use of com.google.cloud.security.privateca.v1.Certificate in project snowflake-jdbc by snowflakedb.
the class SFTrustManager method getTrustManager.
/**
* Get TrustManager for the algorithm. This is mainly used to get the JVM default trust manager
* and cache all of the root CA.
*
* @param algorithm algorithm.
* @return TrustManager object.
*/
private X509TrustManager getTrustManager(String algorithm) {
try {
TrustManagerFactory factory = TrustManagerFactory.getInstance(algorithm);
factory.init((KeyStore) null);
X509TrustManager ret = null;
for (TrustManager tm : factory.getTrustManagers()) {
// Manager here.
if (tm instanceof X509TrustManager) {
ret = (X509TrustManager) tm;
break;
}
}
if (ret == null) {
return null;
}
synchronized (ROOT_CA_LOCK) {
// cache root CA certificates for later use.
if (ROOT_CA.isEmpty()) {
for (X509Certificate cert : ret.getAcceptedIssuers()) {
Certificate bcCert = Certificate.getInstance(cert.getEncoded());
ROOT_CA.put(bcCert.getSubject().hashCode(), bcCert);
}
}
}
return ret;
} catch (NoSuchAlgorithmException | KeyStoreException | CertificateEncodingException ex) {
throw new SSLInitializationException(ex.getMessage(), ex);
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project snowflake-jdbc by snowflakedb.
the class SFTrustManager method getPairIssuerSubject.
/**
* Creates a pair of Issuer and Subject certificates
*
* @param bcChain a list of bouncy castle Certificate
* @return a list of paif of Issuer and Subject certificates
*/
private List<SFPair<Certificate, Certificate>> getPairIssuerSubject(List<Certificate> bcChain) throws CertificateException {
List<SFPair<Certificate, Certificate>> pairIssuerSubject = new ArrayList<>();
for (int i = 0, len = bcChain.size(); i < len; ++i) {
Certificate bcCert = bcChain.get(i);
if (bcCert.getIssuer().equals(bcCert.getSubject())) {
// skipping ROOT CA
continue;
}
if (i < len - 1) {
pairIssuerSubject.add(SFPair.of(bcChain.get(i + 1), bcChain.get(i)));
} else {
// no root CA certificate is attached in the certificate chain, so
// getting one from the root CA from JVM.
Certificate issuer = ROOT_CA.get(bcCert.getIssuer().hashCode());
if (issuer == null) {
throw new CertificateException("Failed to find the root CA.", new SFOCSPException(OCSPErrorCode.NO_ROOTCA_FOUND, "Failed to find the root CA."));
}
pairIssuerSubject.add(SFPair.of(issuer, bcChain.get(i)));
}
}
return pairIssuerSubject;
}
use of com.google.cloud.security.privateca.v1.Certificate in project bitbreeds-webrtc by IIlllII.
the class CertUtil method getCertFingerPrint.
/**
* @param alias alias
* @param pass password
* @param storePath path to keystore
* @return sha-256 string based on cert in keystore
*/
public static String getCertFingerPrint(String storePath, String alias, String pass) {
try {
Certificate cert = DTLSUtils.loadCert(storePath, alias, pass);
byte[] der = cert.getEncoded();
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] dat = md.digest(der);
String fingerprint = createFingerprintString(dat);
logger.info("Local cert signature is {} ", fingerprint);
return fingerprint;
} catch (Exception e) {
logger.error("Failed to create cert fingerprint from {}", storePath, e);
throw new IllegalStateException("Loading certificate failed");
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project apksig by venshine.
the class X509CertificateUtils method generateCertificates.
/**
* Generates a {@code Collection} of {@code Certificate} objects from the encoded {@code
* InputStream} using the provided {@code CertificateFactory}.
*
* @throws CertificateException if the InputStream cannot be decoded to zero or more valid
* {@code Certificates} objects.
*/
public static Collection<? extends java.security.cert.Certificate> generateCertificates(InputStream in, CertificateFactory certFactory) throws CertificateException {
// Since the InputStream is not guaranteed to support mark / reset operations first read it
// into a byte array to allow using the BER parser / DER encoder if it cannot be read by
// the CertificateFactory.
byte[] encodedCerts;
try {
encodedCerts = ByteStreams.toByteArray(in);
} catch (IOException e) {
throw new CertificateException("Failed to read the input stream", e);
}
try {
return certFactory.generateCertificates(new ByteArrayInputStream(encodedCerts));
} catch (CertificateException e) {
// This could be expected if the certificates are encoded using a BER encoding that does
// not use the minimum number of bytes to represent the length of the contents; attempt
// to decode the certificates using the BER parser and re-encode using the DER encoder
// below.
}
try {
Collection<X509Certificate> certificates = new ArrayList<>(1);
ByteBuffer encodedCertsBuffer = ByteBuffer.wrap(encodedCerts);
while (encodedCertsBuffer.hasRemaining()) {
ByteBuffer certBuffer = getNextDEREncodedCertificateBlock(encodedCertsBuffer);
int startingPos = certBuffer.position();
Certificate reencodedCert = Asn1BerParser.parse(certBuffer, Certificate.class);
byte[] reencodedForm = Asn1DerEncoder.encode(reencodedCert);
X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(reencodedForm));
byte[] originalEncoding = new byte[certBuffer.position() - startingPos];
certBuffer.position(startingPos);
certBuffer.get(originalEncoding);
GuaranteedEncodedFormX509Certificate guaranteedEncodedCert = new GuaranteedEncodedFormX509Certificate(certificate, originalEncoding);
certificates.add(guaranteedEncodedCert);
}
return certificates;
} catch (Asn1DecodingException | Asn1EncodingException e) {
throw new CertificateException("Failed to parse certificates", e);
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project XobotOS by xamarin.
the class X509CertPathImpl method getInstance.
/**
* Generates certification path object on the base of encoding provided via
* input stream. The format of provided encoded form is specified by
* parameter <code>encoding</code>.
* @throws CertificateException if specified encoding form is not supported,
* or some problems occurred during the decoding.
*/
public static X509CertPathImpl getInstance(InputStream in, String encoding) throws CertificateException {
if (!encodings.contains(encoding)) {
throw new CertificateException("Unsupported encoding");
}
try {
if (encodingsArr[0].equals(encoding)) {
// generate the object from PkiPath encoded form
return (X509CertPathImpl) ASN1.decode(in);
} else {
// generate the object from PKCS #7 encoded form
ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
SignedData sd = ci.getSignedData();
if (sd == null) {
throw new CertificateException("Incorrect PKCS7 encoded form: missing signed data");
}
List<Certificate> certs = sd.getCertificates();
if (certs == null) {
// empty chain of certificates
certs = new ArrayList<Certificate>();
}
List<X509CertImpl> result = new ArrayList<X509CertImpl>();
for (Certificate cert : certs) {
result.add(new X509CertImpl(cert));
}
return new X509CertPathImpl(result, PKCS7, ci.getEncoded());
}
} catch (IOException e) {
throw new CertificateException("Incorrect encoded form: " + e.getMessage());
}
}
Aggregations