use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class CacheableKeyStoreManagerCertificateStore_containsTest method testContains_nonExistingCert_assertNotFound.
public void testContains_nonExistingCert_assertNotFound() throws Exception {
if (store != null) {
// add a certificate
final X509CertificateEx user1 = (X509CertificateEx) TestUtils.getInternalCert("user1");
assertFalse(store.contains(user1));
}
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class CertUtils method x509CertificateToBytes.
/**
* Converts an X509Certificate to a byte stream representation. If the certificate contains a private key, the returned representation
* is a PKCS12 byte stream with no pass phrase protection or encryption.
* @param cert The certificate to convert.
* @return A byte stream representation of the certificate.
*/
public static byte[] x509CertificateToBytes(X509Certificate cert) throws DNSException {
if (cert instanceof X509CertificateEx) {
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
try {
// return as a pkcs12 file with no encryption
final KeyStore convertKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
convertKeyStore.load(null, null);
final char[] emptyPass = "".toCharArray();
convertKeyStore.setKeyEntry("privCert", ((X509CertificateEx) cert).getPrivateKey(), emptyPass, new java.security.cert.Certificate[] { cert });
convertKeyStore.store(outStr, emptyPass);
return outStr.toByteArray();
}///CLOVER:OFF
catch (Exception e) {
throw new DNSException("Failed to convert certificate to a byte stream.");
} finally ///CLOVER:ON
{
try {
outStr.close();
} catch (Exception e) {
/* no-op */
}
}
} else {
try {
return cert.getEncoded();
}///CLOVER:OFF
catch (Exception e) {
throw new DNSException("Failed to convert certificate to a byte stream.");
}
///CLOVER:ON
}
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class CertCommands method x509CertificateToBytes.
public static byte[] x509CertificateToBytes(X509Certificate cert) {
if (cert instanceof X509CertificateEx) {
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
try {
// return as a pkcs12 file with no encryption
final KeyStore convertKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
convertKeyStore.load(null, null);
final char[] emptyPass = "".toCharArray();
convertKeyStore.setKeyEntry("privCert", ((X509CertificateEx) cert).getPrivateKey(), emptyPass, new java.security.cert.Certificate[] { cert });
convertKeyStore.store(outStr, emptyPass);
return outStr.toByteArray();
}///CLOVER:OFF
catch (Exception e) {
throw new NHINDException("Failed to convert certificate to a byte stream.", e);
} finally ///CLOVER:ON
{
try {
outStr.close();
} catch (Exception e) {
/* no-op */
}
}
} else {
try {
return cert.getEncoded();
}///CLOVER:OFF
catch (Exception e) {
throw new NHINDException("Failed to convert certificate to a byte stream.", e);
}
///CLOVER:ON
}
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class AbstractKeyStoreManagerCertificateStore method add.
@Override
public void add(X509Certificate cert) {
if (!(storeMgr instanceof MutableKeyStoreProtectionManager))
throw new IllegalStateException("The store manager is a MutableKeyStoreProtectionManager instance");
if (!(cert instanceof X509CertificateEx) || !((X509CertificateEx) cert).hasPrivateKey())
throw new IllegalArgumentException("PKCS11 certificates require a private key");
final X509CertificateEx exCert = (X509CertificateEx) cert;
// keys stores require aliases, and a given subject may include multiple certificates
// to avoid possible collisions, this will use the certificate thumbprint
final String alias = Thumbprint.toThumbprint(cert).toString();
final PrivateKeyEntry entry = new PrivateKeyEntry(exCert.getPrivateKey(), new Certificate[] { cert });
try {
((MutableKeyStoreProtectionManager) storeMgr).setEntry(alias, entry);
}///CLOVER:OFF
catch (Exception e) {
throw new NHINDException(AgentError.Unexpected, "Failed to add key entry into PKCS11 store.", e);
}
///CLOVER:ON
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class LDAPResearchTest method testLdapSearch.
@SuppressWarnings("unchecked")
public void testLdapSearch() throws Exception {
CertCacheFactory.getInstance().flushAll();
int port = configuration.getLdapPort();
String url = "ldap://localhost:" + port + "/" + "cn=lookupTest";
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
env.put(Context.SECURITY_CREDENTIALS, "secret");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
InitialContext initialContext = new InitialContext(env);
assertNotNull(initialContext);
DirContext dirContext = (DirContext) initialContext.lookup("");
Attributes attributes = dirContext.getAttributes("");
assertNotNull(attributes);
NamingEnumeration<Attribute> namingEnum = (NamingEnumeration<Attribute>) attributes.getAll();
while (namingEnum.hasMoreElements()) {
Attribute attr = namingEnum.nextElement();
System.out.println("Name: " + attr.getID() + "\r\nValue: " + attr.get() + "\r\n\r\n");
}
//Set<SearchResult> results = searchDNs( "(email=gm2552@cerner.com)", "", "ou=privKeys, ou=cerner, ou=com",
// SearchControls.SUBTREE_SCOPE , dirContext);
LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(new String[] { url }, "", "email", "privKeyStore", "X509");
LdapCertificateStoreProvider provider = new LdapCertificateStoreProvider(ldapStoreConfiguration, null, null);
LDAPCertificateStore certificateResolver = (LDAPCertificateStore) provider.get();
Collection<X509Certificate> certs = certificateResolver.getCertificates("gm2552@cerner.com");
/*LdapEnvironment ldapEnvironment = new LdapEnvironment(env, "privKeyStore", "", "email");
LdapCertUtilImpl ldapcertUtilImpl = new LdapCertUtilImpl(ldapEnvironment, "", "X.509");
LDAPCertificateStore ldapCertStore = new LDAPCertificateStore(ldapcertUtilImpl, new KeyStoreCertificateStore(), null);
Collection<X509Certificate> certs = ldapCertStore.getCertificates("gm2552@cerner.com");
*/
assertEquals(1, certs.size());
X509Certificate cert = certs.iterator().next();
assertFalse(cert instanceof X509CertificateEx);
assertTrue(cert.getSubjectX500Principal().toString().contains("bob@nhind.hsgincubator.com"));
}
Aggregations