Example 41 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project ddf by codice.
the class KeystoreEditor method addTrustedCertificateFromUrl.
@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
SSLSocket socket = null;
String decodedUrl = null;
List<Map<String, Object>> resultList = new ArrayList<>();
try {
decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
socket = createNonVerifyingSslSocket(decodedUrl);
socket.startHandshake();
X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
for (X509Certificate certificate : peerCertificateChain) {
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
trustStore.setCertificateEntry(cnStr, certificate);
resultList.add(Collections.singletonMap("success", true));
} catch (CertificateEncodingException e) {
resultList.add(Collections.singletonMap("success", false));
LOGGER.info("Unable to store certificate: {}", certificate.toString(), e);
}
}
Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
if (!trustStoreFile.isAbsolute()) {
Path ddfHomePath = Paths.get(System.getProperty("ddf.home"));
trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
}
String keyStorePassword = SecurityConstants.getTruststorePassword();
OutputStream fos = Files.newOutputStream(trustStoreFile);
trustStore.store(fos, keyStorePassword.toCharArray());
} catch (IOException | GeneralSecurityException e) {
LOGGER.info("Unable to add certificate(s) to trust store from URL: {}", (decodedUrl != null) ? decodedUrl : url, e);
} finally {
IOUtils.closeQuietly(socket);
}
return resultList;
}
Also used :
Path(java.nio.file.Path)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509Certificate(java.security.cert.X509Certificate)
Map(java.util.Map)
HashMap(java.util.HashMap)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 42 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project ddf by codice.
the class KeystoreEditor method importASN1CertificatesToStore.
private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates) throws KeystoreEditorException {
Enumeration certificateEnumeration = certificates.getObjects();
try {
while (certificateEnumeration.hasMoreElements()) {
ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement()).toASN1Primitive();
org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Primitive);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(instance.getEncoded()));
X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate);
setEntry = true;
}
} catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) {
throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e);
}
return setEntry;
}
Also used :
Enumeration(java.util.Enumeration)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
NoSuchProviderException(java.security.NoSuchProviderException)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
RDN(org.bouncycastle.asn1.x500.RDN)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 43 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project ddf by codice.
the class KeystoreEditor method buildCertChainList.
private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException {
try {
Certificate certificate = store.getCertificate(alias);
if (certificate != null) {
X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0];
X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer();
RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0];
String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue());
String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue());
if (StringUtils.isBlank(issuer) || issuer.equals(subject)) {
List<Certificate> certificates = new ArrayList<>();
certificates.add(certificate);
return certificates;
} else {
List<Certificate> certificates = buildCertChainList(issuer, store);
certificates.add(certificate);
return certificates;
}
} else {
return new ArrayList<>();
}
} catch (CertificateEncodingException | KeyStoreException e) {
throw new KeystoreEditorException("Unable to build cert chain list.", e);
}
}
Also used :
ArrayList(java.util.ArrayList)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStoreException(java.security.KeyStoreException)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 44 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project athenz by yahoo.
the class SocketTest method getCN.
private String getCN(Certificate[] certificates) throws CertificateEncodingException {
final X509Certificate[] clientCerts = (X509Certificate[]) certificates;
final X500Name certificateHolder = new JcaX509CertificateHolder(clientCerts[0]).getSubject();
final RDN commonName = certificateHolder.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(commonName.getFirst().getValue());
}
Also used :
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
X509Certificate(java.security.cert.X509Certificate)
Example 45 with RDN
use of org.openecard.bouncycastle.asn1.x500.RDN in project nifi by apache.
the class CertificateUtils method reorderDn.
/**
* Reorders DN to the order the elements appear in the RFC 2253 table
*
* https://www.ietf.org/rfc/rfc2253.txt
*
* String X.500 AttributeType
* ------------------------------
* CN commonName
* L localityName
* ST stateOrProvinceName
* O organizationName
* OU organizationalUnitName
* C countryName
* STREET streetAddress
* DC domainComponent
* UID userid
*
* @param dn a possibly unordered DN
* @return the ordered dn
*/
public static String reorderDn(String dn) {
RDN[] rdNs = new X500Name(dn).getRDNs();
Arrays.sort(rdNs, new Comparator<RDN>() {
@Override
public int compare(RDN o1, RDN o2) {
AttributeTypeAndValue o1First = o1.getFirst();
AttributeTypeAndValue o2First = o2.getFirst();
ASN1ObjectIdentifier o1Type = o1First.getType();
ASN1ObjectIdentifier o2Type = o2First.getType();
Integer o1Rank = dnOrderMap.get(o1Type);
Integer o2Rank = dnOrderMap.get(o2Type);
if (o1Rank == null) {
if (o2Rank == null) {
int idComparison = o1Type.getId().compareTo(o2Type.getId());
if (idComparison != 0) {
return idComparison;
}
return String.valueOf(o1Type).compareTo(String.valueOf(o2Type));
}
return 1;
} else if (o2Rank == null) {
return -1;
}
return o1Rank - o2Rank;
}
});
return new X500Name(rdNs).toString();
}
Also used :
BigInteger(java.math.BigInteger)
X500Name(org.bouncycastle.asn1.x500.X500Name)
RDN(org.bouncycastle.asn1.x500.RDN)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
RDN (org.bouncycastle.asn1.x500.RDN)55
X500Name (org.bouncycastle.asn1.x500.X500Name)33
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18
ArrayList (java.util.ArrayList)15
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15
X509Certificate (java.security.cert.X509Certificate)13
DERIA5String (org.bouncycastle.asn1.DERIA5String)13
AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13
IOException (java.io.IOException)12
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)12
LinkedList (java.util.LinkedList)10
DEROctetString (org.bouncycastle.asn1.DEROctetString)10
JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)10
KeyStoreException (java.security.KeyStoreException)8
List (java.util.List)8
InputStream (java.io.InputStream)7
KeyStore (java.security.KeyStore)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
CertificateException (java.security.cert.CertificateException)7
