Examples with X500PrincipalParser - org.apache.knox.gateway.util.X500PrincipalParser

Example 1 with X500PrincipalParser

use of org.apache.knox.gateway.util.X500PrincipalParser in project knox by apache.

the class JettySSLService method logAndValidateCertificate.

private void logAndValidateCertificate() throws ServiceLifecycleException {
    // let's log the hostname (CN) and cert expiry from the gateway's public cert to aid in SSL debugging
    Certificate cert;
    try {
        cert = as.getCertificateForGateway("gateway-identity");
    } catch (AliasServiceException e) {
        throw new ServiceLifecycleException("Cannot Retreive Gateway SSL Certificate. Server will not start.", e);
    }
    if (cert != null) {
        if (cert instanceof X509Certificate) {
            X500Principal x500Principal = ((X509Certificate) cert).getSubjectX500Principal();
            X500PrincipalParser parser = new X500PrincipalParser(x500Principal);
            log.certificateHostNameForGateway(parser.getCN());
            Date notBefore = ((X509Certificate) cert).getNotBefore();
            Date notAfter = ((X509Certificate) cert).getNotAfter();
            log.certificateValidityPeriod(notBefore, notAfter);
            // let's not even start if the current date is not within the validity period for the SSL cert
            try {
                ((X509Certificate) cert).checkValidity();
            } catch (CertificateExpiredException e) {
                throw new ServiceLifecycleException("Gateway SSL Certificate is Expired. Server will not start.", e);
            } catch (CertificateNotYetValidException e) {
                throw new ServiceLifecycleException("Gateway SSL Certificate is not yet valid. Server will not start.", e);
            }
        } else {
            throw new ServiceLifecycleException("Public certificate for the gateway cannot be found with the alias gateway-identity. Plase check the identity certificate alias.");
        }
    } else {
        throw new ServiceLifecycleException("Public certificate for the gateway is not of the expected type of X509Certificate. Something is wrong with the gateway keystore.");
    }
}

Also used : CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) X500PrincipalParser(org.apache.knox.gateway.util.X500PrincipalParser) CertificateExpiredException(java.security.cert.CertificateExpiredException) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) ServiceLifecycleException(org.apache.knox.gateway.services.ServiceLifecycleException) X500Principal(javax.security.auth.x500.X500Principal) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

Certificate (java.security.cert.Certificate)1 CertificateExpiredException (java.security.cert.CertificateExpiredException)1 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 X500Principal (javax.security.auth.x500.X500Principal)1 ServiceLifecycleException (org.apache.knox.gateway.services.ServiceLifecycleException)1 AliasServiceException (org.apache.knox.gateway.services.security.AliasServiceException)1 X500PrincipalParser (org.apache.knox.gateway.util.X500PrincipalParser)1