Example 31 with CertificateFactory
use of java.security.cert.CertificateFactory in project okhttputils by hongyangAndroid.
the class HttpsUtils method prepareTrustManager.
private static TrustManager[] prepareTrustManager(InputStream... certificates) {
if (certificates == null || certificates.length <= 0)
return null;
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
int index = 0;
for (InputStream certificate : certificates) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
try {
if (certificate != null)
certificate.close();
} catch (IOException e) {
}
}
TrustManagerFactory trustManagerFactory = null;
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
return trustManagers;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Also used :
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
CertificateFactory(java.security.cert.CertificateFactory)
KeyStore(java.security.KeyStore)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
KeyStoreException(java.security.KeyStoreException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Example 32 with CertificateFactory
use of java.security.cert.CertificateFactory in project hudson-2.x by hudson.
the class UpdateSite method verifySignature.
/**
* Verifies the signature in the update center data file.
*/
private boolean verifySignature(JSONObject o) throws GeneralSecurityException, IOException {
JSONObject signature = o.getJSONObject("signature");
if (signature.isNullObject()) {
LOGGER.severe("No signature block found");
return false;
}
o.remove("signature");
List<X509Certificate> certs = new ArrayList<X509Certificate>();
{
// load and verify certificates
CertificateFactory cf = CertificateFactory.getInstance("X509");
for (Object cert : o.getJSONArray("certificates")) {
X509Certificate c = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(Base64.decode(cert.toString().toCharArray())));
c.checkValidity();
certs.add(c);
}
// all default root CAs in JVM are trusted, plus certs bundled in Hudson
Set<TrustAnchor> anchors = CertificateUtil.getDefaultRootCAs();
ServletContext context = Hudson.getInstance().servletContext;
for (String cert : (Set<String>) context.getResourcePaths("/WEB-INF/update-center-rootCAs")) {
// skip text files that are meant to be documentation
if (cert.endsWith(".txt"))
continue;
anchors.add(new TrustAnchor((X509Certificate) cf.generateCertificate(context.getResourceAsStream(cert)), null));
}
CertificateUtil.validatePath(certs);
}
// this is for computing a digest to check sanity
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
DigestOutputStream dos = new DigestOutputStream(new NullOutputStream(), sha1);
// this is for computing a signature
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(certs.get(0));
SignatureOutputStream sos = new SignatureOutputStream(sig);
JSONCanonicalUtils.write(o, new OutputStreamWriter(new TeeOutputStream(dos, sos), "UTF-8"));
// did the digest match? this is not a part of the signature validation, but if we have a bug in the c14n
// (which is more likely than someone tampering with update center), we can tell
String computedDigest = new String(Base64.encode(sha1.digest()));
String providedDigest = signature.getString("digest");
if (!computedDigest.equalsIgnoreCase(providedDigest)) {
LOGGER.severe("Digest mismatch: " + computedDigest + " vs " + providedDigest);
return false;
}
if (!sig.verify(Base64.decode(signature.getString("signature").toCharArray()))) {
LOGGER.severe("Signature in the update center doesn't match with the certificate");
return false;
}
return true;
}
Also used :
TeeOutputStream(org.apache.commons.io.output.TeeOutputStream)
Set(java.util.Set)
ArrayList(java.util.ArrayList)
TrustAnchor(java.security.cert.TrustAnchor)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
JSONObject(net.sf.json.JSONObject)
SignatureOutputStream(org.jvnet.hudson.crypto.SignatureOutputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DigestOutputStream(java.security.DigestOutputStream)
Signature(java.security.Signature)
ServletContext(javax.servlet.ServletContext)
JSONObject(net.sf.json.JSONObject)
OutputStreamWriter(java.io.OutputStreamWriter)
MessageDigest(java.security.MessageDigest)
NullOutputStream(org.apache.commons.io.output.NullOutputStream)
Example 33 with CertificateFactory
use of java.security.cert.CertificateFactory in project neo4j by neo4j.
the class Certificates method loadCertificates.
public Certificate[] loadCertificates(File certFile) throws CertificateException, IOException {
CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
Collection<Certificate> certificates = new LinkedList<>();
try (PemReader r = new PemReader(new FileReader(certFile))) {
for (PemObject pemObject = r.readPemObject(); pemObject != null; pemObject = r.readPemObject()) {
byte[] encodedCert = pemObject.getContent();
certificates.addAll(certFactory.generateCertificates(new ByteArrayInputStream(encodedCert)));
}
}
if (certificates.size() == 0) {
// Ok, failed to read as PEM file, try and read it as raw binary certificate
try (FileInputStream in = new FileInputStream(certFile)) {
certificates = (Collection<Certificate>) certFactory.generateCertificates(in);
}
}
return certificates.toArray(new Certificate[certificates.size()]);
}
Also used :
PemReader(org.bouncycastle.util.io.pem.PemReader)
PemObject(org.bouncycastle.util.io.pem.PemObject)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileReader(java.io.FileReader)
CertificateFactory(java.security.cert.CertificateFactory)
LinkedList(java.util.LinkedList)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 34 with CertificateFactory
use of java.security.cert.CertificateFactory in project custom-cert-https by nelenkov.
the class MainActivity method readCertificate.
private static X509Certificate readCertificate(File file) {
if (!file.isFile()) {
return null;
}
InputStream is = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X509");
is = new BufferedInputStream(new FileInputStream(file));
return (X509Certificate) cf.generateCertificate(is);
} catch (IOException e) {
return null;
} catch (CertificateException e) {
throw new RuntimeException(e);
} finally {
try {
is.close();
} catch (IOException e) {
}
}
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
BufferedInputStream(java.io.BufferedInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Example 35 with CertificateFactory
use of java.security.cert.CertificateFactory in project netty by netty.
the class Base64Test method certFromString.
private static X509Certificate certFromString(String string) throws Exception {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bin = new ByteArrayInputStream(string.getBytes(CharsetUtil.US_ASCII));
try {
return (X509Certificate) factory.generateCertificate(bin);
} finally {
bin.close();
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CertificateFactory (java.security.cert.CertificateFactory)550
X509Certificate (java.security.cert.X509Certificate)409
ByteArrayInputStream (java.io.ByteArrayInputStream)372
Certificate (java.security.cert.Certificate)272
CertificateException (java.security.cert.CertificateException)120
KeyFactory (java.security.KeyFactory)103
PrivateKey (java.security.PrivateKey)93
InputStream (java.io.InputStream)92
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)86
IOException (java.io.IOException)80
KeyStore (java.security.KeyStore)77
PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)67
Entry (java.security.KeyStore.Entry)59
TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)59
KeyStoreException (java.security.KeyStoreException)49
ArrayList (java.util.ArrayList)49
FileInputStream (java.io.FileInputStream)47
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35
File (java.io.File)23
HashSet (java.util.HashSet)21
