private boolean certificateCommonNameChanged(String certificateCommonName) { try { KeyStore userKeyStore = UserConfig.getUserKeyStore(); X509Certificate currentCertificate = (X509Certificate) userKeyStore.getCertificate(CipherParams.CERTIFICATE_IDENTIFIER); if (currentCertificate != null) { X500Name currentCertificateSubject = new JcaX509CertificateHolder(currentCertificate).getSubject(); RDN currentCertificateSubjectCN = currentCertificateSubject.getRDNs(BCStyle.CN)[0]; String currentCertificateSubjectCnStr = IETFUtils.valueToString(currentCertificateSubjectCN.getFirst().getValue()); if (!certificateCommonName.equals(currentCertificateSubjectCnStr)) { logger.log(Level.INFO, "- Certificate regeneration necessary: Cert common name in daemon config changed from " + currentCertificateSubjectCnStr + " to " + certificateCommonName + "."); return true; } } else { logger.log(Level.INFO, "- Certificate regeneration necessary, because no certificate found in key store."); return true; } return false; } catch (Exception e) { throw new RuntimeException("Cannot (re-)generate server certificate for hostname: " + certificateCommonName, e); } }
SignerInfoSignatureAlgorithmFinder.INSTANCE) .setDirectSignature(true) .build(signer, new JcaX509CertificateHolder(signerCert))); gen.addCertificates(certs);
private boolean isSelfSigned(final X509Certificate cert) throws ClientException { try { JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert); ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder() .build(holder); return holder.isSignatureValid(verifierProvider); } catch (RuntimeOperatorException e) { if(e.getCause() instanceof SignatureException) { LOGGER.warn("SignatureException detected so we consider that the certificate is not self signed"); return false; } throw new ClientException(e); } catch (Exception e) { throw new ClientException(e); } }
certs.add(new JcaX509CertificateHolder(issuerCertificate)); if (responderCertificate != null) { certs.add(new JcaX509CertificateHolder(responderCertificate)); Extension noOCSPCheck = new JcaX509CertificateHolder(signingCert).getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck);
JcaX509CertificateHolder certHolder = new JcaX509CertificateHolder(cert); String oid = certHolder.getSubjectPublicKeyInfo().getAlgorithm().getParameters().toString();
public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey, String hostname, String ipAddress, String crlPath, Integer ocspPort) throws Exception { X509CertificateHolder holder = new JcaX509CertificateHolder(caCert); ContentSigner signer =new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey);
private void verifyRA(final X509Certificate ca, final X509Certificate ra) throws ClientException { LOGGER.debug("Verifying signature of RA certificate"); if (ca.equals(ra)) { LOGGER.debug("RA and CA are identical"); return; } try { JcaX509CertificateHolder raHolder = new JcaX509CertificateHolder(ra); ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder() .build(ca); if (!raHolder.isSignatureValid(verifierProvider)) { LOGGER.debug("Signature verification failed for RA."); throw new ClientException("RA not issued by CA"); } else { LOGGER.debug("Signature verification passed for RA."); } } catch (CertException e) { throw new ClientException(e); } catch (CertificateEncodingException e) { throw new ClientException(e); } catch (OperatorCreationException e) { throw new ClientException(e); } }
JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert); Extension aia = holder.getExtension(Extension.authorityInfoAccess); if (aia != null) { try {
@Override public synchronized Socket connectSocket(int connectTimeout, Socket socket, HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, HttpContext context) throws IOException { Socket result = super.connectSocket(connectTimeout, socket, host, remoteAddress, localAddress, context); if (!SSLSocket.class.isInstance(result)) { throw new IOException("Expected tls socket"); } SSLSocket sslSocket = (SSLSocket) result; java.security.cert.Certificate[] peerCertificateChain = sslSocket.getSession().getPeerCertificates(); if (peerCertificateChain.length != 1) { throw new IOException("Expected root ca cert"); } if (!X509Certificate.class.isInstance(peerCertificateChain[0])) { throw new IOException("Expected root ca cert in X509 format"); } String cn; try { X509Certificate certificate = (X509Certificate) peerCertificateChain[0]; cn = IETFUtils.valueToString(new JcaX509CertificateHolder(certificate).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue()); certificates.add(certificate); } catch (Exception e) { throw new IOException(e); } if (!caHostname.equals(cn)) { throw new IOException("Expected cn of " + caHostname + " but got " + cn); } return result; } }
new JcaX509CertificateHolder(rootCertificate) }; ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC")
cn = CN_CACHE.get(cnKey); if (cn == null) { X500Name x500name = new JcaX509CertificateHolder( (X509Certificate) cp.bytesToCertificate(pemBytes)).getSubject(); RDN rdn = x500name.getRDNs(BCStyle.CN)[0]; cn = IETFUtils.valueToString(rdn.getFirst().getValue());
new JcaX509CertificateHolder(issuerCertificate), certificateToCheck.getSerialNumber());
private AttributeCertificateHolder buildHolder(X509Certificate holderCert) throws CertificateEncodingException { JcaX509CertificateHolder holderWrappedCert = new JcaX509CertificateHolder( holderCert); AttributeCertificateHolder acHolder = new AttributeCertificateHolder( holderWrappedCert.getSubject(), holderCert.getSerialNumber()); return acHolder; }
static CertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, AlgorithmIdentifier digestAlgorithmIdentifier) throws OperatorCreationException, CertificateEncodingException, OCSPException { return new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(digestAlgorithmIdentifier), new JcaX509CertificateHolder(issuerCert), serialNumber); }
private AttributeCertificateIssuer buildIssuer() throws CertificateEncodingException { JcaX509CertificateHolder issuer = new JcaX509CertificateHolder( aaCredential.getCertificate()); return new AttributeCertificateIssuer(issuer.getSubject()); }
static CertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, AlgorithmIdentifier digestAlgorithmIdentifier) throws OperatorCreationException, CertificateEncodingException, OCSPException { return new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(digestAlgorithmIdentifier), new JcaX509CertificateHolder(issuerCert), serialNumber); }
public HashMap<String,String> getCertificateInfo(X509Certificate cert){ HashMap<String,String> certInfo = new HashMap<String,String>(); X500Name x500name; try { x500name = new JcaX509CertificateHolder(cert).getSubject(); } catch (CertificateEncodingException e) { e.printStackTrace(); return certInfo; } certInfo.put(CertManagerConstants.SUBJECT_NAME,cert.getSubjectDN().getName()); certInfo.put(CertManagerConstants.ISSUER_NAME,cert.getIssuerDN().getName()); certInfo.put(CertManagerConstants.SN, cert.getSerialNumber().toString()); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; certInfo.put(CertManagerConstants.CN,cn.toString()); RDN ou = x500name.getRDNs(BCStyle.OU)[0]; certInfo.put(CertManagerConstants.OU,ou.toString()); certInfo.put(CertManagerConstants.START_DATE,cert.getNotBefore().toString()); certInfo.put(CertManagerConstants.EXPIRY_DATE,cert.getNotAfter().toString()); return certInfo; }
static CertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, ASN1ObjectIdentifier identifier) throws OperatorCreationException, CertificateEncodingException, OCSPException { return new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(new AlgorithmIdentifier(identifier, DERNull.INSTANCE)), new JcaX509CertificateHolder(issuerCert), serialNumber); }
public String extractCN(X509Certificate cert) throws GeneralSecurityException { X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String valx = IETFUtils.valueToString(cn.getFirst().getValue()); return valx; }
static CertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, ASN1ObjectIdentifier identifier) throws OperatorCreationException, CertificateEncodingException, OCSPException { return new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(new AlgorithmIdentifier(identifier, DERNull.INSTANCE)), new JcaX509CertificateHolder(issuerCert), serialNumber); }