Search in sources :

Example 41 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project ddf by codice.

the class KeystoreEditor method addTrustedCertificateFromUrl.

@Override
public List<Map<String, Object>> addTrustedCertificateFromUrl(String url) {
    SSLSocket socket = null;
    String decodedUrl = null;
    List<Map<String, Object>> resultList = new ArrayList<>();
    try {
        decodedUrl = new String(Base64.getDecoder().decode(url), "UTF-8");
        socket = createNonVerifyingSslSocket(decodedUrl);
        socket.startHandshake();
        X509Certificate[] peerCertificateChain = (X509Certificate[]) socket.getSession().getPeerCertificates();
        for (X509Certificate certificate : peerCertificateChain) {
            try {
                X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
                trustStore.setCertificateEntry(cnStr, certificate);
                resultList.add(Collections.singletonMap("success", true));
            } catch (CertificateEncodingException e) {
                resultList.add(Collections.singletonMap("success", false));
                LOGGER.info("Unable to store certificate: {}", certificate.toString(), e);
            }
        }
        Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
        if (!trustStoreFile.isAbsolute()) {
            Path ddfHomePath = Paths.get(System.getProperty("ddf.home"));
            trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
        }
        String keyStorePassword = SecurityConstants.getTruststorePassword();
        OutputStream fos = Files.newOutputStream(trustStoreFile);
        trustStore.store(fos, keyStorePassword.toCharArray());
    } catch (IOException | GeneralSecurityException e) {
        LOGGER.info("Unable to add certificate(s) to trust store from URL: {}", (decodedUrl != null) ? decodedUrl : url, e);
    } finally {
        IOUtils.closeQuietly(socket);
    }
    return resultList;
}
Also used : Path(java.nio.file.Path) SSLSocket(javax.net.ssl.SSLSocket) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) Map(java.util.Map) HashMap(java.util.HashMap) RDN(org.bouncycastle.asn1.x500.RDN)

Example 42 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project ddf by codice.

the class KeystoreEditor method importASN1CertificatesToStore.

private boolean importASN1CertificatesToStore(KeyStore store, boolean setEntry, ASN1Set certificates) throws KeystoreEditorException {
    Enumeration certificateEnumeration = certificates.getObjects();
    try {
        while (certificateEnumeration.hasMoreElements()) {
            ASN1Primitive asn1Primitive = ((ASN1Encodable) certificateEnumeration.nextElement()).toASN1Primitive();
            org.bouncycastle.asn1.x509.Certificate instance = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Primitive);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(instance.getEncoded()));
            X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            store.setCertificateEntry(IETFUtils.valueToString(cn.getFirst().getValue()), certificate);
            setEntry = true;
        }
    } catch (CertificateException | NoSuchProviderException | KeyStoreException | IOException e) {
        throw new KeystoreEditorException("Unable to import ASN1 certificates to store", e);
    }
    return setEntry;
}
Also used : Enumeration(java.util.Enumeration) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) NoSuchProviderException(java.security.NoSuchProviderException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 43 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project ddf by codice.

the class KeystoreEditor method buildCertChainList.

private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException {
    try {
        Certificate certificate = store.getCertificate(alias);
        if (certificate != null) {
            X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
            RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0];
            X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer();
            RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0];
            String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue());
            String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue());
            if (StringUtils.isBlank(issuer) || issuer.equals(subject)) {
                List<Certificate> certificates = new ArrayList<>();
                certificates.add(certificate);
                return certificates;
            } else {
                List<Certificate> certificates = buildCertChainList(issuer, store);
                certificates.add(certificate);
                return certificates;
            }
        } else {
            return new ArrayList<>();
        }
    } catch (CertificateEncodingException | KeyStoreException e) {
        throw new KeystoreEditorException("Unable to build cert chain list.", e);
    }
}
Also used : ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStoreException(java.security.KeyStoreException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 44 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project athenz by yahoo.

the class SocketTest method getCN.

private String getCN(Certificate[] certificates) throws CertificateEncodingException {
    final X509Certificate[] clientCerts = (X509Certificate[]) certificates;
    final X500Name certificateHolder = new JcaX509CertificateHolder(clientCerts[0]).getSubject();
    final RDN commonName = certificateHolder.getRDNs(BCStyle.CN)[0];
    return IETFUtils.valueToString(commonName.getFirst().getValue());
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate)

Example 45 with RDN

use of org.openecard.bouncycastle.asn1.x500.RDN in project nifi by apache.

the class CertificateUtils method reorderDn.

/**
 * Reorders DN to the order the elements appear in the RFC 2253 table
 *
 * https://www.ietf.org/rfc/rfc2253.txt
 *
 * String  X.500 AttributeType
 * ------------------------------
 * CN      commonName
 * L       localityName
 * ST      stateOrProvinceName
 * O       organizationName
 * OU      organizationalUnitName
 * C       countryName
 * STREET  streetAddress
 * DC      domainComponent
 * UID     userid
 *
 * @param dn a possibly unordered DN
 * @return the ordered dn
 */
public static String reorderDn(String dn) {
    RDN[] rdNs = new X500Name(dn).getRDNs();
    Arrays.sort(rdNs, new Comparator<RDN>() {

        @Override
        public int compare(RDN o1, RDN o2) {
            AttributeTypeAndValue o1First = o1.getFirst();
            AttributeTypeAndValue o2First = o2.getFirst();
            ASN1ObjectIdentifier o1Type = o1First.getType();
            ASN1ObjectIdentifier o2Type = o2First.getType();
            Integer o1Rank = dnOrderMap.get(o1Type);
            Integer o2Rank = dnOrderMap.get(o2Type);
            if (o1Rank == null) {
                if (o2Rank == null) {
                    int idComparison = o1Type.getId().compareTo(o2Type.getId());
                    if (idComparison != 0) {
                        return idComparison;
                    }
                    return String.valueOf(o1Type).compareTo(String.valueOf(o2Type));
                }
                return 1;
            } else if (o2Rank == null) {
                return -1;
            }
            return o1Rank - o2Rank;
        }
    });
    return new X500Name(rdNs).toString();
}
Also used : BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) RDN(org.bouncycastle.asn1.x500.RDN) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

RDN (org.bouncycastle.asn1.x500.RDN)55 X500Name (org.bouncycastle.asn1.x500.X500Name)33 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18 ArrayList (java.util.ArrayList)15 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)15 X509Certificate (java.security.cert.X509Certificate)13 DERIA5String (org.bouncycastle.asn1.DERIA5String)13 AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)13 IOException (java.io.IOException)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)12 LinkedList (java.util.LinkedList)10 DEROctetString (org.bouncycastle.asn1.DEROctetString)10 JcaX509CertificateHolder (org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)10 KeyStoreException (java.security.KeyStoreException)8 List (java.util.List)8 InputStream (java.io.InputStream)7 KeyStore (java.security.KeyStore)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 CertificateException (java.security.cert.CertificateException)7