Search in sources :

Example 16 with JcaX509CertificateHolder

use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project ddf by codice.

the class KeystoreEditor method buildCertChainList.

private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException {
    try {
        Certificate certificate = store.getCertificate(alias);
        if (certificate != null) {
            X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0];
            X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer();
            RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0];
            String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue());
            String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue());
            if (StringUtils.isBlank(issuer) || issuer.equals(subject)) {
                List<Certificate> certificates = new ArrayList<>();
                certificates.add(certificate);
                return certificates;
            } else {
                List<Certificate> certificates = buildCertChainList(issuer, store);
                certificates.add(certificate);
                return certificates;
            }
        } else {
            return new ArrayList<>();
        }
    } catch (CertificateEncodingException | KeyStoreException e) {
        throw new KeystoreEditorException("Unable to build cert chain list.", e);
    }
}
Also used : ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStoreException(java.security.KeyStoreException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 17 with JcaX509CertificateHolder

use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project ddf by codice.

the class KeystoreEditor method addTrustedCertificateFromUrl.

@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
    SSLSocket socket = null;
    String decodedUrl = null;
    List<Map<String, Object>> resultList = new ArrayList<>();
    OutputStream fos = null;
    try {
        decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
        socket = createNonVerifyingSslSocket(decodedUrl);
        socket.startHandshake();
        X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
        for (X509Certificate certificate : peerCertificateChain) {
            try {
                X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
                trustStore.setCertificateEntry(cnStr, certificate);
                resultList.add(Collections.singletonMap("success", true));
            } catch (CertificateEncodingException e) {
                resultList.add(Collections.singletonMap("success", false));
                LOGGER.info("Unable to store certificate: {}", certificate, e);
            }
        }
        Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
        if (!trustStoreFile.isAbsolute()) {
            Path ddfHomePath = Paths.get(System.getProperty(DDF_HOME));
            trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
        }
        String keyStorePassword = SecurityConstants.getTruststorePassword();
        fos = Files.newOutputStream(trustStoreFile);
        trustStore.store(fos, keyStorePassword.toCharArray());
    } catch (IOException | GeneralSecurityException e) {
        LOGGER.info("Unable to add certificate(s) to trust store from URL: {}", (decodedUrl != null) ? decodedUrl : url, e);
    } finally {
        IOUtils.closeQuietly(socket);
        IOUtils.closeQuietly(fos);
    }
    return resultList;
}
Also used : Path(java.nio.file.Path) SSLSocket(javax.net.ssl.SSLSocket) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) Map(java.util.Map) HashMap(java.util.HashMap) RDN(org.bouncycastle.asn1.x500.RDN)

Example 18 with JcaX509CertificateHolder

use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project ddf by codice.

the class KeystoreEditor method importASN1CertificatesToStore.

private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates) throws KeystoreEditorException {
    Enumeration certificateEnumeration = certificates.getObjects();
    try {
        while (certificateEnumeration.hasMoreElements()) {
            ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement()).toASN1Primitive();
            org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Primitive);
            CertificateFactory certificateFactory = CertificateFactory.getInstance(X509, "BC");
            Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(instance.getEncoded()));
            X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate);
            setEntry = true;
        }
    } catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) {
        throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e);
    }
    return setEntry;
}
Also used : Enumeration(java.util.Enumeration) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) NoSuchProviderException(java.security.NoSuchProviderException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 19 with JcaX509CertificateHolder

use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project xabber-android by redsolution.

the class CustomDomainVerifier method getCommonNames.

private static List<String> getCommonNames(X509Certificate certificate) {
    List<String> domains = new ArrayList<>();
    try {
        X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
        RDN[] rdns = x500name.getRDNs(BCStyle.CN);
        for (int i = 0; i < rdns.length; ++i) {
            domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
        }
        return domains;
    } catch (CertificateEncodingException e) {
        return domains;
    }
}
Also used : ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN)

Example 20 with JcaX509CertificateHolder

use of org.bouncycastle.cert.jcajce.JcaX509CertificateHolder in project Conversations by siacs.

the class XmppDomainVerifier method getCommonNames.

private static List<String> getCommonNames(X509Certificate certificate) {
    List<String> domains = new ArrayList<>();
    try {
        X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
        RDN[] rdns = x500name.getRDNs(BCStyle.CN);
        for (int i = 0; i < rdns.length; ++i) {
            domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
        }
        return domains;
    } catch (CertificateEncodingException e) {
        return domains;
    }
}
Also used : ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN)

Aggregations

JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)28 X500Name (org.bouncycastle.asn1.x500.X500Name)17 CertificateEncodingException (java.security.cert.CertificateEncodingException)13 X509Certificate (java.security.cert.X509Certificate)12 IOException (java.io.IOException)11 RDN (org.bouncycastle.asn1.x500.RDN)11 ArrayList (java.util.ArrayList)8 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)7 ByteArrayInputStream (java.io.ByteArrayInputStream)5 GeneralSecurityException (java.security.GeneralSecurityException)5 CertificateFactory (java.security.cert.CertificateFactory)5 DERIA5String (org.bouncycastle.asn1.DERIA5String)5 InputStream (java.io.InputStream)4 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)4 ContentSigner (org.bouncycastle.operator.ContentSigner)4 MalformedURLException (java.net.MalformedURLException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3 Extension (org.bouncycastle.asn1.x509.Extension)3 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3