use of java.security.cert.CertificateParsingException in project Spark by igniterealtime.
the class CertificateModel method extensionExtractHandler.
/**
* Get values of the extension and format them into readable Strings.
*
* @param cert
* @param oid
*/
private void extensionExtractHandler(X509Certificate cert, String oid, boolean critical) {
try {
ASN1Primitive primitive = JcaX509ExtensionUtils.parseExtensionValue(cert.getExtensionValue(oid));
String value = Res.getString("cert.is.critical") + critical + "\n";
boolean isSupported = true;
if (oid.equals(Extension.subjectDirectoryAttributes.toString())) {
value += subjectDirectoryAttributesExtractor(primitive);
} else if (oid.equals(Extension.subjectKeyIdentifier.toString())) {
value += subjectKeyIdentifierExtractor(primitive);
} else if (oid.equals(Extension.keyUsage.toString())) {
value += keyUsageExtractor(cert);
} else if (oid.equals(Extension.subjectAlternativeName.toString())) {
value += alternativeNameExtractor(cert.getSubjectAlternativeNames());
} else if (oid.equals(Extension.issuerAlternativeName.toString())) {
value += alternativeNameExtractor(cert.getIssuerAlternativeNames());
} else if (oid.equals(Extension.basicConstraints.toString())) {
value += basicConstraintsExtractor(primitive);
} else if (oid.equals(Extension.nameConstraints.toString())) {
value += NameConstraintsExtractor(primitive);
} else if (oid.equals(Extension.cRLDistributionPoints.toString())) {
value += CRLPointsExtractor(primitive);
} else if (oid.equals(Extension.policyMappings.toString())) {
value += policyMappingsExtractor(cert);
} else if (oid.equals(Extension.authorityKeyIdentifier.toString())) {
value += authorityKeyIdentifierExtractor(primitive);
} else if (oid.equals(Extension.policyConstraints.toString())) {
value += policyConstraintsExtractor(primitive);
} else if (oid.equals(Extension.extendedKeyUsage.toString())) {
value += extendedKeyUsageExtractor(cert);
} else {
addToUnsupported(critical, oid);
isSupported = false;
}
if (isSupported) {
extensions.put(oid, value);
}
} catch (NullPointerException | IOException | CertificateParsingException e) {
Log.error("Couldn't extract " + oid + ": " + OIDTranslator.getDescription(oid) + "extension.", e);
addToUnsupported(critical, oid);
}
}
use of java.security.cert.CertificateParsingException in project Bytecoder by mirkosertic.
the class ClientHandshaker method isIdentityEquivalent.
/*
* Whether the certificates can represent the same identity?
*
* The certificates can be used to represent the same identity:
* 1. If the subject alternative names of IP address are present in
* both certificates, they should be identical; otherwise,
* 2. if the subject alternative names of DNS name are present in
* both certificates, they should be identical; otherwise,
* 3. if the subject fields are present in both certificates, the
* certificate subjects and issuers should be identical.
*/
private static boolean isIdentityEquivalent(X509Certificate thisCert, X509Certificate prevCert) {
if (thisCert.equals(prevCert)) {
return true;
}
// check subject alternative names
Collection<List<?>> thisSubjectAltNames = null;
try {
thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Attempt to obtain subjectAltNames extension failed!");
}
}
Collection<List<?>> prevSubjectAltNames = null;
try {
prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Attempt to obtain subjectAltNames extension failed!");
}
}
if ((thisSubjectAltNames != null) && (prevSubjectAltNames != null)) {
// check the iPAddress field in subjectAltName extension
Collection<String> thisSubAltIPAddrs = getSubjectAltNames(thisSubjectAltNames, ALTNAME_IP);
Collection<String> prevSubAltIPAddrs = getSubjectAltNames(prevSubjectAltNames, ALTNAME_IP);
if ((thisSubAltIPAddrs != null) && (prevSubAltIPAddrs != null) && (isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs))) {
return true;
}
// check the dNSName field in subjectAltName extension
Collection<String> thisSubAltDnsNames = getSubjectAltNames(thisSubjectAltNames, ALTNAME_DNS);
Collection<String> prevSubAltDnsNames = getSubjectAltNames(prevSubjectAltNames, ALTNAME_DNS);
if ((thisSubAltDnsNames != null) && (prevSubAltDnsNames != null) && (isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames))) {
return true;
}
}
// check the certificate subject and issuer
X500Principal thisSubject = thisCert.getSubjectX500Principal();
X500Principal prevSubject = prevCert.getSubjectX500Principal();
X500Principal thisIssuer = thisCert.getIssuerX500Principal();
X500Principal prevIssuer = prevCert.getIssuerX500Principal();
if (!thisSubject.getName().isEmpty() && !prevSubject.getName().isEmpty() && thisSubject.equals(prevSubject) && thisIssuer.equals(prevIssuer)) {
return true;
}
return false;
}
use of java.security.cert.CertificateParsingException in project ddf by codice.
the class SignerConditionTest method testIsSatisfiedBrokenSan.
@Test
public void testIsSatisfiedBrokenSan() throws CertificateException {
Bundle bundle = mock(Bundle.class);
Map<X509Certificate, List<X509Certificate>> trustedCerts = new HashMap<>();
X509Certificate key = mock(X509Certificate.class);
X500Principal principal = new X500Principal("CN=test, OU=Dev, O=DDF, ST=AZ, C=US");
when(key.getSubjectX500Principal()).thenReturn(principal);
when(key.getSubjectAlternativeNames()).thenThrow(new CertificateParsingException("boom"));
trustedCerts.put(key, new ArrayList<>());
when(bundle.getSignerCertificates(Bundle.SIGNERS_TRUSTED)).thenReturn(trustedCerts);
SignerCondition principalCondition = new SignerCondition(bundle, new ConditionInfo(SignerCondition.class.getName(), new String[] { "test" }));
boolean satisfied = principalCondition.isSatisfied();
assertThat(satisfied, is(true));
}
use of java.security.cert.CertificateParsingException in project cas by apereo.
the class X509SubjectAlternativeNameRFC822EmailPrincipalResolver method resolvePrincipalInternal.
@Override
protected String resolvePrincipalInternal(final X509Certificate certificate) {
LOGGER.debug("Resolving principal from Subject Alternative Name RFC8222 type (email) for [{}]", certificate);
try {
val subjectAltNames = certificate.getSubjectAlternativeNames();
val email = X509ExtractorUtils.getRFC822EmailAddress(subjectAltNames);
if (email.isPresent()) {
return email.get();
}
} catch (final CertificateParsingException e) {
LoggingUtils.error(LOGGER, e);
}
return getAlternatePrincipal(certificate);
}
use of java.security.cert.CertificateParsingException in project jmeter by apache.
the class JmeterKeyStore method logDetailsOnKeystore.
@SuppressWarnings("JdkObsolete")
private void logDetailsOnKeystore(KeyStore keystore) {
Enumeration<String> aliases;
try {
aliases = keystore.aliases();
} catch (KeyStoreException e) {
log.debug("Problem reading the aliases from the store {}", keystore, e);
return;
}
int i = 1;
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
log.debug("Certificate at index {} with alias {}", i++, alias);
X509Certificate cert;
try {
cert = (X509Certificate) keystore.getCertificate(alias);
} catch (KeyStoreException e) {
log.debug("Can't read certificate for alias {}", alias, e);
continue;
}
log.debug("Subject DN: {}", cert.getSubjectX500Principal());
log.debug("Issuer DN: {}", cert.getIssuerX500Principal());
log.debug("Not valid before: {}", cert.getNotBefore().toInstant());
log.debug("Not valid after: {}", cert.getNotAfter().toInstant());
try {
final Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
if (!(subjectAlternativeNames == null || subjectAlternativeNames.isEmpty())) {
log.debug("SAN: {}", decodeSanList(subjectAlternativeNames));
}
} catch (CertificateParsingException e) {
log.debug("Problem parsing SAN for alias {}", alias, e);
}
List<String> extendedKeyUsage;
try {
extendedKeyUsage = cert.getExtendedKeyUsage();
if (extendedKeyUsage != null) {
for (String keyUsage : extendedKeyUsage) {
log.debug("EKU: {} ({})", EXTENDED_KEY_USAGES.getOrDefault(keyUsage, keyUsage), keyUsage);
}
}
} catch (CertificateParsingException e) {
log.debug("Can't get EKU for alias {}", alias, e);
}
}
}
Aggregations