private static IdentityCredentials getSingleCredential(Object rawCredential) { if (rawCredential == null) { return IdentityCredentials.NONE; } else if (rawCredential instanceof Credential) { return IdentityCredentials.NONE.withCredential((Credential) rawCredential); } else if (rawCredential instanceof GSSCredential) { return IdentityCredentials.NONE.withCredential(new GSSKerberosCredential((GSSCredential) rawCredential)); } else if (rawCredential instanceof Password) { return IdentityCredentials.NONE.withCredential(new PasswordCredential((Password) rawCredential)); } else if (rawCredential instanceof X509Certificate) { return IdentityCredentials.NONE.withCredential(new X509CertificateChainPublicCredential((X509Certificate) rawCredential)); } else if (rawCredential instanceof X509Certificate[]) { return IdentityCredentials.NONE.withCredential(new X509CertificateChainPublicCredential((X509Certificate[]) rawCredential)); } else if (rawCredential instanceof X500PrivateCredential) { final X500PrivateCredential credential = (X500PrivateCredential) rawCredential; return IdentityCredentials.NONE.withCredential(new X509CertificateChainPrivateCredential(credential.getPrivateKey(), credential.getCertificate())); } else if (rawCredential instanceof String) { return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, ((String) rawCredential).toCharArray()))); } else if (rawCredential instanceof char[]) { // todo: automatically decode to other credential types return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, (char[]) rawCredential))); } else if (rawCredential instanceof byte[]) { // todo: automatically decode to other credential types return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, new String((byte[]) rawCredential, StandardCharsets.UTF_8).toCharArray()))); } else { return IdentityCredentials.NONE; } }
KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE, "BC"); ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD); X500PrivateCredential creds = new X500PrivateCredential( (X509Certificate) ks.getCertificate(KEYSTORE_ALIAS), (PrivateKey) ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD) new JcaDigestCalculatorProviderBuilder().setProvider("BC").build() ).build( new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(creds.getPrivateKey()), creds.getCertificate()
if (cred instanceof X500PrivateCredential) { X500PrivateCredential xpc = (X500PrivateCredential) cred; if (cert.equals(xpc.getCertificate())) { result = xpc; break;
userCredential = new X500PrivateCredential( userCertificateChain[0], userKey ); new X500Principal( userCredential.getCertificate().getSubjectX500Principal().getName() );
while (it.hasNext()) { X500PrivateCredential cred = (X500PrivateCredential)it.next(); if (cred.getAlias().equals(actualAlias)) return cred.getCertificate();
throw new GeneralSecurityException( "Client is not authenticated"); } else if (clientCredential.isDestroyed()) { throw new GeneralSecurityException( "Private credentials are destroyed"); X509Certificate cert = clientCredential.getCertificate(); if (getPrincipal(subject, cert) == null) { throw new GeneralSecurityException("Missing principal");
new GetPrivateCredentialAction(subject, cert)); PrivateKey privateKey = cred != null ? cred.getPrivateKey() : null; if (privateKey == null) { buf.append("Not found");
KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE, "BC"); ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD); X500PrivateCredential creds = new X500PrivateCredential( (X509Certificate) ks.getCertificate(KEYSTORE_ALIAS), (PrivateKey) ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD) signature.initSign(creds.getPrivateKey()); signature.update(fileContent); new JcaDigestCalculatorProviderBuilder().setProvider("BC").build() ).build( new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(creds.getPrivateKey()), creds.getCertificate()
X509Certificate cert = clientCredential.getCertificate(); clientPrincipal = cert.getSubjectX500Principal(); credentialsValidUntil = Math.min(credentialsValidUntil, certificatesValidUntil(getCertificateChain(getSubject(), cert))); authenticationPermission = getAuthenticationPermission(cert); String result = getCertificateName(clientCredential.getCertificate()); if (logger.isLoggable(Level.FINE)) { logger.log(
while (it.hasNext()) { X500PrivateCredential cred = (X500PrivateCredential)it.next(); if (cred.getAlias().equals(alias)) return cred.getCertificate();
public PrivateKey getPrivateKey(String alias) { CertPath chain = getCertificateChain(getSubject(), alias); if (chain != null) { try { X500PrivateCredential xpc = getPrivateCredential(firstX509Cert(chain)); if (xpc != null) { return xpc.getPrivateKey(); } } catch (SecurityException e) { Logger logger = getLogger(); if (logger.isLoggable(Levels.HANDLED)) { logThrow(logger, Levels.HANDLED, SubjectKeyManager.class, "getPrivateKey", "get private key for alias {0}\n" + "caught exception", new Object[] { alias }, e); } } } return null; }
/** * Checks if the two private credentials refer to the same principal and * have the equivalent private key. */ boolean equalPrivateCredentials(X500PrivateCredential cred1, X500PrivateCredential cred2) { if (cred1 == null || cred2 == null) { return false; } X509Certificate cert1 = cred1.getCertificate(); X509Certificate cert2 = cred2.getCertificate(); if (cert1 == null || cert2 == null || !safeEquals(cert1.getSubjectDN(), cert2.getSubjectDN())) { return false; } /* * I'm assuming I can depend on the equals method for private keys to * check if the two objects represent the same key without being * identical objects. Although that behavior isn't documented, at * least the sun.security.pkcs.PKCS8Key class does that. * -tjb[8.Jan.2001] */ PrivateKey key1 = cred1.getPrivateKey(); return key1 != null && key1.equals(cred2.getPrivateKey()); }
KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE, "BC"); ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD); X500PrivateCredential creds = new X500PrivateCredential( (X509Certificate) ks.getCertificate(KEYSTORE_ALIAS), (PrivateKey) ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD) new JcaDigestCalculatorProviderBuilder().setProvider("BC").build() ).build( new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(creds.getPrivateKey()), creds.getCertificate()
for (int i = readOnlyPrivateCredentials.length; --i >= 0; ) { X500PrivateCredential xpc = readOnlyPrivateCredentials[i]; if (cert.equals(xpc.getCertificate())) { return xpc;
private static void createSignature(Path srcfile, X500PrivateCredential creds, FileOutputStream target) throws Exception { CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator() { { addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build() ).build( new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(creds.getPrivateKey()), creds.getCertificate() ) ); addCertificates(new JcaCertStore(new ArrayList<X509Certificate>() { { add(creds.getCertificate()); } })); } }; try (OutputStream sigOut = gen.open(target, true)) { Files.copy(srcfile, sigOut); } }
while (it.hasNext()) { X500PrivateCredential cred = (X500PrivateCredential)it.next(); X509Certificate cert = cred.getCertificate(); if (cert.getPublicKey().equals(publicKey)) return cert;
while (it.hasNext()) { X500PrivateCredential cred = (X500PrivateCredential)it.next(); X509Certificate x509Cert = cred.getCertificate(); BigInteger serialNo = x509Cert.getSerialNumber(); String currentIssuerName = if (serialNo.equals(serialNumber) && currentIssuerName.equals(issuerName)) { return cred.getPrivateKey();
throw new SecurityException("Missing subject"); X509Certificate cert = cred.getCertificate(); if (getPrincipal(subject, cert) == null) { throw new SecurityException("Missing principal");
while (it.hasNext()) { X500PrivateCredential cred = (X500PrivateCredential)it.next(); X509Certificate x509Cert = cred.getCertificate(); BigInteger serialNo = x509Cert.getSerialNumber(); String currentIssuerName = if (serialNo.equals(serialNumber) && currentIssuerName.equals(issuerName)) { return cred.getPrivateKey();
: getCertificateName(cred.getCertificate()); if (logger.isLoggable(Level.FINE)) { logger.log(Level.FINE,