Example 51 with X509Certificate
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class ProvisionTPMTest method generateCertsAndProps.
private void generateCertsAndProps() throws Exception {
String homeFolder = "./config/";
int ValidityDays = 3652;
String TpmOwnerAuth = "abc123";
String HisIdentityLabel = " HIS Identity Key";
String HisIdentityAuth = "1111111111111111111111111111111111111111";
String PrivacyCaCertFileName = "PrivacyCA.cer";
String EndorsementCaCertFileName = "testEC.cer";
X509Certificate ekCert = null;
X509Certificate pcaCert = null;
byte[] certBytes = TpmUtils.hexStringToByteArray("3082032c30820214a00302010202060149ff6e341d300d06092a864886f70d010105050030193117301506035504030c0e484" + "9535f505249564143595f4341301e170d3134313133303036343035325a170d3234313132393036343035325a30193117301506035504030c0e4849535f505249564143595f4" + "34130820122300d06092a864886f70d01010105000382010f003082010a0282010100f13aee5d2d0bb568951e1cca199954e969e8aeb802b959d557887ac27abea6e5bbe291a" + "5c3c7ffd83d12b46d7ac14cf7b2cc5bac9809cb5c240fc906d155d6ec08bff16dbc71bc3e76fc1b1ed042982d55a502c3164d2b3fdbcfc8873a5aec0f2cc34eef085ebbf2152" + "d19532558e01b5c41c1d24d993ab1391cc05ee84a8c29af44330e2e2b89506142b06bf8fac9a4c9348d3c10ddb86652aedf3331ad61cc0f1917c48d0ced9de7ba90f68e03205" + "a37bb4763cadc1ce1d1801d6926c429e9dc12046d45bb81118ba17de5653a8169eafa3c4608037d3041cf0c654466d1c9dee793857452809034a3713c457ea56e8982df06ac9" + "3b57537de44a55cee52bb0203010001a37a3078301d0603551d0e04160414e4e4136fe84fc2063445f223d9adcf685dbf7a3a300f0603551d130101ff040530030101ff30460" + "603551d23043f303d8014e4e4136fe84fc2063445f223d9adcf685dbf7a3aa11da41b30193117301506035504030c0e4849535f505249564143595f434182060149ff6e341d3" + "00d06092a864886f70d01010505000382010100171e1f7c1aaeae4d035e819935723c5e859388ccee6faff7a0bb1e8520d6271afdd2ad1c3d9b3adc1e44ddf3292759ae9dadf" + "6f11cea012c5b9028fac5ab763fcd1fb52fbc7d12901dfc54e36378c1129e4ec13a8b9449cd2482360bfb6af6d92732abc5ce48f7aad03c0009ac793bbdeb57940524c143083" + "c7dbf645f0957d4752820aa1581d1ef6accfa01faaa16d000d62f73c3ad7e4302a0009cdd09204e889dd8378a1dc74868da3c48c23a1fc88e933756faa6131712cd0b1a4050c" + "e3cc21281b519903a11972fd089a67a8741908a0b643cbf8689c76708aba5c59c4e838bacdfb053ba20eead8fd13184970ad7a42b9b65c9edc1e3eefeafac0dfcb6");
pcaCert = TpmUtils.certFromBytes(certBytes);
FileOutputStream pcaFileOut = new FileOutputStream(new File(homeFolder + "/" + PrivacyCaCertFileName));
try {
if (pcaCert != null)
pcaFileOut.write(pcaCert.getEncoded());
pcaFileOut.flush();
pcaFileOut.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (pcaFileOut != null)
pcaFileOut.close();
}
// Create the testEC certificate file
ekCert = pcaCert;
FileOutputStream testECFileOut = new FileOutputStream(new File(homeFolder + "/" + EndorsementCaCertFileName));
try {
if (ekCert != null)
testECFileOut.write(ekCert.getEncoded());
testECFileOut.flush();
testECFileOut.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (pcaFileOut != null)
pcaFileOut.close();
}
//generate properties: hisprovisioner.properties
String HisprovisionerPropertiesFile = "hisprovisioner.properties";
FileOutputStream fos = new FileOutputStream(homeFolder + "/" + HisprovisionerPropertiesFile);
/*
* #TPM Provisioning Data
* EcValidityDays = 3652
* TpmOwnerAuth = abc123
* #HIS Identity Provisioning Data
* HisIdentityLabel = HIS Identity Key
* HisIdentityIndex = 1
* HisIdentityAuth = 1111111111111111111111111111111111111111
* PrivacyCaCertFile = PrivacyCA.cer
* PrivacyCaUrl = https://***:8181/HisPrivacyCAWebServices2
* NtruBypass = true
* ClientPath = cert
* ecStorage = NVRAM
* ecSigningKeySize = 2048
* ecLocation = ***
*/
String toWrite = "#TPM Provisioning Data\r\n" + "EcValidityDays = " + ValidityDays + "\r\n" + "TpmOwnerAuth = " + TpmOwnerAuth + "\r\n" + "#HIS Identity Provisioning Data\r\n" + "HisIdentityLabel = " + HisIdentityLabel + "\r\n" + "HisIdentityIndex = 1" + "\r\n" + "HisIdentityAuth = " + HisIdentityAuth + "\r\n" + "PrivacyCaCertFile = " + PrivacyCaCertFileName + "\r\n" + "PrivacyCaUrl = https://***:8181/HisPrivacyCAWebServices2\r\n" + "NtruBypass = true\r\n" + "ClientPath = cert\r\n" + "ecStorage = NVRAM\r\n" + "ecSigningKeySize = 2048\r\n" + "ecLocation = ***\r\n";
try {
fos.write(toWrite.getBytes("US-ASCII"));
fos.flush();
fos.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (fos != null)
fos.close();
}
}
Also used :
FileOutputStream(java.io.FileOutputStream)
Matchers.anyString(org.mockito.Matchers.anyString)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Example 52 with X509Certificate
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class X509Util method decodePemCertificates.
// public static
public static List<X509Certificate> decodePemCertificates(String text) throws CertificateException {
// String[] pems = StringUtils.splitByWholeSeparator(text, END_CERTIFICATE);
// for(String pem : pems) { log.debug("PEM: {}", pem); }
// ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>(pems.length);
// for(String pem : pems) {
// if( pem.trim().isEmpty() ) { continue; }
// certs.add(decodePemCertificate(pem));
// }
List<Pem> pems = PemLikeParser.parse(text);
ArrayList<X509Certificate> certs = new ArrayList<>();
for (Pem pem : pems) {
if ("CERTIFICATE".equals(pem.getBanner())) {
// log.debug("Certificate content: {}", pem.getContent());
// byte[] content = Base64.decodeBase64(pem.getContent());
certs.add(decodeDerCertificate(pem.getContent()));
}
}
return certs;
}
Also used :
ArrayList(java.util.ArrayList)
Pem(com.intel.mtwilson.util.io.pem.Pem)
X509Certificate(java.security.cert.X509Certificate)
Example 53 with X509Certificate
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class KeyStoreUtil method createTrustedSslKeystore.
// just a convenience function for importing an array of certs into a java keystore
public static KeyStore createTrustedSslKeystore(X509Certificate[] certificates) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
ks.setCertificateEntry("cert" + i, cert);
}
return ks;
}
Also used :
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Example 54 with X509Certificate
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class SamlUtil method verifySAMLSignature.
/**
Seeks out the signature element in the given tree, and validates it.
Searches the configured keystore (asking it to function also as a
truststore) for a certificate with a matching fingerprint.
*
* Certificates trusted for SAML-signing must be marked with the
* tag "(saml)" or "(SAML)" in their alias
*
@return true if the signature validates and we know the signer;
false otherwise
*/
public boolean verifySAMLSignature(Element target, X509Certificate[] trustedSigners) throws MarshalException, XMLSignatureException, KeyStoreException {
// Validate the signature -- i.e. SAML object is pristine:
NodeList nl = target.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new IllegalArgumentException("Cannot find Signature element");
}
DOMValidateContext context = new DOMValidateContext(new KeyValueKeySelector(), nl.item(0));
// MarshalException
XMLSignature signature = factory.unmarshalXMLSignature(context);
log.debug("signature.validate(context): " + signature.validate(context));
for (Object keyInfoItem : signature.getKeyInfo().getContent()) {
if (keyInfoItem instanceof X509Data) {
for (Object X509Item : ((X509Data) keyInfoItem).getContent()) {
if (X509Item instanceof X509Certificate) {
X509Certificate theirCert = (X509Certificate) X509Item;
log.debug("Found X509 certificate in XML: {}", theirCert.getSubjectX500Principal().getName());
//theirCert.get
for (X509Certificate ourCert : trustedSigners) {
if (ourCert.equals(theirCert)) {
log.debug("Bingo!! match for cert: " + ourCert.getSubjectX500Principal().getName());
return true;
} else {
log.info("No match for cert: " + ourCert.getSubjectX500Principal().getName());
}
}
}
}
}
}
if (!signature.validate(context)) {
// XMLSignatureException
log.warn("XML signature is not valid");
return false;
}
// Find a trusted cert -- i.e. the signer is actually someone we trust:
for (Object keyInfoItem : signature.getKeyInfo().getContent()) {
if (keyInfoItem instanceof X509Data) {
for (Object X509Item : ((X509Data) keyInfoItem).getContent()) {
if (X509Item instanceof X509Certificate) {
X509Certificate theirCert = (X509Certificate) X509Item;
log.debug("Found X509 certificate in XML: {}", theirCert.getSubjectX500Principal().getName());
for (X509Certificate ourCert : trustedSigners) {
if (ourCert.equals(theirCert)) {
return true;
}
}
}
}
}
}
log.warn("Signature was valid, but signer was not known.");
return false;
}
Also used :
XMLSignature(javax.xml.crypto.dsig.XMLSignature)
NodeList(org.w3c.dom.NodeList)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
X509Data(javax.xml.crypto.dsig.keyinfo.X509Data)
X509Certificate(java.security.cert.X509Certificate)
Example 55 with X509Certificate
use of java.security.cert.X509Certificate in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesCommonNameOnly.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>no other identifiers than its CommonName</li>
* </ul>
*/
@Test
public void testServerIdentitiesCommonNameOnly() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertEquals(subjectCommonName, serverIdentities.get(0));
}
Also used :
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SecureRandom(java.security.SecureRandom)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Aggregations
X509Certificate (java.security.cert.X509Certificate)1706
IOException (java.io.IOException)336
CertificateException (java.security.cert.CertificateException)272
ByteArrayInputStream (java.io.ByteArrayInputStream)260
CertificateFactory (java.security.cert.CertificateFactory)251
ArrayList (java.util.ArrayList)232
Certificate (java.security.cert.Certificate)227
KeyStore (java.security.KeyStore)177
PrivateKey (java.security.PrivateKey)150
InputStream (java.io.InputStream)134
File (java.io.File)112
KeyStoreException (java.security.KeyStoreException)112
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)111
GeneralSecurityException (java.security.GeneralSecurityException)100
Test (org.junit.Test)90
List (java.util.List)89
PublicKey (java.security.PublicKey)88
X509TrustManager (javax.net.ssl.X509TrustManager)80
X500Principal (javax.security.auth.x500.X500Principal)76
HashSet (java.util.HashSet)64
