use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project cloud-security-xsuaa-integration by SAP.
the class JwtX5tValidator method validate.
/**
* Validates the cnf thumbprint of X509 certificate against trusted
* certificate's thumbprint.
*
* In case audience contains only a single value, thumbprint comparison is not
* performed and request is validated. To guarantee that this single audience is
* trusted, use this validator in combination with {@link JwtAudienceValidator}
*
* @param token
* token to be validated
* @return validation result. Result is valid when both thumbprints match in
* case of multiple audiences.
*/
@Override
public ValidationResult validate(Token token) {
if (token == null) {
return ValidationResults.createInvalid("No token passed to validate certificate thumbprint");
}
String tokenX5t = extractCnfThumbprintFromToken(token);
if (tokenX5t == null) {
return ValidationResults.createInvalid("Token doesn't contain certificate thumbprint confirmation method");
}
Certificate clientCertificate = SecurityContext.getClientCertificate();
if (clientCertificate == null) {
return ValidationResults.createInvalid("Client certificate missing from SecurityContext");
}
String clientCertificateX5t = clientCertificate.getThumbprint();
if (clientCertificateX5t.equals(tokenX5t)) {
return ValidationResults.createValid();
}
return ValidationResults.createInvalid("Certificate thumbprint validation failed with Token 'cnf' thumbprint: {} != {}", tokenX5t, clientCertificateX5t);
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project ddf by codice.
the class OcspCheckerTest method testConvertingX509CertificatesToBcCertificates.
@Test
public void testConvertingX509CertificatesToBcCertificates() throws Exception {
OcspChecker ocspChecker = new OcspChecker(factory, eventAdmin);
ocspChecker.setSecurityLogger(mock(SecurityLogger.class));
Certificate certificate = ocspChecker.convertToBouncyCastleCert(trustedCertX509);
assertThat(certificate, is(notNullValue()));
assertThat(trustedCertX509.getSerialNumber(), equalTo(certificate.getSerialNumber().getValue()));
assertThat(trustedCertX509.getNotAfter(), equalTo(certificate.getEndDate().getDate()));
assertThat(trustedCertX509.getNotBefore(), equalTo(certificate.getStartDate().getDate()));
X500Principal subjectX500Principal = trustedCertX509.getSubjectX500Principal();
X500Name x500name = new X500Name(subjectX500Principal.getName(X500Principal.RFC1779));
assertThat(x500name, equalTo(certificate.getSubject()));
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project ddf by codice.
the class OcspCheckerTest method testGeneratingOcspRequest.
@Test
public void testGeneratingOcspRequest() throws Exception {
OcspChecker ocspChecker = new OcspChecker(factory, eventAdmin);
ocspChecker.setSecurityLogger(mock(SecurityLogger.class));
Certificate certificate = trustedCertBc;
OCSPReq ocspReq = ocspChecker.generateOcspRequest(certificate);
assertThat(ocspReq, is(notNullValue()));
assertThat(ocspReq.getRequestList()[0].getCertID().getSerialNumber(), equalTo(certificate.getSerialNumber().getValue()));
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project LinLong-Java by zhenwei1108.
the class X509v3CertificateBuilder method copyAndAddExtension.
/**
* Add a given extension field for the standard extensions tag (tag 3) copying the extension value
* from another certificate.
*
* @param oid the OID defining the extension type.
* @param isCritical true if the copied extension is to be marked as critical, false otherwise.
* @param certHolder the holder for the certificate that the extension is to be copied from.
* @return this builder object.
*/
public X509v3CertificateBuilder copyAndAddExtension(ASN1ObjectIdentifier oid, boolean isCritical, X509CertificateHolder certHolder) {
Certificate cert = certHolder.toASN1Structure();
Extension extension = cert.getTBSCertificate().getExtensions().getExtension(oid);
if (extension == null) {
throw new NullPointerException("extension " + oid + " not present");
}
extGenerator.addExtension(oid, isCritical, extension.getExtnValue().getOctets());
return this;
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project kubernetes-client by fabric8io.
the class V1CertificateCrudTest method shouldDeleteACertificate.
@Test
void shouldDeleteACertificate() {
Certificate certificate3 = new CertificateBuilder().withNewMetadata().withName("cert3").endMetadata().build();
client.v1().certificates().inNamespace("ns3").create(certificate3);
Boolean deleted = client.v1().certificates().inNamespace("ns3").withName("cert3").delete();
assertTrue(deleted);
}
Aggregations