Examples with X509CertImpl sun.security.x509.X509CertImpl used on opensource projects

Example 21 with X509CertImpl

use of sun.security.x509.X509CertImpl in project j2objc by google.

the class PKCS7 method parseNetscapeCertChain.

private void parseNetscapeCertChain(DerValue val) throws ParsingException, IOException {
    DerInputStream dis = new DerInputStream(val.toByteArray());
    DerValue[] contents = dis.getSequence(2, true);
    certificates = new X509Certificate[contents.length];
    CertificateFactory certfac = null;
    try {
        certfac = CertificateFactory.getInstance("X.509");
    } catch (CertificateException ce) {
    // do nothing
    }
    for (int i = 0; i < contents.length; i++) {
        ByteArrayInputStream bais = null;
        try {
            byte[] original = contents[i].getOriginalEncodedForm();
            if (certfac == null)
                certificates[i] = new X509CertImpl(contents[i], original);
            else {
                bais = new ByteArrayInputStream(original);
                certificates[i] = new VerbatimX509Certificate((X509Certificate) certfac.generateCertificate(bais), original);
                bais.close();
                bais = null;
            }
        } catch (CertificateException ce) {
            ParsingException pe = new ParsingException(ce.getMessage());
            pe.initCause(ce);
            throw pe;
        } catch (IOException ioe) {
            ParsingException pe = new ParsingException(ioe.getMessage());
            pe.initCause(ioe);
            throw pe;
        } finally {
            if (bais != null)
                bais.close();
        }
    }
}

Example 22 with X509CertImpl

use of sun.security.x509.X509CertImpl in project j2objc by google.

the class X509Factory method intern.

/**
     * Return an interned X509CertImpl for the given certificate.
     * If the given X509Certificate or X509CertImpl is already present
     * in the cert cache, the cached object is returned. Otherwise,
     * if it is a X509Certificate, it is first converted to a X509CertImpl.
     * Then the X509CertImpl is added to the cache and returned.
     *
     * Note that all certificates created via generateCertificate(InputStream)
     * are already interned and this method does not need to be called.
     * It is useful for certificates that cannot be created via
     * generateCertificate() and for converting other X509Certificate
     * implementations to an X509CertImpl.
     */
public static synchronized X509CertImpl intern(X509Certificate c) throws CertificateException {
    if (c == null) {
        return null;
    }
    boolean isImpl = c instanceof X509CertImpl;
    byte[] encoding;
    if (isImpl) {
        encoding = ((X509CertImpl) c).getEncodedInternal();
    } else {
        encoding = c.getEncoded();
    }
    X509CertImpl newC = (X509CertImpl) getFromCache(certCache, encoding);
    if (newC != null) {
        return newC;
    }
    if (isImpl) {
        newC = (X509CertImpl) c;
    } else {
        newC = new X509CertImpl(encoding);
        encoding = newC.getEncodedInternal();
    }
    addToCache(certCache, encoding, newC);
    return newC;
}

Example 23 with X509CertImpl

use of sun.security.x509.X509CertImpl in project netty by netty.

the class OpenJdkSelfSignedCertGenerator method generate.

static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fqdn, key, cert);
}

Example 24 with X509CertImpl

use of sun.security.x509.X509CertImpl in project OpenAM by OpenRock.

the class ApprovalCallback method approve.

/*
    * Invoked by JSS protocol handler whenever ssl handshaking hits issue.
    * It validates reported issue if it can be ignored.
    *
    * @return <code>true</code> if the reported issue can be ignored.
    */
public boolean approve(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status) {
    ValidityItem item;
    Enumeration errors = status.getReasons();
    int reason;
    if (trustAllServerCerts) {
        return true;
    }
    if ((reqHost == null) && !errors.hasMoreElements()) {
        return true;
    }
    boolean approve = true;
    while (approve && errors.hasMoreElements()) {
        item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
        reason = item.getReason();
        if (debug.messageEnabled()) {
            debug.message("ApprovalCallback: reason " + reason);
        }
        // bad domain -12276
        if (reason != ValidityStatus.BAD_CERT_DOMAIN) {
            approve = false;
        } else {
            String cn = null;
            try {
                String subjectDN = cert.getSubjectDN().getName();
                cn = new X500Name(subjectDN).getCommonName();
            } catch (Exception ex) {
                if (debug.messageEnabled()) {
                    debug.message("ApprovalCallback:", ex);
                }
                approve = false;
            }
            if (cn == null) {
                return false;
            }
            if (!sslTrustHosts.isEmpty()) {
                if (debug.messageEnabled()) {
                    debug.message("ApprovalCallback: server cert CN : " + cn);
                }
                if (sslTrustHosts.contains(cn.toLowerCase())) {
                    return true;
                }
            }
            if (resolveIPAddress) {
                try {
                    approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(reqHost).getHostAddress());
                } catch (UnknownHostException ex) {
                    if (debug.messageEnabled()) {
                        debug.message("ApprovalCallback:", ex);
                    }
                    approve = false;
                }
            } else
                approve = false;
            if (!approve && checkSubjectAltName) {
                try {
                    X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
                    X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
                    CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
                    SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
                    if (altNameExt != null) {
                        GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
                        Method meth = getMethod();
                        GeneralName generalname = null;
                        if (meth.getName().equals(OLD_METHOD_NAME)) {
                            // pre 1.4.2 implementation
                            Enumeration e = (Enumeration) meth.invoke(names, params);
                            for (; !approve && e.hasMoreElements(); ) {
                                approve = compareHosts((GeneralName) e.nextElement());
                            }
                        } else {
                            // post 1.4.2 implementation
                            Iterator i = (Iterator) meth.invoke(names, params);
                            for (; !approve && i.hasNext(); ) {
                                approve = compareHosts((GeneralName) i.next());
                            }
                        }
                    }
                } catch (Exception ex) {
                    return false;
                }
            }
        }
    }
    return approve;
}

Example 25 with X509CertImpl

use of sun.security.x509.X509CertImpl in project oxAuth by GluuFederation.

the class WebKeysTest method webKeyTest.

@Test(dataProvider = "webKeysDataProvider")
public void webKeyTest(final String n, final String e, final String x5c) throws CertificateException {
    showTitle("webKeyTest");
    byte[] nBytes = Base64Util.base64urldecode(n);
    BigInteger modulus = new BigInteger(1, nBytes);
    byte[] eBytes = Base64Util.base64urldecode(e);
    BigInteger exponent = new BigInteger(1, eBytes);
    System.out.println("n: " + n);
    System.out.println("n: " + modulus);
    System.out.println("e: " + e);
    System.out.println("e: " + exponent);
    byte[] certBytes = Base64Util.base64urldecode(x5c);
    X509Certificate cert = new X509CertImpl(certBytes);
    PublicKey publicKey = cert.getPublicKey();
    RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
    assertEquals(rsaPublicKey.getModulus(), modulus);
    assertEquals(rsaPublicKey.getPublicExponent(), exponent);
}