Example 56 with X509Certificate
use of java.security.cert.X509Certificate in project camel by apache.
the class DefaultKeyAccessor method getCertificateChain.
private X509Certificate[] getCertificateChain() throws Exception {
KeyStore keystore = getKeyStore();
if (keystore == null) {
return null;
}
String alias = getAlias();
if (alias == null) {
return null;
}
Certificate[] certs = keystore.getCertificateChain(alias);
if (certs == null) {
return null;
}
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(certs.length);
for (Certificate cert : certs) {
if (cert instanceof X509Certificate) {
certList.add((X509Certificate) cert);
}
}
return certList.toArray(new X509Certificate[certList.size()]);
}
Also used :
ArrayList(java.util.ArrayList)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 57 with X509Certificate
use of java.security.cert.X509Certificate in project camel by apache.
the class XAdESSignatureProperties method addSigningCertificate.
protected void addSigningCertificate(Document doc, Element signedProperties, Input input) throws Exception {
//NOPMD
if (getSigningCertificate() == null && (getSigningCertificateChain() == null || getSigningCertificateChain().length == 0)) {
return;
}
// signed certificate
Element signedCertificate = createElement("SigningCertificate", doc, input);
signedProperties.appendChild(signedCertificate);
if (getSigningCertificate() != null) {
LOG.debug("Adding signing certificate");
X509Certificate cert = getSigningCertificate();
addCertificate(cert, signedCertificate, doc, 0, input);
} else if (getSigningCertificateChain() != null && getSigningCertificateChain().length > 0) {
Certificate[] certs = getSigningCertificateChain();
int index = 0;
for (Certificate cert : certs) {
LOG.debug("Adding chain certtificate {}", index);
X509Certificate x509Cert = (X509Certificate) cert;
addCertificate(x509Cert, signedCertificate, doc, index, input);
index++;
}
} else {
// cannot happen
throw new IllegalStateException("Unexpected exception");
}
}
Also used :
Element(org.w3c.dom.Element)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 58 with X509Certificate
use of java.security.cert.X509Certificate in project okhttp by square.
the class HostnameVerifierTest method subjectAltUsesLocalDomainAndIp.
@Test
public void subjectAltUsesLocalDomainAndIp() throws Exception {
// cat cert.cnf
// [req]
// distinguished_name=distinguished_name
// req_extensions=req_extensions
// x509_extensions=x509_extensions
// [distinguished_name]
// [req_extensions]
// [x509_extensions]
// subjectAltName=DNS:localhost.localdomain,DNS:localhost,IP:127.0.0.1
//
// $ openssl req -x509 -nodes -days 36500 -subj '/CN=localhost' -config ./cert.cnf \
// -newkey rsa:512 -out cert.pem
X509Certificate certificate = certificate("" + "-----BEGIN CERTIFICATE-----\n" + "MIIBWDCCAQKgAwIBAgIJANS1EtICX2AZMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n" + "BAMTCWxvY2FsaG9zdDAgFw0xMjAxMDIxOTA4NThaGA8yMTExMTIwOTE5MDg1OFow\n" + "FDESMBAGA1UEAxMJbG9jYWxob3N0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPpt\n" + "atK8r4/hf4hSIs0os/BSlQLbRBaK9AfBReM4QdAklcQqe6CHsStKfI8pp0zs7Ptg\n" + "PmMdpbttL0O7mUboBC8CAwEAAaM1MDMwMQYDVR0RBCowKIIVbG9jYWxob3N0Lmxv\n" + "Y2FsZG9tYWlugglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQEFBQADQQD0ntfL\n" + "DCzOCv9Ma6Lv5o5jcYWVxvBSTsnt22hsJpWD1K7iY9lbkLwl0ivn73pG2evsAn9G\n" + "X8YKH52fnHsCrhSD\n" + "-----END CERTIFICATE-----");
assertEquals(new X500Principal("CN=localhost"), certificate.getSubjectX500Principal());
FakeSSLSession session = new FakeSSLSession(certificate);
assertTrue(verifier.verify("localhost", session));
assertTrue(verifier.verify("localhost.localdomain", session));
assertFalse(verifier.verify("local.host", session));
assertTrue(verifier.verify("127.0.0.1", session));
assertFalse(verifier.verify("127.0.0.2", session));
}
Also used :
FakeSSLSession(okhttp3.FakeSSLSession)
X500Principal(javax.security.auth.x500.X500Principal)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 59 with X509Certificate
use of java.security.cert.X509Certificate in project okhttp by square.
the class CertificatePinner method check.
/**
* Confirms that at least one of the certificates pinned for {@code hostname} is in {@code
* peerCertificates}. Does nothing if there are no certificates pinned for {@code hostname}.
* OkHttp calls this after a successful TLS handshake, but before the connection is used.
*
* @throws SSLPeerUnverifiedException if {@code peerCertificates} don't match the certificates
* pinned for {@code hostname}.
*/
public void check(String hostname, List<Certificate> peerCertificates) throws SSLPeerUnverifiedException {
List<Pin> pins = findMatchingPins(hostname);
if (pins.isEmpty())
return;
if (certificateChainCleaner != null) {
peerCertificates = certificateChainCleaner.clean(peerCertificates, hostname);
}
for (int c = 0, certsSize = peerCertificates.size(); c < certsSize; c++) {
X509Certificate x509Certificate = (X509Certificate) peerCertificates.get(c);
// Lazily compute the hashes for each certificate.
ByteString sha1 = null;
ByteString sha256 = null;
for (int p = 0, pinsSize = pins.size(); p < pinsSize; p++) {
Pin pin = pins.get(p);
if (pin.hashAlgorithm.equals("sha256/")) {
if (sha256 == null)
sha256 = sha256(x509Certificate);
// Success!
if (pin.hash.equals(sha256))
return;
} else if (pin.hashAlgorithm.equals("sha1/")) {
if (sha1 == null)
sha1 = sha1(x509Certificate);
// Success!
if (pin.hash.equals(sha1))
return;
} else {
throw new AssertionError();
}
}
}
// If we couldn't find a matching pin, format a nice exception.
StringBuilder message = new StringBuilder().append("Certificate pinning failure!").append("\n Peer certificate chain:");
for (int c = 0, certsSize = peerCertificates.size(); c < certsSize; c++) {
X509Certificate x509Certificate = (X509Certificate) peerCertificates.get(c);
message.append("\n ").append(pin(x509Certificate)).append(": ").append(x509Certificate.getSubjectDN().getName());
}
message.append("\n Pinned certificates for ").append(hostname).append(":");
for (int p = 0, pinsSize = pins.size(); p < pinsSize; p++) {
Pin pin = pins.get(p);
message.append("\n ").append(pin);
}
throw new SSLPeerUnverifiedException(message.toString());
}
Also used :
ByteString(okio.ByteString)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
X509Certificate(java.security.cert.X509Certificate)
Example 60 with X509Certificate
use of java.security.cert.X509Certificate in project blade by biezhi.
the class HttpRequest method getTrustedFactory.
/**
* @return 返回SSL套接字工厂
* @throws HttpRequestException
*/
private static SSLSocketFactory getTrustedFactory() throws HttpRequestException {
if (TRUSTED_FACTORY == null) {
final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] chain, String authType) {
// Intentionally left blank
}
public void checkServerTrusted(X509Certificate[] chain, String authType) {
// Intentionally left blank
}
} };
try {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, trustAllCerts, new SecureRandom());
TRUSTED_FACTORY = context.getSocketFactory();
} catch (GeneralSecurityException e) {
IOException ioException = new IOException("Security exception configuring SSL context");
ioException.initCause(e);
throw new HttpRequestException(ioException);
}
}
return TRUSTED_FACTORY;
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
SecureRandom(java.security.SecureRandom)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509Certificate (java.security.cert.X509Certificate)2010
IOException (java.io.IOException)373
CertificateException (java.security.cert.CertificateException)299
CertificateFactory (java.security.cert.CertificateFactory)281
ByteArrayInputStream (java.io.ByteArrayInputStream)275
ArrayList (java.util.ArrayList)261
Certificate (java.security.cert.Certificate)256
KeyStore (java.security.KeyStore)203
PrivateKey (java.security.PrivateKey)172
InputStream (java.io.InputStream)159
File (java.io.File)130
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)126
Test (org.junit.Test)125
KeyStoreException (java.security.KeyStoreException)120
PublicKey (java.security.PublicKey)102
GeneralSecurityException (java.security.GeneralSecurityException)101
List (java.util.List)100
X509TrustManager (javax.net.ssl.X509TrustManager)96
X500Principal (javax.security.auth.x500.X500Principal)80
FileInputStream (java.io.FileInputStream)77
