@Override public byte[] getEncoded() throws CertificateEncodingException { return mDelegate.getEncoded(); }
public static String getThumbPrint(X509Certificate cert, String type) throws NoSuchAlgorithmException, CertificateEncodingException { MessageDigest md = MessageDigest.getInstance(type); byte[] der = cert.getEncoded(); md.update(der); byte[] digest = md.digest(); return hexify(digest); }
private static List<byte[]> encodeCertificates(List<X509Certificate> certificates) throws CertificateEncodingException { List<byte[]> result = new ArrayList<>(certificates.size()); for (X509Certificate certificate : certificates) { result.add(certificate.getEncoded()); } return result; }
/** * Returns the certificate encoded in <a href="https://tools.ietf.org/html/rfc7468">PEM * format</a>. */ public String certificatePem() { try { StringBuilder result = new StringBuilder(); result.append("-----BEGIN CERTIFICATE-----\n"); encodeBase64Lines(result, ByteString.of(certificate.getEncoded())); result.append("-----END CERTIFICATE-----\n"); return result.toString(); } catch (CertificateEncodingException e) { throw new AssertionError(e); } }
public static String writeCertificate(X509Certificate certificate) throws CertificateEncodingException { return encodePem("CERTIFICATE", certificate.getEncoded()); }
private byte[] fingerprint(X509Certificate cert) throws CertificateEncodingException { MessageDigest md = tlmd.get(); md.reset(); return md.digest(cert.getEncoded()); }
private byte[] fingerprint(X509Certificate cert) throws CertificateEncodingException { MessageDigest md = tlmd.get(); md.reset(); return md.digest(cert.getEncoded()); }
private byte[] fingerprint(X509Certificate cert) throws CertificateEncodingException { MessageDigest md = tlmd.get(); md.reset(); return md.digest(cert.getEncoded()); }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (!Arrays.equals(cert.getEncoded(), chain[0].getEncoded())) { throw new CertificateException("Client cert not trusted"); } } @Override
@Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (!Arrays.equals(cert.getEncoded(), chain[0].getEncoded())) { throw new CertificateException("Server cert not trusted"); } } @Override
/** * Appends the {@link X509Certificate} value to the {@link ByteBuf} (last arg) and returns it. * If the {@link ByteBuf} didn't exist yet it'll create it using the {@link ByteBufAllocator}. */ private static ByteBuf append(ByteBufAllocator allocator, boolean useDirect, X509Certificate cert, int count, ByteBuf pem) throws CertificateEncodingException { ByteBuf encoded = Unpooled.wrappedBuffer(cert.getEncoded()); try { ByteBuf base64 = SslUtils.toBase64(allocator, encoded); try { if (pem == null) { // We try to approximate the buffer's initial size. The sizes of // certificates can vary a lot so it'll be off a bit depending // on the number of elements in the array (count argument). pem = newBuffer(allocator, useDirect, (BEGIN_CERT.length + base64.readableBytes() + END_CERT.length) * count); } pem.writeBytes(BEGIN_CERT); pem.writeBytes(base64); pem.writeBytes(END_CERT); } finally { base64.release(); } } finally { encoded.release(); } return pem; }
static byte[] getChannelBindingData(X509Certificate serverCert) throws NoSuchAlgorithmException, CertificateEncodingException { if (serverCert == null) { return null; } final String digestAlgorithm = TLSServerEndPointChannelBinding.getDigestAlgorithm(serverCert.getSigAlgOID()); if (digestAlgorithm == null) { return null; } return MessageDigest.getInstance(digestAlgorithm).digest(serverCert.getEncoded()); } }
public static String md5Fingerprint(X509Certificate certificate) { try { return DigestUtils.sha256Hex(certificate.getEncoded()); } catch (GeneralSecurityException gse) { throw bomb(gse); } } }
public boolean verify(final Evidence evidence) { if (evidence instanceof X509PeerCertificateChainEvidence) { final X509PeerCertificateChainEvidence peerCertificateChainEvidence = (X509PeerCertificateChainEvidence) evidence; try { return getAlgorithm().equals(peerCertificateChainEvidence.getAlgorithm()) && Arrays.equals(getFirstCertificate().getEncoded(), peerCertificateChainEvidence.getFirstCertificate().getEncoded()); } catch (CertificateEncodingException e) { } } return false; }
public byte[] getEncoded() throws CertificateEncodingException { try { return cert.getEncoded(); } catch (java.security.cert.CertificateEncodingException e) { throw new CertificateEncodingException(e.getMessage()); } }
public void createSelfSignedCertificate( File certificatePath, File privateKeyPath, String hostName ) throws GeneralSecurityException, IOException, OperatorCreationException { installCleanupHook( certificatePath, privateKeyPath ); KeyPairGenerator keyGen = KeyPairGenerator.getInstance( DEFAULT_ENCRYPTION ); keyGen.initialize( 2048, random ); KeyPair keypair = keyGen.generateKeyPair(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name( "CN=" + hostName ); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger( 64, random ), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic() ); // Subject alternative name (part of SNI extension, used for hostname verification) GeneralNames subjectAlternativeName = new GeneralNames( new GeneralName( GeneralName.dNSName, hostName ) ); builder.addExtension( Extension.subjectAlternativeName, false, subjectAlternativeName ); PrivateKey privateKey = keypair.getPrivate(); ContentSigner signer = new JcaContentSignerBuilder( "SHA512WithRSAEncryption" ).build( privateKey ); X509CertificateHolder certHolder = builder.build( signer ); X509Certificate cert = new JcaX509CertificateConverter().setProvider( PROVIDER ).getCertificate( certHolder ); //check so that cert is valid cert.verify( keypair.getPublic() ); //write to disk writePem( "CERTIFICATE", cert.getEncoded(), certificatePath ); writePem( "PRIVATE KEY", privateKey.getEncoded(), privateKeyPath ); // Mark as done so we don't clean up certificates cleanupRequired = false; }
public void encodeTo(final ASN1Encoder encoder) { encoder.encodeImplicit(getType()); try { encoder.writeEncoded(cert.getEncoded()); } catch (CertificateEncodingException e) { throw new ASN1Exception(e); } } }
/** * Generate PEM content containing an X.509 certificate. * * @param target the target byte string builder (must not be {@code null}) * @param certificate the X.509 certificate (must not be {@code null}) * @deprecated Use {@link #generatePemX509Certificate(ByteStringBuilder, X509Certificate)} instead */ @Deprecated public static void generatePemX509Certificate(org.wildfly.security.util.ByteStringBuilder target, X509Certificate certificate) { Assert.checkNotNullParam("target", target); Assert.checkNotNullParam("certificate", certificate); try { generatePemContent(target, CERTIFICATE_FORMAT, ByteIterator.ofBytes(certificate.getEncoded())); } catch (CertificateEncodingException e) { throw log.certificateParseError(e); } }
/** * Generate PEM content containing an X.509 certificate. * * @param target the target byte string builder (must not be {@code null}) * @param certificate the X.509 certificate (must not be {@code null}) */ public static void generatePemX509Certificate(ByteStringBuilder target, X509Certificate certificate) { Assert.checkNotNullParam("target", target); Assert.checkNotNullParam("certificate", certificate); try { generatePemContent(target, CERTIFICATE_FORMAT, ByteIterator.ofBytes(certificate.getEncoded())); } catch (CertificateEncodingException e) { throw log.certificateParseError(e); } }
/** * For backwards-compatibility reasons, we support both PEM-encoded certificates *and* raw binary files containing * the certificate data. */ @Test void shouldLoadBinaryCertificates() throws Throwable { // Given SelfSignedCertificate cert = new SelfSignedCertificate( "example.com" ); PkiUtils certs = new PkiUtils(); File cPath = testDirectory.file( "certificate" ); assertTrue( cPath.createNewFile() ); byte[] raw = certs.loadCertificates(cert.certificate())[0].getEncoded(); try ( FileChannel ch = FileChannel.open( cPath.toPath(), WRITE ) ) { FileUtils.writeAll( ch, ByteBuffer.wrap( raw ) ); } // When Certificate[] certificates = certs.loadCertificates( cPath ); // Then assertThat( certificates.length, equalTo( 1 ) ); }