static Certificate loadCertificateChain(String[] resources) throws IOException { org.bouncycastle.asn1.x509.Certificate[] chain = new org.bouncycastle.asn1.x509.Certificate[resources.length]; for (int i = 0; i < resources.length; ++i) { chain[i] = loadCertificateResource(resources[i]); } return new Certificate(chain); }
public static DHPublicKeyParameters extractDHPublicKeyParameters(Certificate cert) throws IOException { if (hasDHParameters(cert)) { if (cert.isEmpty()) { return null; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (DHPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { return null; } }
public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate) throws IOException { Certificate[] chain = clientCertificate.getCertificateList(); LOGGER.info(String.format("Received client certificate chain of length %d", chain.length)); for (int i = 0; i != chain.length; i++) { Certificate entry = chain[i]; LOGGER.info(String.format("WebRTC Client certificate fingerprint:%s (%s)", TlsUtils.fingerprint(this.hashFunction, entry), entry.getSubject())); } }
@Override public X509CertificateObject unmarshal(String v) throws Exception { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); Collection<? extends java.security.cert.Certificate> certs = certFactory .generateCertificates(new ByteArrayInputStream(ArrayConverter.hexStringToByteArray(v.replaceAll("\\s+", "")))); java.security.cert.Certificate sunCert = (java.security.cert.Certificate) certs.toArray()[0]; byte[] certBytes = sunCert.getEncoded(); ASN1Primitive asn1Cert = TlsUtils.readDERObject(certBytes); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Cert); org.bouncycastle.asn1.x509.Certificate[] certs2 = new org.bouncycastle.asn1.x509.Certificate[1]; certs2[0] = cert; org.bouncycastle.crypto.tls.Certificate tlsCerts = new org.bouncycastle.crypto.tls.Certificate(certs2); X509CertificateObject x509CertObject = new X509CertificateObject(tlsCerts.getCertificateAt(0)); return x509CertObject; }
public static PublicKey fetchServerPublicKey(Config config) { X509CertificateObject cert; try { Certificate fetchedServerCertificate = fetchServerCertificate(config); if (fetchedServerCertificate != null && fetchedServerCertificate.getLength() > 0) { cert = new X509CertificateObject(fetchedServerCertificate.getCertificateAt(0)); return cert.getPublicKey(); } } catch (CertificateParsingException ex) { throw new WorkflowExecutionException("Could not get public key from server certificate", ex); } return null; }
public boolean isCertificateParseable() { try { Certificate cert = Certificate.parse(new ByteArrayInputStream(certificateBytes)); return true; } catch (Exception E) { return false; } }
public static boolean hasRSAParameters(Certificate cert) { if (cert.isEmpty()) { return false; } PublicKey key = parsePublicKey(cert); return key != null && key instanceof RSAPublicKey; }
/** * Gets the fingerprint of the Certificate associated to the server. * * @return The fingerprint of the server certificate. Returns an empty * String if the server does not contain a certificate. */ public String generateFingerprint(String hashFunction) { try { this.hashFunction = hashFunction; org.bouncycastle.crypto.tls.Certificate chain = TlsUtils.loadCertificateChain(certificateResources); Certificate certificate = chain.getCertificateAt(0); return TlsUtils.fingerprint(this.hashFunction, certificate); } catch (IOException e) { LOGGER.error("Could not get local fingerprint: "+ e.getMessage()); return ""; } }
public static byte[] encodeCert(Certificate cert) throws IOException { ByteArrayOutputStream stream = new ByteArrayOutputStream(); cert.encode(stream); return stream.toByteArray(); }
protected void sendCertificateMessage(Certificate certificate) throws IOException { if (certificate == null) { certificate = Certificate.EMPTY_CHAIN; } if (certificate.isEmpty()) { TlsContext context = getContext(); if (!context.isServer()) { ProtocolVersion serverVersion = getContext().getServerVersion(); if (serverVersion.isSSL()) { String errorMessage = serverVersion.toString() + " client didn't provide credentials"; raiseAlertWarning(AlertDescription.no_certificate, errorMessage); return; } } } HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate); certificate.encode(message); message.writeToRecordStream(); }
pairList = new LinkedList<>(); try { Certificate cert = Certificate.parse(new ByteArrayInputStream(certBytes)); for (org.bouncycastle.asn1.x509.Certificate subCert : cert.getCertificateList()) { pairList.add(new CertificatePair(subCert.getEncoded()));
/** * @return an array of {@link org.bouncycastle.asn1.x509.Certificate} representing a certificate * chain. */ public org.bouncycastle.asn1.x509.Certificate[] getCertificateList() { return cloneCertificateList(); }
@Override public Certificate unmarshal(String v) throws Exception { Certificate cert = Certificate.parse(new ByteArrayInputStream(ArrayConverter.hexStringToByteArray(v.replaceAll( "\\s+", "")))); return cert; }
public static boolean hasDsaParameters(Certificate cert) { if (cert.isEmpty()) { return false; } PublicKey key = parsePublicKey(cert); return key != null && key instanceof DSAPublicKey; }
/** * Gets the fingerprint of the Certificate associated to the server. * * @return The fingerprint of the server certificate. Returns an empty * String if the server does not contain a certificate. */ public String generateFingerprint(String hashFunction) { try { this.hashFunction = hashFunction; org.bouncycastle.crypto.tls.Certificate chain = TlsUtils.loadCertificateChain(certificateResources); Certificate certificate = chain.getCertificateAt(0); return TlsUtils.fingerprint(this.hashFunction, certificate); } catch (IOException e) { LOGGER.error("Could not get local fingerprint: "+ e.getMessage()); return ""; } }
protected static byte[] generateCertificate(Certificate certificate) throws IOException { ByteArrayOutputStream buf = new ByteArrayOutputStream(); certificate.encode(buf); return buf.toByteArray(); }
protected void sendCertificateMessage(Certificate certificate) throws IOException { if (certificate == null) { certificate = Certificate.EMPTY_CHAIN; } if (certificate.isEmpty()) { TlsContext context = getContext(); if (!context.isServer()) { ProtocolVersion serverVersion = getContext().getServerVersion(); if (serverVersion.isSSL()) { String errorMessage = serverVersion.toString() + " client didn't provide credentials"; raiseWarning(AlertDescription.no_certificate, errorMessage); return; } } } HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate); certificate.encode(message); message.writeToRecordStream(); }
/** * @return an array of {@link org.bouncycastle.asn1.x509.Certificate} representing a certificate * chain. */ public org.bouncycastle.asn1.x509.Certificate[] getCertificateList() { return cloneCertificateList(); }