List of usage examples for java.security.cert CertificateFactory getInstance
public static final CertificateFactory getInstance(String type) throws CertificateException
From source file:org.casbah.provider.openssl.OpenSslCAProvider.java
private X509Certificate getCertificate(File certFile) throws CertificateException, FileNotFoundException { FileInputStream fis = new FileInputStream(certFile); CertificateFactory cf = CertificateFactory.getInstance("X.509"); return (X509Certificate) cf.generateCertificate(fis); }
From source file:be.apsu.extremon.probes.tsp.TSPProbe.java
public TSPProbe() throws Exception { this.delay = confInt("delay", DEFAULT_DELAY); this.running = false; getAllowedSignatureOIDs(confStr(ALLOWED_SIGNATURE_CERTIFICATE_ALGORITHMS).split(",")); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); url = new URL(confStr("url")); this.requestGenerator = new TimeStampRequestGenerator(); this.requestGenerator.setCertReq(true); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); String encodedCert = confStr("tsa.certificate"); X509Certificate tsaCert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(encodedCert))); JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); this.signerVerifier = verifierBuilder.build(tsaCert); this.random = new Random(); start();// w w w . j av a 2 s. c o m log("initialized"); }
From source file:org.apache.ofbiz.base.util.KeyStoreUtil.java
public static X509Certificate readCertificate(byte[] certChain) throws CertificateException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais = new ByteArrayInputStream(certChain); return (X509Certificate) cf.generateCertificate(bais); }
From source file:XmldapCertsAndKeys.java
public static X509Certificate getXmldapCert() throws CertificateException { String certB64 = "MIIDXTCCAkUCBEQd+4EwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh" + "bGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDzANBgNVBAoTBnhtbGRhcDERMA8GA1UE" + "CxMIaW5mb2NhcmQxEzARBgNVBAMTCnhtbGRhcC5vcmcwHhcNMDYwMzIwMDA0NjU3WhcNMDYwNjE4" + "MDA0NjU3WjBzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2Fu" + "IEZyYW5jaXNjbzEPMA0GA1UEChMGeG1sZGFwMREwDwYDVQQLEwhpbmZvY2FyZDETMBEGA1UEAxMK" + "eG1sZGFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMnkVA4xfpG0bLos9FO" + "pNBjHAdFahy2cJ7FUwuXd/IShnG+5qF/z1SdPWzRxTtpFFyodtXlBUEIbiT+IbYPZF1vCcBrcFa8" + "Kz/4rBjrpPZgllgA/WSVKjnJvw8q4/tO6CQZSlRlj/ebNK9VyT1kN+MrKV1SGTqaIJ2l+7Rd05WH" + "scwZMPdVWBbRrg76YTfy6H/NlQIArNLZanPvE0Vd5QfD4ZyG2hTh3y7ZlJAUndGJ/kfZw8sKuL9Q" + "Srh4eOTc280NQUmPGz6LP5MXNmu0RxEcomod1+ToKll90yEKFAUKuPYFgm9J+vYm4tzRequLy/nj" + "teRIkcfAdcAtt6PCYjUCAwEAATANBgkqhkiG9w0BAQQFAAOCAQEAURtxiA7qDSq/WlUpWpfWiZ7H" + "vveQrwTaTwV/Fk3l/I9e9WIRN51uFLuiLtZMMwR02BX7Yva1KQ/Gl999cm/0b5hptJ+TU29rVPZI" + "lI32c5vjcuSVoEda8+BRj547jlC0rNokyWm+YtBcDOwfHSPFFwVPPVxyQsVEebsiB6KazFq6iZ8A" + "0F2HLEnpsdFnGrSwBBbH3I3PH65ofrTTgj1Mjk5kA6EVaeefDCtlkX2ogIFMlcS6ruihX2mlCLUS" + "rlPs9TH+M4j/R/LV5QWJ93/X9gsxFrxVFGg3b75EKQP8MZ111/jaeKd80mUOAiTO06EtfjXZPrjP" + "N4e2l05i2EGDUA=="; byte[] certBytes = Base64.decode(certB64); CertificateFactory cf = CertificateFactory.getInstance("X509"); ByteArrayInputStream inStream = new ByteArrayInputStream(certBytes); return (X509Certificate) cf.generateCertificate(inStream); }
From source file:com.netflix.ice.login.saml.Saml.java
public Saml(Properties properties) throws LoginMethodException { super(properties); config = new SamlConfig(properties); for (String signingCert : config.trustedSigningCerts) { try {/*from w ww.j a v a 2 s .co m*/ FileInputStream fis = new FileInputStream(new File(signingCert)); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); Certificate cert = certFactory.generateCertificate(fis); trustedSigningCerts.add(cert); } catch (IOException ioe) { logger.error("Error reading public key " + signingCert + ":" + ioe.toString()); } catch (Exception e) { logger.error("Error decoding public key " + signingCert + ":" + e.toString()); } } try { DefaultBootstrap.bootstrap(); } catch (ConfigurationException ce) { throw new LoginMethodException("Failure to init OpenSAML: " + ce.toString()); } }
From source file:ee.sk.hwcrypto.demo.controller.SigningController.java
@RequestMapping(value = "/identify", method = RequestMethod.POST) public Digest identifyUser(@RequestParam String certificate) { Digest digest = new Digest(); try {//from w w w .j av a 2 s . c om CertificateFactory cf = CertificateFactory.getInstance("X.509"); byte[] bytes = Base64.decode(certificate); InputStream stream = new ByteArrayInputStream(bytes); X509Certificate cert = (X509Certificate) cf.generateCertificate(stream); cert.checkValidity(); digest.setHex(cert.getSubjectDN().getName()); digest.setResult(Result.OK); //TODO create session for user cert.getSubjectDN().getName() return digest; } catch (Exception e) { log.error("Error identify ", e); digest.setResult(Result.ERROR); } return digest; }
From source file:org.apache.synapse.transport.utils.sslcert.crl.CRLVerifier.java
/** * Downloads CRL from the crlUrl. Does not support HTTPS *//*from w ww.j ava 2s .c o m*/ protected X509CRL downloadCRLFromWeb(String crlURL) throws IOException, CertificateVerificationException { InputStream crlStream = null; try { URL url = new URL(crlURL); crlStream = url.openStream(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); return (X509CRL) cf.generateCRL(crlStream); } catch (MalformedURLException e) { throw new CertificateVerificationException("CRL Url is malformed", e); } catch (IOException e) { throw new CertificateVerificationException("Cant reach URI: " + crlURL + " - only support HTTP", e); } catch (CertificateException e) { throw new CertificateVerificationException(e); } catch (CRLException e) { throw new CertificateVerificationException("Cannot generate X509CRL from the " + "stream data", e); } finally { if (crlStream != null) crlStream.close(); } }
From source file:net.sf.jsignpdf.crl.CRLInfo.java
/** * Initialize CRLs (load URLs from certificates and download the CRLs). *///from w w w .j a v a 2 s. c o m private void initCrls() { if (!options.isCrlEnabledX() || crls != null) { return; } LOGGER.info(RES.get("console.readingCRLs")); final Set<String> urls = new HashSet<String>(); for (Certificate cert : certChain) { if (cert instanceof X509Certificate) { urls.addAll(getCrlUrls((X509Certificate) cert)); } } final Set<CRL> crlSet = new HashSet<CRL>(); for (final String urlStr : urls) { try { LOGGER.info(RES.get("console.crlinfo.loadCrl", urlStr)); final URL tmpUrl = new URL(urlStr); final CountingInputStream inStream = new CountingInputStream( tmpUrl.openConnection(options.createProxy()).getInputStream()); final CertificateFactory cf = CertificateFactory.getInstance(Constants.CERT_TYPE_X509); final CRL crl = cf.generateCRL(inStream); final long tmpBytesRead = inStream.getByteCount(); LOGGER.info(RES.get("console.crlinfo.crlSize", String.valueOf(tmpBytesRead))); if (!crlSet.contains(crl)) { byteCount += tmpBytesRead; crlSet.add(crl); } else { LOGGER.info(RES.get("console.crlinfo.alreadyLoaded")); } inStream.close(); } catch (MalformedURLException e) { LOGGER.warn("", e); } catch (IOException e) { LOGGER.warn("", e); } catch (CertificateException e) { LOGGER.warn("", e); } catch (CRLException e) { LOGGER.warn("", e); } } crls = crlSet.toArray(new CRL[crlSet.size()]); }
From source file:org.apache.juddi.v3.client.cryptor.DigSigUtil.java
/** * Expects a properties object containing the desired configuration * * @param config/* w w w .j a v a 2 s . c o m*/ * @throws CertificateException */ public DigSigUtil(Properties config) throws CertificateException { cf = CertificateFactory.getInstance("X.509"); this.map = config; }
From source file:com.amazon.speech.speechlet.authentication.SpeechletRequestSignatureVerifier.java
/** * Retrieves the certificate from the specified URL and confirms that the certificate is valid. * * @param signingCertificateChainUrl// w ww . j av a 2 s . c om * the URL to retrieve the certificate chain from * @return the certificate at the specified URL, if the certificate is valid * @throws CertificateException * if the certificate cannot be retrieve or is invalid */ public static X509Certificate retrieveAndVerifyCertificateChain(final String signingCertificateChainUrl) throws CertificateException { try (InputStream in = getAndVerifySigningCertificateChainUrl(signingCertificateChainUrl).openStream()) { CertificateFactory certificateFactory = CertificateFactory.getInstance(Sdk.SIGNATURE_CERTIFICATE_TYPE); @SuppressWarnings("unchecked") Collection<X509Certificate> certificateChain = (Collection<X509Certificate>) certificateFactory .generateCertificates(in); /* * check the before/after dates on the certificate date to confirm that it is valid on * the current date */ X509Certificate signingCertificate = certificateChain.iterator().next(); signingCertificate.checkValidity(); // check the certificate chain TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore) null); X509TrustManager x509TrustManager = null; for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) { if (trustManager instanceof X509TrustManager) { x509TrustManager = (X509TrustManager) trustManager; } } if (x509TrustManager == null) { throw new IllegalStateException( "No X509 TrustManager available. Unable to check certificate chain"); } else { x509TrustManager.checkServerTrusted( certificateChain.toArray(new X509Certificate[certificateChain.size()]), Sdk.SIGNATURE_KEY_TYPE); } /* * verify Echo API's hostname is specified as one of subject alternative names on the * signing certificate */ if (!subjectAlernativeNameListContainsEchoSdkDomainName( signingCertificate.getSubjectAlternativeNames())) { throw new CertificateException("The provided certificate is not valid for the Echo SDK"); } return signingCertificate; } catch (KeyStoreException | IOException | NoSuchAlgorithmException ex) { throw new CertificateException("Unable to verify certificate at URL: " + signingCertificateChainUrl, ex); } }