Exemplo n.º 1
0
  @Override
  public Component preview() {
    final Label commonNameLabel = new Label("certCommonName", new Model<String>());
    final ByteArrayInputStream certificateStream = new ByteArrayInputStream(uploadedBytes);
    try {
      final X509Certificate certificate =
          (X509Certificate)
              CertificateFactory.getInstance("X.509").generateCertificate(certificateStream);

      final StringBuilder commonNameBuilder = new StringBuilder("cn=");

      final LdapName ldapName = new LdapName(certificate.getIssuerDN().getName());

      for (Rdn rdn : ldapName.getRdns()) {
        if ("CN".equalsIgnoreCase(rdn.getType())) {
          commonNameBuilder.append(
              rdn.getValue() == null ? StringUtils.EMPTY : rdn.getValue().toString());
        }
      }
      commonNameLabel.setDefaultModelObject(commonNameBuilder.toString());
    } catch (Exception e) {
      LOG.error("Error evaluating certificate file", e);
      throw new IllegalArgumentException("Error evaluating certificate file", e);
    } finally {
      IOUtils.closeQuietly(certificateStream);
    }
    return this.add(commonNameLabel);
  }
  /**
   * Construct a "simplified name" based on the subject DN from the certificate. The purpose is to
   * have something shorter to display in the list. The name used is one of the following DN parts,
   * if available, otherwise the complete DN: 'CN', 'OU' or else 'O'.
   *
   * @param cert to read subject DN from
   * @return the simplified name
   */
  private static String getSimplifiedName(X509Certificate cert) {
    final HashMap<String, String> parts = new HashMap<String, String>();
    try {
      for (Rdn name : new LdapName(cert.getSubjectX500Principal().getName()).getRdns()) {
        if (name.getType() != null && name.getValue() != null) {
          parts.put(name.getType(), name.getValue().toString());
        }
      }
    } catch (InvalidNameException ignored) // NOPMD
    {
    }

    String result = parts.get("CN");
    if (result == null) {
      result = parts.get("OU");
    }
    if (result == null) {
      result = parts.get("O");
    }
    if (result == null) {
      result = cert.getSubjectX500Principal().getName();
    }
    return result;
  }
  private String getIssuer(X509Certificate certificate) {
    try {
      StringBuilder builder = new StringBuilder();
      LdapName ldapDN = new LdapName(certificate.getSubjectX500Principal().getName());
      for (Rdn rdn : ldapDN.getRdns()) {
        String type = getTypeFullName(rdn.getType());
        if (StringUtils.isEmpty(type)) {
          builder
              .append("Serial Number: ")
              .append(toHexString(rdn.getValue().toString().getBytes()));
        } else {
          builder.append(type).append(": ").append(rdn.getValue()).append('\n');
        }
      }

      return builder.toString();
    } catch (InvalidNameException e) {
      return "<Could not determine certificate issuer>";
    }
  }
Exemplo n.º 4
0
  private Object convertSingleValue(
      Column modelElement, String modelAttrName, Class<?> modelAttrClass, Object objResult)
      throws TranslatorException, InvalidNameException {
    if (objResult == null) {
      return null;
    }
    // GHH 20080326 - if attribute is not a string or empty, just
    // return null.
    if (!(objResult instanceof String)) {
      return objResult;
    }

    String strResult = (String) objResult;
    // MPW - 3.9.07 - Also return NULL when attribute is unset or empty string.
    // There is no way to differentiate between being unset and being the empty string.
    if (strResult.equals("")) { // $NON-NLS-1$
      return null;
    }

    // MPW: 3-11-07: Added support for java.lang.Integer conversion.
    if (TypeFacility.RUNTIME_TYPES.TIMESTAMP.equals(modelAttrClass)) {
      String timestampFormat = modelElement.getFormat();
      if (timestampFormat == null) {
        timestampFormat = LDAPConnectorConstants.ldapTimestampFormat;
      }
      SimpleDateFormat dateFormat = new SimpleDateFormat(timestampFormat);
      try {
        Date dateResult = dateFormat.parse(strResult);
        Timestamp tsResult = new Timestamp(dateResult.getTime());
        return tsResult;
      } catch (ParseException pe) {
        throw new TranslatorException(
            pe,
            LDAPPlugin.Util.getString(
                "LDAPSyncQueryExecution.timestampParseFailed", modelAttrName)); // $NON-NLS-1$
      }

      //	TODO: Extend support for more types in the future.
      // Specifically, add support for byte arrays, since that's actually supported
      // in the underlying data source.
    }

    // extract rdn
    String type = modelElement.getProperty(LDAPExecutionFactory.RDN_TYPE, false);
    if (type != null) {
      String prefix = modelElement.getProperty(LDAPExecutionFactory.DN_PREFIX, false);
      LdapName name = new LdapName(strResult);
      if (prefix != null) {
        if (!name.getPrefix(name.size() - 1).toString().equals(prefix)) {
          throw new InvalidNameException();
        }
      } else if (name.size() > 1) {
        throw new InvalidNameException();
      }
      Rdn rdn = name.getRdn(name.size() - 1);
      if (!rdn.getType().equals(type)) {
        throw new InvalidNameException();
      }
      return rdn.getValue();
    }

    return strResult; // the Teiid type conversion logic will handle refine from here if necessary
  }
  @Before
  public void before() throws Exception {
    secureRandom = mock(SecureRandom.class);
    whenNew(SecureRandom.class).withNoArguments().thenReturn(secureRandom);

    encoder = mock(Base64.Encoder.class);
    when(encoder.withoutPadding()).thenReturn(encoder);

    when(encoder.encodeToString(any(byte[].class))).thenReturn("password");

    mockStatic(Base64.class);
    when(Base64.getEncoder()).thenReturn(encoder);

    PropertiesGenerator propertiesGenerator = mock(PropertiesGenerator.class);
    when(propertiesGenerator.getProperty(KeyStoreHelper.KEYPASS_PROPERTY, "password"))
        .thenReturn("password");

    whenNew(PropertiesGenerator.class)
        .withArguments("/opt/traffic_router/conf/keystore.properties")
        .thenReturn(propertiesGenerator);

    KeyStoreLoader keyStoreLoader = mock(KeyStoreLoader.class);
    whenNew(KeyStoreLoader.class)
        .withArguments("/opt/traffic_router/db/.keystore", "password".toCharArray())
        .thenReturn(keyStoreLoader);

    keyStore = PowerMockito.mock(KeyStore.class);
    when(keyStoreLoader.load()).thenReturn(keyStore);

    mockStatic(Paths.class);

    Path keystorePath = mock(Path.class);
    when(Paths.get("/opt/traffic_router/db/.keystore")).thenReturn(keystorePath);

    outputStream = mock(OutputStream.class);

    mockStatic(Files.class);
    when(Files.newOutputStream(keystorePath)).thenReturn(outputStream);

    CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
    certAndKeyGen.generate(2048);
    privateKey = certAndKeyGen.getPrivateKey();
    x509Certificate =
        certAndKeyGen.getSelfCertificate(
            new X500Name("CN=*.deliveryservice.cdn.example.com"), 600L);

    Rdn rdn = mock(Rdn.class);
    when(rdn.getType()).thenReturn("CN");
    when(rdn.getValue()).thenReturn("*.deliveryservice1.cdn.example.com");

    List<Rdn> rdnList = new ArrayList<>();
    rdnList.add(rdn);

    LdapName ldapName = mock(LdapName.class);
    when(ldapName.getRdns()).thenReturn(rdnList);

    whenNew(LdapName.class)
        .withArguments(
            "CN=*.deliveryservice1.cdn.example.com,OU=Traffic Routing,O=Traffic Control CDN,C=US")
        .thenReturn(ldapName);

    X509Certificate x509Certificate = PowerMockito.mock(X509Certificate.class);
    X500Principal x500Principal =
        new X500Principal(
            "CN=*.deliveryservice1.cdn.example.com, OU=Traffic Routing, O=Traffic Control CDN, C=US");

    when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);

    PowerMockito.when(keyStore.aliases())
        .thenAnswer(
            invocation -> {
              Vector<String> vector = new Vector<>();
              vector.add("alias-1");
              vector.add("alias-2");
              return vector.elements();
            });

    PowerMockito.when(keyStore.getCertificate("alias-1")).thenReturn(x509Certificate);
    PowerMockito.when(keyStore.getCertificate("alias-2")).thenReturn(mock(Certificate.class));
  }
  /**
   * Appends an HTML representation of the given X509Certificate.
   *
   * @param sb StringBuilder to append to
   * @param certificate to print
   */
  private void renderX509(StringBuilder sb, X509Certificate certificate) {
    X500Principal issuer = certificate.getIssuerX500Principal();
    X500Principal subject = certificate.getSubjectX500Principal();

    sb.append("<table cellspacing='1' cellpadding='1'>\n");

    // subject
    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_TO"));
    try {
      for (Rdn name : new LdapName(subject.getName()).getRdns()) {
        String nameType = name.getType();
        String lblKey = "service.gui.CERT_INFO_" + nameType;
        String lbl = R.getI18NString(lblKey);

        if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;

        final String value;
        Object nameValue = name.getValue();

        if (nameValue instanceof byte[]) {
          byte[] nameValueAsByteArray = (byte[]) nameValue;

          value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
        } else value = nameValue.toString();

        addField(sb, lbl, value);
      }
    } catch (InvalidNameException ine) {
      addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), subject.getName());
    }

    // issuer
    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_BY"));
    try {
      for (Rdn name : new LdapName(issuer.getName()).getRdns()) {
        String nameType = name.getType();
        String lblKey = "service.gui.CERT_INFO_" + nameType;
        String lbl = R.getI18NString(lblKey);

        if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;

        final String value;
        Object nameValue = name.getValue();

        if (nameValue instanceof byte[]) {
          byte[] nameValueAsByteArray = (byte[]) nameValue;

          value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
        } else value = nameValue.toString();

        addField(sb, lbl, value);
      }
    } catch (InvalidNameException ine) {
      addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), issuer.getName());
    }

    // validity
    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_VALIDITY"));
    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_ISSUED_ON"),
        certificate.getNotBefore().toString());
    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_EXPIRES_ON"),
        certificate.getNotAfter().toString());

    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_FINGERPRINTS"));
    try {
      String sha1String = getThumbprint(certificate, "SHA1");
      String md5String = getThumbprint(certificate, "MD5");

      addField(sb, "SHA1:", sha1String);
      addField(sb, "MD5:", md5String);
    } catch (CertificateException e) {
      // do nothing as we cannot show this value
    }

    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_CERT_DETAILS"));

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_SER_NUM"),
        certificate.getSerialNumber().toString());

    addField(
        sb, R.getI18NString("service.gui.CERT_INFO_VER"), String.valueOf(certificate.getVersion()));

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_SIGN_ALG"),
        String.valueOf(certificate.getSigAlgName()));

    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_PUB_KEY_INFO"));

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_ALG"),
        certificate.getPublicKey().getAlgorithm());

    if (certificate.getPublicKey().getAlgorithm().equals("RSA")) {
      RSAPublicKey key = (RSAPublicKey) certificate.getPublicKey();

      addField(
          sb,
          R.getI18NString("service.gui.CERT_INFO_PUB_KEY"),
          R.getI18NString(
              "service.gui.CERT_INFO_KEY_BYTES_PRINT",
              new String[] {
                String.valueOf(key.getModulus().toByteArray().length - 1),
                key.getModulus().toString(16)
              }));

      addField(
          sb, R.getI18NString("service.gui.CERT_INFO_EXP"), key.getPublicExponent().toString());

      addField(
          sb,
          R.getI18NString("service.gui.CERT_INFO_KEY_SIZE"),
          R.getI18NString(
              "service.gui.CERT_INFO_KEY_BITS_PRINT",
              new String[] {String.valueOf(key.getModulus().bitLength())}));
    } else if (certificate.getPublicKey().getAlgorithm().equals("DSA")) {
      DSAPublicKey key = (DSAPublicKey) certificate.getPublicKey();

      addField(sb, "Y:", key.getY().toString(16));
    }

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_SIGN"),
        R.getI18NString(
            "service.gui.CERT_INFO_KEY_BYTES_PRINT",
            new String[] {
              String.valueOf(certificate.getSignature().length), getHex(certificate.getSignature())
            }));

    sb.append("</table>\n");
  }