use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.
the class AbstractX509WikiStore method storeCertificate.
/**
* Create or update a certificate into the appropriate document of the given store, and return the unsaved document.
*
* @param store the reference of a document or a space where the certificate should be stored.
* @param certificate the certificate to store.
* @param context the XWikiContext.
* @return the XWiki document to be saved where the object was updated or created.
* @throws CertificateStoreException on error.
*/
protected XWikiDocument storeCertificate(StoreReference store, CertifiedPublicKey certificate, XWikiContext context) throws CertificateStoreException {
if (!(certificate instanceof X509CertifiedPublicKey)) {
throw new IllegalArgumentException("Certificate should be X509 certificates.");
}
X509CertifiedPublicKey publicKey = (X509CertifiedPublicKey) certificate;
try {
CertificateObjectReference certRef = findCertificate(store, publicKey);
XWikiDocument document;
BaseObject obj;
if (certRef != null) {
document = getDocument(store, certRef, context);
obj = document.getXObject(X509CertificateWikiStore.CERTIFICATECLASS, certRef.getObjectNumber());
} else {
document = context.getWiki().getDocument(getDocumentReference(store, publicKey), context);
obj = document.newXObject(X509CertificateWikiStore.CERTIFICATECLASS, context);
byte[] keyId = publicKey.getSubjectKeyIdentifier();
if (keyId != null) {
obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_KEYID, this.base64.encode(keyId));
}
obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_ISSUER, publicKey.getIssuer().getName());
obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_SERIAL, publicKey.getSerialNumber().toString());
obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_SUBJECT, publicKey.getSubject().getName());
}
obj.setLargeStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_CERTIFICATE, this.base64.encode(certificate.getEncoded(), 64));
return document;
} catch (Exception e) {
throw new CertificateStoreException("Error while preparing certificate for store [" + store + "]", e);
}
}
use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.
the class X509KeyWikiStore method retrieve.
/**
* {@inheritDoc}
*
* @param store an {@link org.xwiki.crypto.store.WikiStoreReference} to a space reference.
*/
@Override
public CertifiedKeyPair retrieve(StoreReference store, CertifiedPublicKey certificate, byte[] password) throws KeyStoreException {
if (!(certificate instanceof X509CertifiedPublicKey)) {
throw new IllegalArgumentException("Certificate should be X509 certificates.");
}
X509CertifiedPublicKey publicKey = (X509CertifiedPublicKey) certificate;
XWikiContext context = getXWikiContext();
try {
CertificateObjectReference certRef = findCertificate(store, publicKey);
if (certRef == null) {
return null;
}
XWikiDocument document = getDocument(store, certRef, context);
BaseObject pkObj = document.getXObject(PRIVATEKEYCLASS);
if (pkObj == null) {
return null;
}
byte[] key = getEncoder().decode(pkObj.getLargeStringValue(PRIVATEKEYCLASS_PROP_KEY));
if (password != null) {
return new CertifiedKeyPair(this.encryptor.decrypt(password, key), certificate);
} else {
return new CertifiedKeyPair(this.keyFactory.fromPKCS8(key), certificate);
}
} catch (Exception e) {
throw new KeyStoreException("Failed to retrieved private key for certificate [" + publicKey.getSubject().getName() + "]");
}
}
use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.
the class RSACryptoScriptService method checkX509CertificateChainValidity.
/**
* Check that an X509 certificate chain is complete and is valid on a given date.
*
* @param chain the ordered chain of certificate starting from root CA.
* @param date the date to check the validity for, or null to check for now.
* @return true if the chain is a X509 certificate chain complete and valid on the given date.
*/
public boolean checkX509CertificateChainValidity(Collection<CertifiedPublicKey> chain, Date date) {
if (chain == null || chain.isEmpty()) {
return false;
}
Date checkDate = (date != null) ? date : new Date();
boolean rootExpected = true;
for (CertifiedPublicKey cert : chain) {
if (!(cert instanceof X509CertifiedPublicKey)) {
return false;
}
if (rootExpected) {
if (!((X509CertifiedPublicKey) cert).isRootCA()) {
return false;
}
rootExpected = false;
}
if (!((X509CertifiedPublicKey) cert).isValidOn(checkDate)) {
return false;
}
}
return true;
}
use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.
the class X509CertificateWikiStoreTest method getMockedCertificate.
private CertifiedPublicKey getMockedCertificate(boolean hasKeyId) throws Exception {
X509CertifiedPublicKey certificate = mock(X509CertifiedPublicKey.class);
when(certificate.getSerialNumber()).thenReturn(SERIAL);
when(certificate.getIssuer()).thenReturn(new DistinguishedName(ISSUER));
when(certificate.getSubject()).thenReturn(new DistinguishedName(SUBJECT));
when(certificate.getEncoded()).thenReturn(CERTIFICATE);
if (hasKeyId) {
X509Extensions extensions = mock(X509Extensions.class);
when(certificate.getExtensions()).thenReturn(extensions);
when(extensions.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
when(certificate.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
}
return certificate;
}
Aggregations