/**
* This method return {@code X509Certificate} representing {@code X509CertificateHolder}. The
* {@code CertificateParsingException} is transformed in {@code DSSException}.
*
* @param certificateHolder {@code X509CertificateHolder}
* @return {@code X509Certificate}.
* @throws DSSException
*/
public static X509Certificate getCertificate(final X509CertificateHolder certificateHolder)
throws DSSException {
try {
final X509Certificate certificate =
new X509CertificateObject(certificateHolder.toASN1Structure());
return certificate;
} catch (CertificateParsingException e) {
throw new DSSException(e);
}
}
public boolean isVerified(
X509CertificateHolder certHolder, DigestCalculatorProvider digesterProvider)
throws CMPException {
AlgorithmIdentifier digAlg =
digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
if (digAlg == null) {
throw new CMPException("cannot find algorithm for digest from signature");
}
DigestCalculator digester;
try {
digester = digesterProvider.get(digAlg);
} catch (OperatorCreationException e) {
throw new CMPException("unable to create digester: " + e.getMessage(), e);
}
CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
return Arrays.areEqual(certStatus.getCertHash().getOctets(), digester.getDigest());
}
@Before
public void setup()
throws JAXBException, IOException, ProfileException, CertificateEncodingException,
NoSuchAlgorithmException {
X509CertificateHolder x509CertificateHolder =
new JcaX509CertificateHolder(generatePKI.getCaCert());
if (profiles == null)
profiles =
new ProfilesJAXB(
getClass().getResourceAsStream("/PrivateKey.xml"),
x509CertificateHolder.toASN1Structure());
}
public static void checkOrCreateKeyStore(
final String file, final String password, final String domainName)
throws IllegalArgumentException, OperatorCreationException {
final String hostname;
if ("0.0.0.0".equals(domainName)) {
hostname = "localhost";
} else {
hostname = domainName;
}
try {
KeyStore ks = KeyStore.getInstance("JKS");
File keyStoreFile = new File(file);
if (!keyStoreFile.exists()) {
keyStoreFile.createNewFile();
ks.load(null, null);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
X509v3CertificateBuilder v3CertGen =
new X509v3CertificateBuilder(
new X500Name("CN=" + hostname + ", OU=None, O=None L=None, C=None"),
BigInteger.valueOf(System.currentTimeMillis()),
new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)),
new X500Name("CN=" + hostname + ", OU=None, O=None L=None, C=None"),
SubjectPublicKeyInfo.getInstance(KPair.getPublic().getEncoded()));
AlgorithmIdentifier sigAlgId =
new DefaultSignatureAlgorithmIdentifierFinder().find("SHA512withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter foo = PrivateKeyFactory.createKey(KPair.getPrivate().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(foo);
X509CertificateHolder PKCertificateHolder = v3CertGen.build(sigGen);
X509CertificateStructure eeX509CertificateStructure = PKCertificateHolder.toASN1Structure();
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate cert;
try (InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded())) {
cert = (X509Certificate) cf.generateCertificate(is1);
}
ks.setKeyEntry(
"siesta",
KPair.getPrivate(),
password.toCharArray(),
new java.security.cert.Certificate[] {cert});
ks.store(new FileOutputStream(file), password.toCharArray());
}
} catch (GeneralSecurityException | IOException | IllegalStateException ex) {
throw new IllegalArgumentException("Error creating keystore, please manually create one", ex);
}
}
public PKCS12SafeBagBuilder(X509CertificateHolder certificate) throws IOException {
this(certificate.toASN1Structure());
}