Example 31 with CertStore
use of java.security.cert.CertStore in project nhin-d by DirectProject.
the class SMIMECryptographerImpl method createSignatureEntity.
protected MimeMultipart createSignatureEntity(byte[] entity, Collection<X509Certificate> signingCertificates) {
MimeMultipart retVal = null;
try {
final MimeBodyPart signedContent = new MimeBodyPart(new ByteArrayInputStream(entity));
final ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
final SMIMECapabilityVector caps = new SMIMECapabilityVector();
caps.addCapability(SMIMECapability.dES_EDE3_CBC);
caps.addCapability(SMIMECapability.rC2_CBC, 128);
caps.addCapability(SMIMECapability.dES_CBC);
caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
caps.addCapability(x509CertificateObjectsIdent);
signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
final List<X509Certificate> certList = new ArrayList<X509Certificate>();
final DirectSignedDataGenerator generator = sigFactory.createInstance();
for (X509Certificate signer : signingCertificates) {
if (signer instanceof X509CertificateEx) {
generator.addSigner(((X509CertificateEx) signer).getPrivateKey(), signer, this.m_digestAlgorithm.getOID(), createAttributeTable(signedAttrs), null);
certList.add(signer);
}
}
final CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertStore", "Collection"));
generator.addCertificatesAndCRLs(certsAndcrls);
final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
final CMSSignedData signedData = generator.generate(content);
final String header = "signed; protocol=\"application/pkcs7-signature\"; micalg=" + CryptoAlgorithmsHelper.toDigestAlgorithmMicalg(this.m_digestAlgorithm);
//String encodedSig = Base64.encodeBase64String(signedData.getEncoded());
final String encodedSig = StringUtils.newStringUtf8(Base64.encodeBase64(signedData.getEncoded(), true));
retVal = new MimeMultipart(header.toString());
final MimeBodyPart sig = new MimeBodyPart(new InternetHeaders(), encodedSig.getBytes("ASCII"));
sig.addHeader("Content-Type", "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data");
sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\"");
sig.addHeader("Content-Description", "S/MIME Cryptographic Signature");
sig.addHeader("Content-Transfer-Encoding", "base64");
retVal.addBodyPart(signedContent);
retVal.addBodyPart(sig);
} catch (MessagingException e) {
throw new MimeException(MimeError.InvalidMimeEntity, e);
} catch (IOException e) {
throw new SignatureException(SignatureError.InvalidMultipartSigned, e);
} catch (Exception e) {
throw new NHINDException(MimeError.Unexpected, e);
}
return retVal;
}
Also used :
InternetHeaders(javax.mail.internet.InternetHeaders)
MessagingException(javax.mail.MessagingException)
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
IOException(java.io.IOException)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
MessagingException(javax.mail.MessagingException)
MimeException(org.nhindirect.stagent.mail.MimeException)
NHINDException(org.nhindirect.stagent.NHINDException)
ParseException(javax.mail.internet.ParseException)
IOException(java.io.IOException)
SignatureValidationException(org.nhindirect.stagent.SignatureValidationException)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
MimeMultipart(javax.mail.internet.MimeMultipart)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
MimeException(org.nhindirect.stagent.mail.MimeException)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
DirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.DirectSignedDataGenerator)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
CertStore(java.security.cert.CertStore)
Example 32 with CertStore
use of java.security.cert.CertStore in project robovm by robovm.
the class CertPathValidatorUtilities method findCertificates.
/**
* Return a Collection of all certificates or attribute certificates found
* in the X509Store's that are matching the certSelect criteriums.
*
* @param certSelect a {@link Selector} object that will be used to select
* the certificates
* @param certStores a List containing only {@link X509Store} objects. These
* are used to search for certificates.
* @return a Collection of all found {@link X509Certificate} or
* {@link org.bouncycastle.x509.X509AttributeCertificate} objects.
* May be empty but never <code>null</code>.
*/
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException {
Set certs = new HashSet();
Iterator iter = certStores.iterator();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store certStore = (X509Store) obj;
try {
certs.addAll(certStore.getMatches(certSelect));
} catch (StoreException e) {
throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
}
} else {
CertStore certStore = (CertStore) obj;
try {
certs.addAll(certStore.getCertificates(certSelect));
} catch (CertStoreException e) {
throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
}
}
}
return certs;
}
Also used :
X509Store(org.bouncycastle.x509.X509Store)
Set(java.util.Set)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
Iterator(java.util.Iterator)
CertStore(java.security.cert.CertStore)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
StoreException(org.bouncycastle.util.StoreException)
Example 33 with CertStore
use of java.security.cert.CertStore in project robovm by robovm.
the class PKIXCRLUtil method findCRLs.
/**
* Return a Collection of all CRLs found in the X509Store's that are
* matching the crlSelect criteriums.
*
* @param crlSelect a {@link X509CRLStoreSelector} object that will be used
* to select the CRLs
* @param crlStores a List containing only
* {@link org.bouncycastle.x509.X509Store X509Store} objects.
* These are used to search for CRLs
*
* @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
* empty but never <code>null</code>.
*/
private final Collection findCRLs(X509CRLStoreSelector crlSelect, List crlStores) throws AnnotatedException {
Set crls = new HashSet();
Iterator iter = crlStores.iterator();
AnnotatedException lastException = null;
boolean foundValidStore = false;
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store store = (X509Store) obj;
try {
crls.addAll(store.getMatches(crlSelect));
foundValidStore = true;
} catch (StoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
} else {
CertStore store = (CertStore) obj;
try {
crls.addAll(store.getCRLs(crlSelect));
foundValidStore = true;
} catch (CertStoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
}
}
if (!foundValidStore && lastException != null) {
throw lastException;
}
return crls;
}
Also used :
X509Store(org.bouncycastle.x509.X509Store)
Set(java.util.Set)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
Iterator(java.util.Iterator)
CertStore(java.security.cert.CertStore)
HashSet(java.util.HashSet)
StoreException(org.bouncycastle.util.StoreException)
CertStoreException(java.security.cert.CertStoreException)
Example 34 with CertStore
use of java.security.cert.CertStore in project jdk8u_jdk by JetBrains.
the class Pair method loadCRLs.
/**
* Loads CRLs from a source. This method is also called in JarSigner.
* @param src the source, which means System.in if null, or a URI,
* or a bare file path name
*/
public static Collection<? extends CRL> loadCRLs(String src) throws Exception {
InputStream in = null;
URI uri = null;
if (src == null) {
in = System.in;
} else {
try {
uri = new URI(src);
if (uri.getScheme().equals("ldap")) {
// No input stream for LDAP
} else {
in = uri.toURL().openStream();
}
} catch (Exception e) {
try {
in = new FileInputStream(src);
} catch (Exception e2) {
if (uri == null || uri.getScheme() == null) {
// More likely a bare file path
throw e2;
} else {
// More likely a protocol or network problem
throw e;
}
}
}
}
if (in != null) {
try {
// Read the full stream before feeding to X509Factory,
// otherwise, keytool -gencrl | keytool -printcrl
// might not work properly, since -gencrl is slow
// and there's no data in the pipe at the beginning.
ByteArrayOutputStream bout = new ByteArrayOutputStream();
byte[] b = new byte[4096];
while (true) {
int len = in.read(b);
if (len < 0)
break;
bout.write(b, 0, len);
}
return CertificateFactory.getInstance("X509").generateCRLs(new ByteArrayInputStream(bout.toByteArray()));
} finally {
if (in != System.in) {
in.close();
}
}
} else {
// must be LDAP, and uri is not null
// Lazily load LDAPCertStoreHelper if present
CertStoreHelper helper = CertStoreHelper.getInstance("LDAP");
String path = uri.getPath();
if (path.charAt(0) == '/')
path = path.substring(1);
CertStore s = helper.getCertStore(uri);
X509CRLSelector sel = helper.wrap(new X509CRLSelector(), null, path);
return s.getCRLs(sel);
}
}
Also used :
CertStoreHelper(sun.security.provider.certpath.CertStoreHelper)
URI(java.net.URI)
CertStore(java.security.cert.CertStore)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
CertStoreException(java.security.cert.CertStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
X509CRLSelector(java.security.cert.X509CRLSelector)
Example 35 with CertStore
use of java.security.cert.CertStore in project jdk8u_jdk by JetBrains.
the class NoExtensions method doBuild.
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
// seems to be required
certSelector.setSubject(userCert.getSubjectDN().getName());
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
Also used :
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
ArrayList(java.util.ArrayList)
TrustAnchor(java.security.cert.TrustAnchor)
X509CertSelector(java.security.cert.X509CertSelector)
CertPathBuilder(java.security.cert.CertPathBuilder)
CertPath(java.security.cert.CertPath)
CertStore(java.security.cert.CertStore)
X509Certificate(java.security.cert.X509Certificate)
HashSet(java.util.HashSet)
Aggregations
CertStore (java.security.cert.CertStore)40
X509Certificate (java.security.cert.X509Certificate)19
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)15
ArrayList (java.util.ArrayList)13
CertStoreException (java.security.cert.CertStoreException)12
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10
X509CertSelector (java.security.cert.X509CertSelector)10
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)9
NoSuchProviderException (java.security.NoSuchProviderException)8
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)7
CertStoreParameters (java.security.cert.CertStoreParameters)7
HashSet (java.util.HashSet)7
IOException (java.io.IOException)6
Iterator (java.util.Iterator)6
KeyStoreException (java.security.KeyStoreException)5
CertPathBuilder (java.security.cert.CertPathBuilder)5
Certificate (java.security.cert.Certificate)5
CertificateException (java.security.cert.CertificateException)5
TrustAnchor (java.security.cert.TrustAnchor)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
