Examples with DN - com.intel.mtwilson.x500.DN

Example 1 with DN

use of com.intel.mtwilson.x500.DN in project OpenAttestation by OpenAttestation.

the class ArrayCertificateRepository method getCertificateForAddress.

/**
     * XXX TODO this is a draft; maybe it should return a list , since it's possible
     * for more than one certificate to match...
     * XXX TODO maybe create another method getCurrentCertificateForAddress which refines
     * the search by returning only certificates that are valid NOW (the keystore may
     * have some that are not yet valid because they have been deployed in preparation
     * for an upcoming expiration)
     * 
     * The following certificate attributes are checked in order:
     * Common name in the subject
     * Alternative name
     * 
     * @param dnsHostnameOrIpAddress
     * @return the first matching certificate in the list
     */
// XXX not being used;  was part of previous draft interface of CertificateRepository
//    @Override
public X509Certificate getCertificateForAddress(InternetAddress dnsHostnameOrIpAddress) {
    System.out.println("ArrayCertificateRepository: getCertificateForAddress(" + dnsHostnameOrIpAddress.toString() + ")");
    for (X509Certificate x509 : keystore) {
        System.out.println("- x509 subject: " + x509.getSubjectX500Principal().getName());
        DN dn = new DN(x509.getSubjectX500Principal().getName());
        if (dn.getCommonName() != null && dn.getCommonName().equals(dnsHostnameOrIpAddress.toString())) {
            System.out.println("- found subject");
            return x509;
        }
        Set<String> alternativeNames = X509Util.alternativeNames(x509);
        for (String alternativeName : alternativeNames) {
            System.out.println("x509 alternative name: " + alternativeName);
            if (alternativeName.equals(dnsHostnameOrIpAddress.toString())) {
                System.out.println("- found alternative name");
                return x509;
            }
        }
    }
    return null;
}

Also used : DN(com.intel.mtwilson.x500.DN) X509Certificate(java.security.cert.X509Certificate)

Example 2 with DN

use of com.intel.mtwilson.x500.DN in project OpenAttestation by OpenAttestation.

the class KeystoreCertificateRepository method getCertificateForAddress.

/**
     * XXX TODO this is a draft; maybe it should return a list , since it's possible
     * for more than one certificate to match...
     * XXX TODO maybe create another method getCurrentCertificateForAddress which refines
     * the search by returning only certificates that are valid NOW (the keystore may
     * have some that are not yet valid because they have been deployed in preparation
     * for an upcoming expiration)
     * 
     * The following certificate attributes are checked in order:
     * Common name in the subject
     * Alternative name
     * Alias in the keystore
     * 
     * @param dnsHostnameOrIpAddress
     * @return the first matching certificate in the keystore; if there is more than one it is not guaranteed to always return the same one because this depends on the keystore implementation
     */
// XXX not being used;  was part of previous draft interface of CertificateRepository
//    @Override
public X509Certificate getCertificateForAddress(InternetAddress dnsHostnameOrIpAddress) {
    try {
        String[] sslCertAliases = keystore.listTrustedSslCertificates();
        for (String alias : sslCertAliases) {
            try {
                X509Certificate x509 = keystore.getX509Certificate(alias);
                System.out.println("x509 subject: " + x509.getSubjectX500Principal().getName());
                DN dn = new DN(x509.getSubjectX500Principal().getName());
                if (dn.getCommonName() != null && dn.getCommonName().equals(dnsHostnameOrIpAddress.toString())) {
                    return x509;
                }
                Set<String> alternativeNames = X509Util.alternativeNames(x509);
                for (String alternativeName : alternativeNames) {
                    System.out.println("x509 alternative name: " + alternativeName);
                    if (alternativeName.equals(dnsHostnameOrIpAddress.toString())) {
                        return x509;
                    }
                }
                if (alias.equals(dnsHostnameOrIpAddress.toString() + " (ssl)")) {
                    // XXX TODO need to use the new Tag interface for the simple keystore
                    return x509;
                }
            } catch (Exception e) {
                log.error("Cannot load certificate alias '" + alias + "' from keystore", e);
            }
        }
        return null;
    } catch (KeyStoreException e) {
        log.error("Cannot find certificate in keystore", e);
        return null;
    }
}

Also used : DN(com.intel.mtwilson.x500.DN) KeyStoreException(java.security.KeyStoreException) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) KeyStoreException(java.security.KeyStoreException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

DN (com.intel.mtwilson.x500.DN)2 X509Certificate (java.security.cert.X509Certificate)2 IOException (java.io.IOException)1 KeyManagementException (java.security.KeyManagementException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 CertificateException (java.security.cert.CertificateException)1