Examples with X509Certificate java.security.cert.X509Certificate used on opensource projects

Example 41 with X509Certificate

use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.

the class ArrayCertificateRepository method getCertificateForAddress.

/**
     * XXX TODO this is a draft; maybe it should return a list , since it's possible
     * for more than one certificate to match...
     * XXX TODO maybe create another method getCurrentCertificateForAddress which refines
     * the search by returning only certificates that are valid NOW (the keystore may
     * have some that are not yet valid because they have been deployed in preparation
     * for an upcoming expiration)
     * 
     * The following certificate attributes are checked in order:
     * Common name in the subject
     * Alternative name
     * 
     * @param dnsHostnameOrIpAddress
     * @return the first matching certificate in the list
     */
// XXX not being used;  was part of previous draft interface of CertificateRepository
//    @Override
public X509Certificate getCertificateForAddress(InternetAddress dnsHostnameOrIpAddress) {
    System.out.println("ArrayCertificateRepository: getCertificateForAddress(" + dnsHostnameOrIpAddress.toString() + ")");
    for (X509Certificate x509 : keystore) {
        System.out.println("- x509 subject: " + x509.getSubjectX500Principal().getName());
        DN dn = new DN(x509.getSubjectX500Principal().getName());
        if (dn.getCommonName() != null && dn.getCommonName().equals(dnsHostnameOrIpAddress.toString())) {
            System.out.println("- found subject");
            return x509;
        }
        Set<String> alternativeNames = X509Util.alternativeNames(x509);
        for (String alternativeName : alternativeNames) {
            System.out.println("x509 alternative name: " + alternativeName);
            if (alternativeName.equals(dnsHostnameOrIpAddress.toString())) {
                System.out.println("- found alternative name");
                return x509;
            }
        }
    }
    return null;
}

Example 42 with X509Certificate

use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.

the class KeystoreCertificateRepository method hashCode.

/**
     * Calculates the hash code based on the order and contents of the 
     * certificates in the repository. Two Array Certficate Repository objects
     * are considered equal if they have the same certificates in the same
     * order. 
     * We might relax the order requirement in the future.
     * The hash code is only calculated once, after that it is cached and
     * reused. This assumes the repository will not be modified outside
     * of this object, and since it's presented as a read-only repository that is not likely
     * to happen.
     * @return 
     */
@Override
public int hashCode() {
    // use cached value when possible
    if (hashCode != null) {
        return hashCode;
    }
    HashCodeBuilder builder = new HashCodeBuilder(11, 37);
    if (keystore != null) {
        List<X509Certificate> certificates = getCertificates();
        Collections.sort(certificates, new X509CertificateComparator());
        for (X509Certificate certificate : certificates) {
            try {
                builder.append(certificate.getEncoded());
            } catch (Exception e) {
                builder.append(e.toString());
            }
        }
    }
    hashCode = builder.toHashCode();
    return hashCode;
}

Example 43 with X509Certificate

use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.

the class DemoPortalDataController method getTrustedCertificates.

/**
     * This method will return a X509Certificate Object from a Request Session.
     * This object is stored into Session at time of user login.
     * Check CheckLoginController.java for more Clarification.
     * 
     * @param req
     * @return
     * @throws DemoPortalException
     */
private X509Certificate[] getTrustedCertificates(HttpServletRequest req) throws DemoPortalException {
    HttpSession session = req.getSession(false);
    X509Certificate[] trustedCertificate;
    if (session != null) {
        try {
            //getting Object from Session and downcast that object to X509Certificate. 
            trustedCertificate = (X509Certificate[]) session.getAttribute("trustedCertificates");
        } catch (Exception e) {
            log.error("Error while creating ApiCliennt Object. " + e.getMessage());
            throw new DemoPortalException("Error while creating ApiCliennt Object. " + e.getMessage(), e);
        }
    } else {
        return null;
    }
    return trustedCertificate;
}

Example 44 with X509Certificate

use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method validateAssetTagCert.

/**
     * Validates the asset tag certificate and returns back true/false accordingly.
     * 
     * @param atagObj
     * @return 
     */
private boolean validateAssetTagCert(MwAssetTagCertificate atagObj) {
    boolean isValid = false;
    try {
        // First let us verify if the revoked flag is set
        if (atagObj.getRevoked() == true)
            return false;
        // X509AttributeCertificate provides a helper function that validates both the dates and the signature.
        // For that we need to first get the CA certificate that signed the Attribute Certificate. We need to
        // extract this from the PEM file list and pass it to the helper function
        X509AttributeCertificate atagAttrCertForHost = X509AttributeCertificate.valueOf(atagObj.getCertificate());
        List<X509Certificate> atagCaCerts = null;
        ////////////////
        FileDAO fileDao;
        try {
            fileDao = TagJdbi.fileDao();
            File cacertFile = fileDao.findByName("cacerts");
            if (cacertFile == null) {
                log.error("Error loading the cacert pem file to extract the CA certificate(s).");
            } else {
                atagCaCerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
                //IOUtils.closeQuietly(atagCaIn);
                log.debug("Added {} certificates from AssetTagCA.pem", atagCaCerts.size());
            //                    cacerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
            }
        } catch (Exception e) {
            log.error("Cannot load cacerts", e);
            atagCaCerts = null;
        }
        // The below isValid function verifies both the signature and the dates.
        if (atagCaCerts != null) {
            for (X509Certificate atagCACert : atagCaCerts) {
                if (atagAttrCertForHost.isValid(atagCACert))
                    return true;
            }
        }
    } catch (Exception ex) {
        throw new ASException(ex);
    }
    return isValid;
}

Example 45 with X509Certificate

use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.

the class X509CertificateDerProvider method readFrom.

@Override
public X509Certificate readFrom(Class<X509Certificate> type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap<String, String> httpHeaders, InputStream entityStream) throws IOException, WebApplicationException {
    try {
        // instead of using X509Util.decodeDerCertificate(byte[]) here we inline it because we have an inputstream instead
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(entityStream);
        return cert;
    } catch (CertificateException e) {
        throw new IOException(e);
    }
}