use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.
the class KeystoreEditor method addTrustedCertificateFromUrl.
@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
SSLSocket socket = null;
String decodedUrl = null;
List<Map<String, Object>> resultList = new ArrayList<>();
try {
decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
socket = createNonVerifyingSslSocket(decodedUrl);
socket.startHandshake();
X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
for (X509Certificate certificate : peerCertificateChain) {
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
trustStore.setCertificateEntry(cnStr, certificate);
resultList.add(Collections.singletonMap("success", true));
} catch (CertificateEncodingException e) {
resultList.add(Collections.singletonMap("success", false));
LOGGER.info("Unable to store certificate: {}", certificate.toString(), e);
}
}
Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
if (!trustStoreFile.isAbsolute()) {
Path ddfHomePath = Paths.get(System.getProperty("ddf.home"));
trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
}
String keyStorePassword = SecurityConstants.getTruststorePassword();
OutputStream fos = Files.newOutputStream(trustStoreFile);
trustStore.store(fos, keyStorePassword.toCharArray());
} catch (IOException | GeneralSecurityException e) {
LOGGER.info("Unable to add certificate(s) to trust store from URL: {}", (decodedUrl != null) ? decodedUrl : url, e);
} finally {
IOUtils.closeQuietly(socket);
}
return resultList;
}
use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.
the class KeystoreEditor method importASN1CertificatesToStore.
private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates) throws KeystoreEditorException {
Enumeration certificateEnumeration = certificates.getObjects();
try {
while (certificateEnumeration.hasMoreElements()) {
ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement()).toASN1Primitive();
org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Primitive);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(instance.getEncoded()));
X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate);
setEntry = true;
}
} catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) {
throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e);
}
return setEntry;
}
use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.
the class KeystoreEditor method buildCertChainList.
private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException {
try {
Certificate certificate = store.getCertificate(alias);
if (certificate != null) {
X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0];
X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer();
RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0];
String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue());
String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue());
if (StringUtils.isBlank(issuer) || issuer.equals(subject)) {
List<Certificate> certificates = new ArrayList<>();
certificates.add(certificate);
return certificates;
} else {
List<Certificate> certificates = buildCertChainList(issuer, store);
certificates.add(certificate);
return certificates;
}
} else {
return new ArrayList<>();
}
} catch (CertificateEncodingException | KeyStoreException e) {
throw new KeystoreEditorException("Unable to build cert chain list.", e);
}
}
use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.
the class PkiToolsTest method nameIsEmptyString.
@Test
public void nameIsEmptyString() throws CertificateEncodingException {
X500Name name = PkiTools.makeDistinguishedName("");
assertThat(name.toString(), equalTo("cn="));
}
use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.
the class PkiToolsTest method dnIsValidFormat.
@Test
public void dnIsValidFormat() throws CertificateEncodingException {
X500Name name = PkiTools.convertDistinguishedName("cn=john.smith", "o=police box", "o = Tardis", "l= London", "c=UK");
assertThat(name.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString(), equalTo("john.smith"));
assertThat(name.getRDNs(BCStyle.O).length, equalTo(2));
assertThat(name.getRDNs(BCStyle.C)[0].getFirst().getValue().toString(), equalTo("UK"));
}
Aggregations