Examples with X509Certificate java.security.cert.X509Certificate used on opensource projects

Example 86 with X509Certificate

use of java.security.cert.X509Certificate in project netty by netty.

the class SslContextBuilder method keyManager.

/**
     * Identifying certificate for this host. {@code keyCertChainFile} and {@code keyFile} may
     * be {@code null} for client contexts, which disables mutual authentication.
     *
     * @param keyCertChainFile an X.509 certificate chain file in PEM format
     * @param keyFile a PKCS#8 private key file in PEM format
     * @param keyPassword the password of the {@code keyFile}, or {@code null} if it's not
     *     password-protected
     */
public SslContextBuilder keyManager(File keyCertChainFile, File keyFile, String keyPassword) {
    X509Certificate[] keyCertChain;
    PrivateKey key;
    try {
        keyCertChain = SslContext.toX509Certificates(keyCertChainFile);
    } catch (Exception e) {
        throw new IllegalArgumentException("File does not contain valid certificates: " + keyCertChainFile, e);
    }
    try {
        key = SslContext.toPrivateKey(keyFile, keyPassword);
    } catch (Exception e) {
        throw new IllegalArgumentException("File does not contain valid private key: " + keyFile, e);
    }
    return keyManager(key, keyPassword, keyCertChain);
}

Example 87 with X509Certificate

use of java.security.cert.X509Certificate in project netty by netty.

the class SslContextBuilder method keyManager.

/**
     * Identifying certificate for this host. {@code keyCertChainInputStream} and {@code keyInputStream} may
     * be {@code null} for client contexts, which disables mutual authentication.
     *
     * @param keyCertChainInputStream an input stream for an X.509 certificate chain in PEM format
     * @param keyInputStream an input stream for a PKCS#8 private key in PEM format
     * @param keyPassword the password of the {@code keyInputStream}, or {@code null} if it's not
     *     password-protected
     */
public SslContextBuilder keyManager(InputStream keyCertChainInputStream, InputStream keyInputStream, String keyPassword) {
    X509Certificate[] keyCertChain;
    PrivateKey key;
    try {
        keyCertChain = SslContext.toX509Certificates(keyCertChainInputStream);
    } catch (Exception e) {
        throw new IllegalArgumentException("Input stream not contain valid certificates.", e);
    }
    try {
        key = SslContext.toPrivateKey(keyInputStream, keyPassword);
    } catch (Exception e) {
        throw new IllegalArgumentException("Input stream does not contain valid private key.", e);
    }
    return keyManager(key, keyPassword, keyCertChain);
}

Example 88 with X509Certificate

use of java.security.cert.X509Certificate in project netty by netty.

the class BouncyCastleSelfSignedCertGenerator method generate.

static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X500Name owner = new X500Name("CN=" + fqdn);
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic());
    ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key);
    X509CertificateHolder certHolder = builder.build(signer);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fqdn, key, cert);
}

Example 89 with X509Certificate

use of java.security.cert.X509Certificate in project neo4j by neo4j.

the class CertificatesIT method shouldUseConfiguredCertificate.

@Test
public void shouldUseConfiguredCertificate() throws Exception {
    // GIVEN
    SecureSocketConnection connection = new SecureSocketConnection();
    // WHEN
    connection.connect(new HostnamePort("localhost:7687")).send(TransportTestUtil.acceptedVersions(1, 0, 0, 0));
    // THEN
    Set<X509Certificate> certificatesSeen = connection.getServerCertificatesSeen();
    assertThat(certificatesSeen, contains(loadCertificateFromDisk()));
}

Example 90 with X509Certificate

use of java.security.cert.X509Certificate in project neo4j by neo4j.

the class HttpsAccessIT method startServer.

@Before
public void startServer() throws NoSuchAlgorithmException, KeyManagementException, IOException {
    server = server().withHttpsEnabled().usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
    httpsUri = server.httpsUri().get().toASCIIString();
    // Because we are generating a non-CA-signed certificate, we need to turn off verification in the client.
    // This is ironic, since there is no proper verification on the CA side in the first place, but I digress.
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    } };
    // Install the all-trusting trust manager
    SSLContext sc = SSLContext.getInstance("TLS");
    sc.init(null, trustAllCerts, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}