Examples with KeyAndCertCredential eu.emi.security.authn.x509.impl.KeyAndCertCredential used on opensource projects

Search in sources :

Example 1 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class SecurityUtils method getCACredential.

public static KeyAndCertCredential getCACredential(String caCertPath, String caKeyPath, String password) throws Exception {
    InputStream isKey = new FileInputStream(caKeyPath);
    PrivateKey pk = CertificateUtils.loadPrivateKey(isKey, Encoding.PEM, password.toCharArray());
    InputStream isCert = new FileInputStream(caCertPath);
    X509Certificate caCert = CertificateUtils.loadCertificate(isCert, Encoding.PEM);
    if (isKey != null)
        isKey.close();
    if (isCert != null)
        isCert.close();
    return new KeyAndCertCredential(pk, new X509Certificate[] { caCert });
}
Also used : PrivateKey(java.security.PrivateKey) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate)

Example 2 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class X509SecurityContext method getCACredential.

private KeyAndCertCredential getCACredential(String caCertPath, String caKeyPath, String password) throws Exception {
    InputStream isKey, isCert;
    isKey = isCert = null;
    try {
        isKey = new FileInputStream(caKeyPath);
        PrivateKey pk = CertificateUtils.loadPrivateKey(isKey, Encoding.PEM, password.toCharArray());
        isCert = new FileInputStream(caCertPath);
        X509Certificate caCert = CertificateUtils.loadCertificate(isCert, Encoding.PEM);
        return new KeyAndCertCredential(pk, new X509Certificate[] { caCert });
    } finally {
        if (isKey != null) {
            isKey.close();
        }
        if (isCert != null) {
            isCert.close();
        }
    }
}
Also used : PrivateKey(java.security.PrivateKey) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate)

Example 3 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class X509SecurityContext method getDefaultCredentials.

/**
 * Gets the default proxy certificate.
 * @return Default my proxy credentials.
 * @throws GFacException If an error occurred while retrieving credentials.
 * @throws org.apache.airavata.common.exception.ApplicationSettingsException
 */
public X509Credential getDefaultCredentials() throws GFacException, ApplicationSettingsException {
    MyProxyLogon logon = new MyProxyLogon();
    logon.setValidator(dcValidator);
    logon.setHost(getRequestData().getMyProxyServerUrl());
    logon.setPort(getRequestData().getMyProxyPort());
    logon.setUsername(getRequestData().getMyProxyUserName());
    logon.setPassphrase(getRequestData().getMyProxyPassword().toCharArray());
    logon.setLifetime(getRequestData().getMyProxyLifeTime());
    try {
        logon.connect();
        logon.logon();
        logon.getCredentials();
        logon.disconnect();
        PrivateKey pk = logon.getPrivateKey();
        return new KeyAndCertCredential(pk, new X509Certificate[] { logon.getCertificate() });
    } catch (Exception e) {
        throw new GFacException("An error occurred while retrieving default security credentials.", e);
    }
}
Also used : PrivateKey(java.security.PrivateKey) GFacException(org.apache.airavata.gfac.core.GFacException) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) MyProxyLogon(org.apache.airavata.gfac.bes.utils.MyProxyLogon) GFacException(org.apache.airavata.gfac.core.GFacException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)

Example 4 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class X509SecurityContext method generateShortLivedCredential.

public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}
Also used : KeyPair(java.security.KeyPair) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPairGenerator(java.security.KeyPairGenerator) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) Random(java.util.Random) X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger)

Example 5 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class UNICORESecurityContext method getServerSignedConfiguration.

/**
 * Get server signed credentials. Each time it is invoked new certificate
 * is returned.
 *
 * @param userID
 * @param userDN
 * @param caCertPath
 * @param caKeyPath
 * @param caKeyPwd
 * @return
 * @throws GFacException
 */
public DefaultClientConfiguration getServerSignedConfiguration(String userID, String userDN, String caCertPath, String caKeyPath, String caKeyPwd) throws GFacException {
    try {
        KeyAndCertCredential cred = SecurityUtils.generateShortLivedCertificate(userDN, caCertPath, caKeyPath, caKeyPwd);
        secProperties = new DefaultClientConfiguration(dcValidator, cred);
        setExtraSettings();
    } catch (Exception e) {
        throw new GFacException(e.getMessage(), e);
    }
    return secProperties;
}
Also used : GFacException(org.apache.airavata.gfac.core.GFacException) DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) GFacException(org.apache.airavata.gfac.core.GFacException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)

Aggregations

KeyAndCertCredential (eu.emi.security.authn.x509.impl.KeyAndCertCredential)14 X509Certificate (java.security.cert.X509Certificate)10 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)8 IOException (java.io.IOException)6 InvalidKeyException (java.security.InvalidKeyException)6 PrivateKey (java.security.PrivateKey)6 X509v3CertificateBuilder (eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)4 FileInputStream (java.io.FileInputStream)4 InputStream (java.io.InputStream)4 BigInteger (java.math.BigInteger)4 KeyPair (java.security.KeyPair)4 KeyPairGenerator (java.security.KeyPairGenerator)4 Date (java.util.Date)4 Random (java.util.Random)4 X500Principal (javax.security.auth.x500.X500Principal)4 ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)4 GFacException (org.apache.airavata.gfac.core.GFacException)4 X500Name (org.bouncycastle.asn1.x500.X500Name)4 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)4 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial