List of usage examples for java.security.cert X509Certificate getSubjectX500Principal
public X500Principal getSubjectX500Principal()
From source file:org.glite.security.voms.admin.persistence.dao.CertificateDAO.java
public Certificate find(X509Certificate cert) { assert cert != null : "Null certificate passed as argument!"; String subjectString = DNUtil.normalizeDN(DNUtil.getOpenSSLSubject(cert.getSubjectX500Principal())); String issuerString = DNUtil.normalizeDN(DNUtil.getOpenSSLSubject(cert.getIssuerX500Principal())); return lookup(subjectString, issuerString); }
From source file:be.fedict.trust.constraints.KeyUsageCertificateConstraint.java
public boolean check(X509Certificate certificate) { boolean[] keyUsage = certificate.getKeyUsage(); if (null == keyUsage) { LOG.debug("no key usage extension for certificate: " + certificate.getSubjectX500Principal()); return false; }/*from ww w.j a va2s .c om*/ for (int idx = 0; idx < this.mask.length; idx++) { Boolean flag = this.mask[idx]; if (null == flag) { continue; } if (false == flag) { if (keyUsage[idx]) { LOG.debug("should not have key usage: " + idx); return false; } } else { if (false == keyUsage[idx]) { LOG.debug("missing key usage: " + idx); return false; } } } LOG.debug("key usage checked"); return true; }
From source file:be.fedict.trust.service.dao.bean.CertificateAuthorityDAOBean.java
public CertificateAuthorityEntity addCertificateAuthority(X509Certificate certificate, String crlUrl) { LOG.debug("add CA: " + certificate.getSubjectX500Principal().toString()); CertificateAuthorityEntity certificateAuthority; try {/*from w w w . ja va 2 s.c o m*/ certificateAuthority = new CertificateAuthorityEntity(crlUrl, certificate); } catch (CertificateEncodingException e) { LOG.error("Certificate encoding exception: " + e.getMessage()); return null; } this.entityManager.persist(certificateAuthority); return certificateAuthority; }
From source file:it.cnr.icar.eric.client.ui.thin.RegistryBrowser.java
public static Principal getPrincipal() { Principal p = null;/*from w w w.j a v a 2 s. c o m*/ X509Certificate cert = getRequestCertificate(); // Get principal from the client certificate if (cert != null) { p = cert.getSubjectX500Principal(); } // If this isn't possible, get from context if (p == null) { p = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal(); } return p; }
From source file:org.apache.http.HC4.nio.conn.ssl.SSLIOSessionStrategy.java
protected void verifySession(final HttpHost host, final IOSession iosession, final SSLSession sslsession) throws SSLException { if (!this.hostnameVerifier.verify(host.getHostName(), sslsession)) { final Certificate[] certs = sslsession.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal x500Principal = x509.getSubjectX500Principal(); throw new SSLPeerUnverifiedException("Host name '" + host.getHostName() + "' does not match " + "the certificate subject provided by the peer (" + x500Principal.toString() + ")"); }/*from w w w .j a v a 2s . com*/ }
From source file:org.nimbustools.ctxbroker.security.CertificateAuthority.java
protected X509Certificate signNewCertificate(String cnString, PublicKey pubkey, Calendar expires) throws SignatureException, InvalidKeyException, CertificateException, IOException { this.setGenerator(this.getTargetDN(cnString), pubkey, expires.getTime()); X509Certificate x509 = this.certGen.generateX509Certificate(this.caPrivate); InputStream in = new ByteArrayInputStream(x509.getEncoded()); X509Certificate x509Cert = (X509Certificate) this.factory.generateCertificate(in); X500Principal subjectDN = x509Cert.getSubjectX500Principal(); String DN = subjectDN.getName(X500Principal.RFC2253); String globusDN = CertUtil.toGlobusID(DN, false); String msg = "Created new certificate with DN (RFC2253) = '" + DN + "' and Globus style DN = '" + globusDN + "'"; logger.trace(msg);/*from www . ja va 2 s . c o m*/ return x509Cert; }
From source file:test.unit.be.fedict.eid.tsl.FingerprintTest.java
@Test public void testNewCertipostCAs() throws Exception { X509Certificate caQS_VG = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - VG root signed.cer"); assertNotNull(caQS_VG);/*from ww w . ja v a 2 s.com*/ LOG.debug("CA subject: " + caQS_VG.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_VG.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_VG.getNotBefore()); LOG.debug("CA not after: " + caQS_VG.getNotAfter()); X509Certificate caQS_BCT = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - BCT root signed.cer"); assertNotNull(caQS_BCT); LOG.debug("CA subject: " + caQS_BCT.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_BCT.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_BCT.getNotBefore()); LOG.debug("CA not after: " + caQS_BCT.getNotAfter()); }
From source file:com.zotoh.crypto.CryptoUte.java
/** * @param cert// www .ja v a2 s . co m * @return */ public static Tuple getCertDesc(Certificate cert) { tstArgIsType("cert", cert, X509Certificate.class); X509Certificate x509 = (X509Certificate) cert; X500Principal issuer = x509.getIssuerX500Principal(); X500Principal subj = x509.getSubjectX500Principal(); Date vs = x509.getNotBefore(); Date ve = x509.getNotAfter(); return new Tuple(subj, issuer, vs, ve); }
From source file:org.globus.gsi.stores.ResourceSigningPolicyStoreTest.java
public void testGetSigningPolicyWithDNPrincipal() throws Exception { String sigPolPattern = caCertsLocation + "/*.signing_policy"; ResourceSigningPolicyStore sigPolStore = new ResourceSigningPolicyStore( new ResourceSigningPolicyStoreParameters(sigPolPattern)); String certPath1 = caCertsLocation + "/e5cc84c2.0"; X509Certificate crt1 = readCertificate(certPath1); Assert.assertNotNull("Unable to read certificate in " + certPath1, crt1); SigningPolicy signingPolicy = sigPolStore.getSigningPolicy(crt1.getSubjectX500Principal()); Assert.assertNotNull(signingPolicy); // According to https://github.com/jglobus/JGlobus/issues/102 the second attempt is failing. // Therefore we query twice. signingPolicy = sigPolStore.getSigningPolicy(crt1.getSubjectX500Principal()); Assert.assertNotNull(signingPolicy); }
From source file:test.unit.be.fedict.eid.dss.document.ooxml.OOXMLDSSDocumentServiceTest.java
@Test /*/*from w w w . ja va2s. co m*/ * Something wrong with the digest calculation of SigAndRefsTimeStamp of * Office2010. Fixed in Office2010 SP1. */ public void testVerifySignaturesOffice2011() throws Exception { // setup OOXMLDSSDocumentService testedInstance = new OOXMLDSSDocumentService(); byte[] document = IOUtils.toByteArray( OOXMLDSSDocumentServiceTest.class.getResourceAsStream("/Office2010-SP1-XAdES-X-L.docx")); DSSDocumentContext mockContext = EasyMock.createMock(DSSDocumentContext.class); Capture<List<X509Certificate>> certificateChainCapture = new Capture<List<X509Certificate>>(); Capture<Date> validationDateCapture = new Capture<Date>(); Capture<List<OCSPResp>> ocspResponsesCapture = new Capture<List<OCSPResp>>(); Capture<List<X509CRL>> crlsCapture = new Capture<List<X509CRL>>(); Capture<TimeStampToken> timeStampTokenCapture = new Capture<TimeStampToken>(); mockContext.validate(EasyMock.capture(certificateChainCapture), EasyMock.capture(validationDateCapture), EasyMock.capture(ocspResponsesCapture), EasyMock.capture(crlsCapture)); mockContext.validate(EasyMock.capture(timeStampTokenCapture)); mockContext.validate(EasyMock.capture(timeStampTokenCapture)); expect(mockContext.getTimestampMaxOffset()).andReturn(33 * 1000L); expect(mockContext.getMaxGracePeriod()).andReturn(1000L * 60 * 60 * 24 * 7); // prepare EasyMock.replay(mockContext); // operate testedInstance.init(mockContext, "mime-type"); List<SignatureInfo> signatureInfos = testedInstance.verifySignatures(document, null); // verify EasyMock.verify(mockContext); assertNotNull(signatureInfos); assertEquals(1, signatureInfos.size()); SignatureInfo signatureInfo = signatureInfos.get(0); assertNotNull(signatureInfo.getSigner()); assertNotNull(signatureInfo.getSigningTime()); LOG.debug("signing time: " + signatureInfo.getSigningTime()); assertEquals(signatureInfo.getSigningTime(), validationDateCapture.getValue()); assertEquals(signatureInfo.getSigner(), certificateChainCapture.getValue().get(0)); assertEquals(1, ocspResponsesCapture.getValue().size()); assertEquals(1, crlsCapture.getValue().size()); for (X509Certificate certificate : certificateChainCapture.getValue()) { LOG.debug("certificate: " + certificate.getSubjectX500Principal()); } }