List of usage examples for java.security KeyStore getCertificate
public final Certificate getCertificate(String alias) throws KeyStoreException
From source file:org.codice.ddf.security.common.Security.java
/** * Gets the {@link Subject} associated with this system. Uses a cached subject since the subject * will not change between calls.//from ww w .ja va 2s. c o m * * @return system's {@link Subject} */ public synchronized Subject getSystemSubject() { if (!tokenAboutToExpire(cachedSystemSubject)) { return cachedSystemSubject; } KeyStore keyStore = getSystemKeyStore(); String alias = null; Certificate cert = null; try { if (keyStore != null) { if (keyStore.size() == 1) { alias = keyStore.aliases().nextElement(); } else if (keyStore.size() > 1) { alias = getCertificateAlias(); } cert = keyStore.getCertificate(alias); } } catch (KeyStoreException e) { LOGGER.error("Unable to get certificate for alias [{}]", alias, e); return null; } if (cert == null) { LOGGER.error("Unable to get certificate for alias [{}]", alias); return null; } PKIAuthenticationTokenFactory pkiTokenFactory = createPKITokenFactory(); PKIAuthenticationToken pkiToken = pkiTokenFactory.getTokenFromCerts( new X509Certificate[] { (X509Certificate) cert }, PKIAuthenticationToken.DEFAULT_REALM); if (pkiToken != null) { SecurityManager securityManager = getSecurityManager(); if (securityManager != null) { try { cachedSystemSubject = securityManager.getSubject(pkiToken); } catch (SecurityServiceException sse) { LOGGER.error("Unable to request subject for system user.", sse); } } } return cachedSystemSubject; }
From source file:org.nuxeo.ecm.platform.signature.core.pki.CertServiceImpl.java
@Override public X509Certificate getCertificate(KeyStore ks, String certificateAlias) throws CertException { X509Certificate certificate = null; try {/*from www .j a va 2s . c o m*/ if (ks == null) { throw new CertException("Keystore missing for " + certificateAlias); } if (ks.containsAlias(certificateAlias)) { certificate = (X509Certificate) ks.getCertificate(certificateAlias); } else { throw new CertException("Certificate not found"); } } catch (KeyStoreException e) { throw new CertException(e); } return certificate; }
From source file:test.integ.be.e_contract.mycarenet.ehbox.EHealthBoxClientTest.java
@Test public void testGetMessageWithAttachments() throws Exception { // STS//from w w w .j a v a2 s. co m EHealthSTSClient client = new EHealthSTSClient("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService"); Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null); PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); KeyStore eHealthKeyStore = KeyStore.getInstance("PKCS12"); FileInputStream fileInputStream = new FileInputStream(this.config.getEHealthPKCS12Path()); eHealthKeyStore.load(fileInputStream, this.config.getEHealthPKCS12Password().toCharArray()); Enumeration<String> aliasesEnum = eHealthKeyStore.aliases(); String alias = aliasesEnum.nextElement(); X509Certificate eHealthCertificate = (X509Certificate) eHealthKeyStore.getCertificate(alias); PrivateKey eHealthPrivateKey = (PrivateKey) eHealthKeyStore.getKey(alias, this.config.getEHealthPKCS12Password().toCharArray()); List<Attribute> attributes = new LinkedList<Attribute>(); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributes.add(new Attribute("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); List<AttributeDesignator> attributeDesignators = new LinkedList<AttributeDesignator>(); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")); attributeDesignators .add(new AttributeDesignator("urn:be:fgov:identification-namespace", "urn:be:fgov:person:ssin")); attributeDesignators.add(new AttributeDesignator("urn:be:fgov:certified-namespace:ehealth", "urn:be:fgov:person:ssin:nurse:boolean")); Element assertion = client.requestAssertion(authnCertificate, authnPrivateKey, eHealthCertificate, eHealthPrivateKey, attributes, attributeDesignators); assertNotNull(assertion); String assertionString = client.toString(assertion); // eHealthBox EHealthBoxConsultationClient eHealthBoxClient = new EHealthBoxConsultationClient( "https://services-acpt.ehealth.fgov.be/ehBoxConsultation/v3"); eHealthBoxClient.setCredentials(eHealthPrivateKey, assertionString); eHealthBoxClient.getBoxInfo(); GetMessageListResponseType messageList = eHealthBoxClient.getMessagesList(); for (Message message : messageList.getMessage()) { String messageId = message.getMessageId(); LOG.debug("message id: " + messageId); String request = "<ehbox:GetFullMessageRequest xmlns:ehbox=\"urn:be:fgov:ehealth:ehbox:consultation:protocol:v3\">" + "<Source>INBOX</Source>" + "<MessageId>" + messageId + "</MessageId>" + "</ehbox:GetFullMessageRequest>"; String response = eHealthBoxClient.invoke(request); LOG.debug("response message: " + response); JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); AttachmentUnmarshaller attachmentUnmarshaller = new SOAPAttachmentUnmarshaller( eHealthBoxClient.getMessageAttachments()); unmarshaller.setAttachmentUnmarshaller(attachmentUnmarshaller); JAXBElement<GetFullMessageResponseType> getFullMessageResponseElement = (JAXBElement<GetFullMessageResponseType>) unmarshaller .unmarshal(new StringReader(response)); GetFullMessageResponseType getFullMessageResponse = getFullMessageResponseElement.getValue(); DataHandler dataHandler = getFullMessageResponse.getMessage().getContentContext().getContent() .getDocument().getEncryptableBinaryContent(); LOG.debug("has data handler: " + (null != dataHandler)); byte[] data = IOUtils.toByteArray(dataHandler.getInputStream()); LOG.debug("data: " + new String(data)); } }
From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java
private List<Certificate> buildCertChainList(String alias, KeyStore store) throws KeystoreEditorException { try {/*from w ww . j a v a2s .c o m*/ Certificate certificate = store.getCertificate(alias); if (certificate != null) { X500Name x500nameSubject = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject(); RDN subjectCn = x500nameSubject.getRDNs(BCStyle.CN)[0]; X500Name x500nameIssuer = new JcaX509CertificateHolder((X509Certificate) certificate).getIssuer(); RDN issuerCn = x500nameIssuer.getRDNs(BCStyle.CN)[0]; String issuer = IETFUtils.valueToString(issuerCn.getFirst().getValue()); String subject = IETFUtils.valueToString(subjectCn.getFirst().getValue()); if (StringUtils.isBlank(issuer) || issuer.equals(subject)) { List<Certificate> certificates = new ArrayList<>(); certificates.add(certificate); return certificates; } else { List<Certificate> certificates = buildCertChainList(issuer, store); certificates.add(certificate); return certificates; } } else { return new ArrayList<>(); } } catch (CertificateEncodingException | KeyStoreException e) { throw new KeystoreEditorException("Unable to build cert chain list.", e); } }
From source file:org.wso2.carbon.apimgt.impl.utils.CertificateMgtUtils.java
/** * Retrieve the certificate which is represented by the given alias. * * @param alias : The alias of the required certificate. * @return : The Certificate as a ByteArrayInputStream. * @throws CertificateManagementException : *//*from w w w .j a va 2s .c o m*/ public ByteArrayInputStream getCertificateContent(String alias) throws CertificateManagementException { File trustStoreFile = new File(TRUST_STORE); Certificate certificate; try { localTrustStoreStream = new FileInputStream(trustStoreFile); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(localTrustStoreStream, TRUST_STORE_PASSWORD); if (trustStore.containsAlias(alias)) { certificate = trustStore.getCertificate(alias); return new ByteArrayInputStream(certificate.getEncoded()); } } catch (IOException e) { throw new CertificateManagementException("Error in loading the certificate.", e); } catch (CertificateException e) { throw new CertificateManagementException("Error loading certificate.", e); } catch (NoSuchAlgorithmException e) { throw new CertificateManagementException("Could not find the algorithm to load the certificate.", e); } catch (KeyStoreException e) { throw new CertificateManagementException("Error reading certificate contents.", e); } finally { closeStreams(localTrustStoreStream); } return null; }
From source file:eu.eidas.auth.engine.SAMLEngineUtils.java
public static List<Credential> getListOfCredential(KeyStore keyStore) throws SAMLEngineException { final List<Credential> trustCred = new ArrayList<Credential>(); try {/* w ww .j a va 2 s .co m*/ String aliasCert = null; X509Certificate certificate; for (final Enumeration<String> e = keyStore.aliases(); e.hasMoreElements();) { aliasCert = e.nextElement(); final BasicX509Credential credential = new BasicX509Credential(); certificate = (X509Certificate) keyStore.getCertificate(aliasCert); credential.setEntityCertificate(certificate); trustCred.add(credential); } } catch (KeyStoreException e) { LOG.warn("ERROR : KeyStoreException.", e.getMessage()); LOG.debug("ERROR : KeyStoreException.", e); throw new SAMLEngineException(e); } return trustCred; }
From source file:net.solarnetwork.node.setup.impl.DefaultKeystoreService.java
private X509Certificate getNodeCertificate(KeyStore keyStore) { X509Certificate nodeCert;/*from w w w .ja v a2 s .c om*/ try { nodeCert = (X509Certificate) keyStore.getCertificate(nodeAlias); } catch (KeyStoreException e) { throw new CertificateException("Error opening node certificate", e); } return nodeCert; }
From source file:net.solarnetwork.node.setup.impl.DefaultKeystoreService.java
private X509Certificate getCACertificate(KeyStore keyStore) { X509Certificate nodeCert;/*from w ww . j ava 2 s. c o m*/ try { nodeCert = (X509Certificate) keyStore.getCertificate(caAlias); } catch (KeyStoreException e) { throw new CertificateException("Error opening node certificate", e); } return nodeCert; }
From source file:nl.afas.cordova.plugin.secureLocalStorage.SecureLocalStorage.java
private void checkValidity() throws SecureLocalStorageException { try {/*w w w . j av a2 s. co m*/ KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); if (keyStore.containsAlias(SECURELOCALSTORAGEALIAS)) { Certificate c = keyStore.getCertificate(SECURELOCALSTORAGEALIAS); if (c.getType().equals("X.509")) { ((X509Certificate) c).checkValidity(); } } } catch (Exception e) { throw new SecureLocalStorageException(e.getMessage(), e); } }
From source file:org.votingsystem.web.ejb.SignatureBean.java
public KeyStoreInfo getKeyStoreInfo(byte[] keyStoreBytes, String keyAlias) throws Exception { KeyStore keyStore = KeyStoreUtil.getKeyStoreFromBytes(keyStoreBytes, password.toCharArray()); PrivateKey privateKeySigner = (PrivateKey) keyStore.getKey(keyAlias, password.toCharArray()); X509Certificate certSigner = (X509Certificate) keyStore.getCertificate(keyAlias); return new KeyStoreInfo(keyStore, privateKeySigner, certSigner); }