public KeyStoreHelper(KeyStore ks, String password) throws Exception { Enumeration<String> en = ks.aliases(); while (en.hasMoreElements()) { String alias = en.nextElement(); Certificate cert = ks.getCertificate(alias); if (ks.isCertificateEntry(alias) && ! alias.startsWith(DUMMY_CERT_ALIAS)){ final KeyStore keyStore = createEmptyKeyStore(); keyStore.setCertificateEntry("cert-1", cert); if (ks.isKeyEntry(alias) && cert instanceof X509Certificate) { X509Certificate x509Cert = (X509Certificate) cert; Collection<List<?>> ans = x509Cert.getSubjectAlternativeNames(); List<String> domains = new ArrayList<>(); if (ans != null) { String dn = x509Cert.getSubjectX500Principal().getName(); domains.addAll(getX509CertificateCommonNames(dn)); if (!domains.isEmpty()) {
private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US"); private boolean isDebuggable(Context ctx) Signature signatures[] = pinfo.signatures; CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(stream); debuggable = cert.getSubjectX500Principal().equals(DEBUG_DN); if (debuggable) break;
final String trustedCAName = responderCertificate.getSubjectX500Principal().getName(); if (trustedCAs.containsKey(trustedCAName)) { return trustedCAs.get(trustedCAName); final X500Principal issuerCA = issuerCertificate.getSubjectX500Principal(); if (responderCertificate.getIssuerX500Principal().equals(issuerCA)) {
public boolean equals(final DirectoryName other) { return (new X500Principal(name)).equals(new X500Principal(other.getName())); }
@Override public boolean verifyCertificate(X509Certificate certificate, Attributes attributes) throws NamingException { Attribute attribute = attributes.get(ldapAttribute); if (attribute == null) return false; final int size = attribute.size(); for (int i = 0; i < size; i++) { Object attrSubject = attribute.get(i); if (attrSubject != null){ X500Principal certSubjectX500Principal = certificate.getSubjectX500Principal(); X500Principal attSubjectX500Principal = new X500Principal((String) attrSubject); if ( certSubjectX500Principal.equals(attSubjectX500Principal) ) { return true; } } } return false; } }
public void encodeTo(final ASN1Encoder encoder) { encoder.startExplicit(getType()); encoder.writeEncoded(new X500Principal(name).getEncoded()); encoder.endExplicit(); } }
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws InvalidKeyException, NoSuchProviderException, SignatureException { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal(issuer)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000)); certGen.setSubjectDN(new X500Principal(subject)); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generateX509Certificate(pair.getPrivate(), "BC"); }
/** * Create a self-signed X.509 Certificate. * * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param pair the KeyPair * @param days how many days from now the Certificate is valid for * @param algorithm the signing algorithm, eg "SHA1withRSA" * @return the self-signed certificate */ public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException { Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000l); BigInteger sn = new BigInteger(64, new SecureRandom()); KeyPair keyPair = pair; X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal(dn); certGen.setSerialNumber(sn); certGen.setIssuerDN(dnName); certGen.setNotBefore(from); certGen.setNotAfter(to); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(algorithm); X509Certificate cert = certGen.generate(pair.getPrivate()); return cert; }
try first.checkValidity(); if ( chain.length == 1 && first.getSubjectX500Principal().equals( first.getIssuerX500Principal() ) ) if ( store.getCertificateAlias( first ) != null ) for ( Enumeration<String> aliases = store.aliases(); aliases.hasMoreElements(); ) String alias = aliases.nextElement(); if ( store.isCertificateEntry( alias ) ) X509Certificate cert = (X509Certificate) store.getCertificate( alias ); params.setDate( new Date() ); params.setRevocationEnabled( false );
try { cert.checkValidity(); long expiresIn = cert.getNotAfter().getTime() - System.currentTimeMillis(); String subj = cert.getIssuerX500Principal().toString(); l.logAlways(Log.WARN, "Certificate \"" + subj + "\" in key store " + location + " will expire in " + DataHelper.formatDuration2(expiresIn).replace(" ", " ") + String subj = cert.getIssuerX500Principal().toString(); error("Expired certificate \"" + subj + "\" in key store " + location + "\nYou must renew the certificate." + rv = false; } catch (CertificateNotYetValidException cnyve) { String subj = cert.getIssuerX500Principal().toString(); error("Not yet valid certificate \"" + subj + "\" in key store " + location, null); rv = false;
final KeyStore keyStore = this.keyStore; try { final Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { final String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { final Certificate certificate = keyStore.getCertificate(alias); if (certificate instanceof X509Certificate && x500Principal.equals(X500PrincipalUtil.asX500Principal(((X509Certificate) certificate).getSubjectX500Principal()))) { log.tracef("KeyStoreRealm: certificate found by X500Principal in alias [%s]", alias); return new KeyStoreRealmIdentity(alias);
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerKeyPair.getPrivate()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); Date startDate = new Date(); Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(days)); reverseX500Name(new X500Name(issuer.getSubjectX500Principal().getName())), getUniqueSerialNumber(), startDate, endDate,
Date startDate = new Date(); Date expiryDate = new Date( System.currentTimeMillis() + YEAR_MILLIS ); BigInteger serialNumber = BigInteger.valueOf( System.currentTimeMillis() ); X500Principal issuerName = new X500Principal( issuerDN ); X500Principal subjectName = new X500Principal( subjectDN ); entry.put( USER_CERTIFICATE_AT, cert.getEncoded() ); LOG.debug( "X509 Certificate: {}", cert );
private boolean certificateMatches(X509Certificate[] certs, boolean needsToBeExpired) { for (X509Certificate cert : certs) if (cert.getSubjectX500Principal().getName().equals(subjectPrincipalName) && (!needsToBeExpired || cert.getNotAfter().before(new Date()))) return true; return false; }
private X509Certificate createTypeOneX509Certificate(Date startDate, String principalDn, KeyPair keyPair) { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal principal = new X500Principal(principalDn); certGen.setSerialNumber(serialNumber()); certGen.setIssuerDN(principal); certGen.setNotBefore(startDate); DateTime now = new DateTime(new Date()); certGen.setNotAfter(now.plusYears(YEARS).toDate()); certGen.setSubjectDN(principal); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(new SystemEnvironment().get(GO_SSL_CERTS_ALGORITHM)); try { return certGen.generate(keyPair.getPrivate(), "BC"); } catch (Exception e) { throw bomb(e); } }
TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); CertificateFactory cf = CertificateFactory.getInstance("X.509"); .generateCertificate(new ByteArrayInputStream(buf.array())); X500Principal principal = cert.getSubjectX500Principal(); ks.setCertificateEntry(principal.getName("RFC2253"), cert);
crlist.getIssuerX500Principal().getName( X500Principal.CANONICAL)))) { return false; BigInteger crlNumber = new BigInteger((byte[]) ASN1Integer.getInstance().decode(bytes)); if ((minCRL != null) && (crlNumber.compareTo(minCRL) < 0)) { return false; if ((maxCRL != null) && (crlNumber.compareTo(maxCRL) > 0)) { return false; return false; if ((dateAndTime < thisUp.getTime()) || (dateAndTime > nextUp.getTime())) { return false;
public static KeyStore loadTrustStore(File certificateChainFile) throws IOException, GeneralSecurityException { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate); } return keyStore; }
private SubjectIssuerDNPair lookupServerDN() throws KeyStoreException { if (domain == null) { throw new IllegalArgumentException("Unable to find security domain."); } KeyStore keystore = domain.getKeyStore(); final X509Certificate cert = (X509Certificate) keystore.getCertificate(keystore.aliases().nextElement()); final String serverDN = cert.getSubjectX500Principal().getName(); final String serverIssuerDN = cert.getIssuerX500Principal().getName(); return SubjectIssuerDNPair.of(serverDN, serverIssuerDN); } }
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase, String keyStoreFile, char[] keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException { CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); byte[] keyBytes = decodePem(keyInputStream); PrivateKey privateKey; KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo); try { // First let's try PKCS8 privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } catch (InvalidKeySpecException e) { // Otherwise try PKCS8 RSAPrivateCrtKeySpec keySpec = PKCS1Util.decodePKCS1(keyBytes); privateKey = keyFactory.generatePrivate(keySpec); } KeyStore keyStore = KeyStore.getInstance("JKS"); if (Utils.isNotNullOrEmpty(keyStoreFile)){ keyStore.load(new FileInputStream(keyStoreFile), keyStorePassphrase); } else { loadDefaultKeyStoreFile(keyStore, keyStorePassphrase); } String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[]{cert}); return keyStore; }