Search in sources :

Example 6 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class CacheableKeyStoreManagerCertificateStore_containsTest method testContains_nonExistingCert_assertNotFound.

public void testContains_nonExistingCert_assertNotFound() throws Exception {
    if (store != null) {
        // add a certificate
        final X509CertificateEx user1 = (X509CertificateEx) TestUtils.getInternalCert("user1");
        assertFalse(store.contains(user1));
    }
}
Also used : X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)

Example 7 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class CertUtils method x509CertificateToBytes.

/**
	 * Converts an X509Certificate to a byte stream representation.  If the certificate contains a private key, the returned representation
	 * is a PKCS12 byte stream with no pass phrase protection or encryption.
	 * @param cert The certificate to convert.
	 * @return A byte stream representation of the certificate.
	 */
public static byte[] x509CertificateToBytes(X509Certificate cert) throws DNSException {
    if (cert instanceof X509CertificateEx) {
        final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
        try {
            // return as a pkcs12 file with no encryption
            final KeyStore convertKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
            convertKeyStore.load(null, null);
            final char[] emptyPass = "".toCharArray();
            convertKeyStore.setKeyEntry("privCert", ((X509CertificateEx) cert).getPrivateKey(), emptyPass, new java.security.cert.Certificate[] { cert });
            convertKeyStore.store(outStr, emptyPass);
            return outStr.toByteArray();
        }///CLOVER:OFF
         catch (Exception e) {
            throw new DNSException("Failed to convert certificate to a byte stream.");
        } finally ///CLOVER:ON
        {
            try {
                outStr.close();
            } catch (Exception e) {
            /* no-op */
            }
        }
    } else {
        try {
            return cert.getEncoded();
        }///CLOVER:OFF
         catch (Exception e) {
            throw new DNSException("Failed to convert certificate to a byte stream.");
        }
    ///CLOVER:ON
    }
}
Also used : X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) DNSException(org.nhindirect.dns.DNSException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) KeyStore(java.security.KeyStore) IOException(java.io.IOException) DNSException(org.nhindirect.dns.DNSException)

Example 8 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class CertCommands method x509CertificateToBytes.

public static byte[] x509CertificateToBytes(X509Certificate cert) {
    if (cert instanceof X509CertificateEx) {
        final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
        try {
            // return as a pkcs12 file with no encryption
            final KeyStore convertKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
            convertKeyStore.load(null, null);
            final char[] emptyPass = "".toCharArray();
            convertKeyStore.setKeyEntry("privCert", ((X509CertificateEx) cert).getPrivateKey(), emptyPass, new java.security.cert.Certificate[] { cert });
            convertKeyStore.store(outStr, emptyPass);
            return outStr.toByteArray();
        }///CLOVER:OFF
         catch (Exception e) {
            throw new NHINDException("Failed to convert certificate to a byte stream.", e);
        } finally ///CLOVER:ON
        {
            try {
                outStr.close();
            } catch (Exception e) {
            /* no-op */
            }
        }
    } else {
        try {
            return cert.getEncoded();
        }///CLOVER:OFF
         catch (Exception e) {
            throw new NHINDException("Failed to convert certificate to a byte stream.", e);
        }
    ///CLOVER:ON
    }
}
Also used : X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) ByteArrayOutputStream(java.io.ByteArrayOutputStream) KeyStore(java.security.KeyStore) NHINDException(org.nhindirect.stagent.NHINDException) IOException(java.io.IOException) NHINDException(org.nhindirect.stagent.NHINDException)

Example 9 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class AbstractKeyStoreManagerCertificateStore method add.

@Override
public void add(X509Certificate cert) {
    if (!(storeMgr instanceof MutableKeyStoreProtectionManager))
        throw new IllegalStateException("The store manager is a MutableKeyStoreProtectionManager instance");
    if (!(cert instanceof X509CertificateEx) || !((X509CertificateEx) cert).hasPrivateKey())
        throw new IllegalArgumentException("PKCS11 certificates require a private key");
    final X509CertificateEx exCert = (X509CertificateEx) cert;
    // keys stores require aliases, and a given subject may include multiple certificates
    // to avoid possible collisions, this will use the certificate thumbprint
    final String alias = Thumbprint.toThumbprint(cert).toString();
    final PrivateKeyEntry entry = new PrivateKeyEntry(exCert.getPrivateKey(), new Certificate[] { cert });
    try {
        ((MutableKeyStoreProtectionManager) storeMgr).setEntry(alias, entry);
    }///CLOVER:OFF
     catch (Exception e) {
        throw new NHINDException(AgentError.Unexpected, "Failed to add key entry into PKCS11 store.", e);
    }
///CLOVER:ON
}
Also used : X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) NHINDException(org.nhindirect.stagent.NHINDException) NHINDException(org.nhindirect.stagent.NHINDException)

Example 10 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class LDAPResearchTest method testLdapSearch.

@SuppressWarnings("unchecked")
public void testLdapSearch() throws Exception {
    CertCacheFactory.getInstance().flushAll();
    int port = configuration.getLdapPort();
    String url = "ldap://localhost:" + port + "/" + "cn=lookupTest";
    Hashtable<String, String> env = new Hashtable<String, String>();
    env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
    env.put(Context.SECURITY_CREDENTIALS, "secret");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, url);
    InitialContext initialContext = new InitialContext(env);
    assertNotNull(initialContext);
    DirContext dirContext = (DirContext) initialContext.lookup("");
    Attributes attributes = dirContext.getAttributes("");
    assertNotNull(attributes);
    NamingEnumeration<Attribute> namingEnum = (NamingEnumeration<Attribute>) attributes.getAll();
    while (namingEnum.hasMoreElements()) {
        Attribute attr = namingEnum.nextElement();
        System.out.println("Name: " + attr.getID() + "\r\nValue: " + attr.get() + "\r\n\r\n");
    }
    //Set<SearchResult> results = searchDNs( "(email=gm2552@cerner.com)", "", "ou=privKeys, ou=cerner, ou=com", 
    //        SearchControls.SUBTREE_SCOPE , dirContext);
    LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(new String[] { url }, "", "email", "privKeyStore", "X509");
    LdapCertificateStoreProvider provider = new LdapCertificateStoreProvider(ldapStoreConfiguration, null, null);
    LDAPCertificateStore certificateResolver = (LDAPCertificateStore) provider.get();
    Collection<X509Certificate> certs = certificateResolver.getCertificates("gm2552@cerner.com");
    /*LdapEnvironment ldapEnvironment = new LdapEnvironment(env, "privKeyStore", "", "email");
		LdapCertUtilImpl ldapcertUtilImpl = new LdapCertUtilImpl(ldapEnvironment, "", "X.509");
		LDAPCertificateStore ldapCertStore = new LDAPCertificateStore(ldapcertUtilImpl, new KeyStoreCertificateStore(), null);
		
		Collection<X509Certificate> certs = ldapCertStore.getCertificates("gm2552@cerner.com");
		*/
    assertEquals(1, certs.size());
    X509Certificate cert = certs.iterator().next();
    assertFalse(cert instanceof X509CertificateEx);
    assertTrue(cert.getSubjectX500Principal().toString().contains("bob@nhind.hsgincubator.com"));
}
Also used : LdapStoreConfiguration(org.nhindirect.stagent.cert.impl.LdapStoreConfiguration) BasicAttribute(javax.naming.directory.BasicAttribute) Attribute(javax.naming.directory.Attribute) Hashtable(java.util.Hashtable) BasicAttributes(javax.naming.directory.BasicAttributes) Attributes(javax.naming.directory.Attributes) NamingEnumeration(javax.naming.NamingEnumeration) DirContext(javax.naming.directory.DirContext) InitialContext(javax.naming.InitialContext) X509Certificate(java.security.cert.X509Certificate) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore) LdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)

Aggregations

X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)51 X509Certificate (java.security.cert.X509Certificate)39 MimeEntity (org.nhindirect.stagent.mail.MimeEntity)18 SMIMECryptographerImpl (org.nhindirect.stagent.cryptography.SMIMECryptographerImpl)13 IOException (java.io.IOException)11 KeyStore (java.security.KeyStore)11 NHINDException (org.nhindirect.stagent.NHINDException)9 ByteArrayInputStream (java.io.ByteArrayInputStream)6 ByteArrayOutputStream (java.io.ByteArrayOutputStream)6 Key (java.security.Key)6 PrivateKey (java.security.PrivateKey)6 File (java.io.File)5 Certificate (java.security.cert.Certificate)5 MimeMultipart (javax.mail.internet.MimeMultipart)5 SMIMEEnveloped (org.bouncycastle.mail.smime.SMIMEEnveloped)5 LdapCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)5 SignedEntity (org.nhindirect.stagent.cryptography.SignedEntity)5 ArrayList (java.util.ArrayList)4 MessagingException (javax.mail.MessagingException)4 RecipientInformation (org.bouncycastle.cms.RecipientInformation)4