Example 61 with X509Certificate
use of java.security.cert.X509Certificate in project gitblit by gitblit.
the class GitblitTrustManager method checkClientTrusted.
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
X509Certificate cert = chain[0];
if (isRevoked(cert)) {
String message = MessageFormat.format("Rejecting revoked certificate {0,number,0} for {1}", cert.getSerialNumber(), cert.getSubjectDN().getName());
logger.warn(message);
throw new CertificateException(message);
}
delegate.checkClientTrusted(chain, authType);
}
Also used :
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
Example 62 with X509Certificate
use of java.security.cert.X509Certificate in project gitblit by gitblit.
the class CertificatesTableModel method getValueAt.
@Override
public Object getValueAt(int rowIndex, int columnIndex) {
X509Certificate cert = ucm.certs.get(rowIndex);
Columns col = Columns.values()[columnIndex];
switch(col) {
case Status:
return ucm.getStatus(cert);
case SerialNumber:
return cert.getSerialNumber();
case Issued:
return cert.getNotBefore();
case Expires:
return cert.getNotAfter();
case Reason:
if (ucm.getStatus(cert).equals(CertificateStatus.revoked)) {
RevocationReason r = ucm.getRevocationReason(cert.getSerialNumber());
return Translation.get("gb." + r.name());
}
}
return null;
}
Also used :
RevocationReason(com.gitblit.utils.X509Utils.RevocationReason)
X509Certificate(java.security.cert.X509Certificate)
Example 63 with X509Certificate
use of java.security.cert.X509Certificate in project gitblit by gitblit.
the class X509UtilsTest method testCertificateUserMapping.
@Test
public void testCertificateUserMapping() throws Exception {
File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);
X509Metadata userMetadata = new X509Metadata("james", "james");
userMetadata.serverHostname = "www.myserver.com";
userMetadata.userDisplayname = "James Moger";
userMetadata.passwordHint = "your name";
userMetadata.oids.put("C", "US");
X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
UserModel userModel1 = HttpUtils.getUserModelFromCertificate(cert1);
assertEquals(userMetadata.commonName, userModel1.username);
assertEquals(userMetadata.emailAddress, userModel1.emailAddress);
assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert1.getSubjectDN().getName());
X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
UserModel userModel2 = HttpUtils.getUserModelFromCertificate(cert2);
assertEquals(userMetadata.commonName, userModel2.username);
assertEquals(userMetadata.emailAddress, userModel2.emailAddress);
assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert2.getSubjectDN().getName());
assertNotSame("Serial numbers are the same!", cert1.getSerialNumber().longValue(), cert2.getSerialNumber().longValue());
}
Also used :
UserModel(com.gitblit.models.UserModel)
PrivateKey(java.security.PrivateKey)
X509Metadata(com.gitblit.utils.X509Utils.X509Metadata)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 64 with X509Certificate
use of java.security.cert.X509Certificate in project gitblit by gitblit.
the class X509UtilsTest method testCertificateRevocation.
@Test
public void testCertificateRevocation() throws Exception {
File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);
X509Metadata userMetadata = new X509Metadata("james", "james");
userMetadata.serverHostname = "www.myserver.com";
userMetadata.userDisplayname = "James Moger";
userMetadata.passwordHint = "your name";
// generate a new client certificate
X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
// confirm this certificate IS NOT revoked
File caRevocationList = new File(folder, X509Utils.CA_REVOCATION_LIST);
assertFalse(X509Utils.isRevoked(cert1, caRevocationList));
// revoke certificate and then confirm it IS revoked
X509Utils.revoke(cert1, RevocationReason.ACompromise, caRevocationList, storeFile, caPassword, log);
assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
// generate a second certificate
X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
// confirm second certificate IS NOT revoked
assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
assertFalse(X509Utils.isRevoked(cert2, caRevocationList));
// revoke second certificate and then confirm it IS revoked
X509Utils.revoke(cert2, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);
assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
// generate a third certificate
X509Certificate cert3 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
// confirm third certificate IS NOT revoked
assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
assertFalse(X509Utils.isRevoked(cert3, caRevocationList));
// revoke third certificate and then confirm it IS revoked
X509Utils.revoke(cert3, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);
assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
assertTrue(X509Utils.isRevoked(cert3, caRevocationList));
}
Also used :
PrivateKey(java.security.PrivateKey)
X509Metadata(com.gitblit.utils.X509Utils.X509Metadata)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 65 with X509Certificate
use of java.security.cert.X509Certificate in project spring-security-oauth by spring-projects.
the class CoreOAuthSignatureMethodFactory method getSignatureMethod.
public OAuthSignatureMethod getSignatureMethod(String methodName, SignatureSecret signatureSecret, String tokenSecret) throws UnsupportedSignatureMethodException {
if (supportPlainText && PlainTextSignatureMethod.SIGNATURE_NAME.equals(methodName)) {
if (!(signatureSecret instanceof SharedConsumerSecret)) {
throw new IllegalArgumentException("Invalid secret for signature method " + methodName + ". Expected a " + SharedConsumerSecret.class.getName() + ", got " + (signatureSecret == null ? "null" : signatureSecret.getClass().getName()) + ".");
}
String consumerSecret = ((SharedConsumerSecret) signatureSecret).getConsumerSecret();
if (consumerSecret == null) {
consumerSecret = "";
}
if (tokenSecret == null) {
tokenSecret = "";
}
consumerSecret = oauthEncode(consumerSecret);
tokenSecret = oauthEncode(tokenSecret);
Object salt = null;
if (signatureSecret instanceof SaltedConsumerSecret) {
salt = ((SaltedConsumerSecret) signatureSecret).getSalt();
}
return new PlainTextSignatureMethod(oauthEncode(new StringBuilder(consumerSecret).append('&').append(tokenSecret).toString()), this.plainTextPasswordEncoder, salt);
} else if (supportHMAC_SHA1 && HMAC_SHA1SignatureMethod.SIGNATURE_NAME.equals(methodName)) {
if (!(signatureSecret instanceof SharedConsumerSecret)) {
throw new IllegalArgumentException("Invalid secret for signature method " + methodName + ". Expected a " + SharedConsumerSecret.class.getName() + ", got " + (signatureSecret == null ? "null" : signatureSecret.getClass().getName()) + ".");
}
String consumerSecret = ((SharedConsumerSecret) signatureSecret).getConsumerSecret();
if (consumerSecret == null) {
consumerSecret = "";
}
if (tokenSecret == null) {
tokenSecret = "";
}
consumerSecret = oauthEncode(consumerSecret);
tokenSecret = oauthEncode(tokenSecret);
byte[] keyBytes;
try {
keyBytes = new StringBuilder(consumerSecret).append('&').append(tokenSecret).toString().getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e.getMessage());
}
SecretKeySpec spec = new SecretKeySpec(keyBytes, HMAC_SHA1SignatureMethod.MAC_NAME);
return new HMAC_SHA1SignatureMethod(spec);
} else if (supportRSA_SHA1 && RSA_SHA1SignatureMethod.SIGNATURE_NAME.equals(methodName)) {
if (signatureSecret instanceof RSAKeySecret) {
PublicKey publicKey = ((RSAKeySecret) signatureSecret).getPublicKey();
PrivateKey privateKey = ((RSAKeySecret) signatureSecret).getPrivateKey();
return new RSA_SHA1SignatureMethod(privateKey, publicKey);
} else {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication.getCredentials() instanceof X509Certificate) {
X509Certificate certificate = (X509Certificate) authentication.getCredentials();
if (certificate != null) {
return new RSA_SHA1SignatureMethod(certificate.getPublicKey());
}
}
}
}
throw new UnsupportedSignatureMethodException("Unsupported signature method: " + methodName);
}
Also used :
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
X509Certificate(java.security.cert.X509Certificate)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Authentication(org.springframework.security.core.Authentication)
Aggregations
X509Certificate (java.security.cert.X509Certificate)2010
IOException (java.io.IOException)373
CertificateException (java.security.cert.CertificateException)299
CertificateFactory (java.security.cert.CertificateFactory)281
ByteArrayInputStream (java.io.ByteArrayInputStream)275
ArrayList (java.util.ArrayList)261
Certificate (java.security.cert.Certificate)256
KeyStore (java.security.KeyStore)203
PrivateKey (java.security.PrivateKey)172
InputStream (java.io.InputStream)159
File (java.io.File)130
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)126
Test (org.junit.Test)125
KeyStoreException (java.security.KeyStoreException)120
PublicKey (java.security.PublicKey)102
GeneralSecurityException (java.security.GeneralSecurityException)101
List (java.util.List)100
X509TrustManager (javax.net.ssl.X509TrustManager)96
X500Principal (javax.security.auth.x500.X500Principal)80
FileInputStream (java.io.FileInputStream)77
