Refine search
/** * Determine the string to be used as the remote host session Id for * authorization purposes. Associate this client identifier with a * ServerCnxn that has been authenticated over SSL, and any ACLs that refer * to the authenticated client. * * @param clientCert Authenticated X509Certificate associated with the * remote host. * @return Identifier string to be associated with the client. */ protected String getClientId(X509Certificate clientCert) { return clientCert.getSubjectX500Principal().getName(); }
private static String getCertificateDisplayInfo(X509Certificate certificate) { return certificate.getSubjectX500Principal().getName(); }
public static KeyStore loadTrustStore(File certificateChainFile) throws IOException, GeneralSecurityException { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate); } return keyStore; }
private boolean certificateMatches(X509Certificate[] certs, boolean needsToBeExpired) { for (X509Certificate cert : certs) if (cert.getSubjectX500Principal().getName().equals(subjectPrincipalName) && (!needsToBeExpired || cert.getNotAfter().before(new Date()))) return true; return false; }
public static KeyStore loadTrustStore(File certificateChainFile) throws IOException, GeneralSecurityException { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate); } return keyStore; }
KeyStore agentTruststore() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { KeyStore trustStore = null; List<X509Certificate> certificates = new CertificateFileParser().certificates(rootCertFile); for (X509Certificate certificate : certificates) { if (trustStore == null) { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); } trustStore.setCertificateEntry(certificate.getSubjectX500Principal().getName(), certificate); } return trustStore; }
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword) throws IOException, GeneralSecurityException { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { // attempt to read the trust store as a PEM file List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath); if (!certificateChain.isEmpty()) { trustStore.load(null, null); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); trustStore.setCertificateEntry(principal.getName(), certificate); } return trustStore; } } catch (IOException | GeneralSecurityException ignored) { } try (InputStream in = new FileInputStream(trustStorePath)) { trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null)); } return trustStore; }
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword) throws IOException, GeneralSecurityException { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { // attempt to read the trust store as a PEM file List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath); if (!certificateChain.isEmpty()) { trustStore.load(null, null); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); trustStore.setCertificateEntry(principal.getName(), certificate); } return trustStore; } } catch (IOException | GeneralSecurityException ignored) { } try (InputStream in = new FileInputStream(trustStorePath)) { trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null)); } return trustStore; }
private static void addCA(KeyStore keyStore, String caPath) throws IOException, KeyStoreException, CertificateException { for (Certificate cert : loadCertificates(caPath)) { X509Certificate crt = (X509Certificate) cert; String alias = crt.getSubjectX500Principal().getName(); keyStore.setCertificateEntry(alias, crt); } }
@Override public OcspStatus load(OcspRequest ocspRequest) throws Exception { final String subjectDn = ocspRequest.getSubjectCertificate().getSubjectX500Principal().getName(); logger.info(String.format("Validating client certificate via OCSP: <%s>", subjectDn)); final OcspStatus ocspStatus = getOcspStatus(ocspRequest); logger.info(String.format("Client certificate status for <%s>: %s", subjectDn, ocspStatus.toString())); return ocspStatus; } });
private void setupBearerToken(HttpServletRequest servletRequest, Request.Builder requestBuilder) { if (!jwtHandler.isConfigured()) { return; } X509Certificate[] certs = (X509Certificate[]) servletRequest.getAttribute(X509_ATTRIBUTE); if ((certs == null) || (certs.length == 0)) { throw badRequest(FORBIDDEN, "No TLS certificate present for request"); } String principal = certs[0].getSubjectX500Principal().getName(); String accessToken = jwtHandler.getBearerToken(principal); requestBuilder.addHeader(AUTHORIZATION, "Bearer " + accessToken); }
/** {@inheritDoc} */ @Override public void checkClientTrusted(X509Certificate[] certs, String authType) { StringBuilder buf = new StringBuilder(); buf.append("Trust manager handle client certificates [authType="); buf.append(authType); buf.append(", certificates="); for (X509Certificate cert : certs) { buf.append("{type="); buf.append(cert.getType()); buf.append(", principalName="); buf.append(cert.getSubjectX500Principal().getName()); buf.append('}'); } buf.append(']'); if (scanCtx.getLogger().isDebugEnabled()) scanCtx.getLogger().debug(buf.toString()); }
String dn = x509Cert.getSubjectX500Principal().getName(); domains.addAll(getX509CertificateCommonNames(dn)); if (!domains.isEmpty()) {
/** {@inheritDoc} */ @Override public void checkServerTrusted(X509Certificate[] certs, String authType) { StringBuilder buf = new StringBuilder(); buf.append("Trust manager handle server certificates [authType="); buf.append(authType); buf.append(", certificates="); for (X509Certificate cert : certs) { buf.append("{type="); buf.append(cert.getType()); buf.append(", principalName="); buf.append(cert.getSubjectX500Principal().getName()); buf.append('}'); } buf.append(']'); if (scanCtx.getLogger().isDebugEnabled()) scanCtx.getLogger().debug(buf.toString()); } }
X509Certificate cert = (X509Certificate) cf .generateCertificate(new ByteArrayInputStream(buf.array())); X500Principal principal = cert.getSubjectX500Principal(); ks.setCertificateEntry(principal.getName("RFC2253"), cert);
if (trustManager instanceof X509TrustManager) { for (X509Certificate ca : ((X509TrustManager) trustManager).getAcceptedIssuers()) { certificateAuthorities.put(ca.getSubjectX500Principal().getName(), ca);
/** * Validates the specified certificate using OCSP if configured. * * @param certificates the client certificates * @throws CertificateStatusException ex */ public void validate(final X509Certificate[] certificates) throws CertificateStatusException { // only validate if configured to do so if (client != null && certificates != null && certificates.length > 0) { final X509Certificate subjectCertificate = getSubjectCertificate(certificates); final X509Certificate issuerCertificate = getIssuerCertificate(certificates); if (issuerCertificate == null) { throw new IllegalArgumentException(String.format("Unable to obtain certificate of issuer <%s> for the specified subject certificate <%s>.", subjectCertificate.getIssuerX500Principal().getName(), subjectCertificate.getSubjectX500Principal().getName())); } // create the ocsp status key final OcspRequest ocspRequest = new OcspRequest(subjectCertificate, issuerCertificate); try { // determine the status and ensure it isn't verified as revoked final OcspStatus ocspStatus = ocspCache.getUnchecked(ocspRequest); // we only disallow when we have a verified response that states the certificate is revoked if (VerificationStatus.Verified.equals(ocspStatus.getVerificationStatus()) && ValidationStatus.Revoked.equals(ocspStatus.getValidationStatus())) { throw new CertificateStatusException(String.format("Client certificate for <%s> is revoked according to the certificate authority.", subjectCertificate.getSubjectX500Principal().getName())); } } catch (final UncheckedExecutionException uee) { logger.warn(String.format("Unable to validate client certificate via OCSP: <%s>", subjectCertificate.getSubjectX500Principal().getName()), uee.getCause()); } } }
public static boolean matchGeneralNames(List<GeneralName> generalNames, X509Certificate cert) { X500Principal certSubjectName = cert.getSubjectX500Principal(); try { if (matchGeneralNames(generalNames, convertToGeneralNames(cert.getSubjectAlternativeNames()))) { return true; } } catch (CertificateParsingException e) { // Ignore unless the subject name is empty if (certSubjectName == null) { throw saslEntity.unableToDetermineSubjectName(e); } } List<GeneralName> certNames; if (certSubjectName != null) { certNames = new ArrayList<GeneralName>(1); certNames.add(new DirectoryName(certSubjectName.getName(X500Principal.CANONICAL))); if (matchGeneralNames(generalNames, certNames)) { return true; } } return false; }
if(certBytes != null) { cert = generateCertFromDER(certBytes); String alias = cert.getSubjectX500Principal().getName(); store.setCertificateEntry(alias, cert);
dn = new LdapName(cert.getSubjectX500Principal().getName()); } catch (InvalidNameException e) { LOGGER.warning("Invalid DN: " + e.getMessage());