Search in sources :

Example 81 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project cloud-security-xsuaa-integration by SAP.

the class JwtX5tValidator method validate.

/**
 * Validates the cnf thumbprint of X509 certificate against trusted
 * certificate's thumbprint.
 *
 * In case audience contains only a single value, thumbprint comparison is not
 * performed and request is validated. To guarantee that this single audience is
 * trusted, use this validator in combination with {@link JwtAudienceValidator}
 *
 * @param token
 *            token to be validated
 * @return validation result. Result is valid when both thumbprints match in
 *         case of multiple audiences.
 */
@Override
public ValidationResult validate(Token token) {
    if (token == null) {
        return ValidationResults.createInvalid("No token passed to validate certificate thumbprint");
    }
    String tokenX5t = extractCnfThumbprintFromToken(token);
    if (tokenX5t == null) {
        return ValidationResults.createInvalid("Token doesn't contain certificate thumbprint confirmation method");
    }
    Certificate clientCertificate = SecurityContext.getClientCertificate();
    if (clientCertificate == null) {
        return ValidationResults.createInvalid("Client certificate missing from SecurityContext");
    }
    String clientCertificateX5t = clientCertificate.getThumbprint();
    if (clientCertificateX5t.equals(tokenX5t)) {
        return ValidationResults.createValid();
    }
    return ValidationResults.createInvalid("Certificate thumbprint validation failed with Token 'cnf' thumbprint: {} != {}", tokenX5t, clientCertificateX5t);
}
Also used : Certificate(com.sap.cloud.security.x509.Certificate)

Example 82 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project ddf by codice.

the class OcspCheckerTest method testConvertingX509CertificatesToBcCertificates.

@Test
public void testConvertingX509CertificatesToBcCertificates() throws Exception {
    OcspChecker ocspChecker = new OcspChecker(factory, eventAdmin);
    ocspChecker.setSecurityLogger(mock(SecurityLogger.class));
    Certificate certificate = ocspChecker.convertToBouncyCastleCert(trustedCertX509);
    assertThat(certificate, is(notNullValue()));
    assertThat(trustedCertX509.getSerialNumber(), equalTo(certificate.getSerialNumber().getValue()));
    assertThat(trustedCertX509.getNotAfter(), equalTo(certificate.getEndDate().getDate()));
    assertThat(trustedCertX509.getNotBefore(), equalTo(certificate.getStartDate().getDate()));
    X500Principal subjectX500Principal = trustedCertX509.getSubjectX500Principal();
    X500Name x500name = new X500Name(subjectX500Principal.getName(X500Principal.RFC1779));
    assertThat(x500name, equalTo(certificate.getSubject()));
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) X500Name(org.bouncycastle.asn1.x500.X500Name) SecurityLogger(ddf.security.audit.SecurityLogger) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 83 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project ddf by codice.

the class OcspCheckerTest method testGeneratingOcspRequest.

@Test
public void testGeneratingOcspRequest() throws Exception {
    OcspChecker ocspChecker = new OcspChecker(factory, eventAdmin);
    ocspChecker.setSecurityLogger(mock(SecurityLogger.class));
    Certificate certificate = trustedCertBc;
    OCSPReq ocspReq = ocspChecker.generateOcspRequest(certificate);
    assertThat(ocspReq, is(notNullValue()));
    assertThat(ocspReq.getRequestList()[0].getCertID().getSerialNumber(), equalTo(certificate.getSerialNumber().getValue()));
}
Also used : OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq) SecurityLogger(ddf.security.audit.SecurityLogger) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 84 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project LinLong-Java by zhenwei1108.

the class X509v3CertificateBuilder method copyAndAddExtension.

/**
 * Add a given extension field for the standard extensions tag (tag 3) copying the extension value
 * from another certificate.
 *
 * @param oid        the OID defining the extension type.
 * @param isCritical true if the copied extension is to be marked as critical, false otherwise.
 * @param certHolder the holder for the certificate that the extension is to be copied from.
 * @return this builder object.
 */
public X509v3CertificateBuilder copyAndAddExtension(ASN1ObjectIdentifier oid, boolean isCritical, X509CertificateHolder certHolder) {
    Certificate cert = certHolder.toASN1Structure();
    Extension extension = cert.getTBSCertificate().getExtensions().getExtension(oid);
    if (extension == null) {
        throw new NullPointerException("extension " + oid + " not present");
    }
    extGenerator.addExtension(oid, isCritical, extension.getExtnValue().getOctets());
    return this;
}
Also used : Extension(com.github.zhenwei.core.asn1.x509.Extension) TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate) Certificate(com.github.zhenwei.core.asn1.x509.Certificate)

Example 85 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project kubernetes-client by fabric8io.

the class V1CertificateCrudTest method shouldDeleteACertificate.

@Test
void shouldDeleteACertificate() {
    Certificate certificate3 = new CertificateBuilder().withNewMetadata().withName("cert3").endMetadata().build();
    client.v1().certificates().inNamespace("ns3").create(certificate3);
    Boolean deleted = client.v1().certificates().inNamespace("ns3").withName("cert3").delete();
    assertTrue(deleted);
}
Also used : CertificateBuilder(io.fabric8.certmanager.api.model.v1.CertificateBuilder) Certificate(io.fabric8.certmanager.api.model.v1.Certificate) Test(org.junit.jupiter.api.Test)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)11 Test (org.junit.Test)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5