/** * Serialize Certificate chain in PEM format */ public static String toPEMformat(X509Certificate[] certificateChain) { StringWriter sw = new StringWriter(); for (X509Certificate certificate : certificateChain) { sw.append(toPEMformat(certificate)); } return sw.toString(); }
/** * PSC 6.5 SAML requirement due to Bouncycastle library conflicts. */ public static String toPEMformat(X509Certificate certificate, ServiceHost host) { if (useAuthConfig(host)) { return certToPEMformat(certificate); } else { return CertificateUtil.toPEMformat(certificate); } }
/** * @return {@link CertificateInfoServiceErrorResponse} for the untrusted certificate or {@code * null} if the resolver was not called or the certificate is trusted */ public CertificateInfoServiceErrorResponse getCertificateInfoServiceErrorResponse() { if (this.connectionCertificates.isEmpty()) { return null; } X509Certificate[] chain = getCertificateChain(); String certificate = CertificateUtil.toPEMformat(chain); Map<String, String> certProps = CertificateUtil.getCertificateInfoProperties(chain[0]); CertificateInfo certificateInfo = CertificateInfo.of(certificate, certProps); CertificateException certException = getCertificateException(); return CertificateInfoServiceErrorResponse.create( certificateInfo, Operation.STATUS_CODE_UNAVAILABLE, CertificateInfoServiceErrorResponse.ERROR_CODE_UNTRUSTED_CERTIFICATE, certException.getCause()); }
public static void storeCertificate(X509Certificate endCertificate, List<String> tenantLinks, ServiceHost host, ServiceRequestSender sender, CompletionHandler ch) { SslTrustCertificateState certState = new SslTrustCertificateState(); if (tenantLinks != null) { certState.tenantLinks = tenantLinks; } certState.certificate = CertificateUtil.toPEMformat(endCertificate); SslTrustCertificateState.populateCertificateProperties( certState, endCertificate); logger.info(String.format("Register certificate with common name: %s " + "and fingerprint: %s in trust store", certState.commonName, certState.fingerprint)); // save untrusted certificate to the trust store Operation.createPost(host, SslTrustCertificateService.FACTORY_LINK) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setBody(certState) .setCompletion(ch) .sendWith(sender); ServerX509TrustManager trustManager = ServerX509TrustManager.getInstance(); if (trustManager != null) { logger.fine("Register Certificate " + certState); trustManager.registerCertificate(certState); } }