List of usage examples for java.security.cert X509Certificate getSubjectX500Principal
public X500Principal getSubjectX500Principal()
From source file:be.fedict.eid.dss.model.bean.TrustServiceRevocationDataService.java
public RevocationData getRevocationData(List<X509Certificate> certificateChain) { LOG.debug("retrieving revocation data for: " + certificateChain.get(0).getSubjectX500Principal()); for (X509Certificate xCert : certificateChain) { LOG.debug("Cert chain: " + xCert.getSubjectX500Principal()); }//from ww w . j ava2s .co m try { this.xkms2Client.validate(this.trustDomain, certificateChain, true); } catch (ValidationFailedException e) { throw new TrustCertificateSecurityException(); } catch (Exception e) { throw new RuntimeException("error validating signing certificate chain: " + e.getMessage(), e); } RevocationValuesType revocationValues = this.xkms2Client.getRevocationValues(); RevocationData revocationData = new RevocationData(); CRLValuesType crlValues = revocationValues.getCRLValues(); if (null != crlValues) { List<EncapsulatedPKIDataType> encapsulatedCRLValueList = crlValues.getEncapsulatedCRLValue(); for (EncapsulatedPKIDataType encapsulatedCRLValue : encapsulatedCRLValueList) { byte[] crl = encapsulatedCRLValue.getValue(); revocationData.addCRL(crl); } } OCSPValuesType ocspValues = revocationValues.getOCSPValues(); if (null != ocspValues) { List<EncapsulatedPKIDataType> encapsulatedOCSPValueList = ocspValues.getEncapsulatedOCSPValue(); for (EncapsulatedPKIDataType encapsulatedOCSPValue : encapsulatedOCSPValueList) { byte[] ocsp = encapsulatedOCSPValue.getValue(); revocationData.addOCSP(ocsp); } } return revocationData; }
From source file:fi.laverca.Pkcs1.java
/** * Get the signer CN. //from w w w . j a va2s.c o m * <p>Equivalent to calling getSignerCert and * then parsing out the CN from the certificate's Subject field. * @return Signer's CN or null if there's a problem. */ public String getSignerCn() { try { X509Certificate signerCert = this.getSignerCert(); String dn = signerCert.getSubjectX500Principal().getName(); String cn = null; try { LdapName ldapDn = new LdapName(dn); List<Rdn> rdns = ldapDn.getRdns(); for (Rdn r : rdns) { if ("CN".equals(r.getType())) { cn = r.getValue().toString(); } } } catch (InvalidNameException e) { log.warn("Invalid name", e); } return cn; } catch (Throwable t) { log.error("Failed to get Signer cert " + t.getMessage()); return null; } }
From source file:test.unit.be.fedict.eid.tsl.WeSignTest.java
@Test public void testLoadWeSignTSL() throws Exception { // setup//from w w w . j a v a 2s .c om Document tslDocument = TrustTestUtils.loadDocumentFromResource("WESIGN_TSL_ID001.xml"); // operate TrustServiceList trustServiceList = TrustServiceListFactory.newInstance(tslDocument); // verify assertNotNull(trustServiceList); LOG.debug("scheme name: " + trustServiceList.getSchemeName()); assertEquals("WP3 - TSL TEST SCHEME", trustServiceList.getSchemeName()); List<TrustServiceProvider> trustServiceProviders = trustServiceList.getTrustServiceProviders(); for (TrustServiceProvider trustServiceProvider : trustServiceProviders) { LOG.debug("\tTSP name: " + trustServiceProvider.getName()); if (false == "Certipost NV - E-Trust, Citizen CA, Foreigner CA" .equals(trustServiceProvider.getName())) { continue; } List<TrustService> trustServices = trustServiceProvider.getTrustServices(); for (TrustService trustService : trustServices) { LOG.debug("\t\tTS name: " + trustService.getName()); X509Certificate caCertificate = trustService.getServiceDigitalIdentity(); LOG.debug("\t\tCA Subject: " + caCertificate.getSubjectX500Principal()); LOG.debug("\t\tCA Issuer: " + caCertificate.getIssuerX500Principal()); } } }
From source file:org.casbah.provider.openssl.OpenSslCAProviderTest.java
@Test public void testGetCACertificate() throws CAProviderException { OpenSslCAProvider provider = new OpenSslCAProvider(OPENSSL, new File(targetDir, CAROOT), PASSWORD); Certificate caCert = provider.getCACertificate(); assertNotNull("Checking ca cert is not null", caCert); assertTrue("Checking certificate is an X.509 one", caCert instanceof X509Certificate); X509Certificate xcc = (X509Certificate) caCert; System.out.println(xcc.getSubjectX500Principal().getName()); System.out.println(xcc.getIssuerX500Principal().getName()); }
From source file:be.fedict.trust.service.dao.bean.AdministratorDAOBean.java
/** * {@inheritDoc}// w ww. j ava 2s . c o m */ public AdministratorEntity addAdmin(X509Certificate authnCertificate, boolean pending) { LOG.debug("add admin pending=" + pending); String name = authnCertificate.getSubjectX500Principal().toString(); AdministratorEntity admin = new AdministratorEntity(getId(authnCertificate), name, pending); this.entityManager.persist(admin); return admin; }
From source file:cn.geowind.takeout.verify.CcopHttpClient.java
/** * SSL/*from w w w . j av a2s . c om*/ * * @param hostname * ??IP?? * @param protocol * ????TLS-?? * @param port * ?? * @param scheme * ???? * @return HttpClient * @throws NoSuchAlgorithmException * @throws KeyManagementException */ public DefaultHttpClient registerSSL(String hostname, String protocol, int port, String scheme) throws NoSuchAlgorithmException, KeyManagementException { // HttpClient DefaultHttpClient httpclient = new DefaultHttpClient(); // SSL SSLContext ctx = SSLContext.getInstance(protocol); // ??? X509TrustManager tm = new X509TrustManager() { /** * CA?? */ public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } /** * ??? * * @param chain * ? * @param authType * ???authTypeRSA */ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (chain == null || chain.length == 0) throw new IllegalArgumentException("null or zero-length certificate chain"); if (authType == null || authType.length() == 0) throw new IllegalArgumentException("null or zero-length authentication type"); boolean br = false; Principal principal = null; for (X509Certificate x509Certificate : chain) { principal = x509Certificate.getSubjectX500Principal(); if (principal != null) { br = true; return; } } if (!br) { throw new CertificateException("????"); } } /** * ?? */ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } }; // ?SSL ctx.init(null, new TrustManager[] { tm }, new java.security.SecureRandom()); // SSL SSLSocketFactory socketFactory = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme sch = new Scheme(scheme, port, socketFactory); // SSL httpclient.getConnectionManager().getSchemeRegistry().register(sch); return httpclient; }
From source file:be.fedict.trust.crl.OfflineCrlRepository.java
/** * {@inheritDoc}/* ww w . j a v a 2 s . c om*/ */ public X509CRL findCrl(URI crlUri, X509Certificate issuerCertificate, Date validationDate) { for (X509CRL crl : this.crls) { if (crl.getIssuerX500Principal().equals(issuerCertificate.getSubjectX500Principal())) { LOG.debug("CRL found for issuer " + issuerCertificate.getSubjectX500Principal().toString()); return crl; } } LOG.debug("CRL not found for issuer " + issuerCertificate.getSubjectX500Principal().toString()); return null; }
From source file:com.tmount.business.cloopen.util.CcopHttpClient.java
/** * SSL/*ww w .ja v a2 s . c om*/ * @param hostname ??IP?? * @param protocol ????TLS-?? * @param port ?? * @param scheme ???? * @return HttpClient * @throws NoSuchAlgorithmException * @throws KeyManagementException */ public DefaultHttpClient registerSSL(String hostname, String protocol, int port, String scheme) throws NoSuchAlgorithmException, KeyManagementException { //HttpClient DefaultHttpClient httpclient = new DefaultHttpClient(); //SSL SSLContext ctx = SSLContext.getInstance(protocol); //??? X509TrustManager tm = new X509TrustManager() { /** * ?? */ @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws java.security.cert.CertificateException { //? ? } /** * ??? * @param chain ? * @param authType ???authTypeRSA */ @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws java.security.cert.CertificateException { if (chain == null || chain.length == 0) throw new IllegalArgumentException("null or zero-length certificate chain"); if (authType == null || authType.length() == 0) throw new IllegalArgumentException("null or zero-length authentication type"); boolean br = false; Principal principal = null; for (X509Certificate x509Certificate : chain) { principal = x509Certificate.getSubjectX500Principal(); if (principal != null) { br = true; return; } } if (!br) { throw new CertificateException("????"); } } /** * CA?? */ @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }; //?SSL ctx.init(null, new TrustManager[] { tm }, new java.security.SecureRandom()); //SSL SSLSocketFactory socketFactory = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme sch = new Scheme(scheme, port, socketFactory); //SSL httpclient.getConnectionManager().getSchemeRegistry().register(sch); return httpclient; }
From source file:io.kubernetes.client.util.SSLUtils.java
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase, String keyStoreFile, char[] keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {/*from w w w.jav a 2s. co m*/ CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); byte[] keyBytes = decodePem(keyInputStream); PrivateKey privateKey; KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo); try { // First let's try PKCS8 privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } catch (InvalidKeySpecException e) { // Otherwise try PKCS8 RSAPrivateCrtKeySpec keySpec = decodePKCS1(keyBytes); privateKey = keyFactory.generatePrivate(keySpec); } KeyStore keyStore = KeyStore.getInstance("JKS"); if (keyStoreFile != null && keyStoreFile.length() > 0) { keyStore.load(new FileInputStream(keyStoreFile), keyStorePassphrase); } else { loadDefaultKeyStoreFile(keyStore, keyStorePassphrase); } String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[] { cert }); return keyStore; }
From source file:nextflow.k8s.client.SSLUtils.java
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase, String keyStoreFile, char[] keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {// w w w .ja v a 2s . c om CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); byte[] keyBytes = decodePem(keyInputStream); PrivateKey privateKey; KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo); try { // First let's try PKCS8 privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } catch (InvalidKeySpecException e) { // Otherwise try PKCS1 RSAPrivateCrtKeySpec keySpec = decodePKCS1(keyBytes); privateKey = keyFactory.generatePrivate(keySpec); } KeyStore keyStore = KeyStore.getInstance("JKS"); if (keyStoreFile != null && keyStoreFile.length() > 0) { keyStore.load(new FileInputStream(keyStoreFile), keyStorePassphrase); } else { loadDefaultKeyStoreFile(keyStore, keyStorePassphrase); } String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[] { cert }); return keyStore; }