public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { if (x509Certificates == null || x509Certificates.length == 0) { throw new IllegalArgumentException("Null or empty certificates list"); } BasicX509Credential credential = new BasicX509Credential(); X509Certificate x509Certificate = x509Certificates[0]; credential.setEntityCertificate(x509Certificate); credential.setEntityCertificateChain(Arrays.asList(x509Certificates)); credential.setUsageType(UsageType.UNSPECIFIED); EntityIDCriteria entityIDCriteria = criteriaSet.get(EntityIDCriteria.class); if (entityIDCriteria != null) { credential.setEntityId(entityIDCriteria.getEntityID()); } try { log.debug("Checking server trust"); if (trustEngine.validate(credential, criteriaSet)) { log.debug("Server certificate trust verified"); } else { Principal issuerDN = x509Certificate.getIssuerDN(); Principal subjectDN = x509Certificate.getSubjectDN(); StringBuilder sb = new StringBuilder(120); sb.append("Peer SSL/TLS certificate '").append(subjectDN).append("' "); sb.append("issued by '").append(issuerDN).append("' "); sb.append("is not trusted, add the certificate or it's CA to your trust store and optionally update tlsKey in extended metadata with the certificate's alias"); throw new UntrustedCertificateException(sb.toString(), x509Certificates); } } catch (org.opensaml.xml.security.SecurityException e) { throw new CertificateException("Error validating certificate", e); } }
/** * Build an X509Credential from a keystore trusted certificate entry. * * @param trustedCertEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry, String entityID, UsageType usage) { log.debug("Processing TrustedCertificateEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate(); credential.setEntityCertificate(cert); ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>(); certChain.add(cert); credential.setEntityCertificateChain(certChain); return credential; }
/** * Build an X509Credential from a keystore trusted certificate entry. * * @param trustedCertEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry, String entityID, UsageType usage) { log.debug("Processing TrustedCertificateEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate(); credential.setEntityCertificate(cert); ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>(); certChain.add(cert); credential.setEntityCertificateChain(certChain); return credential; }
/** * Build an X509Credential from a keystore private key entry. * * @param privateKeyEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID, UsageType usage) { log.debug("Processing PrivateKeyEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); credential.setPrivateKey(privateKeyEntry.getPrivateKey()); credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate()); credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain())); return credential; }
/** * Build an X509Credential from a keystore private key entry. * * @param privateKeyEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID, UsageType usage) { log.debug("Processing PrivateKeyEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); credential.setPrivateKey(privateKeyEntry.getPrivateKey()); credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate()); credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain())); return credential; }
BasicX509Credential credential = new BasicX509Credential(); credential.setUsageType(getUsageType());