List of usage examples for javax.security.auth.x500 X500Principal getName
public String getName(String format)
From source file:Main.java
/** * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate. *//* ww w . j ava 2 s. c o m*/ public static SSLSocketFactory newSslSocketFactoryForCa(InputStream certChain) throws Exception { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(new BufferedInputStream(certChain)); X500Principal principal = cert.getSubjectX500Principal(); ks.setCertificateEntry(principal.getName("RFC2253"), cert); // ks.setCertificateEntry("ca", cert); // Set up trust manager factory to use our key store. TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(ks); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, trustManagerFactory.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:org.commonjava.util.jhttpc.INTERNAL.util.SSLUtils.java
public static void extractAliases(Certificate certificate, Set<String> aliases) throws CertificateParsingException { Logger logger = LoggerFactory.getLogger(SSLUtils.class); X509Certificate cert = (X509Certificate) certificate; // logger.debug( "Extracting aliases from:\n\n{}\n\n", cert ); X500Principal x500Principal = cert.getSubjectX500Principal(); X500Name x500Name = new X500Name(x500Principal.getName(X500Principal.RFC1779)); logger.trace("Certificate X.500 name: '{}'", x500Name.toString()); RDN[] matchingRDNs = x500Name.getRDNs(BCStyle.CN); if (matchingRDNs != null && matchingRDNs.length > 0) { RDN cn = matchingRDNs[0];/* w ww . j ava 2s . c o m*/ AttributeTypeAndValue typeAndValue = cn.getFirst(); if (typeAndValue != null) { String alias = IETFUtils.valueToString(typeAndValue.getValue()); logger.trace("Found certificate alias: '{}'", alias); aliases.add(alias); } } Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames(); if (subjectAlternativeNames != null) { for (List<?> names : subjectAlternativeNames) { if (names.size() > 1 && (DNSNAME_TYPE.equals(names.get(0)))) { String alias = (String) names.get(1); logger.trace("Found subjectAlternativeName: '{}'", alias); aliases.add(alias); } } } else { logger.debug("NO SubjectAlternativeNames available!"); } }
From source file:mitm.common.security.certificate.X500PrincipalInspector.java
/** * Returns the Canonical String version of the X500Principal *///from ww w.ja v a 2s . c o m public static String getCanonical(X500Principal principal) { if (principal == null) { return null; } return principal.getName(X500Principal.CANONICAL); }
From source file:org.taverna.server.master.utils.X500Utils.java
/** * Parse the DN from the Principal and extract the CN field. * // w w w . ja v a2 s . c om * @param id * The identity to extract the distinguished name from. * @param fields * The names to look at when finding the field to return. Each * should be an upper-cased string. * @return The common-name part of the distinguished name, or the literal * string "<tt>none</tt>" if there is no CN. */ public String getName(X500Principal id, String... fields) { String dn = id.getName(RFC2253); int i = 0; int startIndex = 0; boolean ignoreThisChar = false; boolean inQuotes = false; HashMap<String, String> tokenized = new HashMap<String, String>(); for (i = 0; i < dn.length(); i++) if (ignoreThisChar) ignoreThisChar = false; else if (dn.charAt(i) == DN_QUOTE) inQuotes = !inQuotes; else if (inQuotes) continue; else if (dn.charAt(i) == DN_ESCAPE) ignoreThisChar = true; else if ((dn.charAt(i) == DN_SEPARATOR) && !ignoreThisChar) { storeDNField(tokenized, dn.substring(startIndex, i).trim().split("=", 2)); startIndex = i + 1; } if (inQuotes || ignoreThisChar) log.warn("was parsing invalid DN format"); // Add last token - after the last delimiter storeDNField(tokenized, dn.substring(startIndex).trim().split("=", 2)); for (String field : fields) { String value = tokenized.get(field); if (value != null) return value; } return "none"; }
From source file:org.dataone.proto.trove.jsse.X509CertificateToolset.java
/** * Returns D1-wide consistent Subject DN string representations * * @see http://www.ietf.org/rfc/rfc2253.txt * @param name - the [reasonable] DN representation * @return the standard D1 representation *///from www . ja v a 2 s. c o m public String standardizeDN(String name) { X500Principal principal = new X500Principal(name); String standardizedName = principal.getName(X500Principal.RFC2253); return standardizedName; }
From source file:org.dataone.proto.trove.jsse.X509CertificateToolset.java
/** * Returns the RFC2253 string representation for the certificate's subject This is the standard format used in * DataONE./*from w w w . j a va 2s . c o m*/ * * @param certificate * @return subject DN using RFC2253 format */ public String getSubjectDN(X509Certificate certificate) { if (certificate == null) { return null; } X500Principal principal = certificate.getSubjectX500Principal(); String dn = principal.getName(X500Principal.RFC2253); //dn = standardizeDN(dn); return dn; }
From source file:org.nimbustools.ctxbroker.security.CertificateAuthority.java
protected X509Certificate signNewCertificate(String cnString, PublicKey pubkey, Calendar expires) throws SignatureException, InvalidKeyException, CertificateException, IOException { this.setGenerator(this.getTargetDN(cnString), pubkey, expires.getTime()); X509Certificate x509 = this.certGen.generateX509Certificate(this.caPrivate); InputStream in = new ByteArrayInputStream(x509.getEncoded()); X509Certificate x509Cert = (X509Certificate) this.factory.generateCertificate(in); X500Principal subjectDN = x509Cert.getSubjectX500Principal(); String DN = subjectDN.getName(X500Principal.RFC2253); String globusDN = CertUtil.toGlobusID(DN, false); String msg = "Created new certificate with DN (RFC2253) = '" + DN + "' and Globus style DN = '" + globusDN + "'"; logger.trace(msg);//from w ww .ja v a 2s. c o m return x509Cert; }
From source file:org.nimbustools.ctxbroker.security.DefaultBootstrapFactory.java
public BootstrapInformation newBootstrap(String uuid, String ctxServiceURL, Calendar expires) throws ContextBrokerException { BootstrapInformation bootstrap = new BootstrapInformation(); KeyPair keypair = this.ca.createNewKeyPair(); X509Certificate cert;//from w w w .j a v a 2s .c o m try { cert = this.ca.signNewCertificate(uuid, keypair.getPublic(), expires); } catch (SignatureException e) { throw new ContextBrokerException(e.getMessage(), e); } catch (InvalidKeyException e) { throw new ContextBrokerException(e.getMessage(), e); } catch (CertificateException e) { throw new ContextBrokerException(e.getMessage(), e); } catch (IOException e) { throw new ContextBrokerException(e.getMessage(), e); } try { bootstrap.setX509Cert(cert); } catch (CertificateEncodingException e) { throw new ContextBrokerException(e.getMessage(), e); } try { bootstrap.setKeypair(keypair); } catch (IOException e) { throw new ContextBrokerException(e.getMessage(), e); } X500Principal subjectDN = cert.getSubjectX500Principal(); String DN = subjectDN.getName(X500Principal.RFC2253); String globusDN = CertUtil.toGlobusID(DN, false); bootstrap.setBootstrapDN(globusDN); return bootstrap; }
From source file:org.nimbustools.ctxbroker.security.CertificateAuthority.java
/** * CertificateAuthority constructor//from www .j a v a2s.com * * @param caCert CA's public cert, X509Certificate * @param caPrivateKey (unencrypted) private key object * @param globusCADN only used for logging * @throws NoSuchProviderException problem initializing keypair generator * @throws NoSuchAlgorithmException problem initializing keypair generator * @throws CertificateException problem initializing certificate factory * @throws IOException file/stream problem * @throws ContextBrokerException other problem with CA input */ protected CertificateAuthority(X509Certificate caCert, PrivateKey caPrivateKey, String globusCADN) throws NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, ContextBrokerException { if (caCert == null) { throw new IllegalArgumentException("caCert is null"); } if (caPrivateKey == null) { throw new IllegalArgumentException("caPrivateKey is null"); } this.kpGen = KeyPairGenerator.getInstance("RSA", "BC"); this.kpGen.initialize(1024, new SecureRandom()); this.certGen = new X509V3CertificateGenerator(); this.factory = CertificateFactory.getInstance("X.509", "BC"); this.caX509 = caCert; this.caPrivate = caPrivateKey; this.caX509Name = new X509Principal(caX509.getIssuerX500Principal().getEncoded()); this.initializeGenerator(); X500Principal subjectDN = caCert.getSubjectX500Principal(); String targetBase = subjectDN.getName(X500Principal.RFC2253); String[] parts = targetBase.split(","); String target = ""; int cnCount = 0; for (int i = 0; i < parts.length; i++) { String newpiece; if (parts[i].startsWith("CN") || parts[i].startsWith("cn")) { newpiece = replaceToken; cnCount += 1; } else { newpiece = parts[i]; } if (i == 0) { target = newpiece; } else { target = newpiece + "," + target; } } if (cnCount == 0) { throw new ContextBrokerException("Unsupported: CA has no " + "CN (?)"); } if (cnCount != 1) { throw new ContextBrokerException("Unsupported: CA has more " + "than one CN"); } this.targetString = target; final String msg = "Initialized certificate authority with subject " + "DN (RFC2253) = '" + targetBase + "' " + "and Globus style DN = '" + globusCADN + "'. " + "New DNs will look like this (RFC2253): '" + this.targetString + "'"; logger.info(msg); }
From source file:com.newrelic.agent.deps.org.apache.http.conn.ssl.DefaultHostnameVerifier.java
public final void verify(final String host, final X509Certificate cert) throws SSLException { final boolean ipv4 = InetAddressUtils.isIPv4Address(host); final boolean ipv6 = InetAddressUtils.isIPv6Address(host); final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List<String> subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { if (ipv4) { matchIPAddress(host, subjectAlts); } else if (ipv6) { matchIPv6Address(host, subjectAlts); } else {// w w w .j av a2s. co m matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { // CN matching has been deprecated by rfc2818 and can be used // as fallback only when no subjectAlts are available final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); } }