Search in sources :

Example 81 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.

the class KeystoreEditor method addTrustedCertificateFromUrl.

@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
    SSLSocket socket = null;
    String decodedUrl = null;
    List<Map<String, Object>> resultList = new ArrayList<>();
    try {
        decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
        socket = createNonVerifyingSslSocket(decodedUrl);
        socket.startHandshake();
        X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
        for (X509Certificate certificate : peerCertificateChain) {
            try {
                X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
                trustStore.setCertificateEntry(cnStr, certificate);
                resultList.add(Collections.singletonMap("success", true));
            } catch (CertificateEncodingException e) {
                resultList.add(Collections.singletonMap("success", false));
                LOGGER.info("Unable to store certificate: {}", certificate.toString(), e);
            }
        }
        Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
        if (!trustStoreFile.isAbsolute()) {
            Path ddfHomePath = Paths.get(System.getProperty("ddf.home"));
            trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
        }
        String keyStorePassword = SecurityConstants.getTruststorePassword();
        OutputStream fos = Files.newOutputStream(trustStoreFile);
        trustStore.store(fos, keyStorePassword.toCharArray());
    } catch (IOException | GeneralSecurityException e) {
        LOGGER.info("Unable to add certificate(s) to trust store from URL: {}", (decodedUrl != null) ? decodedUrl : url, e);
    } finally {
        IOUtils.closeQuietly(socket);
    }
    return resultList;
}
Also used : Path(java.nio.file.Path) SSLSocket(javax.net.ssl.SSLSocket) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) Map(java.util.Map) HashMap(java.util.HashMap) RDN(org.bouncycastle.asn1.x500.RDN)

Example 82 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.

the class KeystoreEditor method importASN1CertificatesToStore.

private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates) throws KeystoreEditorException {
    Enumeration certificateEnumeration = certificates.getObjects();
    try {
        while (certificateEnumeration.hasMoreElements()) {
            ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement()).toASN1Primitive();
            org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Primitive);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(instance.getEncoded()));
            X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate);
            setEntry = true;
        }
    } catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) {
        throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e);
    }
    return setEntry;
}
Also used : Enumeration(java.util.Enumeration) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) NoSuchProviderException(java.security.NoSuchProviderException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 83 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.

the class KeystoreEditor method buildCertChainList.

private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException {
    try {
        Certificate certificate = store.getCertificate(alias);
        if (certificate != null) {
            X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0];
            X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer();
            RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0];
            String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue());
            String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue());
            if (StringUtils.isBlank(issuer) || issuer.equals(subject)) {
                List<Certificate> certificates = new ArrayList<>();
                certificates.add(certificate);
                return certificates;
            } else {
                List<Certificate> certificates = buildCertChainList(issuer, store);
                certificates.add(certificate);
                return certificates;
            }
        } else {
            return new ArrayList<>();
        }
    } catch (CertificateEncodingException | KeyStoreException e) {
        throw new KeystoreEditorException("Unable to build cert chain list.", e);
    }
}
Also used : ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStoreException(java.security.KeyStoreException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 84 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.

the class PkiToolsTest method nameIsEmptyString.

@Test
public void nameIsEmptyString() throws CertificateEncodingException {
    X500Name name = PkiTools.makeDistinguishedName("");
    assertThat(name.toString(), equalTo("cn="));
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) Test(org.junit.Test)

Example 85 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.

the class PkiToolsTest method dnIsValidFormat.

@Test
public void dnIsValidFormat() throws CertificateEncodingException {
    X500Name name = PkiTools.convertDistinguishedName("cn=john.smith", "o=police box", "o = Tardis", "l= London", "c=UK");
    assertThat(name.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString(), equalTo("john.smith"));
    assertThat(name.getRDNs(BCStyle.O).length, equalTo(2));
    assertThat(name.getRDNs(BCStyle.C)[0].getFirst().getValue().toString(), equalTo("UK"));
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) Test(org.junit.Test)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)54 X509Certificate (java.security.cert.X509Certificate)39 X500Name (sun.security.x509.X500Name)30 IOException (java.io.IOException)23 Date (java.util.Date)22 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)20 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)19 BigInteger (java.math.BigInteger)18 SecureRandom (java.security.SecureRandom)16 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)16 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)15 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)15 KeyPair (java.security.KeyPair)12 PrivateKey (java.security.PrivateKey)12 CertificateEncodingException (java.security.cert.CertificateEncodingException)12 RDN (org.bouncycastle.asn1.x500.RDN)12 ContentSigner (org.bouncycastle.operator.ContentSigner)12 KeyStore (java.security.KeyStore)11 ArrayList (java.util.ArrayList)10 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10