List of usage examples for java.security KeyStore getCertificate
public final Certificate getCertificate(String alias) throws KeyStoreException
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testGetCertificateCaching() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);/*w w w.j a v a 2 s .com*/ for (int idx = 0; idx < 100; idx++) { assertNotNull(keyStore.getCertificate("Authentication")); } }
From source file:test.integ.be.e_contract.mycarenet.ehbox.EHealthBoxClientTest.java
/** * Not supported according to Hannes De Clercq from eHealth. * /*w w w . java 2s . c o m*/ * @throws Exception */ @Test public void testGetBoxInfoSelfSigned() throws Exception { // STS EHealthSTSClient client = new EHealthSTSClient("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService"); Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null); PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); SessionKey sessionKey = new SessionKey(2048); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusHours(24); sessionKey.setValidity(notBefore.toDate(), notAfter.toDate()); X509Certificate eHealthCertificate = sessionKey.getCertificate(); PrivateKey eHealthPrivateKey = sessionKey.getPrivate(); List<Attribute> attributes = new LinkedList<Attribute>(); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); List<AttributeDesignator> attributeDesignators = new LinkedList<AttributeDesignator>(); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributeDesignators .add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:certified-namespace:ehealth", "urn:be:fgov:person:ssin:nurse:boolean")); Element assertionElement = client.requestAssertion(authnCertificate, authnPrivateKey, eHealthCertificate, eHealthPrivateKey, attributes, attributeDesignators); assertNotNull(assertionElement); String assertionString = client.toString(assertionElement); // eHealthBox EHealthBoxConsultationClient eHealthBoxClient = new EHealthBoxConsultationClient( "https://services-acpt.ehealth.fgov.be/ehBoxConsultation/v3"); eHealthBoxClient.setCredentials(eHealthPrivateKey, assertionString); eHealthBoxClient.getBoxInfo(); }
From source file:test.integ.be.e_contract.mycarenet.ehbox.EHealthBoxClientTest.java
@Test public void testGetBoxInfoViaString() throws Exception { // STS/* w ww . j a v a 2s. c o m*/ EHealthSTSClient client = new EHealthSTSClient("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService"); Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null); PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); KeyStore eHealthKeyStore = KeyStore.getInstance("PKCS12"); FileInputStream fileInputStream = new FileInputStream(this.config.getEHealthPKCS12Path()); eHealthKeyStore.load(fileInputStream, this.config.getEHealthPKCS12Password().toCharArray()); Enumeration<String> aliasesEnum = eHealthKeyStore.aliases(); String alias = aliasesEnum.nextElement(); X509Certificate eHealthCertificate = (X509Certificate) eHealthKeyStore.getCertificate(alias); PrivateKey eHealthPrivateKey = (PrivateKey) eHealthKeyStore.getKey(alias, this.config.getEHealthPKCS12Password().toCharArray()); List<Attribute> attributes = new LinkedList<Attribute>(); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); List<AttributeDesignator> attributeDesignators = new LinkedList<AttributeDesignator>(); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributeDesignators .add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:certified-namespace:ehealth", "urn:be:fgov:person:ssin:nurse:boolean")); Element assertion = client.requestAssertion(authnCertificate, authnPrivateKey, eHealthCertificate, eHealthPrivateKey, attributes, attributeDesignators); assertNotNull(assertion); String request = "<ehbox:GetBoxInfoRequest xmlns:ehbox=\"urn:be:fgov:ehealth:ehbox:consultation:protocol:v3\"/>"; // eHealthBox EHealthBoxConsultationClient eHealthBoxClient = new EHealthBoxConsultationClient( "https://services-acpt.ehealth.fgov.be/ehBoxConsultation/v3"); eHealthBoxClient.setCredentials(eHealthPrivateKey, toString(assertion)); String result = eHealthBoxClient.invoke(request); LOG.debug("result: " + result); }
From source file:org.wso2.carbon.dataservices.core.auth.JWTAuthorizationProvider.java
/*** * Validates the signature of the JWT token. * @param signedJWTToken//from w w w .j av a 2 s. co m * @return * @throws org.apache.axis2.AxisFault */ private Boolean validateSignature(String signedJWTToken) throws AxisFault { //verify signature boolean isVerified = false; String[] split_string = signedJWTToken.split("\\."); String base64EncodedHeader = split_string[0]; String base64EncodedBody = split_string[1]; String base64EncodedSignature = split_string[2]; String decodedHeader = new String(Base64Utils.decode(base64EncodedHeader)); byte[] decodedSignature = Base64Utils.decode(base64EncodedSignature); Pattern pattern = Pattern.compile("^[^:]*:[^:]*:[^:]*:\"(.+)\"}$"); Matcher matcher = pattern.matcher(decodedHeader); String base64EncodedCertThumb = null; if (matcher.find()) { base64EncodedCertThumb = matcher.group(1); } byte[] decodedCertThumb = Base64Utils.decode(base64EncodedCertThumb); KeyStore keystore = getKeyStore(); Certificate publicCert = null; if (keystore != null) { publicCert = publicCerts.get(keystore); if (publicCert == null) { String alias = getAliasForX509CertThumb(decodedCertThumb, keystore); try { publicCert = keystore.getCertificate(alias); } catch (KeyStoreException e) { log.error("Error getting public certificate from keystore using alias"); throw new AxisFault("Error getting public certificate from keystore using alias"); } } } else { log.error("No keystore found"); throw new AxisFault("No keystore found"); } if (publicCert != null) { try { //Create signature instance with signature algorithm and public cert, to verify the signature. Signature verifySig = null; verifySig = Signature.getInstance("SHA256withRSA"); verifySig.initVerify(publicCert); //Update signature with signature data. verifySig.update((base64EncodedHeader + "." + base64EncodedBody).getBytes()); isVerified = verifySig.verify(decodedSignature); } catch (NoSuchAlgorithmException e) { log.error("SHA256withRSA cannot be found"); throw new AxisFault("SHA256withRSA cannot be found"); } catch (InvalidKeyException e) { log.error("Invalid Key"); throw new AxisFault("Invalid Key"); } catch (SignatureException e) { log.error("Signature Object not initialized properly"); throw new AxisFault("Signature Object not initialized properly"); } } else { log.error("No public cert found"); throw new AxisFault("No public cert found"); } if (!isVerified) { log.error("Signature validation failed"); throw new AxisFault("Signature validation failed"); } return isVerified; }
From source file:test.integ.be.e_contract.mycarenet.ehbox.EHealthBoxClientTest.java
@Test public void testGetBoxInfoViaDOM() throws Exception { // STS/* w ww . j a va 2 s . c om*/ EHealthSTSClient client = new EHealthSTSClient("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService"); Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null); PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); KeyStore eHealthKeyStore = KeyStore.getInstance("PKCS12"); FileInputStream fileInputStream = new FileInputStream(this.config.getEHealthPKCS12Path()); eHealthKeyStore.load(fileInputStream, this.config.getEHealthPKCS12Password().toCharArray()); Enumeration<String> aliasesEnum = eHealthKeyStore.aliases(); String alias = aliasesEnum.nextElement(); X509Certificate eHealthCertificate = (X509Certificate) eHealthKeyStore.getCertificate(alias); PrivateKey eHealthPrivateKey = (PrivateKey) eHealthKeyStore.getKey(alias, this.config.getEHealthPKCS12Password().toCharArray()); List<Attribute> attributes = new LinkedList<Attribute>(); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); List<AttributeDesignator> attributeDesignators = new LinkedList<AttributeDesignator>(); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributeDesignators .add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:certified-namespace:ehealth", "urn:be:fgov:person:ssin:nurse:boolean")); Element assertion = client.requestAssertion(authnCertificate, authnPrivateKey, eHealthCertificate, eHealthPrivateKey, attributes, attributeDesignators); assertNotNull(assertion); String request = "<ehbox:GetBoxInfoRequest xmlns:ehbox=\"urn:be:fgov:ehealth:ehbox:consultation:protocol:v3\"/>"; DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document requestDocument = documentBuilder.parse(new InputSource(new StringReader(request))); Element requestElement = requestDocument.getDocumentElement(); // eHealthBox EHealthBoxConsultationClient eHealthBoxClient = new EHealthBoxConsultationClient( "https://services-acpt.ehealth.fgov.be/ehBoxConsultation/v3"); eHealthBoxClient.setCredentials(eHealthPrivateKey, toString(assertion)); eHealthBoxClient.invoke(requestElement); }
From source file:test.integ.be.e_contract.mycarenet.ehbox.EHealthBoxClientTest.java
@Test public void testGetBoxInfoGetMessageDeleteMessage() throws Exception { // STS// w w w .j a va2 s . co m EHealthSTSClient client = new EHealthSTSClient("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService"); Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null); PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); KeyStore eHealthKeyStore = KeyStore.getInstance("PKCS12"); FileInputStream fileInputStream = new FileInputStream(this.config.getEHealthPKCS12Path()); eHealthKeyStore.load(fileInputStream, this.config.getEHealthPKCS12Password().toCharArray()); Enumeration<String> aliasesEnum = eHealthKeyStore.aliases(); String alias = aliasesEnum.nextElement(); X509Certificate eHealthCertificate = (X509Certificate) eHealthKeyStore.getCertificate(alias); PrivateKey eHealthPrivateKey = (PrivateKey) eHealthKeyStore.getKey(alias, this.config.getEHealthPKCS12Password().toCharArray()); List<Attribute> attributes = new LinkedList<Attribute>(); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); List<AttributeDesignator> attributeDesignators = new LinkedList<AttributeDesignator>(); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributeDesignators .add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:certified-namespace:ehealth", "urn:be:fgov:person:ssin:nurse:boolean")); Element assertion = client.requestAssertion(authnCertificate, authnPrivateKey, eHealthCertificate, eHealthPrivateKey, attributes, attributeDesignators); assertNotNull(assertion); String assertionString = client.toString(assertion); // eHealthBox EHealthBoxConsultationClient eHealthBoxClient = new EHealthBoxConsultationClient( "https://services-acpt.ehealth.fgov.be/ehBoxConsultation/v3"); eHealthBoxClient.setCredentials(eHealthPrivateKey, assertionString); eHealthBoxClient.getBoxInfo(); GetMessageListResponseType messageList = eHealthBoxClient.getMessagesList(); for (Message message : messageList.getMessage()) { String messageId = message.getMessageId(); LOG.debug("message id: " + messageId); eHealthBoxClient.getMessage(messageId); eHealthBoxClient.deleteMessage(messageId); } }
From source file:org.archive.crawler.Heritrix.java
/** * Perform preparation to use an ad-hoc, created-as-necessary * certificate/keystore for HTTPS access. A keystore with new * cert is created if necessary, as adhoc.keystore in the working * directory. Otherwise, a preexisting adhoc.keystore is read * and the certificate fingerprint shown to assist in operator * browser-side verification./*from w w w .j av a 2 s .c o m*/ * @param startupOut where to report fingerprint */ protected void useAdhocKeystore(PrintStream startupOut) { try { File keystoreFile = new File(ADHOC_KEYSTORE); if (!keystoreFile.exists()) { String[] args = { "-keystore", ADHOC_KEYSTORE, "-storepass", ADHOC_PASSWORD, "-keypass", ADHOC_PASSWORD, "-alias", "adhoc", "-genkey", "-keyalg", "RSA", "-dname", "CN=Heritrix Ad-Hoc HTTPS Certificate", "-validity", "3650" }; // 10 yr validity KeyTool.main(args); } KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream inStream = new ByteArrayInputStream(FileUtils.readFileToByteArray(keystoreFile)); keystore.load(inStream, ADHOC_PASSWORD.toCharArray()); Certificate cert = keystore.getCertificate("adhoc"); byte[] certBytes = cert.getEncoded(); byte[] sha1 = MessageDigest.getInstance("SHA1").digest(certBytes); startupOut.print("Using ad-hoc HTTPS certificate with fingerprint...\nSHA1"); for (byte b : sha1) { startupOut.print(String.format(":%02X", b)); } startupOut.println("\nVerify in browser before accepting exception."); } catch (Exception e) { // fatal, rethrow throw new RuntimeException(e); } }
From source file:com.cloudera.nav.sdk.client.SSLUtilsTest.java
@Before public void setUp() throws Exception { Map<String, Object> confMap = Maps.newHashMap(); confMap.put(ClientConfigFactory.APP_URL, "localhost"); confMap.put(ClientConfigFactory.NAV_URL, "localhost"); confMap.put(ClientConfigFactory.NAMESPACE, "test"); confMap.put(ClientConfigFactory.USERNAME, "user"); confMap.put(ClientConfigFactory.PASSWORD, "pass"); confMap.put(ClientConfigFactory.API_VERSION, 9); config = (new ClientConfigFactory()).fromConfigMap(confMap); KeyStore keyStore = KeyStore.getInstance("jks"); ClassLoader classLoader = getClass().getClassLoader(); String keyStoreLocation = classLoader.getResource("client.jks").getFile(); try (InputStream is = new FileInputStream(keyStoreLocation)) { keyStore.load(is, "clientP".toCharArray()); }//from w ww. java 2 s . c om certs = Maps.newHashMap(); Enumeration<String> aliasesEn = keyStore.aliases(); String alias; while (aliasesEn.hasMoreElements()) { alias = aliasesEn.nextElement(); certs.put(alias, keyStore.getCertificate(alias)); } }
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testCAAliases() throws Exception { // setup// w w w .jav a2 s .c o m Security.addProvider(new BeIDProvider()); final KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null); // operate X509Certificate citizenCACertificate = (X509Certificate) keyStore.getCertificate("CA"); X509Certificate rootCACertificate = (X509Certificate) keyStore.getCertificate("Root"); X509Certificate rrnCertificate = (X509Certificate) keyStore.getCertificate("RRN"); // verify assertNotNull(citizenCACertificate); LOG.debug("citizen CA: " + citizenCACertificate.getSubjectX500Principal()); assertNotNull(rootCACertificate); LOG.debug("root CA: " + rootCACertificate.getSubjectX500Principal()); assertNotNull(rrnCertificate); assertTrue(rrnCertificate.getSubjectX500Principal().toString().contains("RRN")); }
From source file:test.integ.be.e_contract.mycarenet.ehbox.EHealthBoxClientTest.java
@Test public void testDecryptMessages() throws Exception { // STS/*from w ww. j a v a 2 s . c om*/ EHealthSTSClient client = new EHealthSTSClient("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService"); Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null); PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); KeyStore eHealthKeyStore = KeyStore.getInstance("PKCS12"); FileInputStream fileInputStream = new FileInputStream(this.config.getEHealthPKCS12Path()); eHealthKeyStore.load(fileInputStream, this.config.getEHealthPKCS12Password().toCharArray()); Enumeration<String> aliasesEnum = eHealthKeyStore.aliases(); String alias = aliasesEnum.nextElement(); X509Certificate eHealthCertificate = (X509Certificate) eHealthKeyStore.getCertificate(alias); PrivateKey eHealthPrivateKey = (PrivateKey) eHealthKeyStore.getKey(alias, this.config.getEHealthPKCS12Password().toCharArray()); String encryptionAlias = aliasesEnum.nextElement(); X509Certificate encryptionCertificate = (X509Certificate) eHealthKeyStore.getCertificate(encryptionAlias); PrivateKey encryptionPrivateKey = (PrivateKey) eHealthKeyStore.getKey(encryptionAlias, this.config.getEHealthPKCS12Password().toCharArray()); List<Attribute> attributes = new LinkedList<Attribute>(); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); List<AttributeDesignator> attributeDesignators = new LinkedList<AttributeDesignator>(); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributeDesignators .add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:certified-namespace:ehealth", "urn:be:fgov:person:ssin:nurse:boolean")); Element assertion = client.requestAssertion(authnCertificate, authnPrivateKey, eHealthCertificate, eHealthPrivateKey, attributes, attributeDesignators); assertNotNull(assertion); String assertionString = client.toString(assertion); // eHealthBox EHealthBoxConsultationClient eHealthBoxClient = new EHealthBoxConsultationClient( "https://services-acpt.ehealth.fgov.be/ehBoxConsultation/v3"); eHealthBoxClient.setCredentials(eHealthPrivateKey, assertionString); GetMessageListResponseType messageList = eHealthBoxClient.getMessagesList(); for (Message message : messageList.getMessage()) { String messageId = message.getMessageId(); LOG.debug("message id: " + messageId); GetFullMessageResponseType getFullMessageResponse = eHealthBoxClient.getMessage(messageId); DataHandler dataHandler = getFullMessageResponse.getMessage().getContentContext().getContent() .getDocument().getEncryptableBinaryContent(); byte[] data; if (null != dataHandler) { data = IOUtils.toByteArray(dataHandler.getInputStream()); } else { data = getFullMessageResponse.getMessage().getContentContext().getContent().getDocument() .getEncryptableTextContent(); } LOG.debug("data size: " + data.length); Unsealer unsealer = new Unsealer(encryptionPrivateKey, encryptionCertificate); unsealer.unseal(data); } }