Java Code Examples for java.security.cert.X509Certificate#getSubjectDN()
The following examples show how to use
java.security.cert.X509Certificate#getSubjectDN() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Keystores.java From openwebbeans-meecrowave with Apache License 2.0 | 6 votes |
|
private static X509Certificate createSignedCertificate(final X509Certificate cetrificate, final X509Certificate issuerCertificate,
final PrivateKey issuerPrivateKey) {
try {
Principal issuer = issuerCertificate.getSubjectDN();
String issuerSigAlg = issuerCertificate.getSigAlgName();
byte[] inCertBytes = cetrificate.getTBSCertificate();
X509CertInfo info = new X509CertInfo(inCertBytes);
info.set(X509CertInfo.ISSUER, (X500Name) issuer);
//No need to add the BasicContraint for leaf cert
if (!cetrificate.getSubjectDN().getName().equals("CN=TOP")) {
CertificateExtensions exts = new CertificateExtensions();
BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1);
exts.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(false, bce.getExtensionValue()));
info.set(X509CertInfo.EXTENSIONS, exts);
}
final X509CertImpl outCert = new X509CertImpl(info);
outCert.sign(issuerPrivateKey, issuerSigAlg);
return outCert;
} catch (final Exception ex) {
throw new IllegalStateException(ex);
}
}
Example 2
| Source File: SSLPinGenerator.java From ssl-pin-generator with MIT License | 6 votes |
|
/**
* receives the list of SSL certifications for a given connection
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
for (X509Certificate cert : chain) {
//we use the public key as it is consistent trough certificate renewals
byte[] pubKey = cert.getPublicKey().getEncoded();
if (debugPrinting){
//printing the cert details can help you identify which pin belongs to which certificate in the chain
Principal subject = cert.getSubjectDN();
if (subject!=null) {
System.out.println("Subject : " + subject.getName());
}
}
final byte[] hash = digest.digest(pubKey);
String hashAlgorthmWithoutHyphen = removeHyphen(hashAlgorthm);
System.out.println(String.format("%s/%s", hashAlgorthmWithoutHyphen,base64Encoder.encode(hash)));
}
}
Example 3
| Source File: CertificateSniffingMitmManager.java From PowerTunnel with MIT License | 5 votes |
|
private String getCommonName(X509Certificate c) {
LOG.debug("Subject DN principal name: {}", c.getSubjectDN().getName());
for (String each : c.getSubjectDN().getName().split(",\\s*")) {
if (each.startsWith("CN=")) {
String result = each.substring(3);
LOG.debug("Common Name: {}", result);
return result;
}
}
throw new IllegalStateException("Missed CN in Subject DN: "
+ c.getSubjectDN());
}
Example 4
| Source File: X509CertificateShortInfo.java From oxTrust with MIT License | 5 votes |
|
public X509CertificateShortInfo(String alias, X509Certificate cert) {
this.alias = alias;
if (cert.getIssuerDN() != null)
issuer = cert.getIssuerDN().getName();
if (cert.getSubjectDN() != null)
subject = cert.getSubjectDN().getName();
algorithm = cert.getSigAlgName();
notBeforeDatetime = cert.getNotBefore();
notAfterDatetime = cert.getNotAfter();
updateViewStyle();
}
Example 5
| Source File: OpenSslCertManagerTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
private void testGenerateSelfSignedCert(File key, File cert, File trustStore, String trustStorePassword, Subject sbj) throws Exception {
ssl.generateSelfSignedCert(key, cert, sbj, 365);
ssl.addCertToTrustStore(cert, "ca", trustStore, trustStorePassword);
Certificate c = certFactory.generateCertificate(new FileInputStream(cert));
c.verify(c.getPublicKey());
// subject verification if provided
if (sbj != null) {
if (c instanceof X509Certificate) {
X509Certificate x509Certificate = (X509Certificate) c;
Principal p = x509Certificate.getSubjectDN();
assertThat(String.format("CN=%s, O=%s", sbj.commonName(), sbj.organizationName()), is(p.getName()));
if (sbj.subjectAltNames() != null && sbj.subjectAltNames().size() > 0) {
final Collection<List<?>> sans = x509Certificate.getSubjectAlternativeNames();
assertThat(sans, is(notNullValue()));
assertThat(sbj.subjectAltNames().size(), is(sans.size()));
for (final List<?> sanItem : sans) {
assertThat(sbj.subjectAltNames().containsValue(sanItem.get(1)), is(true));
}
}
} else {
fail();
}
}
// truststore verification if provided
if (trustStore != null) {
KeyStore store = KeyStore.getInstance("PKCS12");
store.load(new FileInputStream(trustStore), trustStorePassword.toCharArray());
X509Certificate storeCert = (X509Certificate) store.getCertificate("ca");
storeCert.verify(storeCert.getPublicKey());
}
}
Example 6
| Source File: CertificateSniffingMitmManager.java From CapturePacket with MIT License | 5 votes |
|
private String getCommonName(X509Certificate c) {
LOG.debug("Subject DN principal name: {}", c.getSubjectDN().getName());
for (String each : c.getSubjectDN().getName().split(",\\s*")) {
if (each.startsWith("CN=")) {
String result = each.substring(3);
LOG.debug("Common Name: {}", result);
return result;
}
}
throw new IllegalStateException("Missed CN in Subject DN: "
+ c.getSubjectDN());
}
Example 7
| Source File: ZipUtils.java From isu with GNU General Public License v3.0 | 5 votes |
|
/**
* Return one of USE_SHA1 or USE_SHA256 according to the signature
* algorithm specified in the cert.
*/
private static int getDigestAlgorithm(X509Certificate cert) {
String sigAlg = cert.getSigAlgName().toUpperCase(Locale.US);
if ("SHA1WITHRSA".equals(sigAlg) ||
"MD5WITHRSA".equals(sigAlg)) { // see "HISTORICAL NOTE" above.
return USE_SHA1;
} else if (sigAlg.startsWith("SHA256WITH")) {
return USE_SHA256;
} else {
throw new IllegalArgumentException("unsupported signature algorithm \"" + sigAlg +
"\" in cert [" + cert.getSubjectDN());
}
}
Example 8
| Source File: CertificateSniffingMitmManager.java From LittleProxy-mitm with Apache License 2.0 | 5 votes |
|
private String getCommonName(X509Certificate c) {
LOG.debug("Subject DN principal name: {}", c.getSubjectDN().getName());
for (String each : c.getSubjectDN().getName().split(",\\s*")) {
if (each.startsWith("CN=")) {
String result = each.substring(3);
LOG.debug("Common Name: {}", result);
return result;
}
}
throw new IllegalStateException("Missed CN in Subject DN: "
+ c.getSubjectDN());
}
Example 9
| Source File: CertificateSniffingMitmManager.java From AndroidHttpCapture with MIT License | 5 votes |
|
private String getCommonName(X509Certificate c) {
LOG.debug("Subject DN principal name: {}", c.getSubjectDN().getName());
for (String each : c.getSubjectDN().getName().split(",\\s*")) {
if (each.startsWith("CN=")) {
String result = each.substring(3);
LOG.debug("Common Name: {}", result);
return result;
}
}
throw new IllegalStateException("Missed CN in Subject DN: "
+ c.getSubjectDN());
}
Example 10
| Source File: XMLDSigVerifier.java From alpha-wallet-android with MIT License | 5 votes |
|
private X509Certificate findSignerCertificate(X509Certificate signedCert, List<X509Certificate> certificates) {
X509Certificate signer = null;
for (X509Certificate cert : certificates) {
Principal certSubjectDN = cert.getSubjectDN();
Principal issuerDN = signedCert.getIssuerDN();
if (certSubjectDN.equals(issuerDN)) {
signer = cert;
break;
}
}
return signer;
}
Example 11
| Source File: PKCS12SameKeyId.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Example 12
| Source File: PKCS12SameKeyId.java From hottub with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Example 13
| Source File: PKCS12SameKeyId.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Example 14
| Source File: PKCS12SameKeyId.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Example 15
| Source File: PKCS12SameKeyId.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Example 16
| Source File: PKCS12SameKeyId.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Example 17
| Source File: PKCS12SameKeyId.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Example 18
| Source File: AntCertificationUtil.java From alipay-sdk-java-all with Apache License 2.0 | 4 votes |
|
/**
* 将证书链按照完整的签发顺序进行排序,排序后证书链为:[issuerA, subjectA]-[issuerA, subjectB]-[issuerB, subjectC]-[issuerC, subjectD]...
*
* @param certs 证书链
* @return true:排序成功,false:证书链不完整
*/
private static boolean sortByDn(X509Certificate[] certs) {
//主题和证书的映射
Map<Principal, X509Certificate> subjectMap = new HashMap<Principal, X509Certificate>();
//签发者和证书的映射
Map<Principal, X509Certificate> issuerMap = new HashMap<Principal, X509Certificate>();
//是否包含自签名证书
boolean hasSelfSignedCert = false;
for (X509Certificate cert : certs) {
if (isSelfSigned(cert)) {
if (hasSelfSignedCert) {
return false;
}
hasSelfSignedCert = true;
}
Principal subjectDN = cert.getSubjectDN();
Principal issuerDN = cert.getIssuerDN();
subjectMap.put(subjectDN, cert);
issuerMap.put(issuerDN, cert);
}
List<X509Certificate> certChain = new ArrayList<X509Certificate>();
X509Certificate current = certs[0];
addressingUp(subjectMap, certChain, current);
addressingDown(issuerMap, certChain, current);
//说明证书链不完整
if (certs.length != certChain.size()) {
return false;
}
//将证书链复制到原先的数据
for (int i = 0; i < certChain.size(); i++) {
certs[i] = certChain.get(i);
}
return true;
}
Example 19
| Source File: OpenSslCertManagerTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
private void testGenerateSignedCert(File caKey, File caCert, Subject caSbj, File key, File csr, File cert,
File keyStore, String keyStorePassword, Subject sbj) throws Exception {
ssl.generateSelfSignedCert(caKey, caCert, caSbj, 365);
ssl.generateCsr(key, csr, sbj);
ssl.generateCert(csr, caKey, caCert, cert, sbj, 365);
ssl.addKeyAndCertToKeyStore(caKey, caCert, "ca", keyStore, keyStorePassword);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate c = cf.generateCertificate(new FileInputStream(cert));
Certificate ca = cf.generateCertificate(new FileInputStream(caCert));
c.verify(ca.getPublicKey());
if (c instanceof X509Certificate) {
X509Certificate x509Certificate = (X509Certificate) c;
Principal p = x509Certificate.getSubjectDN();
assertThat(String.format("CN=%s, O=%s", sbj.commonName(), sbj.organizationName()), is(p.getName()));
if (sbj != null && sbj.subjectAltNames() != null && sbj.subjectAltNames().size() > 0) {
final Collection<List<?>> snas = x509Certificate.getSubjectAlternativeNames();
if (snas != null) {
for (final List<?> sanItem : snas) {
assertThat(sbj.subjectAltNames().containsValue(sanItem.get(1)), is(true));
}
} else {
fail();
}
}
} else {
fail();
}
// keystore verification if provided
if (keyStore != null) {
KeyStore store = KeyStore.getInstance("PKCS12");
store.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
Key storeKey = store.getKey("ca", keyStorePassword.toCharArray());
StringBuilder sb = new StringBuilder()
.append("-----BEGIN PRIVATE KEY-----")
.append(Base64.getEncoder().encodeToString(storeKey.getEncoded()))
.append("-----END PRIVATE KEY-----");
assertThat(sb.toString(), is(new String(Files.readAllBytes(caKey.toPath())).replace("\n", "")));
X509Certificate storeCert = (X509Certificate) store.getCertificate("ca");
storeCert.verify(storeCert.getPublicKey());
}
}
Example 20
| Source File: PKCS12SameKeyId.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i=0; i<SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE
+ " -storepass changeit -keypass changeit -keyalg rsa "
+ "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams =
AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(
new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(
ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i=0; i<SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i=0; i<SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate)p12.getCertificate(a);
X500Name name = (X500Name)x.getSubjectDN();
if (!name.getCommonName().equals(""+i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
