public synchronized boolean isValidCertificate(Certificate certificate, String host, int port) { if (keyStore == null) { return false; } try { Certificate storedCert = keyStore.getCertificate(getCertKey(host, port)); return (storedCert != null && storedCert.equals(certificate)); } catch (KeyStoreException e) { return false; } }
@Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws CertificateException { if (certs == null || certs.length == 0) { throw new IllegalArgumentException("null or zero-length certificate chain"); } if (authType == null || authType.length() == 0) { throw new IllegalArgumentException("null or zero-length authentication type"); } //Check if certificate send is your CA's if(!certs[0].equals(caCertificate)){ try { //Not your CA's. Check if it has been signed by your CA certs[0].verify(caCertificate.getPublicKey()) } catch(Exception e){ throw new CertificateException("Certificate not trusted",e); } } //If we end here certificate is trusted. Check if it has expired. try{ certs[0].checkValidity(); } catch(Exception e){ throw new CertificateException("Certificate not trusted. It has expired",e); } }
for (int j=0; j<localCerts.length; j++) { if (certs[i] != null && certs[i].equals(localCerts[j])) { found = true; break;
public static final boolean equals(final Certificate[] a, final Certificate[] b) { if(a == b) { return true; } if(a==null || b==null) { return false; } if(a.length != b.length) { return false; } int i = 0; while( i < a.length && a[i].equals(b[i]) ) { i++; } return i == a.length; } }
@Override public String engineGetCertificateAlias(Certificate cert) { for (String alias : keyCerts.keySet()) { if (keyCerts.get(alias).getCertificate().equals(cert)) { return alias; } } return null; }
@Override public String engineGetCertificateAlias(final Certificate cert) { for (String alias : keyCerts.keySet()) { if (keyCerts.get(alias).getCertificate().equals(cert)) { return alias; } } return null; }
@Override public String engineGetCertificateAlias(Certificate cert) { for (String alias : keyCerts.keySet()) { if (keyCerts.get(alias).getCertificate().equals(cert)) { return alias; } } return null; }
protected PrivateKey getPrivateKey(X509Certificate certificate) throws IOException { try { Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (!keyStore.isKeyEntry(alias)) { continue; } Certificate cert = keyStore.getCertificate(alias); if (cert != null && cert.equals(certificate)) { return (PrivateKey) keyStore.getKey(alias, privateKeyPassword); } } } catch (GeneralSecurityException e) { throw new IOException(e.getMessage()); } return null; }
protected PrivateKey getPrivateKey(X509Certificate certificate) throws IOException { try { Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (!keyStore.isKeyEntry(alias)) { continue; } Certificate cert = keyStore.getCertificate(alias); if (cert != null && cert.equals(certificate)) { return (PrivateKey) keyStore.getKey(alias, privateKeyPassword); } } } catch (GeneralSecurityException e) { throw new IOException(e.getMessage()); } return null; }
protected PrivateKey getPrivateKey(X509Certificate certificate) throws IOException { try { Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (!keyStore.isKeyEntry(alias)) { continue; } Certificate cert = keyStore.getCertificate(alias); if (cert != null && cert.equals(certificate)) { return (PrivateKey) keyStore.getKey(alias, privateKeyPassword); } } } catch (GeneralSecurityException e) { throw new IOException(e.getMessage()); } return null; }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
public boolean equals(Object obj) { if (!(obj instanceof SignerInfo)) return false; if (obj == this) return true; SignerInfo other = (SignerInfo) obj; if (!mdAlgorithm.equals(other.getMessageDigestAlgorithm())) return false; Certificate[] otherCerts = other.getCertificateChain(); if (otherCerts.length != chain.length) return false; for (int i = 0; i < chain.length; i++) if (!chain[i].equals(otherCerts[i])) return false; return trustAnchor == null ? other.getTrustAnchor() == null : trustAnchor.equals(other.getTrustAnchor()); } }
@Override public void verifyCertificate(CertificateMessage message, DTLSSession session) throws HandshakeException { // As specify in the LWM2M spec 1.0, we only support "domain-issued certificate" usage // Defined in : https://tools.ietf.org/html/rfc6698#section-2.1.1 (3 -- Certificate usage 3) // Get server certificate from certificate message if (message.getCertificateChain().getCertificates().size() == 0) { AlertMessage alert = new AlertMessage(AlertLevel.FATAL, AlertDescription.BAD_CERTIFICATE, session.getPeer()); throw new HandshakeException("Certificate chain could not be validated", alert); } Certificate receivedServerCertificate = message.getCertificateChain().getCertificates().get(0); // Validate certificate if (!expectedServerCertificate.equals(receivedServerCertificate)) { AlertMessage alert = new AlertMessage(AlertLevel.FATAL, AlertDescription.BAD_CERTIFICATE, session.getPeer()); throw new HandshakeException("Certificate chain could not be validated", alert); } }
/** * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getCertificate(java.lang.String, java.lang.String)}. * @throws CMException */ @Test public void testGetCertificate() throws CMException { String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); // Get certificate from the Keystore associated with the private key we just inserted Certificate privateKeyCertificate = credentialManager.getCertificate(CredentialManager.KeystoreType.KEYSTORE, alias); assertNotNull(privateKeyCertificate); assertTrue(privateKeyCertChain[0].equals(privateKeyCertificate)); // We should also have some trusted certificates in the Truststore // Need to get their aliases ArrayList<String> truststoreAliases = credentialManager.getAliases(CredentialManager.KeystoreType.TRUSTSTORE); assertTrue(!truststoreAliases.isEmpty()); // Just get the first one Certificate trustedCertificate = credentialManager.getCertificate(CredentialManager.KeystoreType.TRUSTSTORE, truststoreAliases.get(0)); assertNotNull(trustedCertificate); }