Examples with X509CertImpl org.mozilla.jss.netscape.security.x509.X509CertImpl used on opensource projects

Example 76 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project Bytecoder by mirkosertic.

the class ConstraintsChecker method mergeNameConstraints.

/**
 * Helper to fold sets of name constraints together
 */
static NameConstraintsExtension mergeNameConstraints(X509Certificate currCert, NameConstraintsExtension prevNC) throws CertPathValidatorException {
    X509CertImpl currCertImpl;
    try {
        currCertImpl = X509CertImpl.toImpl(currCert);
    } catch (CertificateException ce) {
        throw new CertPathValidatorException(ce);
    }
    NameConstraintsExtension newConstraints = currCertImpl.getNameConstraintsExtension();
    if (debug != null) {
        debug.println("prevNC = " + prevNC + ", newNC = " + String.valueOf(newConstraints));
    }
    // new name constraints.
    if (prevNC == null) {
        if (debug != null) {
            debug.println("mergedNC = " + String.valueOf(newConstraints));
        }
        if (newConstraints == null) {
            return newConstraints;
        } else {
            // be sharing it with a Certificate object!
            return (NameConstraintsExtension) newConstraints.clone();
        }
    } else {
        try {
            // after merge, prevNC should contain the merged constraints
            prevNC.merge(newConstraints);
        } catch (IOException ioe) {
            throw new CertPathValidatorException(ioe);
        }
        if (debug != null) {
            debug.println("mergedNC = " + prevNC);
        }
        return prevNC;
    }
}

Example 77 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project Bytecoder by mirkosertic.

the class Vertex method certToString.

/**
 * Return string representation of this vertex's
 * certificate information.
 *
 * @return String representation of certificate info
 */
public String certToString() {
    StringBuilder sb = new StringBuilder();
    X509CertImpl x509Cert = null;
    try {
        x509Cert = X509CertImpl.toImpl(cert);
    } catch (CertificateException ce) {
        if (debug != null) {
            debug.println("Vertex.certToString() unexpected exception");
            ce.printStackTrace();
        }
        return sb.toString();
    }
    sb.append("Issuer:     ").append(x509Cert.getIssuerX500Principal()).append("\n");
    sb.append("Subject:    ").append(x509Cert.getSubjectX500Principal()).append("\n");
    sb.append("SerialNum:  ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
    sb.append("Expires:    ").append(x509Cert.getNotAfter().toString()).append("\n");
    boolean[] iUID = x509Cert.getIssuerUniqueID();
    if (iUID != null) {
        sb.append("IssuerUID:  ");
        for (boolean b : iUID) {
            sb.append(b ? 1 : 0);
        }
        sb.append("\n");
    }
    boolean[] sUID = x509Cert.getSubjectUniqueID();
    if (sUID != null) {
        sb.append("SubjectUID: ");
        for (boolean b : sUID) {
            sb.append(b ? 1 : 0);
        }
        sb.append("\n");
    }
    try {
        SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
        if (sKeyID != null) {
            KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
            sb.append("SubjKeyID:  ").append(keyID.toString());
        }
        AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
        if (aKeyID != null) {
            KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
            sb.append("AuthKeyID:  ").append(keyID.toString());
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("Vertex.certToString() unexpected exception");
            e.printStackTrace();
        }
    }
    return sb.toString();
}

Example 78 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project Bytecoder by mirkosertic.

the class PKIXCertPathValidator method validate.

private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException {
    if (debug != null)
        debug.println("PKIXCertPathValidator.engineValidate()...");
    // Retrieve the first certificate in the certpath
    // (to be used later in pre-screening)
    AdaptableX509CertSelector selector = null;
    List<X509Certificate> certList = params.certificates();
    if (!certList.isEmpty()) {
        selector = new AdaptableX509CertSelector();
        X509Certificate firstCert = certList.get(0);
        // check trusted certificate's subject
        selector.setSubject(firstCert.getIssuerX500Principal());
        /*
             * Facilitate certification path construction with authority
             * key identifier and subject key identifier.
             */
        try {
            X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert);
            selector.setSkiAndSerialNumber(firstCertImpl.getAuthorityKeyIdentifierExtension());
        } catch (CertificateException | IOException e) {
        // ignore
        }
    }
    CertPathValidatorException lastException = null;
    // one that works at which time we stop iterating
    for (TrustAnchor anchor : params.trustAnchors()) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            // we move on to the next one
            if (selector != null && !selector.match(trustedCert)) {
                if (debug != null && Debug.isVerbose()) {
                    debug.println("NO - don't try this trustedCert");
                }
                continue;
            }
            if (debug != null) {
                debug.println("YES - try this trustedCert");
                debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal());
            }
        } else {
            if (debug != null) {
                debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null");
            }
        }
        try {
            return validate(anchor, params);
        } catch (CertPathValidatorException cpe) {
            // remember this exception
            lastException = cpe;
        }
    }
    // (a) if we did a validation and it failed, use that exception
    if (lastException != null) {
        throw lastException;
    }
    // (b) otherwise, generate new exception
    throw new CertPathValidatorException("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR);
}

Example 79 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project ariADDna by StnetixDevTeam.

the class KeyFactory method isCertContainsInKeyStore.

public boolean isCertContainsInKeyStore(File certFile, File keyStoreFile) throws KeyStoreException {
    try (FileInputStream fis = new FileInputStream(keyStoreFile)) {
        X509CertImpl cert = (X509CertImpl) certFactory.getCertByFile(certFile);
        String alias = certFactory.getCertSubjectName(cert);
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_FORMAT);
        keyStore.load(fis, pass);
        LOGGER.info("Certificate with filename {} " + (keyStore.containsAlias(alias) ? "contain" : "not contain") + " in keystore with filename {}", certFile.getAbsolutePath(), keyStoreFile.getAbsolutePath());
        return keyStore.containsAlias(alias);
    } catch (Exception e) {
        LOGGER.error("Exception: ", e);
        throw new KeyStoreException("Caused by: ", e);
    }
}

Example 80 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project ariADDna by StnetixDevTeam.

the class KeyFactory method setCertDisable.

public void setCertDisable(File certFile) throws KeyStoreException {
    X509CertImpl cert = (X509CertImpl) certFactory.getCertByFile(certFile);
    String alias = certFactory.getCertSubjectName(cert);
    persistHelper.setCertificateDisable(alias);
}