Example 11 with CertStore
use of java.security.cert.CertStore in project XobotOS by xamarin.
the class PKIXCRLUtil method findCRLs.
/**
* Return a Collection of all CRLs found in the X509Store's that are
* matching the crlSelect criteriums.
*
* @param crlSelect a {@link X509CRLStoreSelector} object that will be used
* to select the CRLs
* @param crlStores a List containing only
* {@link org.bouncycastle.x509.X509Store X509Store} objects.
* These are used to search for CRLs
*
* @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
* empty but never <code>null</code>.
*/
private final Collection findCRLs(X509CRLStoreSelector crlSelect, List crlStores) throws AnnotatedException {
Set crls = new HashSet();
Iterator iter = crlStores.iterator();
AnnotatedException lastException = null;
boolean foundValidStore = false;
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store store = (X509Store) obj;
try {
crls.addAll(store.getMatches(crlSelect));
foundValidStore = true;
} catch (StoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
} else {
CertStore store = (CertStore) obj;
try {
crls.addAll(store.getCRLs(crlSelect));
foundValidStore = true;
} catch (CertStoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
}
}
if (!foundValidStore && lastException != null) {
throw lastException;
}
return crls;
}
Also used :
X509Store(org.bouncycastle.x509.X509Store)
Set(java.util.Set)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
Iterator(java.util.Iterator)
CertStore(java.security.cert.CertStore)
HashSet(java.util.HashSet)
StoreException(org.bouncycastle.util.StoreException)
CertStoreException(java.security.cert.CertStoreException)
Example 12 with CertStore
use of java.security.cert.CertStore in project XobotOS by xamarin.
the class CertPathValidatorUtilities method findCertificates.
/**
* Return a Collection of all certificates or attribute certificates found
* in the X509Store's that are matching the certSelect criteriums.
*
* @param certSelect a {@link Selector} object that will be used to select
* the certificates
* @param certStores a List containing only {@link X509Store} objects. These
* are used to search for certificates.
*
* @return a Collection of all found {@link X509Certificate} or
* {@link org.bouncycastle.x509.X509AttributeCertificate} objects.
* May be empty but never <code>null</code>.
*/
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException {
Set certs = new HashSet();
Iterator iter = certStores.iterator();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store certStore = (X509Store) obj;
try {
certs.addAll(certStore.getMatches(certSelect));
} catch (StoreException e) {
throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
}
} else {
CertStore certStore = (CertStore) obj;
try {
certs.addAll(certStore.getCertificates(certSelect));
} catch (CertStoreException e) {
throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
}
}
}
return certs;
}
Also used :
X509Store(org.bouncycastle.x509.X509Store)
Set(java.util.Set)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
Iterator(java.util.Iterator)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
DERObject(org.bouncycastle.asn1.DERObject)
CertStore(java.security.cert.CertStore)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
StoreException(org.bouncycastle.util.StoreException)
Example 13 with CertStore
use of java.security.cert.CertStore in project nhin-d by DirectProject.
the class CryptoExtensions method findSignersByName.
/**
* Searches CMS signed data for a given email name. Signed data may consist of multiple signatures either from the same subject of from multiple
* subjects.
* @param signedData The signed data to search.
* @param name The name to search for in the list of signers.
* @param excludeNames A list of names to exclude from the list. Because the search uses a simple "contains" search, it is possible for the name parameter
* to be a substring of what is requested. The excludeNames contains a super string of the name to remove unwanted names from the returned list. This parameter
* may be null;
* @return A colllection of pairs consisting of the singer's X509 certificated and signer information that matches the provided name. Returns
* an empty collection if a signer matching the name cannot be found in the signed data.
*/
public static Collection<SignerCertPair> findSignersByName(CMSSignedData signedData, String name, Collection<String> excludeNames) {
if (name == null || name.length() == 0) {
throw new IllegalArgumentException();
}
Collection<SignerCertPair> retVal = null;
try {
CertStore certs = signedData.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
SignerInformationStore signers = signedData.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
for (SignerInformation signer : c) {
Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
if (certCollection != null && certCollection.size() > 0) {
X509Certificate cert = (X509Certificate) certCollection.iterator().next();
if (certSubjectContainsName(cert, name)) {
boolean exclude = false;
// check if we need to exclude anything
if (excludeNames != null)
for (String excludeStr : excludeNames) if (certSubjectContainsName(cert, excludeStr)) {
exclude = true;
break;
}
if (exclude)
// break out and don't include this cert
continue;
if (retVal == null)
retVal = new ArrayList<SignerCertPair>();
retVal.add(new SignerCertPair(signer, convertToProfileProvidedCertImpl(cert)));
}
}
}
} catch (Throwable e) {
}
if (retVal == null)
return Collections.emptyList();
return retVal;
}
Also used :
SignerCertPair(org.nhindirect.stagent.cert.SignerCertPair)
ArrayList(java.util.ArrayList)
SignerInformation(org.bouncycastle.cms.SignerInformation)
X509Certificate(java.security.cert.X509Certificate)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
CertStore(java.security.cert.CertStore)
Example 14 with CertStore
use of java.security.cert.CertStore in project nhin-d by DirectProject.
the class MessageSigInspector method main.
public static void main(String[] args) {
if (args.length == 0) {
//printUsage();
System.exit(-1);
}
String messgefile = null;
for (int i = 0; i < args.length; i++) {
String arg = args[i];
// Options
if (!arg.startsWith("-")) {
System.err.println("Error: Unexpected argument [" + arg + "]\n");
//printUsage();
System.exit(-1);
} else if (arg.equalsIgnoreCase("-msgFile")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing message file");
System.exit(-1);
}
messgefile = args[++i];
} else if (arg.equals("-help")) {
//printUsage();
System.exit(-1);
} else {
System.err.println("Error: Unknown argument " + arg + "\n");
//printUsage();
System.exit(-1);
}
}
if (messgefile == null) {
System.err.println("Error: missing message file\n");
}
InputStream inStream = null;
try {
inStream = FileUtils.openInputStream(new File(messgefile));
MimeMessage message = new MimeMessage(null, inStream);
MimeMultipart mm = (MimeMultipart) message.getContent();
//byte[] messageBytes = EntitySerializer.Default.serializeToBytes(mm.getBodyPart(0).getContent());
//MimeBodyPart signedContent = null;
//signedContent = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
final CMSSignedData signed = new CMSSignedData(new CMSProcessableBodyPart(mm.getBodyPart(0)), mm.getBodyPart(1).getInputStream());
CertStore certs = signed.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
SignerInformationStore signers = signed.getSignerInfos();
@SuppressWarnings("unchecked") Collection<SignerInformation> c = signers.getSigners();
System.out.println("Found " + c.size() + " signers");
int cnt = 1;
for (SignerInformation signer : c) {
Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
if (certCollection != null && certCollection.size() > 0) {
X509Certificate cert = (X509Certificate) certCollection.iterator().next();
System.out.println("\r\nInfo for certificate " + cnt++);
System.out.println("\tSubject " + cert.getSubjectDN());
FileUtils.writeByteArrayToFile(new File("SigCert.der"), cert.getEncoded());
byte[] bytes = cert.getExtensionValue("2.5.29.15");
if (bytes != null) {
final DERObject obj = getObject(bytes);
final KeyUsage keyUsage = new KeyUsage((DERBitString) obj);
final byte[] data = keyUsage.getBytes();
final int intValue = (data.length == 1) ? data[0] & 0xff : (data[1] & 0xff) << 8 | (data[0] & 0xff);
System.out.println("\tKey Usage: " + intValue);
} else
System.out.println("\tKey Usage: NONE");
//verify and get the digests
final Attribute digAttr = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
final DERObject hashObj = digAttr.getAttrValues().getObjectAt(0).getDERObject();
final byte[] signedDigest = ((ASN1OctetString) hashObj).getOctets();
final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest);
System.out.println("\r\nSigned Message Digest: " + signedDigestHex);
try {
signer.verify(cert, "BC");
System.out.println("Signature verified.");
} catch (CMSException e) {
System.out.println("Signature failed to verify.");
}
// should have the computed digest now
final byte[] digest = signer.getContentDigest();
final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest);
System.out.println("\r\nComputed Message Digest: " + digestHex);
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
IOUtils.closeQuietly(inStream);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Attribute(org.bouncycastle.asn1.cms.Attribute)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
InputStream(java.io.InputStream)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
SignerInformation(org.bouncycastle.cms.SignerInformation)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
DERObject(org.bouncycastle.asn1.DERObject)
MimeMessage(javax.mail.internet.MimeMessage)
MimeMultipart(javax.mail.internet.MimeMultipart)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
File(java.io.File)
CertStore(java.security.cert.CertStore)
CMSException(org.bouncycastle.cms.CMSException)
Example 15 with CertStore
use of java.security.cert.CertStore in project jdk8u_jdk by JetBrains.
the class BuildEEBasicConstraints method main.
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
Also used :
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
ArrayList(java.util.ArrayList)
TrustAnchor(java.security.cert.TrustAnchor)
X509CertSelector(java.security.cert.X509CertSelector)
CertPath(java.security.cert.CertPath)
CertStore(java.security.cert.CertStore)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CertStore (java.security.cert.CertStore)38
X509Certificate (java.security.cert.X509Certificate)18
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)13
CertStoreException (java.security.cert.CertStoreException)12
ArrayList (java.util.ArrayList)12
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
X509CertSelector (java.security.cert.X509CertSelector)9
NoSuchProviderException (java.security.NoSuchProviderException)8
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)8
HashSet (java.util.HashSet)7
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6
Iterator (java.util.Iterator)6
IOException (java.io.IOException)5
CertPathBuilder (java.security.cert.CertPathBuilder)5
CertStoreParameters (java.security.cert.CertStoreParameters)5
TrustAnchor (java.security.cert.TrustAnchor)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
KeyStoreException (java.security.KeyStoreException)4
Certificate (java.security.cert.Certificate)4
CertificateException (java.security.cert.CertificateException)4
