List of usage examples for java.security KeyStore getCertificateAlias
public final String getCertificateAlias(Certificate cert) throws KeyStoreException
From source file:org.wso2.carbon.identity.relyingparty.saml.IssuerCertificateUtil.java
private static boolean isInKeyStore(X509Certificate signedCert, KeyStore keyStore) throws Exception { if (signedCert == null || keyStore == null) { throw new RelyingPartyException("invalidInputParams"); }/*from ww w .j a va 2 s . co m*/ // validity period signedCert.checkValidity(); try { if (keyStore.getCertificateAlias(signedCert) != null) { return true; } else { return false; } } catch (KeyStoreException e) { log.error("The keystore has not been initialized", e); throw new RelyingPartyException("errorLoadingTrustedKeystore", e); } }
From source file:org.apache.directory.studio.connection.core.StudioKeyStoreManager.java
private void removeFromKeyStore(X509Certificate certificate, KeyStore keyStore) throws Exception { String alias = keyStore.getCertificateAlias(certificate); if (alias != null) { keyStore.deleteEntry(alias);//from w w w .j av a 2 s. c o m } }
From source file:org.codice.ddf.admin.insecure.defaults.service.KeystoreValidator.java
private void validateAgainstBlacklist(Certificate headCertificate, Certificate certificate, List<Certificate> blacklistedCertificates, KeyStore keystore, int certChainLength) { for (Certificate blackListedCertificate : blacklistedCertificates) { try {/*ww w. j av a2s .co m*/ if (areCertificatesEqual(certificate, blackListedCertificate)) { String msg = null; if (certChainLength > 1) { msg = String.format(CERT_CHAIN_CONTAINS_BLACKLISTED_CERT_MSG, keystore.getCertificateAlias(headCertificate), keystorePath, blacklistKeystore.getCertificateAlias(blackListedCertificate)); } else { msg = String.format(CERT_IS_BLACKLISTED_MSG, keystore.getCertificateAlias(headCertificate), keystorePath, blacklistKeystore.getCertificateAlias(blackListedCertificate)); } alerts.add(new Alert(Level.WARN, msg)); } } catch (CertificateEncodingException | KeyStoreException e) { LOGGER.warn(String.format(GENERIC_INSECURE_DEFAULTS_MSG, keystorePath), e); alerts.add(new Alert(Level.WARN, String.format(GENERIC_INSECURE_DEFAULTS_MSG, keystorePath) + e.getMessage())); } } }
From source file:org.wso2.carbon.security.util.ServerCrypto.java
@Override /**/*from w w w .j a v a 2 s .c om*/ * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.security.cert.Certificate) */ public String getAliasForX509Cert(Certificate cert) throws WSSecurityException { try { String alias = null; if (this.keystore != null) { alias = keystore.getCertificateAlias(cert); // Use brute force search if (alias == null) { alias = findAliasForCert(this.keystore, cert); } } // Check the trust stores if (alias == null && this.trustStores != null) { for (Iterator trustStoreIter = this.trustStores.iterator(); trustStoreIter.hasNext();) { KeyStore store = (KeyStore) trustStoreIter.next(); alias = store.getCertificateAlias(cert); if (alias != null) { break; } } } // Use brute force search on the trust stores if (alias == null && this.trustStores != null) { for (Iterator trustStoreIter = this.trustStores.iterator(); trustStoreIter.hasNext();) { KeyStore store = (KeyStore) trustStoreIter.next(); alias = this.findAliasForCert(store, cert); if (alias != null) { break; } } } if (alias == null && this.cacerts != null) { alias = cacerts.getCertificateAlias(cert); // Use brute force search if (alias == null) { alias = findAliasForCert(this.cacerts, cert); } } if (alias != null) { return alias; } } catch (KeyStoreException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "keystore"); } return null; }
From source file:org.wso2.carbon.webapp.ext.cxf.crypto.CXFServerCrypto.java
/** * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.security.cert.Certificate) *///from w ww .ja v a2 s. co m public String getAliasForX509Cert(Certificate cert) throws WSSecurityException { try { String alias = null; if (this.keystore != null) { alias = keystore.getCertificateAlias(cert); // Use brute force search if (alias == null) { alias = findAliasForCert(this.keystore, cert); } } // Check the trust stores if (alias == null && this.trustStores != null) { for (Iterator trustStoreIter = this.trustStores.iterator(); trustStoreIter.hasNext();) { KeyStore store = (KeyStore) trustStoreIter.next(); alias = store.getCertificateAlias(cert); if (alias != null) { break; } } } // Use brute force search on the trust stores if (alias == null && this.trustStores != null) { for (Iterator trustStoreIter = this.trustStores.iterator(); trustStoreIter.hasNext();) { KeyStore store = (KeyStore) trustStoreIter.next(); alias = this.findAliasForCert(store, cert); if (alias != null) { break; } } } if (alias == null && this.cacerts != null) { alias = cacerts.getCertificateAlias(cert); // Use brute force search if (alias == null) { alias = findAliasForCert(this.cacerts, cert); } } if (alias != null) { return alias; } } catch (KeyStoreException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "keystore"); } // if (useXKMS()) { // return XKMSCryptoClient.getAliasForX509Certificate( // (X509Certificate) cert, properties // .getProperty(PROP_ID_XKMS_SERVICE_URL)); // } return null; }
From source file:org.strongswan.android.ui.VpnProfileImportActivity.java
public void handleProfile(ProfileLoadResult data) { mProgress.dismiss();//w w w .j a va 2 s. c o m mProfile = null; if (data != null && data.ThrownException == null) { try { JSONObject obj = new JSONObject(data.Profile); mProfile = parseProfile(obj); } catch (JSONException e) { mExistsWarning.setVisibility(View.VISIBLE); mExistsWarning.setText(e.getLocalizedMessage()); mHideImport = true; invalidateOptionsMenu(); return; } } if (mProfile == null) { String error = null; if (data.ThrownException != null) { try { throw data.ThrownException; } catch (FileNotFoundException e) { error = getString(R.string.profile_import_failed_not_found); } catch (UnknownHostException e) { error = getString(R.string.profile_import_failed_host); } catch (SSLHandshakeException e) { error = getString(R.string.profile_import_failed_tls); } catch (Exception e) { e.printStackTrace(); } } if (error != null) { Toast.makeText(this, getString(R.string.profile_import_failed_detail, error), Toast.LENGTH_LONG) .show(); } else { Toast.makeText(this, R.string.profile_import_failed, Toast.LENGTH_LONG).show(); } finish(); return; } mExisting = mDataSource.getVpnProfile(mProfile.getUUID()); mExistsWarning.setVisibility(mExisting != null ? View.VISIBLE : View.GONE); mBasicDataGroup.setVisibility(View.VISIBLE); mName.setText(mProfile.getName()); mGateway.setText(mProfile.getGateway()); mSelectVpnType.setText(getResources().getStringArray(R.array.vpn_types)[mProfile.getVpnType().ordinal()]); mUsernamePassword .setVisibility(mProfile.getVpnType().has(VpnTypeFeature.USER_PASS) ? View.VISIBLE : View.GONE); if (mProfile.getVpnType().has(VpnTypeFeature.USER_PASS)) { mUsername.setText(mProfile.getUsername()); if (mProfile.getUsername() != null && !mProfile.getUsername().isEmpty()) { mUsername.setEnabled(false); } } mUserCertificate .setVisibility(mProfile.getVpnType().has(VpnTypeFeature.CERTIFICATE) ? View.VISIBLE : View.GONE); mRemoteCertificate.setVisibility(mProfile.Certificate != null ? View.VISIBLE : View.GONE); mImportUserCert.setVisibility(mProfile.PKCS12 != null ? View.VISIBLE : View.GONE); if (mProfile.getVpnType() .has(VpnTypeFeature.CERTIFICATE)) { /* try to load an existing certificate with the default name */ if (mUserCertLoading == null) { mUserCertLoading = getString(R.string.profile_cert_alias, mProfile.getName()); getLoaderManager().initLoader(USER_CERT_LOADER, null, mUserCertificateLoaderCallbacks); } updateUserCertView(); } if (mProfile.Certificate != null) { try { CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) factory .generateCertificate(new ByteArrayInputStream(mProfile.Certificate)); KeyStore store = KeyStore.getInstance("LocalCertificateStore"); store.load(null, null); String alias = store.getCertificateAlias(certificate); mCertEntry = new TrustedCertificateEntry(alias, certificate); ((TextView) mRemoteCert.findViewById(android.R.id.text1)).setText(mCertEntry.getSubjectPrimary()); ((TextView) mRemoteCert.findViewById(android.R.id.text2)).setText(mCertEntry.getSubjectSecondary()); } catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException e) { e.printStackTrace(); mRemoteCertificate.setVisibility(View.GONE); } } }
From source file:org.wso2.carbon.security.keystore.KeyStoreAdmin.java
public String importCertToStore(String certData, String keyStoreName) throws SecurityConfigException { String alias = null;// w w w . j a va 2s .c om try { if (keyStoreName == null) { throw new SecurityConfigException("Key Store name can't be null"); } KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(keyStoreName); byte[] bytes = Base64.decode(certData); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate cert; try { cert = (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(bytes)); } catch (Exception e) { throw new SecurityConfigException("Invalid format of the provided certificate file", e); } if (ks.getCertificateAlias(cert) != null) { // We already have this certificate in the key store - ignore // adding it twice return null; } alias = cert.getSubjectDN().getName(); ks.setCertificateEntry(alias, cert); keyMan.updateKeyStore(keyStoreName, ks); return alias; } catch (SecurityConfigException e) { throw e; } catch (Exception e) { String msg = "Error when importing cert to keyStore"; log.error(msg, e); throw new SecurityConfigException(msg); } }
From source file:de.extra.client.plugins.outputplugin.transport.ExtraTransportHttp.java
/** * Sets up the Truststore.//from w w w . ja v a2 s. c om * * @param extraConnectData * @return */ private void setupTruststore(final HttpOutputPluginConnectConfiguration extraConnectData) throws ExtraTransportException { // Load TrustStoreLocation from properties String truststoreLocation = extraConnectData.getSslTruststoreLocation(); LOG.debug("TruststoreLoc: " + truststoreLocation); // If no location specified -> fallback to JRE default if (truststoreLocation == null || truststoreLocation.length() == 0) { truststoreLocation = System.getProperty("java.home") + File.separatorChar + "lib" + File.separatorChar + "security" + File.separatorChar + "cacerts"; } LOG.debug("TruststoreLoc: " + truststoreLocation); try { // Create keystore instance KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // KeyStore ks = KeyStore.getInstance("PKCS12"); // Load keystore values FileInputStream fi = new FileInputStream(truststoreLocation); ks.load(fi, extraConnectData.getSslTruststorePassword().toCharArray()); fi.close(); // Create new certificate based on stored value java.security.cert.CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) certFactory .generateCertificate(new ByteArrayInputStream(extraConnectData.getSslCertificate().getBytes())); // Check if certificate is not already stored -> store and save if (extraConnectData.isSslCertificateRefresh() || ks.getCertificateAlias(cert) == null) { LOG.info("Zertifikat wird eingetragen"); ks.store(new FileOutputStream(truststoreLocation), extraConnectData.getSslTruststorePassword().toCharArray()); } // Set truststore location System.setProperty("javax.net.ssl.trustStore", truststoreLocation); } catch (KeyStoreException e) { throw new ExtraTransportException("Fehler bei Zugriff auf Keystore.", e); } catch (FileNotFoundException e) { throw new ExtraTransportException("Fehler beim Laden des Keystore.", e); } catch (NoSuchAlgorithmException e) { throw new ExtraTransportException("Fehler beim Laden des Crypto-Algorithmus.", e); } catch (CertificateException e) { throw new ExtraTransportException("Fehler beim Prfen des Zertifikats.", e); } catch (IOException e) { throw new ExtraTransportException("Fehler bei I/O-Operation.", e); } }
From source file:org.wso2.carbon.security.keystore.KeyStoreAdmin.java
public void importCertToStore(String fileName, String certData, String keyStoreName) throws SecurityConfigException { try {/*from w ww . j a va2 s . c om*/ if (keyStoreName == null) { throw new SecurityConfigException("Key Store name can't be null"); } KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(keyStoreName); byte[] bytes = Base64.decode(certData); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate cert; try { cert = (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(bytes)); } catch (CertificateException e) { log.error(e.getMessage(), e); throw new SecurityConfigException("Invalid format of the provided certificate file"); } if (ks.getCertificateAlias(cert) != null) { // We already have this certificate in the key store - ignore // adding it twice return; } ks.setCertificateEntry(fileName, cert); keyMan.updateKeyStore(keyStoreName, ks); } catch (SecurityConfigException e) { throw e; } catch (Exception e) { String msg = "Error when importing cert to the keyStore"; log.error(msg, e); throw new SecurityConfigException(msg, e); } }