Example 86 with X500Principal
use of javax.security.auth.x500.X500Principal in project android_frameworks_base by DirtyUnicorns.
the class WiFiKeyManager method enableClientAuth.
public void enableClientAuth(List<String> issuerNames) throws GeneralSecurityException, IOException {
Set<X500Principal> acceptedIssuers = new HashSet<>();
for (String issuerName : issuerNames) {
acceptedIssuers.add(new X500Principal(issuerName));
}
Enumeration<String> aliases = mKeyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate cert = mKeyStore.getCertificate(alias);
if ((cert instanceof X509Certificate) && mKeyStore.getKey(alias, null) != null) {
X509Certificate x509Certificate = (X509Certificate) cert;
X500Principal issuer = x509Certificate.getIssuerX500Principal();
if (acceptedIssuers.contains(issuer)) {
mAliases.put(issuer, new String[] { alias, cert.getPublicKey().getAlgorithm() });
}
}
}
if (mAliases.isEmpty()) {
throw new IOException("No aliases match requested issuers: " + issuerNames);
}
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
HashSet(java.util.HashSet)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 87 with X500Principal
use of javax.security.auth.x500.X500Principal in project android_frameworks_base by DirtyUnicorns.
the class WiFiKeyManager method chooseClientAlias.
@Override
public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {
Map<String, Integer> keyPrefs = new HashMap<>(keyTypes.length);
int pref = 0;
for (String keyType : keyTypes) {
keyPrefs.put(keyType, pref++);
}
List<AliasEntry> aliases = new ArrayList<>();
if (issuers != null) {
for (Principal issuer : issuers) {
if (issuer instanceof X500Principal) {
String[] aliasAndKey = mAliases.get((X500Principal) issuer);
if (aliasAndKey != null) {
Integer preference = keyPrefs.get(aliasAndKey[1]);
if (preference != null) {
aliases.add(new AliasEntry(preference, aliasAndKey[0]));
}
}
}
}
} else {
for (String[] aliasAndKey : mAliases.values()) {
Integer preference = keyPrefs.get(aliasAndKey[1]);
if (preference != null) {
aliases.add(new AliasEntry(preference, aliasAndKey[0]));
}
}
}
Collections.sort(aliases);
return aliases.isEmpty() ? null : aliases.get(0).getAlias();
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
X500Principal(javax.security.auth.x500.X500Principal)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Example 88 with X500Principal
use of javax.security.auth.x500.X500Principal in project nhin-d by DirectProject.
the class CryptoExtensions method getSubjectAddress.
/**
* Gets the address name associated with the certificate. It may be an email address or a domain name.
* @param certificate The certificate to search
* @return The address of domain associated with a certificate.
*/
public static String getSubjectAddress(X509Certificate certificate) {
String address = "";
// check alternative names first
Collection<List<?>> altNames = null;
try {
altNames = certificate.getSubjectAlternativeNames();
} catch (CertificateParsingException ex) {
/* no -op */
}
if (altNames != null) {
for (List<?> entries : altNames) {
if (// should always be the case according the altNames spec, but checking to be defensive
entries.size() >= 2) {
Integer nameType = (Integer) entries.get(0);
// prefer email over over domain?
if (nameType == RFC822Name_TYPE)
address = (String) entries.get(1);
else if (nameType == DNSName_TYPE && address.isEmpty())
address = (String) entries.get(1);
}
}
}
if (!address.isEmpty())
return address;
// can't find issuer address in alt names... try the principal
X500Principal issuerPrin = certificate.getSubjectX500Principal();
// get the domain name
Map<String, String> oidMap = new HashMap<String, String>();
// OID for email address
oidMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS");
String prinName = issuerPrin.getName(X500Principal.RFC1779, oidMap);
// see if there is an email address first in the DN
String searchString = "EMAILADDRESS=";
int index = prinName.indexOf(searchString);
if (index == -1) {
searchString = "CN=";
// no Email.. check the CN
index = prinName.indexOf(searchString);
if (index == -1)
// no CN... nothing else that can be done from here
return "";
}
// look for a "," to find the end of this attribute
int endIndex = prinName.indexOf(",", index);
if (endIndex > -1)
address = prinName.substring(index + searchString.length(), endIndex);
else
address = prinName.substring(index + searchString.length());
return address;
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
X500Principal(javax.security.auth.x500.X500Principal)
ArrayList(java.util.ArrayList)
List(java.util.List)
Thumbprint(org.nhindirect.trustbundle.cert.Thumbprint)
Example 89 with X500Principal
use of javax.security.auth.x500.X500Principal in project jdk8u_jdk by JetBrains.
the class PreserveCombiner method main.
public static void main(String[] args) throws Exception {
Subject s = new Subject();
s.getPrincipals().add(new X500Principal("cn=duke"));
String result = (String) Subject.doAs(s, new PrivilegedAction() {
public Object run() {
// get subject from current ACC - this always worked
Subject doAsSubject = Subject.getSubject(AccessController.getContext());
if (doAsSubject == null) {
return "test 1 failed";
} else {
System.out.println(doAsSubject);
System.out.println("test 1 passed");
}
// try doPriv (PrivilegedAction) test
String result = AccessController.doPrivilegedWithCombiner(new PrivilegedAction<String>() {
public String run() {
// get subject after doPriv
Subject doPrivSubject = Subject.getSubject(AccessController.getContext());
if (doPrivSubject == null) {
return "test 2 failed";
} else {
System.out.println(doPrivSubject);
return "test 2 passed";
}
}
});
if ("test 2 failed".equals(result)) {
return result;
} else {
System.out.println(result);
}
// try doPriv (PrivilegedExceptionAction) test
try {
result = AccessController.doPrivilegedWithCombiner(new PrivilegedExceptionAction<String>() {
public String run() throws PrivilegedActionException {
// get subject after doPriv
Subject doPrivSubject = Subject.getSubject(AccessController.getContext());
if (doPrivSubject == null) {
return "test 3 failed";
} else {
System.out.println(doPrivSubject);
return "test 3 passed";
}
}
});
} catch (PrivilegedActionException pae) {
result = "test 3 failed";
}
if ("test 3 failed".equals(result)) {
return result;
} else {
System.out.println(result);
}
// tests passed
return result;
}
});
if (result.indexOf("passed") <= 0) {
throw new SecurityException("overall test failed");
}
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
Subject(javax.security.auth.Subject)
Example 90 with X500Principal
use of javax.security.auth.x500.X500Principal in project jdk8u_jdk by JetBrains.
the class Implies method main.
public static void main(String[] args) throws Exception {
X500Principal duke = new X500Principal("CN=Duke");
// should not throw NullPointerException
testImplies(duke, (Subject) null, false);
Set<Principal> principals = new HashSet<>();
principals.add(duke);
testImplies(duke, principals, true);
X500Principal tux = new X500Principal("CN=Tux");
principals.add(tux);
testImplies(duke, principals, true);
principals.add(new KerberosPrincipal("duke@java.com"));
testImplies(duke, principals, true);
principals.clear();
principals.add(tux);
testImplies(duke, principals, false);
System.out.println("test passed");
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
X500Principal(javax.security.auth.x500.X500Principal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
HashSet(java.util.HashSet)
Aggregations
X500Principal (javax.security.auth.x500.X500Principal)246
X509Certificate (java.security.cert.X509Certificate)68
IOException (java.io.IOException)52
ArrayList (java.util.ArrayList)39
List (java.util.List)25
Principal (java.security.Principal)21
PublicKey (java.security.PublicKey)21
TrustAnchor (java.security.cert.TrustAnchor)21
Certificate (java.security.cert.Certificate)20
X509CertSelector (java.security.cert.X509CertSelector)16
HashMap (java.util.HashMap)16
BigInteger (java.math.BigInteger)15
KeyPair (java.security.KeyPair)15
HashSet (java.util.HashSet)14
Test (org.junit.Test)14
KeyPairGenerator (java.security.KeyPairGenerator)13
CertPathValidatorException (java.security.cert.CertPathValidatorException)13
CertificateException (java.security.cert.CertificateException)13
GeneralSecurityException (java.security.GeneralSecurityException)12
CertificateParsingException (java.security.cert.CertificateParsingException)12
