Examples with CertificateVerifier org.openecard.crypto.tls.CertificateVerifier used on opensource projects

Search in sources :

Example 1 with CertificateVerifier

use of org.openecard.crypto.tls.CertificateVerifier in project open-ecard by ecsec.

the class DefaultTlsClientImpl method getAuthentication.

@Override
public TlsAuthentication getAuthentication() throws IOException {
    return new TlsAuthentication() {

        @Override
        public void notifyServerCertificate(TlsServerCertificate crtfct) throws IOException {
            JavaSecVerifier v = new JavaSecVerifier();
            CertificateVerifier cv = new CertificateVerifierBuilder().and(new HostnameVerifier()).and(v).and(new KeyLengthVerifier()).build();
            cv.isValid(crtfct, serverNames.get(0).toString());
        }

        @Override
        public TlsCredentials getClientCredentials(CertificateRequest cr) throws IOException {
            throw new UnsupportedOperationException("Not supported yet.");
        }
    };
}
Also used : TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) TlsAuthentication(org.openecard.bouncycastle.tls.TlsAuthentication) CertificateVerifier(org.openecard.crypto.tls.CertificateVerifier) CertificateRequest(org.openecard.bouncycastle.tls.CertificateRequest)

Example 2 with CertificateVerifier

use of org.openecard.crypto.tls.CertificateVerifier in project open-ecard by ecsec.

the class HttpConnectProxy method connectSocket.

private Socket connectSocket() throws IOException {
    // Socket object connecting to proxy
    Socket sock = new Socket();
    SocketAddress addr = new InetSocketAddress(proxyHost, proxyPort);
    sock.setKeepAlive(true);
    // this is pretty much, but not a problem, as this only shifts the responsibility to the server
    sock.setSoTimeout(5 * 60 * 1000);
    sock.connect(addr, 60 * 1000);
    // evaluate scheme
    if ("HTTPS".equals(proxyScheme)) {
        TlsCrypto crypto = new BcTlsCrypto(ReusableSecureRandom.getInstance());
        ClientCertDefaultTlsClient tlsClient = new ClientCertDefaultTlsClient(crypto, proxyHost, true);
        DynamicAuthentication tlsAuth = new DynamicAuthentication(proxyHost);
        if (proxyValidate) {
            CertificateVerifier cv = new CertificateVerifierBuilder().and(new HostnameVerifier()).and(new KeyLengthVerifier()).and(new JavaSecVerifier()).build();
            tlsAuth.setCertificateVerifier(cv);
        }
        tlsClient.setAuthentication(tlsAuth);
        TlsClientProtocol proto = new TlsClientProtocol(sock.getInputStream(), sock.getOutputStream());
        proto.connect(tlsClient);
        // wrap socket
        Socket tlsSock = new SocketWrapper(sock, proto.getInputStream(), proto.getOutputStream());
        return tlsSock;
    } else {
        return sock;
    }
}
Also used : InetSocketAddress(java.net.InetSocketAddress) TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol) ClientCertDefaultTlsClient(org.openecard.crypto.tls.ClientCertDefaultTlsClient) BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto) CertificateVerifierBuilder(org.openecard.crypto.tls.verify.CertificateVerifierBuilder) KeyLengthVerifier(org.openecard.crypto.tls.verify.KeyLengthVerifier) TlsCrypto(org.openecard.bouncycastle.tls.crypto.TlsCrypto) BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto) HostnameVerifier(org.openecard.crypto.tls.verify.HostnameVerifier) CertificateVerifier(org.openecard.crypto.tls.CertificateVerifier) DynamicAuthentication(org.openecard.crypto.tls.auth.DynamicAuthentication) SocketAddress(java.net.SocketAddress) InetSocketAddress(java.net.InetSocketAddress) Socket(java.net.Socket) JavaSecVerifier(org.openecard.crypto.tls.verify.JavaSecVerifier) SocketWrapper(org.openecard.crypto.tls.SocketWrapper)

Example 3 with CertificateVerifier

use of org.openecard.crypto.tls.CertificateVerifier in project open-ecard by ecsec.

the class CertificateVerifierBuilder method buildInternal.

private CertificateVerifier buildInternal() {
    // copy and elements so that further modification of the builder does not affect the validation
    final Collection<CertificateVerifier> andCopy = Collections.unmodifiableCollection(andList);
    // convert OR builder to verifier
    final ArrayList<CertificateVerifier> orCopy = new ArrayList<>(orChilds.size());
    for (CertificateVerifierBuilder next : orChilds) {
        orCopy.add(next.buildInternal());
    }
    return new CertificateVerifier() {

        @Override
        public void isValid(TlsServerCertificate chain, String hostname) throws CertificateVerificationException {
            if (!andCopy.isEmpty()) {
                // process each AND check and pass if none failed
                for (CertificateVerifier cv : andCopy) {
                    cv.isValid(chain, hostname);
                }
            } else if (!orCopy.isEmpty()) {
                // process all OR values and fail if none passed
                boolean noSuccess = true;
                for (CertificateVerifier cv : orCopy) {
                    try {
                        cv.isValid(chain, hostname);
                        // a successful outcome means we passed, so break the loop
                        break;
                    } catch (CertificateVerificationException ex) {
                        noSuccess = false;
                    }
                }
                if (noSuccess) {
                    String msg = "None of the possible validation paths succeeded.";
                    throw new CertificateVerificationException(msg);
                }
            }
        }
    };
}
Also used : TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException) CertificateVerifier(org.openecard.crypto.tls.CertificateVerifier) ArrayList(java.util.ArrayList)

Aggregations

CertificateVerifier (org.openecard.crypto.tls.CertificateVerifier)3 TlsServerCertificate (org.openecard.bouncycastle.tls.TlsServerCertificate)2 InetSocketAddress (java.net.InetSocketAddress)1 Socket (java.net.Socket)1 SocketAddress (java.net.SocketAddress)1 ArrayList (java.util.ArrayList)1 CertificateRequest (org.openecard.bouncycastle.tls.CertificateRequest)1 TlsAuthentication (org.openecard.bouncycastle.tls.TlsAuthentication)1 TlsClientProtocol (org.openecard.bouncycastle.tls.TlsClientProtocol)1 TlsCrypto (org.openecard.bouncycastle.tls.crypto.TlsCrypto)1 BcTlsCrypto (org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)1 CertificateVerificationException (org.openecard.crypto.tls.CertificateVerificationException)1 ClientCertDefaultTlsClient (org.openecard.crypto.tls.ClientCertDefaultTlsClient)1 SocketWrapper (org.openecard.crypto.tls.SocketWrapper)1 DynamicAuthentication (org.openecard.crypto.tls.auth.DynamicAuthentication)1 CertificateVerifierBuilder (org.openecard.crypto.tls.verify.CertificateVerifierBuilder)1 HostnameVerifier (org.openecard.crypto.tls.verify.HostnameVerifier)1 JavaSecVerifier (org.openecard.crypto.tls.verify.JavaSecVerifier)1 KeyLengthVerifier (org.openecard.crypto.tls.verify.KeyLengthVerifier)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial