Example 86 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project TLS-Scanner by RUB-NDS.
the class TrustAnchorManager method getFullCaCertificateSet.
private Set<Certificate> getFullCaCertificateSet() {
Set<Certificate> certificateSet = new HashSet<>();
for (CertificateEntry entry : trustAnchors.values()) {
InputStream resourceAsStream = TrustAnchorManager.class.getClassLoader().getResourceAsStream("trust/" + entry.getFingerprint() + ".pem");
try {
org.bouncycastle.crypto.tls.Certificate cert = PemUtil.readCertificate(resourceAsStream);
certificateSet.add(cert.getCertificateAt(0));
} catch (IOException | CertificateException ex) {
LOGGER.error("Could not load Certificate:" + entry.getSubjectName() + "/" + entry.getFingerprint(), ex);
}
}
return certificateSet;
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
HashSet(java.util.HashSet)
Example 87 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project cloud-security-xsuaa-integration by SAP.
the class SecurityContext method clearCertificate.
/**
* Clears the current Certificate from thread wide storage.
*/
private static void clearCertificate() {
final Certificate certificate = certificateStorage.get();
if (certificate != null) {
LOGGER.debug("Certificate removed from SecurityContext (thread-locally).");
certificateStorage.remove();
}
}
Also used :
Certificate(com.sap.cloud.security.x509.Certificate)
Example 88 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project jruby-openssl by jruby.
the class OCSPRequest method findCertByName.
private java.security.cert.Certificate findCertByName(ASN1Encodable genX500Name, IRubyObject certificates, int flags) throws CertificateException, IOException {
Ruby runtime = getRuntime();
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0) {
ASN1Sequence certs = asn1bcReq.getOptionalSignature().getCerts();
if (certs != null) {
Iterator<ASN1Encodable> it = certs.iterator();
while (it.hasNext()) {
Certificate cert = Certificate.getInstance(it.next());
if (genX500Name.equals(cert.getSubject()))
return new X509AuxCertificate(cert);
}
}
}
@SuppressWarnings("unchecked") List<X509Certificate> certList = (RubyArray) certificates;
for (X509Certificate cert : certList) {
if (genX500Name.equals(X500Name.getInstance(cert.getSubjectX500Principal().getEncoded())))
return new X509AuxCertificate(cert);
}
return null;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
RubyArray(org.jruby.RubyArray)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
Ruby(org.jruby.Ruby)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
Example 89 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project cloud-security-xsuaa-integration by SAP.
the class JwtX5tValidator method validate.
/**
* Validates the cnf thumbprint of X509 certificate against trusted
* certificate's thumbprint.
*
* In case audience contains only a single value, thumbprint comparison is not
* performed and request is validated. To guarantee that this single audience is
* trusted, use this validator in combination with {@link JwtAudienceValidator}
*
* @param token
* token to be validated
* @return validation result. Result is valid when both thumbprints match in
* case of multiple audiences.
*/
@Override
public ValidationResult validate(Token token) {
if (token == null) {
return ValidationResults.createInvalid("No token passed to validate certificate thumbprint");
}
String tokenX5t = extractCnfThumbprintFromToken(token);
if (tokenX5t == null) {
return ValidationResults.createInvalid("Token doesn't contain certificate thumbprint confirmation method");
}
Certificate clientCertificate = SecurityContext.getClientCertificate();
if (clientCertificate == null) {
return ValidationResults.createInvalid("Client certificate missing from SecurityContext");
}
String clientCertificateX5t = clientCertificate.getThumbprint();
if (clientCertificateX5t.equals(tokenX5t)) {
return ValidationResults.createValid();
}
return ValidationResults.createInvalid("Certificate thumbprint validation failed with Token 'cnf' thumbprint: {} != {}", tokenX5t, clientCertificateX5t);
}
Also used :
Certificate(com.sap.cloud.security.x509.Certificate)
Example 90 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project ddf by codice.
the class OcspCheckerTest method testConvertingX509CertificatesToBcCertificates.
@Test
public void testConvertingX509CertificatesToBcCertificates() throws Exception {
OcspChecker ocspChecker = new OcspChecker(factory, eventAdmin);
ocspChecker.setSecurityLogger(mock(SecurityLogger.class));
Certificate certificate = ocspChecker.convertToBouncyCastleCert(trustedCertX509);
assertThat(certificate, is(notNullValue()));
assertThat(trustedCertX509.getSerialNumber(), equalTo(certificate.getSerialNumber().getValue()));
assertThat(trustedCertX509.getNotAfter(), equalTo(certificate.getEndDate().getDate()));
assertThat(trustedCertX509.getNotBefore(), equalTo(certificate.getStartDate().getDate()));
X500Principal subjectX500Principal = trustedCertX509.getSubjectX500Principal();
X500Name x500name = new X500Name(subjectX500Principal.getName(X500Principal.RFC1779));
assertThat(x500name, equalTo(certificate.getSubject()));
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SecurityLogger(ddf.security.audit.SecurityLogger)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Test(org.junit.Test)
Aggregations
Certificate (org.bouncycastle.asn1.x509.Certificate)53
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)37
CertificateException (java.security.cert.CertificateException)27
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)24
Test (org.junit.Test)14
Operation (com.google.longrunning.Operation)13
File (java.io.File)11
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9
Test (org.junit.jupiter.api.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
SQLException (java.sql.SQLException)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6
Extension (org.bouncycastle.asn1.x509.Extension)6
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6
Date (java.util.Date)5
