List of usage examples for java.security.cert CertificateEncodingException getMessage
public String getMessage()
From source file:org.springframework.security.saml.trust.UntrustedCertificateException.java
private static void appendCertificate(X509Certificate x509Certificate, StringBuilder sb) { sb.append("-----BEGIN CERTIFICATE-----\n"); try {/*from www . j a va 2 s . com*/ String certificate = new String(Base64.encodeBase64(x509Certificate.getEncoded())); int i = 0; while (true) { int j = i + 76; if (j < certificate.length()) { sb.append(certificate.substring(i, j)).append("\n"); i = j; } else { sb.append(certificate.substring(i)).append("\n"); break; } } } catch (CertificateEncodingException e) { sb.append("Cannot encode: ").append(e.getMessage()); } sb.append("-----END CERTIFICATE-----\n"); }
From source file:com.vangent.hieos.services.sts.util.STSUtil.java
/** * * @param certificate//from w ww .j a va2 s .co m * @param addCertificate * @param addPublicKey * @return * @throws STSException */ static public KeyInfo getKeyInfo(X509Certificate certificate, boolean addCertificate, boolean addPublicKey) throws STSException { // Place the Certificate (public portion) for the issuer in the KeyInfo response. KeyInfo keyInfo = (KeyInfo) STSUtil.createXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); if (addPublicKey) { KeyInfoHelper.addPublicKey(keyInfo, certificate.getPublicKey()); } try { if (addCertificate) { KeyInfoHelper.addCertificate(keyInfo, certificate); } } catch (CertificateEncodingException ex) { throw new STSException("Unable to encode certificate: " + ex.getMessage()); } return keyInfo; }
From source file:be.fedict.eid.dss.ws.DSSUtil.java
/** * Adds a DSS Verification Report to specified optional output element from * the specified list of {@link SignatureInfo}'s * // ww w . j a v a 2s . c om * @param optionalOutput * optional output to add verification report to * @param signatureInfos * signature infos to use in verification report. */ public static void addVerificationReport(AnyType optionalOutput, List<SignatureInfo> signatureInfos) { LOG.debug("return verification report"); VerificationReportType verificationReport = vrObjectFactory.createVerificationReportType(); List<IndividualReportType> individualReports = verificationReport.getIndividualReport(); for (SignatureInfo signatureInfo : signatureInfos) { X509Certificate signerCertificate = signatureInfo.getSigner(); IndividualReportType individualReport = vrObjectFactory.createIndividualReportType(); individualReports.add(individualReport); SignedObjectIdentifierType signedObjectIdentifier = vrObjectFactory.createSignedObjectIdentifierType(); individualReport.setSignedObjectIdentifier(signedObjectIdentifier); SignedPropertiesType signedProperties = vrObjectFactory.createSignedPropertiesType(); signedObjectIdentifier.setSignedProperties(signedProperties); SignedSignaturePropertiesType signedSignatureProperties = vrObjectFactory .createSignedSignaturePropertiesType(); signedProperties.setSignedSignatureProperties(signedSignatureProperties); GregorianCalendar calendar = new GregorianCalendar(); calendar.setTime(signatureInfo.getSigningTime()); signedSignatureProperties.setSigningTime(datatypeFactory.newXMLGregorianCalendar(calendar)); be.fedict.eid.dss.ws.profile.vr.jaxb.dss.Result individualResult = vrDssObjectFactory.createResult(); individualReport.setResult(individualResult); individualResult.setResultMajor(DSSConstants.RESULT_MAJOR_SUCCESS); individualResult.setResultMinor(DSSConstants.RESULT_MINOR_VALID_SIGNATURE); be.fedict.eid.dss.ws.profile.vr.jaxb.dss.AnyType details = vrDssObjectFactory.createAnyType(); individualReport.setDetails(details); DetailedSignatureReportType detailedSignatureReport = vrObjectFactory .createDetailedSignatureReportType(); details.getAny().add(vrObjectFactory.createDetailedSignatureReport(detailedSignatureReport)); VerificationResultType formatOKVerificationResult = vrObjectFactory.createVerificationResultType(); formatOKVerificationResult.setResultMajor(DSSConstants.VR_RESULT_MAJOR_VALID); detailedSignatureReport.setFormatOK(formatOKVerificationResult); SignatureValidityType signatureOkSignatureValidity = vrObjectFactory.createSignatureValidityType(); detailedSignatureReport.setSignatureOK(signatureOkSignatureValidity); VerificationResultType sigMathOkVerificationResult = vrObjectFactory.createVerificationResultType(); signatureOkSignatureValidity.setSigMathOK(sigMathOkVerificationResult); sigMathOkVerificationResult.setResultMajor(DSSConstants.VR_RESULT_MAJOR_VALID); if (null != signatureInfo.getRole()) { PropertiesType properties = vrObjectFactory.createPropertiesType(); detailedSignatureReport.setProperties(properties); SignedPropertiesType vrSignedProperties = vrObjectFactory.createSignedPropertiesType(); properties.setSignedProperties(vrSignedProperties); SignedSignaturePropertiesType vrSignedSignatureProperties = vrObjectFactory .createSignedSignaturePropertiesType(); vrSignedProperties.setSignedSignatureProperties(vrSignedSignatureProperties); vrSignedSignatureProperties.setSigningTime(datatypeFactory.newXMLGregorianCalendar(calendar)); SignerRoleType signerRole = vrObjectFactory.createSignerRoleType(); vrSignedSignatureProperties.setSignerRole(signerRole); ClaimedRolesListType claimedRolesList = vrXadesObjectFactory.createClaimedRolesListType(); signerRole.setClaimedRoles(claimedRolesList); be.fedict.eid.dss.ws.profile.vr.jaxb.xades.AnyType claimedRoleAny = vrXadesObjectFactory .createAnyType(); claimedRolesList.getClaimedRole().add(claimedRoleAny); claimedRoleAny.getContent().add(signatureInfo.getRole()); } CertificatePathValidityType certificatePathValidity = vrObjectFactory .createCertificatePathValidityType(); detailedSignatureReport.setCertificatePathValidity(certificatePathValidity); VerificationResultType certPathVerificationResult = vrObjectFactory.createVerificationResultType(); certPathVerificationResult.setResultMajor(DSSConstants.VR_RESULT_MAJOR_VALID); certificatePathValidity.setPathValiditySummary(certPathVerificationResult); X509IssuerSerialType certificateIdentifier = vrXmldsigObjectFactory.createX509IssuerSerialType(); certificatePathValidity.setCertificateIdentifier(certificateIdentifier); certificateIdentifier.setX509IssuerName(signerCertificate.getIssuerX500Principal().toString()); certificateIdentifier.setX509SerialNumber(signerCertificate.getSerialNumber()); CertificatePathValidityVerificationDetailType certificatePathValidityVerificationDetail = vrObjectFactory .createCertificatePathValidityVerificationDetailType(); certificatePathValidity.setPathValidityDetail(certificatePathValidityVerificationDetail); CertificateValidityType certificateValidity = vrObjectFactory.createCertificateValidityType(); certificatePathValidityVerificationDetail.getCertificateValidity().add(certificateValidity); certificateValidity.setCertificateIdentifier(certificateIdentifier); certificateValidity.setSubject(signerCertificate.getSubjectX500Principal().toString()); VerificationResultType chainingOkVerificationResult = vrObjectFactory.createVerificationResultType(); certificateValidity.setChainingOK(chainingOkVerificationResult); chainingOkVerificationResult.setResultMajor(DSSConstants.VR_RESULT_MAJOR_VALID); VerificationResultType validityPeriodOkVerificationResult = vrObjectFactory .createVerificationResultType(); certificateValidity.setValidityPeriodOK(validityPeriodOkVerificationResult); validityPeriodOkVerificationResult.setResultMajor(DSSConstants.VR_RESULT_MAJOR_VALID); VerificationResultType extensionsOkVerificationResult = vrObjectFactory.createVerificationResultType(); certificateValidity.setExtensionsOK(extensionsOkVerificationResult); extensionsOkVerificationResult.setResultMajor(DSSConstants.VR_RESULT_MAJOR_VALID); try { certificateValidity.setCertificateValue(signerCertificate.getEncoded()); } catch (CertificateEncodingException e) { throw new RuntimeException("X509 encoding error: " + e.getMessage(), e); } certificateValidity.setSignatureOK(signatureOkSignatureValidity); CertificateStatusType certificateStatus = vrObjectFactory.createCertificateStatusType(); certificateValidity.setCertificateStatus(certificateStatus); VerificationResultType certStatusOkVerificationResult = vrObjectFactory.createVerificationResultType(); certificateStatus.setCertStatusOK(certStatusOkVerificationResult); certStatusOkVerificationResult.setResultMajor(DSSConstants.VR_RESULT_MAJOR_VALID); } Document newDocument = documentBuilder.newDocument(); Element newElement = newDocument.createElement("newNode"); try { vrMarshaller.marshal(vrObjectFactory.createVerificationReport(verificationReport), newElement); } catch (JAXBException e) { throw new RuntimeException("JAXB error: " + e.getMessage(), e); } Element verificationReportElement = (Element) newElement.getFirstChild(); optionalOutput.getAny().add(verificationReportElement); }
From source file:be.fedict.eid.applet.service.signer.facets.XAdESSignatureFacet.java
/** * Gives back the JAXB CertID data structure. * /*w ww. jav a 2s. co m*/ * @param certificate * @param xadesObjectFactory * @param xmldsigObjectFactory * @param digestAlgorithm * @return */ public static CertIDType getCertID(X509Certificate certificate, ObjectFactory xadesObjectFactory, be.fedict.eid.applet.service.signer.jaxb.xmldsig.ObjectFactory xmldsigObjectFactory, DigestAlgo digestAlgorithm, boolean issuerNameNoReverseOrder) { CertIDType certId = xadesObjectFactory.createCertIDType(); X509IssuerSerialType issuerSerial = xmldsigObjectFactory.createX509IssuerSerialType(); certId.setIssuerSerial(issuerSerial); String issuerName; if (issuerNameNoReverseOrder) { try { /* * Make sure the DN is encoded using the same order as present * within the certificate. This is an Office2010 work-around. * Should be reverted back. * * XXX: not correct according to RFC 4514. */ issuerName = PrincipalUtil.getIssuerX509Principal(certificate).getName().replace(",", ", "); } catch (CertificateEncodingException e) { throw new RuntimeException("cert encoding error: " + e.getMessage(), e); } } else { issuerName = certificate.getIssuerX500Principal().toString(); } issuerSerial.setX509IssuerName(issuerName); issuerSerial.setX509SerialNumber(certificate.getSerialNumber()); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("certificate encoding error: " + e.getMessage(), e); } DigestAlgAndValueType certDigest = getDigestAlgAndValue(encodedCertificate, xadesObjectFactory, xmldsigObjectFactory, digestAlgorithm); certId.setCertDigest(certDigest); return certId; }
From source file:be.fedict.eid.dss.spi.utils.XAdESUtils.java
public static void checkReference(X509Certificate certificate, CompleteCertificateRefsType completeCertificateRefs) throws XAdESValidationException { byte[] encodedCert; try {/*from ww w. ja v a 2s . com*/ encodedCert = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new XAdESValidationException("X509 encoding error: " + e.getMessage(), e); } CertIDListType certIDList = completeCertificateRefs.getCertRefs(); if (null == certIDList) { throw new XAdESValidationException("missing CertRefs"); } for (CertIDType certID : certIDList.getCert()) { DigestAlgAndValueType digestAlgAndValue = certID.getCertDigest(); String xmlDigestAlgo = digestAlgAndValue.getDigestMethod().getAlgorithm(); MessageDigest messageDigest; try { messageDigest = MessageDigest.getInstance(getDigestAlgo(xmlDigestAlgo)); } catch (NoSuchAlgorithmException e) { throw new XAdESValidationException("message digest algo error: " + e.getMessage(), e); } byte[] expectedDigestValue = messageDigest.digest(encodedCert); byte[] refDigestValue = digestAlgAndValue.getDigestValue(); if (Arrays.equals(expectedDigestValue, refDigestValue)) { return; } } throw new XAdESValidationException("X509 certificate not referenced"); }
From source file:de.duenndns.ssl.MemorizingTrustManager.java
private static String certHash(final X509Certificate cert, String digest) { try {//from w w w . j av a 2 s . c o m MessageDigest md = MessageDigest.getInstance(digest); md.update(cert.getEncoded()); return hexString(md.digest()); } catch (java.security.cert.CertificateEncodingException e) { return e.getMessage(); } catch (java.security.NoSuchAlgorithmException e) { return e.getMessage(); } }
From source file:be.fedict.trust.MemoryCertificateRepository.java
private String getFingerprint(X509Certificate certificate) { byte[] encodedCertificate; try {//from ww w .ja va 2 s . c om encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new IllegalArgumentException("certificate encoding error: " + e.getMessage(), e); } String fingerprint = DigestUtils.shaHex(encodedCertificate); return fingerprint; }
From source file:be.fedict.trust.repository.MemoryCertificateRepository.java
private String getFingerprint(X509Certificate certificate) { byte[] encodedCertificate; try {/*from www . j a va2s .c om*/ encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new IllegalArgumentException("certificate encoding error: " + e.getMessage(), e); } String fingerprint = DigestUtils.sha1Hex(encodedCertificate); return fingerprint; }
From source file:be.fedict.trust.MemoryCertificateRepository.java
public boolean isTrustPoint(X509Certificate certificate) { String fingerprint = getFingerprint(certificate); X509Certificate trustPoint = this.trustPoints.get(fingerprint); if (null == trustPoint) { return false; }/*from www. j a v a2s. c om*/ try { /* * We cannot used certificate.equals(trustPoint) here as the * certificates might be loaded by different security providers. */ return Arrays.equals(certificate.getEncoded(), trustPoint.getEncoded()); } catch (CertificateEncodingException e) { throw new IllegalArgumentException("certificate encoding error: " + e.getMessage(), e); } }
From source file:be.fedict.trust.repository.MemoryCertificateRepository.java
@Override public boolean isTrustPoint(X509Certificate certificate) { String fingerprint = getFingerprint(certificate); X509Certificate trustPoint = this.trustPoints.get(fingerprint); if (null == trustPoint) { return false; }/*from ww w. java 2s .c om*/ try { /* * We cannot used certificate.equals(trustPoint) here as the * certificates might be loaded by different security providers. */ return Arrays.equals(certificate.getEncoded(), trustPoint.getEncoded()); } catch (CertificateEncodingException e) { throw new IllegalArgumentException("certificate encoding error: " + e.getMessage(), e); } }