/** * Converts a byte stream to an X509Certificate. The byte stream can either be an encoded X509Certificate or a PKCS12 byte stream. * <p> * If the stream is a PKCS12 representation, then an empty ("") pass phrase is used to decrypt the stream. In addition the resulting X509Certificate * implementation will contain the private key. * @param data The byte stream representation to convert. * @return An X509Certificate representation of the byte stream. */ public static X509Certificate toX509Certificate(byte[] data) { return toX509Certificate(data, ""); }
/** * Converts a raw byte array that is in the Certificate data store format to a CertContainer. * @param data The raw byte data that is stored in the Certificate data store. * @return A CertContainer object representation of the byte data. * @throws CertificateConversionException */ public static CertContainer toCertContainer(byte[] data) throws CertificateConversionException { return toCertContainer(data, "".toCharArray(), "".toCharArray()); }
/** * Takes a PKCS12 byte stream and returns a PKCS12 byte stream with the pass phrase protection and encryption removed. * @param bytes The PKCS12 byte stream that will be stripped. * @param passphrase The pass phrase of the PKCS12 byte stream. This is used to decrypt the PKCS12 stream. * @return A PKCS12 byte stream representation of the original PKCS12 stream with the pass phrase protection and encryption removed. */ public static byte[] pkcs12ToStrippedPkcs12(byte[] bytes, String passphrase) { return changePkcs12Protection(bytes, passphrase.toCharArray(), passphrase.toCharArray(), "".toCharArray(), "".toCharArray()); }
@Test public void testWrapToRawBytes_signedBytesInSize_assertConverted() throws Exception { final byte[] rawP12 = FileUtils.readFileToByteArray(new File("./src/test/resources/certs/certCheckA.p12")); final CertUtils.CertContainer cont = CertUtils.toCertContainer(rawP12); byte[] rawBytes = CertUtils.certAndWrappedKeyToRawByteFormat(cont.getKey().getEncoded(), cont.getCert()); assertNotNull(rawBytes); // convert back; final CertContainer container = CertUtils.toCertContainer(rawBytes); assertEquals(cont.getCert(), container.getCert()); assertTrue(Arrays.equals(cont.getKey().getEncoded(), container.getWrappedKeyData())); assertNull(container.getKey()); } }
public static org.nhindirect.config.store.Certificate toEntityCertificate(Certificate cert) throws CertificateException { if (cert == null) return null; final org.nhindirect.config.store.Certificate retVal = new org.nhindirect.config.store.Certificate(); retVal.setOwner(cert.getOwner()); retVal.setCreateTime(cert.getCreateTime()); retVal.setData(cert.getData()); retVal.setId(cert.getId()); if (cert.getStatus() != null) retVal.setStatus(org.nhindirect.config.store.EntityStatus.valueOf(cert.getStatus().toString())); final CertContainer cont = CertUtils.toCertContainer(retVal.getData()); final Calendar endDate = Calendar.getInstance(Locale.getDefault()); endDate.setTime(cont.getCert().getNotAfter()); retVal.setValidEndDate(endDate); final Calendar startDate = Calendar.getInstance(Locale.getDefault()); startDate.setTime(cont.getCert().getNotBefore()); retVal.setValidStartDate(startDate); return retVal; }
@Test public void saveWithCertAndPrivKeyData() throws Exception { cleanDatabase(); final byte[] certData = FileUtils.readFileToByteArray(new File("./src/test/resources/certs/gm2552.der")); final byte[] keyData = FileUtils.readFileToByteArray(new File("./src/test/resources/certs/gm2552Key.der")); Certificate addCert = new Certificate(); addCert.setData(CertUtils.certAndWrappedKeyToRawByteFormat(keyData, CertUtils.toX509Certificate(certData))); addCert.setOwner("gm2552@cerner.com"); certificateDao.save(addCert); final Collection<Certificate> certificates = certificateDao.list((String)null); assertEquals(1, certificates.size()); final Certificate cert = certificates.iterator().next(); assertTrue(cert.isPrivateKey()); CertUtils.CertContainer container = CertUtils.toCertContainer(certData); assertEquals(container.getCert(), CertUtils.toCertContainer(cert.getData()).getCert()); }
public void addCertificates(Collection<Certificate> certs) throws ConfigurationServiceException { if (certs != null && certs.size() > 0) for (Certificate cert : certs) { if ((cert.getOwner() == null || cert.getOwner().isEmpty()) && cert.getData() != null) { // get the owner from the certificate information // first transform into a certificate CertUtils.CertContainer cont = CertUtils.toCertContainer(cert.getData()); if (cont != null && cont.getCert() != null) { // now get the owner info from the cert String theOwner = CertUtils.getOwner(cont.getCert()); if (theOwner != null && !theOwner.isEmpty()) cert.setOwner(theOwner); } } dao.save(cert); } }
@Test public void testSetData_setCertAndKeyData() throws Exception { final byte[] certData = FileUtils.readFileToByteArray(new File("./src/test/resources/certs/gm2552.der")); final byte[] keyData = FileUtils.readFileToByteArray(new File("./src/test/resources/certs/gm2552Key.der")); final byte[] rawCertData = CertUtils.certAndWrappedKeyToRawByteFormat(keyData, CertUtils.toX509Certificate(certData)); Certificate cert = new Certificate(); cert.setData(rawCertData); // just make sure an exception didn't happen here } }
return fromWire(rec.toWireCanonical());
@Test public void testWrapToRawBytes_assertConverted() throws Exception { final byte[] key = FileUtils.readFileToByteArray(new File("./src/test/resources/certs/gm2552Key.der")); final X509Certificate cert = CertUtils.toX509Certificate(FileUtils.readFileToByteArray(new File("./src/test/resources/certs/gm2552.der"))); byte[] rawBytes = CertUtils.certAndWrappedKeyToRawByteFormat(key, cert); assertNotNull(rawBytes); // convert back; final CertContainer container = CertUtils.toCertContainer(rawBytes); assertEquals(cert, container.getCert()); assertTrue(Arrays.equals(key, container.getWrappedKeyData())); assertNull(container.getKey()); }
public static org.nhindirect.config.store.Certificate toEntityCertificate(Certificate cert) throws CertificateException { if (cert == null) return null; final org.nhindirect.config.store.Certificate retVal = new org.nhindirect.config.store.Certificate(); retVal.setOwner(cert.getOwner()); retVal.setCreateTime(cert.getCreateTime()); retVal.setData(cert.getData()); retVal.setId(cert.getId()); if (cert.getStatus() != null) retVal.setStatus(org.nhindirect.config.store.EntityStatus.valueOf(cert.getStatus().toString())); final CertContainer cont = CertUtils.toCertContainer(retVal.getData()); final Calendar endDate = Calendar.getInstance(Locale.getDefault()); endDate.setTime(cont.getCert().getNotAfter()); retVal.setValidEndDate(endDate); final Calendar startDate = Calendar.getInstance(Locale.getDefault()); startDate.setTime(cont.getCert().getNotBefore()); retVal.setValidStartDate(startDate); return retVal; }
@Test public void testStripP12ProtectionTest_X509CertAndWrappedData_noMager_assertX509Returned() throws Exception { cleanDatabase(); final byte[] certData = loadCertificateData("gm2552.der"); final byte[] keyData = loadCertificateData("gm2552Key.der"); Certificate addCert = new Certificate(); addCert.setData(CertUtils.certAndWrappedKeyToRawByteFormat(keyData, CertUtils.toX509Certificate(certData))); addCert.setOwner("gm2552@cerner.com"); certificateDao.save(addCert); final Collection<Certificate> certificates = certificateDao.list((String)null); assertEquals(1, certificates.size()); final Certificate cert = certificates.iterator().next(); assertTrue(cert.isPrivateKey()); CertUtils.CertContainer container = CertUtils.toCertContainer(certData); assertEquals(container.getCert(), CertUtils.toCertContainer(cert.getData()).getCert()); }
/** * Creates an X509Certificate object from an existing file. The file should be a DER encoded representation of the certificate. * @param certFile The file to load into a certificate object. * @return An X509Certificate loaded from the file. */ public X509Certificate certFromFile(String certFile) { final File theCertFile = new File(certFile); try { return toX509Certificate(FileUtils.readFileToByteArray(theCertFile)); } catch (Exception e) { // this is used as a factory method, so just return null if the certificate could not be loaded // instead of throwing an exception, but make sure the error is logged return null; } }
@Test public void testSetData_setWithProtectedData() throws Exception { final byte[] certData = CertificateDaoTest.loadPkcs12FromCertAndKey("gm2552.der", "gm2552Key.der"); final byte[] protectedCertData = CertUtils.changePkcs12Protection(certData, "".toCharArray(), "".toCharArray(), "12345".toCharArray(), "67890".toCharArray()); Certificate cert = new Certificate(); cert.setData(protectedCertData); // just make sure an exception didn't happen here }
/** * Creates a DNS MX record. * @param name The email domain or host used to determine where email should be sent to. * @param target The host server that email should be sent to. * @param ttl The time to live in seconds. * @param priority The priority of the target host. Lower priorities are preferred. * @return A DNSRecord representing an MX type record. * @throws ConfigurationStoreException */ public static DNSRecord createMXRecord(String name, String target, long ttl, int priority) throws DNSRecordCreationException { if (!name.endsWith(".")) name = name + "."; if (!target.endsWith(".")) target = target + "."; try { MXRecord rec = new MXRecord(Name.fromString(name), DClass.IN, ttl, priority, Name.fromString(target)); return fromWire(rec.toWireCanonical()); } catch (Exception e) { throw new DNSRecordCreationException("Failed to create DNS MX record: " + e.getMessage(), e); } }
container = CertUtils.toCertContainer(data, keyStorePassPhrase, keyStorePassPhrase); cert = container.getCert(); setPrivateKey(container != null && (container.getKey() != null || container.getWrappedKeyData() != null));
@Test public void testStripP12ProtectionTest_X509CertAndNoManager_assertX509Returned() throws Exception { populateCert("gm2552.der", null); Collection<Certificate> certificates = certificateDao.list((String)null); assertEquals(1, certificates.size()); Certificate cert = certificates.iterator().next(); assertFalse(cert.isPrivateKey()); final byte[] certData = loadCertificateData("gm2552.der"); CertUtils.CertContainer container = CertUtils.toCertContainer(certData); assertEquals(container.getCert(), CertUtils.toCertContainer(cert.getData()).getCert()); }
@Test public void testStripP12ProtectionTest_p12ProtectionWithManager_assertP12Returned() throws Exception { populateCert("gm2552.der", "gm2552Key.der"); Collection<Certificate> certificates = certificateDao.list((String)null); assertEquals(1, certificates.size()); Certificate cert = certificates.iterator().next(); assertTrue(cert.isPrivateKey()); final byte[] certData = CertificateDaoTest.loadPkcs12FromCertAndKey("gm2552.der", "gm2552Key.der"); CertUtils.CertContainer container = CertUtils.toCertContainer(certData); assertEquals(container.getCert(), CertUtils.toCertContainer(cert.getData()).getCert()); }
@Test public void testStripP12ProtectionTest_X509CertAndManager_assertX509Returned() throws Exception { populateCert("gm2552.der", null); Collection<Certificate> certificates = certificateDao.list((String)null); assertEquals(1, certificates.size()); Certificate cert = certificates.iterator().next(); assertFalse(cert.isPrivateKey()); final byte[] certData = loadCertificateData("gm2552.der"); CertUtils.CertContainer container = CertUtils.toCertContainer(certData); assertEquals(container.getCert(), CertUtils.toCertContainer(cert.getData()).getCert()); } }
@Test public void testStripP12ProtectionTest_NoP12ProtectionOrManager_assertP12Returned() throws Exception { populateCert("gm2552.der", "gm2552Key.der"); Collection<Certificate> certificates = certificateDao.list((String)null); assertEquals(1, certificates.size()); Certificate cert = certificates.iterator().next(); assertTrue(cert.isPrivateKey()); final byte[] certData = CertificateDaoTest.loadPkcs12FromCertAndKey("gm2552.der", "gm2552Key.der"); CertUtils.CertContainer container = CertUtils.toCertContainer(certData); assertEquals(container.getCert(), CertUtils.toCertContainer(cert.getData()).getCert()); }