Examples of javax.security.cert.X509Certificate

javax.security.cert.X509Certificate
Abstract class for X.509 v1 certificates. This provides a standard way to access all the version 1 attributes of an X.509 certificate. Attributes that are specific to X.509 v2 or v3 are not available through this interface. Future API evolution will provide full access to complete X.509 v3 attributes.
The basic X.509 format was defined by ISO/IEC and ANSI X9 and is described below in ASN.1:
```
 Certificate  ::=  SEQUENCE  { tbsCertificate       TBSCertificate, signatureAlgorithm   AlgorithmIdentifier, signature            BIT STRING  } 
```
These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET).
These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. CAs act as trusted third parties, making introductions between principals who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
The ASN.1 definition of {@code tbsCertificate} is:
```
 TBSCertificate  ::=  SEQUENCE  { version         [0]  EXPLICIT Version DEFAULT v1, serialNumber         CertificateSerialNumber, signature            AlgorithmIdentifier, issuer               Name, validity             Validity, subject              Name, subjectPublicKeyInfo SubjectPublicKeyInfo, } 
```
Here is sample code to instantiate an X.509 certificate:
```
 InputStream inStream = new FileInputStream("fileName-of-cert"); X509Certificate cert = X509Certificate.getInstance(inStream); inStream.close(); 
```
OR
```
 byte[] certData = <certificate read from a file, say> X509Certificate cert = X509Certificate.getInstance(certData); 
```
In either case, the code that instantiates an X.509 certificate consults the value of the {@code cert.provider.x509v1} security propertyto locate the actual implementation or instantiates a default implementation.
The {@code cert.provider.x509v1} property is set to a defaultimplementation for X.509 such as:
```
 cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl 
```
The value of this {@code cert.provider.x509v1} property has to bechanged to instantiate another implementation. If this security property is not set, a default implementation will be used. Currently, due to possible security restrictions on access to Security properties, this value is looked up and cached at class initialization time and will fallback on a default implementation if the Security property is not accessible.
Note: The classes in the package {@code javax.security.cert}exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE). New applications should instead use the standard Java SE certificate classes located in {@code java.security.cert}.
@author Hemma Prafullchandra @since 1.4 @see Certificate @see java.security.cert.X509Extension @see java.security.Security security properties

        socket.setNeedClientAuth(true);
        socket.startHandshake();
    }


    private Object[] getX509Certs() {
        X509Certificate certs[] = null;
        try {
            certs = session.getPeerCertificateChain();
        } catch (Throwable ex) {
            // Get rid of the warning in the logs when no Client-Cert is
            // available

View Full Code Here

        if (session == null && requires != 0) throw new NO_PERMISSION("Missing required SSL session");


        try {
            if (log.isDebugEnabled()) log.debug("Scraping principal from SSL session");


            X509Certificate link = session.getPeerCertificateChain()[0];
            Subject subject = new Subject();
            String name = link.getSubjectDN().toString();


            if (log.isDebugEnabled()) log.debug("Obtained principal " + name);


            subject.getPrincipals().add(new X500Principal(name));

View Full Code Here

     * @throws Exception if the certificate chain cannot be verified
     */
    protected void verify(String host, SSLSession session) throws Exception {


        X509Certificate[] chain;
        X509Certificate   certificate;
        Principal         principal;
        PublicKey         publicKey;
        String            DN;
        String            CN;
        int               start;
        int               end;
        String            emsg;


        chain       = session.getPeerCertificateChain();
        certificate = chain[0];
        principal   = certificate.getSubjectDN();
        DN          = String.valueOf(principal);
        start       = DN.indexOf("CN=");


        if (start < 0) {
            throw new UnknownHostException(

View Full Code Here

        return getPeerCertificateChain(false);
    }


    protected java.security.cert.X509Certificate [] 
  getX509Certificates(SSLSession session) throws IOException {
        X509Certificate jsseCerts[] = null;
    try{
      jsseCerts = session.getPeerCertificateChain();
    } catch (Throwable ex){
       // Get rid of the warning in the logs when no Client-Cert is
       // available

View Full Code Here

        return getPeerCertificateChain(false);
    }


    protected java.security.cert.X509Certificate [] 
  getX509Certificates(SSLSession session) throws IOException {
        X509Certificate jsseCerts[] = null;
    try{
      jsseCerts = session.getPeerCertificateChain();
    } catch (Throwable ex){
       // Get rid of the warning in the logs when no Client-Cert is
       // available

View Full Code Here

     */
    protected void enrichWithClientCertInformation(SSLSession sslSession, Message message) {
        try {
            X509Certificate[] certificates = sslSession.getPeerCertificateChain();
            if (certificates != null && certificates.length > 0) {
                X509Certificate cert = certificates[0];


                Principal subject = cert.getSubjectDN();
                if (subject != null) {
                    message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SUBJECT_NAME, subject.getName());
                }
                Principal issuer = cert.getIssuerDN();
                if (issuer != null) {
                    message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_ISSUER_NAME, issuer.getName());
                }
                BigInteger serial = cert.getSerialNumber();
                if (serial != null) {
                    message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SERIAL_NO, serial.toString());
                }
                message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_NOT_BEFORE, cert.getNotBefore());
                message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_NOT_AFTER, cert.getNotAfter());
            }
        } catch (SSLPeerUnverifiedException e) {
            // ignore
        }
    }

View Full Code Here

     */
    protected void enrichWithClientCertInformation(SSLSession sslSession, Message message) {
        try {
            X509Certificate[] certificates = sslSession.getPeerCertificateChain();
            if (certificates != null && certificates.length > 0) {
                X509Certificate cert = certificates[0];


                Principal subject = cert.getSubjectDN();
                if (subject != null) {
                    message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SUBJECT_NAME, subject.getName());
                }
                Principal issuer = cert.getIssuerDN();
                if (issuer != null) {
                    message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_ISSUER_NAME, issuer.getName());
                }
                BigInteger serial = cert.getSerialNumber();
                if (serial != null) {
                    message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SERIAL_NO, serial.toString());
                }
                message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_NOT_BEFORE, cert.getNotBefore());
                message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_NOT_AFTER, cert.getNotAfter());
            }
        } catch (SSLPeerUnverifiedException e) {
            // ignore
        }
    }

View Full Code Here

     * @throws Exception if the certificate chain cannot be verified
     */
    protected void verify(String host, SSLSession session) throws Exception {


        X509Certificate[] chain;
        X509Certificate   certificate;
        Principal         principal;
        PublicKey         publicKey;
        String            DN;
        String            CN;
        int               start;
        int               end;
        String            emsg;


        chain       = session.getPeerCertificateChain();
        certificate = chain[0];
        principal   = certificate.getSubjectDN();
        DN          = String.valueOf(principal);
        start       = DN.indexOf("CN=");


        if (start < 0) {
            throw new UnknownHostException(

View Full Code Here

                  
                  try {
                     X509Certificate[] list = req.getClientCertificate().getChain();
                     StringBuilder builder = new StringBuilder();
                     for(X509Certificate cert : list) {
                        X509Certificate x509 = (X509Certificate)cert;
                        builder.append(x509);
                     }
                     certificateInfo = builder.toString();
                  } catch(Exception e) {
                     e.printStackTrace();
                     certificateInfo = e.getMessage();
                     challengeForCertificate = true;
                     
                     // http://stackoverflow.com/questions/14281628/ssl-renegotiation-with-client-certificate-causes-server-buffer-overflow
                     // Perhaps an expect 100 continue does something here?????
                     if(challengeForCertificate) {
                        Certificate certificate = req.getClientCertificate();                        
                        CertificateChallenge challenge = certificate.getChallenge();
                        
                        Future<Certificate> future = challenge.challenge(new Runnable() {
                           public void run() {
                              System.err.println("FINISHED THE CHALLENGE!!!");
                           }
                        });
                        Certificate futureCert = future.get(10, TimeUnit.SECONDS);
                        
                        if(futureCert == null) {
                           System.err.println("FAILED TO GET CERT!!!!");
                        } else {
                           System.err.println("**** GOT THE CERT");
                        }
                        
                        String text=  "Challenge finished without cert";
                        try {
                           X509Certificate[] list = req.getClientCertificate().getChain();
                           StringBuilder builder = new StringBuilder();
                           for(X509Certificate x509 : list) {
                              builder.append(x509);
                           }
                           text = builder.toString();
                        } catch(Exception ex) {
                           e.printStackTrace();
                        }
                        out.print(text);
                        out.flush();
                        try {
                           resp.close();
                        } catch(Exception ex){
                           e.printStackTrace();
                        }
                     }
                  }                  
                //  Thread.sleep(10000);
                  if(!challengeForCertificate) {
                     try {
                        X509Certificate[] list = req.getClientCertificate().getChain();
                        StringBuilder builder = new StringBuilder();
                        for(X509Certificate cert : list) {
                           X509Certificate x509 = (X509Certificate)cert;
                           builder.append(x509);
                        }
                        certificateInfo = builder.toString();
                     } catch(Exception e) {
                        e.printStackTrace();

View Full Code Here

                                              cached);
            return;
        }


        // Convert JSSE's certificate format to the ones we need
        X509Certificate jsseCerts[] = null;
        java.security.cert.X509Certificate x509Certs[] = null;
        try {
            jsseCerts = session.getPeerCertificateChain();
            if (jsseCerts == null)
                jsseCerts = new X509Certificate[0];

View Full Code Here

0 1 2 3 4 5

TOP

Related Classes of javax.security.cert.X509Certificate

com.google.dataconnector.client.SdcConnection

com.subgraph.orchid.connections.ConnectionHandshakeV2

com.sun.enterprise.security.ssl.GlassfishSSLSupport

org.apache.camel.component.netty.NettyEndpoint

org.apache.camel.component.netty4.NettyEndpoint

org.apache.catalina.valves.CertificatesValve

org.apache.geronimo.corba.security.config.tss.TSSSSLTransportConfig

org.apache.tomcat.util.compat.JSSECertCompat

org.apache.tomcat.util.net.jsse.JSSESupport

org.apache.tomcat.util.net.JSSESupport

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.