.setFormat(format);
    }
    Subject subject = (new SubjectBuilder()).buildObject();
    subject.setNameID(nameID);
    SubjectConfirmation confirmation = (new SubjectConfirmationBuilder()).buildObject();
    confirmation.setMethod(SubjectConfirmation.METHOD_HOLDER_OF_KEY);
    KeyInfoConfirmationDataType keyInfoDataType = new KeyInfoConfirmationDataTypeBuilder().buildObject();
    BasicX509Credential keyInfoCredential = new BasicX509Credential();
    keyInfoCredential.setEntityCertificate(certificate);
    keyInfoCredential.setPublicKey(certificate.getPublicKey());
    BasicKeyInfoGeneratorFactory kiFactory = new BasicKeyInfoGeneratorFactory();
    kiFactory.setEmitPublicKeyValue(true);
    KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
    keyInfoDataType.getKeyInfos().add(keyInfo);
    subject.getSubjectConfirmations().add(confirmation);
    subject.getSubjectConfirmations().get(0).setSubjectConfirmationData(keyInfoDataType);
    return subject;
}