Refine search
public static String toPem(final X509Certificate certificate) throws CertificateEncodingException { final StringBuilder builder = new StringBuilder(); builder.append(BEGIN_CERT); builder.append('\n'); builder.append(FlexBase64.encodeString(certificate.getEncoded(), true)); builder.append('\n'); builder.append(END_CERT); return builder.toString(); }
/** * Creates a new {@code X509Certificate} and initializes it from the * specified byte array. * * @param certData * byte array containing data to initialize the certificate. * @return the certificate initialized from the specified byte array * @throws CertificateException * if the certificate cannot be created or initialized. */ public static final X509Certificate getInstance(byte[] certData) throws CertificateException { if (certData == null) { throw new CertificateException("certData == null"); } ByteArrayInputStream bais = new ByteArrayInputStream(certData); return getInstance(bais); }
@Override public Principal getSubjectDN() { return unwrap().getSubjectDN(); }
X509Certificate jsseCerts[] = null; try{ jsseCerts = session.getPeerCertificateChain(); } catch (Throwable ex){ for (int i = 0; i < x509Certs.length; i++) { try { byte buffer[] = jsseCerts[i].getEncoded(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream stream = new ByteArrayInputStream(buffer); x509Certs[i] = (java.security.cert.X509Certificate) cf.generateCertificate(stream); if(logger.isLoggable(Level.FINEST)) logger.log(Level.FINE,"Cert #" + i + " = " + x509Certs[i]);
/** * * @param sessionId The SSL session ID * @param cypherSuite The cypher suite name * @param certificate A string representation of the client certificate * @throws java.security.cert.CertificateException If the client cert could not be decoded * @throws CertificateException If the client cert could not be decoded */ public BasicSSLSessionInfo(byte[] sessionId, String cypherSuite, String certificate) throws java.security.cert.CertificateException, CertificateException { this.sessionId = sessionId; this.cypherSuite = cypherSuite; if (certificate != null) { java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); byte[] certificateBytes = certificate.getBytes(StandardCharsets.US_ASCII); ByteArrayInputStream stream = new ByteArrayInputStream(certificateBytes); Collection<? extends java.security.cert.Certificate> certCol = cf.generateCertificates(stream); this.peerCertificate = new java.security.cert.Certificate[certCol.size()]; this.certificate = new X509Certificate[certCol.size()]; int i=0; for(java.security.cert.Certificate cert : certCol) { this.peerCertificate[i] = cert; this.certificate[i++] = X509Certificate.getInstance(cert.getEncoded()); } } else { this.peerCertificate = null; this.certificate = null; } } /**
/** * Converts a javax.security.cert.X509Certificate to java.security.cert.X509Certificate */ @SuppressWarnings("resource") public static X509Certificate convert(final javax.security.cert.X509Certificate cert) { if (cert == null) return null; try { final FastByteArrayInputStream bis = new FastByteArrayInputStream(cert.getEncoded()); return (X509Certificate) CERTIFICATE_FACTORY.generateCertificate(bis); } catch (final Exception ex) { throw new IllegalArgumentException("[cert] " + cert + " is not convertable!", ex); } }
@Override public boolean verify(final String hostname, final SSLSession session) { try { final String peerCertificateHash = CipherUtils.getSHA256(session.getPeerCertificateChain()[0].getEncoded()); if (CERTIFICATE_PIN.equals(peerCertificateHash)) { return true; } else { UserError.Log.e(TAG, "Remote https certificate doesn't match! " + peerCertificateHash); return false; } } catch (Exception e) { UserError.Log.e(TAG, "Unable to verify host: " + e); return false; } } };
@Override protected void connect(CoapReceiver coapReceiver) throws IOException { SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(destination.getAddress(), destination.getPort()); sslSocket.addHandshakeCompletedListener(handshakeCompletedEvent -> { try { LOGGER.debug("Connected [" + handshakeCompletedEvent.getSource() + ", " + sslSocket.getSession().getPeerCertificateChain()[0].getSubjectDN() + "]"); } catch (SSLPeerUnverifiedException e) { LOGGER.warn(e.getMessage(), e); } coapReceiver.onConnected((InetSocketAddress) socket.getRemoteSocketAddress()); } ); sslSocket.startHandshake(); this.socket = sslSocket; synchronized (this) { outputStream = new BufferedOutputStream(socket.getOutputStream()); } inputStream = new BufferedInputStream(socket.getInputStream(), 1024); }
private String getPeerIdentity(SSLEngine engine) { try { SSLSession session = engine.getSession(); javax.security.cert.X509Certificate[] chain = session.getPeerCertificateChain(); if (chain == null || chain.length == 0 || chain[0] == null) { return TlsAuthState.UNAUTHENTICATED; } // double check that the certificate is valid chain[0].checkValidity(); return session.getPeerPrincipal().getName(); } catch (javax.security.cert.CertificateExpiredException | javax.security.cert.CertificateNotYetValidException e) { return TlsAuthState.UNAUTHENTICATED; } catch (SSLPeerUnverifiedException e) { return TlsAuthState.UNAUTHENTICATED; } }
public CertificateMeta parse() throws IOException, CertificateException { X509Certificate certificate = X509Certificate.getInstance(Utils.toByteArray(in)); CertificateMeta.Builder builder = CertificateMeta.newCertificateMeta(); byte[] bytes = certificate.getEncoded(); String certMd5 = md5Digest(bytes); String publicKeyString = byteToHexString(bytes); String certBase64Md5 = md5Digest(publicKeyString); builder.data(bytes); builder.certBase64Md5(certBase64Md5); builder.certMd5(certMd5); builder.startDate(certificate.getNotBefore()); builder.endDate(certificate.getNotAfter()); builder.signAlgorithm(certificate.getSigAlgName()); builder.signAlgorithmOID(certificate.getSigAlgOID()); return builder.build(); }
private X509Certificate unwrap() { X509Certificate wrapped = this.wrapped; if (wrapped == null) { try { wrapped = this.wrapped = X509Certificate.getInstance(bytes); } catch (CertificateException e) { throw new IllegalStateException(e); } } return wrapped; } }
@Override public BigInteger getSerialNumber() { return unwrap().getSerialNumber(); }
public String getTenant() { String tenant = null; if(certs!=null) { for (X509Certificate c : certs) { String dn = c.getSubjectDN().getName();// info del DEVICE/TENANT tenant = getTenantFromDN(dn); logger.debug("Cert Info - " + c.getSerialNumber() + " " + dn); } } logger.debug("Cert Info - tenant found: "+ tenant); return tenant; }
@Override public Principal getIssuerDN() { return unwrap().getIssuerDN(); }
@Override public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { unwrap().checkValidity(); }
@Override public PublicKey getPublicKey() { return unwrap().getPublicKey(); }
@Override public Date getNotAfter() { return unwrap().getNotAfter(); }
@Override public Date getNotBefore() { return unwrap().getNotBefore(); }
public java.security.cert.X509Certificate convert( javax.security.cert.X509Certificate cert) { try { byte[] encoded = cert.getEncoded(); ByteArrayInputStream bis = new ByteArrayInputStream(encoded); java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory .getInstance("X.509"); return (java.security.cert.X509Certificate) cf .generateCertificate(bis); } catch (java.security.cert.CertificateEncodingException e) { } catch (javax.security.cert.CertificateEncodingException e) { } catch (java.security.cert.CertificateException e) { } return null; }
@Override public boolean verify(final String hostname, final SSLSession session) { try { final String peerCertificateHash = CipherUtils.getSHA256(session.getPeerCertificateChain()[0].getEncoded()); if (CERTIFICATE_PIN.equals(peerCertificateHash)) { return true; } else { UserError.Log.e(TAG, "Remote https certificate doesn't match! " + peerCertificateHash); return false; } } catch (Exception e) { UserError.Log.e(TAG, "Unable to verify host: " + e); return false; } } };