@Override public synchronized Socket connectSocket(int connectTimeout, Socket socket, HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, HttpContext context) throws IOException { Socket result = super.connectSocket(connectTimeout, socket, host, remoteAddress, localAddress, context); if (!SSLSocket.class.isInstance(result)) { throw new IOException("Expected tls socket"); } SSLSocket sslSocket = (SSLSocket) result; java.security.cert.Certificate[] peerCertificateChain = sslSocket.getSession().getPeerCertificates(); if (peerCertificateChain.length != 1) { throw new IOException("Expected root ca cert"); } if (!X509Certificate.class.isInstance(peerCertificateChain[0])) { throw new IOException("Expected root ca cert in X509 format"); } String cn; try { X509Certificate certificate = (X509Certificate) peerCertificateChain[0]; cn = IETFUtils.valueToString(new JcaX509CertificateHolder(certificate).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue()); certificates.add(certificate); } catch (Exception e) { throw new IOException(e); } if (!caHostname.equals(cn)) { throw new IOException("Expected cn of " + caHostname + " but got " + cn); } return result; } }
private boolean certificateCommonNameChanged(String certificateCommonName) { try { KeyStore userKeyStore = UserConfig.getUserKeyStore(); X509Certificate currentCertificate = (X509Certificate) userKeyStore.getCertificate(CipherParams.CERTIFICATE_IDENTIFIER); if (currentCertificate != null) { X500Name currentCertificateSubject = new JcaX509CertificateHolder(currentCertificate).getSubject(); RDN currentCertificateSubjectCN = currentCertificateSubject.getRDNs(BCStyle.CN)[0]; String currentCertificateSubjectCnStr = IETFUtils.valueToString(currentCertificateSubjectCN.getFirst().getValue()); if (!certificateCommonName.equals(currentCertificateSubjectCnStr)) { logger.log(Level.INFO, "- Certificate regeneration necessary: Cert common name in daemon config changed from " + currentCertificateSubjectCnStr + " to " + certificateCommonName + "."); return true; } } else { logger.log(Level.INFO, "- Certificate regeneration necessary, because no certificate found in key store."); return true; } return false; } catch (Exception e) { throw new RuntimeException("Cannot (re-)generate server certificate for hostname: " + certificateCommonName, e); } }
if (cn == null) { X500Name x500name = new JcaX509CertificateHolder( (X509Certificate) cp.bytesToCertificate(pemBytes)).getSubject(); RDN rdn = x500name.getRDNs(BCStyle.CN)[0]; cn = IETFUtils.valueToString(rdn.getFirst().getValue());
private AttributeCertificateHolder buildHolder(X509Certificate holderCert) throws CertificateEncodingException { JcaX509CertificateHolder holderWrappedCert = new JcaX509CertificateHolder( holderCert); AttributeCertificateHolder acHolder = new AttributeCertificateHolder( holderWrappedCert.getSubject(), holderCert.getSerialNumber()); return acHolder; }
public HashMap<String,String> getCertificateInfo(X509Certificate cert){ HashMap<String,String> certInfo = new HashMap<String,String>(); X500Name x500name; try { x500name = new JcaX509CertificateHolder(cert).getSubject(); } catch (CertificateEncodingException e) { e.printStackTrace(); return certInfo; } certInfo.put(CertManagerConstants.SUBJECT_NAME,cert.getSubjectDN().getName()); certInfo.put(CertManagerConstants.ISSUER_NAME,cert.getIssuerDN().getName()); certInfo.put(CertManagerConstants.SN, cert.getSerialNumber().toString()); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; certInfo.put(CertManagerConstants.CN,cn.toString()); RDN ou = x500name.getRDNs(BCStyle.OU)[0]; certInfo.put(CertManagerConstants.OU,ou.toString()); certInfo.put(CertManagerConstants.START_DATE,cert.getNotBefore().toString()); certInfo.put(CertManagerConstants.EXPIRY_DATE,cert.getNotAfter().toString()); return certInfo; }
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject(); RDN[] rdns = x500name.getRDNs(BCStyle.CN); for (int i = 0; i < rdns.length; ++i) {
private AttributeCertificateIssuer buildIssuer() throws CertificateEncodingException { JcaX509CertificateHolder issuer = new JcaX509CertificateHolder( aaCredential.getCertificate()); return new AttributeCertificateIssuer(issuer.getSubject()); }
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject(); RDN[] rdns = x500name.getRDNs(BCStyle.CN); for (int i = 0; i < rdns.length; ++i) {
if (cn == null) { X500Name x500name = new JcaX509CertificateHolder( (X509Certificate) cp.bytesToCertificate(pemBytes)).getSubject(); RDN rdn = x500name.getRDNs(BCStyle.CN)[0]; cn = IETFUtils.valueToString(rdn.getFirst().getValue());
public String extractCN(X509Certificate cert) throws GeneralSecurityException { X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String valx = IETFUtils.valueToString(cn.getFirst().getValue()); return valx; }
private static String getValueByObjectIdentifier(X509Certificate cert, ASN1ObjectIdentifier identifier) throws CertificateEncodingException { X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN c = x500name.getRDNs(identifier)[0]; return IETFUtils.valueToString(c.getFirst().getValue()); }
private boolean isOcspResponderCommonNameValid(X509Cert ocspCertificate) { if(ocspCertificate==null) { return false; } try { X500Name x500name = new JcaX509CertificateHolder(ocspCertificate.getX509Certificate()).getSubject(); RDN dn = x500name.getRDNs(BCStyle.CN)[0]; String commonName = IETFUtils.valueToString(dn.getFirst().getValue()); return configuration.getAllowedOcspRespondersForTM().contains(commonName); } catch (CertificateEncodingException e) { throw new DigiDoc4JException("OCSP certificate encoding failed ", e); } }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { X509Certificate cert = chain[0]; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String hostname = IETFUtils.valueToString(cn.getFirst().getValue()); checkTrusted(chain, hostname); }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { X509Certificate cert = chain[0]; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String hostname = IETFUtils.valueToString(cn.getFirst().getValue()); checkTrusted(chain, hostname); }
private byte[] buildRequest(final CertificateID certificateID, Extension nonceExtension) throws DSSException { try { LOGGER.debug("Building OCSP request ..."); OCSPReqBuilder builder = new OCSPReqBuilder(); builder.addRequest(certificateID); builder.setRequestExtensions(new Extensions(nonceExtension)); if (this.configuration.hasToBeOCSPRequestSigned()) { LOGGER.info("Using signed OCSP request ..."); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA1withRSA"); if (!this.configuration.isOCSPSigningConfigurationAvailable()) { throw new ConfigurationException("Configuration needed for OCSP request signing is not complete"); } DSSPrivateKeyEntry privateKeyEntry = this.getOCSPAccessCertificatePrivateKey(); X509Certificate signingCertificate = privateKeyEntry.getCertificate().getCertificate(); builder.setRequestorName(new GeneralName(new JcaX509CertificateHolder(signingCertificate).getSubject())); return builder.build(signerBuilder.build(((KSPrivateKeyEntry) privateKeyEntry).getPrivateKey()), new X509CertificateHolder[]{new X509CertificateHolder(signingCertificate.getEncoded())}).getEncoded(); } return builder.build().getEncoded(); } catch (Exception e) { throw new DSSException(e); } }
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();