use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project ddf by codice.
the class KeystoreEditor method buildCertChainList.
private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException {
try {
Certificate certificate = store.getCertificate(alias);
if (certificate != null) {
X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0];
X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer();
RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0];
String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue());
String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue());
if (StringUtils.isBlank(issuer) || issuer.equals(subject)) {
List<Certificate> certificates = new ArrayList<>();
certificates.add(certificate);
return certificates;
} else {
List<Certificate> certificates = buildCertChainList(issuer, store);
certificates.add(certificate);
return certificates;
}
} else {
return new ArrayList<>();
}
} catch (CertificateEncodingException | KeyStoreException e) {
throw new KeystoreEditorException("Unable to build cert chain list.", e);
}
}
use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project ddf by codice.
the class KeystoreEditor method addTrustedCertificateFromUrl.
@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
SSLSocket socket = null;
String decodedUrl = null;
List<Map<String, Object>> resultList = new ArrayList<>();
OutputStream fos = null;
try {
decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
socket = createNonVerifyingSslSocket(decodedUrl);
socket.startHandshake();
X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
for (X509Certificate certificate : peerCertificateChain) {
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
trustStore.setCertificateEntry(cnStr, certificate);
resultList.add(Collections.singletonMap("success", true));
} catch (CertificateEncodingException e) {
resultList.add(Collections.singletonMap("success", false));
LOGGER.info("Unable to store certificate: {}", certificate, e);
}
}
Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
if (!trustStoreFile.isAbsolute()) {
Path ddfHomePath = Paths.get(System.getProperty(DDF_HOME));
trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
}
String keyStorePassword = SecurityConstants.getTruststorePassword();
fos = Files.newOutputStream(trustStoreFile);
trustStore.store(fos, keyStorePassword.toCharArray());
} catch (IOException | GeneralSecurityException e) {
LOGGER.info("Unable to add certificate(s) to trust store from URL: {}", (decodedUrl != null) ? decodedUrl : url, e);
} finally {
IOUtils.closeQuietly(socket);
IOUtils.closeQuietly(fos);
}
return resultList;
}
use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project ddf by codice.
the class KeystoreEditor method importASN1CertificatesToStore.
private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates) throws KeystoreEditorException {
Enumeration certificateEnumeration = certificates.getObjects();
try {
while (certificateEnumeration.hasMoreElements()) {
ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement()).toASN1Primitive();
org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Primitive);
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509, "BC");
Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(instance.getEncoded()));
X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate);
setEntry = true;
}
} catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) {
throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e);
}
return setEntry;
}
use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project xabber-android by redsolution.
the class CustomDomainVerifier method getCommonNames.
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project Conversations by siacs.
the class XmppDomainVerifier method getCommonNames.
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
Aggregations