java.security.cert.X509Certificate

Here are the examples of the java api class java.security.cert.X509Certificate taken from open source projects.

1. PinningTrustManagerTest#testValidChainWithGhostPin()

Project: AndroidPinning
File: PinningTrustManagerTest.java
public void testValidChainWithGhostPin() throws CertificateException, NoSuchAlgorithmException, KeyStoreException {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate verisignEv = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(VERISIGN_CLASS_3_EV.getBytes()));
    X509Certificate verisignClassThree = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(VERISIGN_CLASS_THREE.getBytes()));
    X509Certificate googleAuthority = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(GOOGLE_AUTHORITY.getBytes()));
    X509Certificate[] chain = makeChain(verisignEv, verisignClassThree, googleAuthority);
    trustManager.clearCache();
    try {
        trustManager.checkServerTrusted(chain, verisignEv.getPublicKey().getAlgorithm());
    } catch (CertificateException ce) {
        Log.w("PinningTrustManagerTest", ce);
        return;
    }
    fail("Trust manager didn't throw error on valid chain with ghost pin!");
}

2. PinningTrustManagerTest#testValidChainWithNoPin()

Project: AndroidPinning
File: PinningTrustManagerTest.java
public void testValidChainWithNoPin() throws CertificateException, NoSuchAlgorithmException, KeyStoreException {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate verisignEv = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(VERISIGN_CLASS_3_EV.getBytes()));
    X509Certificate verisignClassThree = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(VERISIGN_CLASS_THREE.getBytes()));
    X509Certificate verisignRoot = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(VERISIGN_ROOT.getBytes()));
    X509Certificate[] chain = makeChain(verisignEv, verisignClassThree, verisignRoot);
    trustManager.clearCache();
    try {
        trustManager.checkServerTrusted(chain, verisignEv.getPublicKey().getAlgorithm());
    } catch (CertificateException ce) {
        Log.w("PinningTrustManagerTest", ce);
        return;
    }
    fail("Trust manager didn't throw error on valid but unpinned chain!");
}

3. PinningTrustManagerTest#testValidChainAndPin()

Project: AndroidPinning
File: PinningTrustManagerTest.java
public void testValidChainAndPin() throws CertificateException, NoSuchAlgorithmException, KeyStoreException {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate googleWildcard = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(GOOGLE_WILDCARD.getBytes()));
    X509Certificate googleAuthority = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(GOOGLE_AUTHORITY.getBytes()));
    X509Certificate equifaxRoot = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(EQUIFAX_ROOT.getBytes()));
    X509Certificate[] chain = makeChain(googleWildcard, googleAuthority, equifaxRoot);
    trustManager.clearCache();
    trustManager.checkServerTrusted(chain, googleWildcard.getPublicKey().getAlgorithm());
    // Test cache
    trustManager.checkServerTrusted(chain, googleWildcard.getPublicKey().getAlgorithm());
}

4. CertTest#rfc4491Test()

Project: bc-java
File: CertTest.java
private void rfc4491Test() throws Exception {
    CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC");
    X509Certificate x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_94));
    x509.verify(x509.getPublicKey(), "BC");
    x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_2001));
    x509.verify(x509.getPublicKey(), "BC");
}

5. KeyStoreUtilTest#testBoth()

Project: jolokia
File: KeyStoreUtilTest.java
@Test
public void testBoth() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, InvalidKeySpecException, InvalidKeyException, NoSuchProviderException, SignatureException {
    File caPem = getTempFile("ca/cert.pem");
    File serverPem = getTempFile("server/cert.pem");
    File keyPem = getTempFile("server/key.pem");
    KeyStore keystore = createKeyStore();
    KeyStoreUtil.updateWithCaPem(keystore, caPem);
    KeyStoreUtil.updateWithServerPems(keystore, serverPem, keyPem, "RSA", new char[0]);
    X509Certificate caCert = (X509Certificate) keystore.getCertificate(CA_ALIAS);
    X509Certificate serverCert = (X509Certificate) keystore.getCertificate(SERVER_ALIAS);
    // Check that server cert is signed by ca
    serverCert.verify(caCert.getPublicKey());
}

6. CertTest#rfc4491Test()

Project: bc-java
File: CertTest.java
private void rfc4491Test() throws Exception {
    CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
    X509Certificate x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_94));
    x509.verify(x509.getPublicKey(), BC);
    x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_2001));
    x509.verify(x509.getPublicKey(), BC);
}

7. CertTest#rfc4491Test()

Project: bc-java
File: CertTest.java
private void rfc4491Test() throws Exception {
    CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
    X509Certificate x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_94));
    x509.verify(x509.getPublicKey(), BC);
    x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_2001));
    x509.verify(x509.getPublicKey(), BC);
}

8. CertTest#rfc4491Test()

Project: bc-java
File: CertTest.java
private void rfc4491Test() throws Exception {
    CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
    X509Certificate x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_94));
    x509.verify(x509.getPublicKey(), BC);
    x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_2001));
    x509.verify(x509.getPublicKey(), BC);
}

9. CMSTestUtil#makeV1Certificate()

Project: bc-java
File: CMSTestUtil.java
public static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN) throws GeneralSecurityException, IOException, OperatorCreationException {
    PublicKey subPub = subKP.getPublic();
    PrivateKey issPriv = issKP.getPrivate();
    PublicKey issPub = issKP.getPublic();
    X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder(new X500Name(_issDN), allocateSerialNumber(), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), new X500Name(_subDN), subPub);
    JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub);
    X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v1CertGen.build(contentSignerBuilder.build(issPriv)));
    _cert.checkValidity(new Date());
    _cert.verify(issPub);
    return _cert;
}

10. CertTest#rfc4491Test()

Project: bc-java
File: CertTest.java
private void rfc4491Test() throws Exception {
    CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
    X509Certificate x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_94));
    x509.verify(x509.getPublicKey(), BC);
    x509 = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_2001));
    x509.verify(x509.getPublicKey(), BC);
}

11. CMSTestUtil#makeV1Certificate()

Project: bc-java
File: CMSTestUtil.java
public static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN) throws GeneralSecurityException, IOException, OperatorCreationException {
    PublicKey subPub = subKP.getPublic();
    PrivateKey issPriv = issKP.getPrivate();
    PublicKey issPub = issKP.getPublic();
    X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder(new X500Name(_issDN), allocateSerialNumber(), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), new X500Name(_subDN), subPub);
    JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub);
    X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v1CertGen.build(contentSignerBuilder.build(issPriv)));
    _cert.checkValidity(new Date());
    _cert.verify(issPub);
    return _cert;
}

12. PinningTrustManagerTest#testInvalidChainWithValidPin()

Project: AndroidPinning
File: PinningTrustManagerTest.java
public void testInvalidChainWithValidPin() throws CertificateException, NoSuchAlgorithmException, KeyStoreException {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate verisignEv = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(VERISIGN_CLASS_3_EV.getBytes()));
    X509Certificate googleAuthority = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(GOOGLE_AUTHORITY.getBytes()));
    X509Certificate[] chain = makeChain(verisignEv, googleAuthority);
    trustManager.clearCache();
    try {
        trustManager.checkServerTrusted(chain, verisignEv.getPublicKey().getAlgorithm());
    } catch (CertificateException ce) {
        Log.w("PinningTrustManagerTest", ce);
        return;
    }
    fail("Trust manager didn't throw error on invalid but pinned chain!");
}

13. CertTest#checkComparison()

Project: bc-java
File: CertTest.java
private void checkComparison(byte[] encCert) throws NoSuchProviderException, CertificateException {
    CertificateFactory bcFact = CertificateFactory.getInstance("X.509", "BC");
    CertificateFactory sunFact = CertificateFactory.getInstance("X.509", "SUN");
    X509Certificate bcCert = (X509Certificate) bcFact.generateCertificate(new ByteArrayInputStream(encCert));
    X509Certificate sunCert = (X509Certificate) sunFact.generateCertificate(new ByteArrayInputStream(encCert));
    if (!bcCert.equals(sunCert) || !sunCert.equals(bcCert)) {
        fail("BC/Sun equals test failed");
    }
    if (bcCert.hashCode() != sunCert.hashCode()) {
        fail("BC/Sun hashCode test failed");
    }
}

14. BouncyCastleSelfSignedCertGenerator#generate()

Project: netty
File: BouncyCastleSelfSignedCertGenerator.java
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X500Name owner = new X500Name("CN=" + fqdn);
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic());
    ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key);
    X509CertificateHolder certHolder = builder.build(signer);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fqdn, key, cert);
}

15. KeyStoreUtilTest#testKeyStore()

Project: jolokia
File: KeyStoreUtilTest.java
@Test
public void testKeyStore() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, InvalidKeySpecException, UnrecoverableKeyException {
    File serverPem = getTempFile("server/cert.pem");
    File keyPem = getTempFile("server/key.pem");
    KeyStore keystore = createKeyStore();
    KeyStoreUtil.updateWithServerPems(keystore, serverPem, keyPem, "RSA", new char[0]);
    Enumeration<String> aliases = keystore.aliases();
    String alias = aliases.nextElement();
    assertFalse(aliases.hasMoreElements());
    assertTrue(alias.contains("server"));
    X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
    cert.checkValidity();
    assertEquals(cert.getSubjectDN().getName(), SERVER_CERT_SUBJECT_DN);
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) keystore.getKey(alias, new char[0]);
    assertEquals("RSA", key.getAlgorithm());
    RSAPublicKey pubKey = (RSAPublicKey) cert.getPublicKey();
    assertEquals("RSA", pubKey.getAlgorithm());
}

16. KeyStoreUtilTest#testTrustStore()

Project: jolokia
File: KeyStoreUtilTest.java
@Test
public void testTrustStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
    File caPem = getTempFile("ca/cert.pem");
    KeyStore keystore = createKeyStore();
    KeyStoreUtil.updateWithCaPem(keystore, caPem);
    Enumeration<String> aliases = keystore.aliases();
    String alias = aliases.nextElement();
    assertFalse(aliases.hasMoreElements());
    assertTrue(alias.contains("ca.test.jolokia.org"));
    X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
    cert.checkValidity();
    assertTrue(cert.getSubjectDN().getName().contains(CA_CERT_SUBJECT_DN_CN));
    RSAPublicKey key = (RSAPublicKey) cert.getPublicKey();
    assertEquals(key.getAlgorithm(), "RSA");
}

17. CertReplace#main()

Project: jdk7u-jdk
File: CertReplace.java
/**
     * @param args {cacerts keystore, cert chain}
     */
public static void main(String[] args) throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
    Validator v = Validator.getInstance(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
    X509Certificate[] chain = createPath(args[1]);
    System.out.println("Chain: ");
    for (X509Certificate c : v.validate(chain)) {
        System.out.println("   " + c.getSubjectX500Principal() + " issued by " + c.getIssuerX500Principal());
    }
}

18. CertpathTest#setUp()

Project: incubator-wave
File: CertpathTest.java
@Override
protected void setUp() throws Exception {
    TimeSource time = new DefaultTimeSource();
    VerifiedCertChainCache cache = new DefaultCacheImpl(time);
    validator = new CachedCertPathValidator(cache, time, new DefaultTrustRootsProvider());
    CertificateFactory fac = CertificateFactory.getInstance("X509");
    X509Certificate ourCert = (X509Certificate) fac.generateCertificate(new ByteArrayInputStream(GOOGLE_CERT.getBytes()));
    X509Certificate intermediateCert = (X509Certificate) fac.generateCertificate(new ByteArrayInputStream(INTERMEDIATE_CERT.getBytes()));
    certs = ImmutableList.of(ourCert, intermediateCert);
}

19. CertificateParser#parse()

Project: apk-parser
File: CertificateParser.java
/**
     * get certificate info
     *
     * @throws IOException
     * @throws CertificateEncodingException
     */
public void parse() throws IOException, CertificateException {
    PKCS7 pkcs7 = new PKCS7(data);
    X509Certificate[] certificates = pkcs7.getCertificates();
    certificateMetas = new ArrayList<>();
    for (X509Certificate certificate : certificates) {
        CertificateMeta certificateMeta = new CertificateMeta();
        certificateMetas.add(certificateMeta);
        byte[] bytes = certificate.getEncoded();
        String certMd5 = md5Digest(bytes);
        String publicKeyString = byteToHexString(bytes);
        String certBase64Md5 = md5Digest(publicKeyString);
        certificateMeta.setData(bytes);
        certificateMeta.setCertBase64Md5(certBase64Md5);
        certificateMeta.setCertMd5(certMd5);
        certificateMeta.setStartDate(certificate.getNotBefore());
        certificateMeta.setEndDate(certificate.getNotAfter());
        certificateMeta.setSignAlgorithm(certificate.getSigAlgName());
        certificateMeta.setSignAlgorithmOID(certificate.getSigAlgOID());
    }
}

20. PinningTrustManager#checkPinTrust()

Project: AndroidPinning
File: PinningTrustManager.java
private void checkPinTrust(X509Certificate[] chain) throws CertificateException {
    if (enforceUntilTimestampMillis != 0 && System.currentTimeMillis() > enforceUntilTimestampMillis) {
        Log.w("PinningTrustManager", "Certificate pins are stale, falling back to system trust.");
        return;
    }
    final X509Certificate[] cleanChain = CertificateChainCleaner.getCleanChain(chain, systemKeyStore);
    for (X509Certificate certificate : cleanChain) {
        if (isValidPin(certificate)) {
            return;
        }
    }
    throw new CertificateException("No valid pins found in chain!");
}

21. Cluster#checkCerts()

Project: eucalyptus
File: Cluster.java
public boolean checkCerts(final NodeCertInfo certs) {
    if ((certs == null) || (certs.getCcCert() == null) || (certs.getNcCert() == null)) {
        return false;
    }
    final X509Certificate clusterx509 = PEMFiles.getCert(B64.standard.dec(certs.getCcCert()));
    final X509Certificate nodex509 = PEMFiles.getCert(B64.standard.dec(certs.getNcCert()));
    if ("self".equals(certs.getServiceTag()) || (certs.getServiceTag() == null)) {
        return (this.hasClusterCert = this.checkCerts(this.getClusterCertificate(), clusterx509)) && (this.hasNodeCert = this.checkCerts(this.getNodeCertificate(), nodex509));
    } else if (this.nodeMap.containsKey(certs.getServiceTag())) {
        final NodeInfo nodeInfo = this.nodeMap.get(certs.getServiceTag());
        nodeInfo.setHasClusterCert(this.checkCerts(this.getClusterCertificate(), clusterx509));
        nodeInfo.setHasNodeCert(this.checkCerts(this.getNodeCertificate(), nodex509));
        return nodeInfo.getHasClusterCert() && nodeInfo.getHasNodeCert();
    } else {
        LOG.error("Cluster " + this.getName() + " failed to find cluster/node info for service tag: " + certs.getServiceTag());
        return false;
    }
}

22. HttpTestServer#getTrustedCertificateFiles()

Project: bnd
File: HttpTestServer.java
public List<File> getTrustedCertificateFiles(File dir) throws Exception {
    X509Certificate[] cc = server.getCertificateChain();
    if (cc == null)
        return Collections.emptyList();
    List<File> files = new ArrayList<>();
    for (X509Certificate c : cc) {
        File f = aQute.lib.io.IO.createTempFile(dir, "cert", ".cer");
        aQute.lib.io.IO.write(c.getEncoded(), f);
        files.add(f);
    }
    return files;
}

23. X509UtilsTest#testDisplayName()

Project: bitcoinj
File: X509UtilsTest.java
@Test
public void testDisplayName() throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate clientCert = (X509Certificate) cf.generateCertificate(getClass().getResourceAsStream("startssl-client.crt"));
    assertEquals("Andreas Schildbach", X509Utils.getDisplayNameFromCertificate(clientCert, false));
    X509Certificate comodoCert = (X509Certificate) cf.generateCertificate(getClass().getResourceAsStream("comodo-smime.crt"));
    assertEquals("[email protected]", X509Utils.getDisplayNameFromCertificate(comodoCert, true));
}

24. CertTest#checkComparison()

Project: bc-java
File: CertTest.java
private void checkComparison(byte[] encCert) throws NoSuchProviderException, CertificateException {
    CertificateFactory bcFact = CertificateFactory.getInstance("X.509", "BC");
    CertificateFactory sunFact = CertificateFactory.getInstance("X.509", "SUN");
    X509Certificate bcCert = (X509Certificate) bcFact.generateCertificate(new ByteArrayInputStream(encCert));
    X509Certificate sunCert = (X509Certificate) sunFact.generateCertificate(new ByteArrayInputStream(encCert));
    if (!bcCert.equals(sunCert) || !sunCert.equals(bcCert)) {
        fail("BC/Sun equals test failed");
    }
// Yes, they actually changed hashCode() on a certificate in JDK 1.8...
//        if (bcCert.hashCode() != sunCert.hashCode())
//        {
//            fail("BC/Sun hashCode test failed");
//        }
}

25. AuthManager#equalPrivateCredentials()

Project: river
File: AuthManager.java
/**
     * Checks if the two private credentials refer to the same principal and
     * have the equivalent private key.
     */
boolean equalPrivateCredentials(X500PrivateCredential cred1, X500PrivateCredential cred2) {
    if (cred1 == null || cred2 == null) {
        return false;
    }
    X509Certificate cert1 = cred1.getCertificate();
    X509Certificate cert2 = cred2.getCertificate();
    if (cert1 == null || cert2 == null || !safeEquals(cert1.getSubjectDN(), cert2.getSubjectDN())) {
        return false;
    }
    /*
	 * I'm assuming I can depend on the equals method for private keys to
	 * check if the two objects represent the same key without being
	 * identical objects.  Although that behavior isn't documented, at
	 * least the sun.security.pkcs.PKCS8Key class does that.
	 * -tjb[8.Jan.2001]
	 */
    PrivateKey key1 = cred1.getPrivateKey();
    return key1 != null && key1.equals(cred2.getPrivateKey());
}

26. Admin#getSSLCertificate()

Project: railo
File: Admin.java
public static Query getSSLCertificate(Config config, String host, int port) throws PageException {
    Resource cacerts = config.getSecurityDirectory();
    CertificateInstaller installer;
    try {
        installer = new CertificateInstaller(cacerts, host, port);
    } catch (Exception e) {
        throw Caster.toPageException(e);
    }
    X509Certificate[] certs = installer.getCertificates();
    X509Certificate cert;
    Query qry = new QueryImpl(new String[] { "subject", "issuer" }, certs.length, "certificates");
    for (int i = 0; i < certs.length; i++) {
        cert = certs[i];
        qry.setAtEL("subject", i + 1, cert.getSubjectDN().getName());
        qry.setAtEL("issuer", i + 1, cert.getIssuerDN().getName());
    }
    return qry;
}

27. CertReplace#main()

Project: openjdk
File: CertReplace.java
/**
     * @param args {cacerts keystore, cert chain}
     */
public static void main(String[] args) throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
    Validator v = Validator.getInstance(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
    X509Certificate[] chain = createPath(args[1]);
    System.out.println("Chain: ");
    for (X509Certificate c : v.validate(chain)) {
        System.out.println("   " + c.getSubjectX500Principal() + " issued by " + c.getIssuerX500Principal());
    }
}

28. ValidateTargetConstraints#getCertFromFile()

Project: openjdk
File: ValidateTargetConstraints.java
/**
     * Get a DER-encoded X.509 certificate from a file.
     *
     * @param certFilePath path to file containing DER-encoded certificate
     * @return X509Certificate
     * @throws IOException on error
     */
public static X509Certificate getCertFromFile(String certFilePath) throws IOException {
    X509Certificate cert = null;
    try {
        File certFile = new File(System.getProperty("test.src", "."), certFilePath);
        FileInputStream certFileInputStream = new FileInputStream(certFile);
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        cert = (X509Certificate) cf.generateCertificate(certFileInputStream);
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException("Can't construct X509Certificate: " + e.getMessage());
    }
    return cert;
}

29. BuildOddSel#getCertFromFile()

Project: openjdk
File: BuildOddSel.java
/**
     * Get a DER-encoded X.509 certificate from a file.
     *
     * @param certFilePath path to file containing DER-encoded certificate
     * @return X509Certificate
     * @throws IOException on error
     */
public static X509Certificate getCertFromFile(String certFilePath) throws IOException {
    X509Certificate cert = null;
    try {
        File certFile = new File(System.getProperty("test.src", "."), certFilePath);
        FileInputStream certFileInputStream = new FileInputStream(certFile);
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        cert = (X509Certificate) cf.generateCertificate(certFileInputStream);
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException("Can't construct X509Certificate: " + e.getMessage());
    }
    return cert;
}

30. KeyStore#engineGetCertificate()

Project: openjdk
File: KeyStore.java
/**
     * Returns the certificate associated with the given alias.
     *
     * <p>If the given alias name identifies a
     * <i>trusted certificate entry</i>, the certificate associated with that
     * entry is returned. If the given alias name identifies a
     * <i>key entry</i>, the first element of the certificate chain of that
     * entry is returned, or null if that entry does not have a certificate
     * chain.
     *
     * @param alias the alias name
     *
     * @return the certificate, or null if the given alias does not exist or
     * does not contain a certificate.
     */
public Certificate engineGetCertificate(String alias) {
    if (alias == null) {
        return null;
    }
    KeyEntry entry = entries.get(alias);
    X509Certificate[] certChain = (entry == null) ? null : entry.getCertificateChain();
    return (certChain == null || certChain.length == 0) ? null : certChain[0];
}

31. KeyStore#engineGetCertificateChain()

Project: openjdk
File: KeyStore.java
/**
     * Returns the certificate chain associated with the given alias.
     *
     * @param alias the alias name
     *
     * @return the certificate chain (ordered with the user's certificate first
     * and the root certificate authority last), or null if the given alias
     * does not exist or does not contain a certificate chain (i.e., the given
     * alias identifies either a <i>trusted certificate entry</i> or a
     * <i>key entry</i> without a certificate chain).
     */
public Certificate[] engineGetCertificateChain(String alias) {
    if (alias == null) {
        return null;
    }
    KeyEntry entry = entries.get(alias);
    X509Certificate[] certChain = (entry == null) ? null : entry.getCertificateChain();
    return (certChain == null) ? null : certChain.clone();
}

32. X509SubjectNameResolver#engineLookupAndResolvePublicKey()

Project: openjdk
File: X509SubjectNameResolver.java
/**
     * Method engineResolvePublicKey
     *
     * @param element
     * @param BaseURI
     * @param storage
     * @return null if no {@link PublicKey} could be obtained
     * @throws KeyResolverException
     */
public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, baseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

33. X509SKIResolver#engineLookupAndResolvePublicKey()

Project: openjdk
File: X509SKIResolver.java
/**
     * Method engineResolvePublicKey
     *
     * @param element
     * @param baseURI
     * @param storage
     * @return null if no {@link PublicKey} could be obtained
     * @throws KeyResolverException
     */
public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, baseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

34. X509IssuerSerialResolver#engineLookupAndResolvePublicKey()

Project: openjdk
File: X509IssuerSerialResolver.java
/** @inheritDoc */
public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, baseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

35. X509CertificateResolver#engineLookupAndResolvePublicKey()

Project: openjdk
File: X509CertificateResolver.java
/**
     * Method engineResolvePublicKey
     * @inheritDoc
     * @param element
     * @param BaseURI
     * @param storage
     *
     * @throws KeyResolverException
     */
public PublicKey engineLookupAndResolvePublicKey(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, BaseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

36. URICertStore#getMatchingCerts()

Project: openjdk
File: URICertStore.java
/**
     * Iterates over the specified Collection of X509Certificates and
     * returns only those that match the criteria specified in the
     * CertSelector.
     */
private static Collection<X509Certificate> getMatchingCerts(Collection<X509Certificate> certs, CertSelector selector) {
    // if selector not specified, all certs match
    if (selector == null) {
        return certs;
    }
    List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
    for (X509Certificate cert : certs) {
        if (selector.match(cert)) {
            matchedCerts.add(cert);
        }
    }
    return matchedCerts;
}

37. UntrustedChecker#check()

Project: openjdk
File: UntrustedChecker.java
@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
    X509Certificate currCert = (X509Certificate) cert;
    if (UntrustedCertificates.isUntrusted(currCert)) {
        if (debug != null) {
            debug.println("UntrustedChecker: untrusted certificate " + currCert.getSubjectX500Principal());
        }
        throw new CertPathValidatorException("Untrusted certificate: " + currCert.getSubjectX500Principal());
    }
}

38. SSLServerCertStore#getMatchingCerts()

Project: openjdk
File: SSLServerCertStore.java
private static List<X509Certificate> getMatchingCerts(List<X509Certificate> certs, CertSelector selector) {
    // if selector not specified, all certs match
    if (selector == null) {
        return certs;
    }
    List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
    for (X509Certificate cert : certs) {
        if (selector.match(cert)) {
            matchedCerts.add(cert);
        }
    }
    return matchedCerts;
}

39. ConstraintsChecker#check()

Project: openjdk
File: ConstraintsChecker.java
/**
     * Performs the basic constraints and name constraints
     * checks on the certificate using its internal state.
     *
     * @param cert the <code>Certificate</code> to be checked
     * @param unresCritExts a <code>Collection</code> of OID strings
     *        representing the current set of unresolved critical extensions
     * @throws CertPathValidatorException if the specified certificate
     *         does not pass the check
     */
@Override
public void check(Certificate cert, Collection<String> unresCritExts) throws CertPathValidatorException {
    X509Certificate currCert = (X509Certificate) cert;
    i++;
    // MUST run NC check second, since it depends on BC check to
    // update remainingCerts
    checkBasicConstraints(currCert);
    verifyNameConstraints(currCert);
    if (unresCritExts != null && !unresCritExts.isEmpty()) {
        unresCritExts.remove(BasicConstraints_Id.toString());
        unresCritExts.remove(NameConstraints_Id.toString());
    }
}

40. BasicChecker#check()

Project: openjdk
File: BasicChecker.java
/**
     * Performs the signature, timestamp, and subject/issuer name chaining
     * checks on the certificate using its internal state. This method does
     * not remove any critical extensions from the Collection.
     *
     * @param cert the Certificate
     * @param unresolvedCritExts a Collection of the unresolved critical
     * extensions
     * @throws CertPathValidatorException if certificate does not verify
     */
@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
    X509Certificate currCert = (X509Certificate) cert;
    if (!sigOnly) {
        verifyTimestamp(currCert);
        verifyNameChaining(currCert);
    }
    verifySignature(currCert);
    updateState(currCert);
}

41. CertificateChainCleanerTest#chainTooLong()

Project: okhttp
File: CertificateChainCleanerTest.java
@Test
public void chainTooLong() throws Exception {
    List<HeldCertificate> heldCertificates = chainOfLength(11);
    List<Certificate> certificates = new ArrayList<>();
    for (HeldCertificate heldCertificate : heldCertificates) {
        certificates.add(heldCertificate.certificate);
    }
    X509Certificate root = heldCertificates.get(heldCertificates.size() - 1).certificate;
    CertificateChainCleaner cleaner = CertificateChainCleaner.get(root);
    try {
        cleaner.clean(certificates, "hostname");
        fail();
    } catch (SSLPeerUnverifiedException expected) {
    }
}

42. CertificateChainCleanerTest#chainMaxLength()

Project: okhttp
File: CertificateChainCleanerTest.java
@Test
public void chainMaxLength() throws Exception {
    List<HeldCertificate> heldCertificates = chainOfLength(10);
    List<Certificate> certificates = new ArrayList<>();
    for (HeldCertificate heldCertificate : heldCertificates) {
        certificates.add(heldCertificate.certificate);
    }
    X509Certificate root = heldCertificates.get(heldCertificates.size() - 1).certificate;
    CertificateChainCleaner cleaner = CertificateChainCleaner.get(root);
    assertEquals(certificates, cleaner.clean(certificates, "hostname"));
    assertEquals(certificates, cleaner.clean(certificates.subList(0, 9), "hostname"));
}

43. Utils#getKeyStoreManager()

Project: odo
File: Utils.java
/**
	 * Gets a keystore manager for a given hostname
	 * Creates one/key if it does not already exist
	 * @param hostname
	 * @return
	 * @throws Exception
	 */
public static KeyStoreManager getKeyStoreManager(String hostname) throws Exception {
    File root = getKeyStoreRoot(hostname);
    // create entry
    KeyStoreManager keyStoreManager = new KeyStoreManager(root);
    // under the hood this will generate the cert if it doesn't exist
    keyStoreManager.getCertificateByHostname(hostname);
    // use this since getCertificateByHostname always returns null, but hostname == alias for our purpose
    X509Certificate cert = keyStoreManager.getCertificateByAlias(hostname);
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException cee) {
        keyStoreManager = null;
        FileUtils.deleteDirectory(root);
        return getKeyStoreManager(hostname);
    }
    return keyStoreManager;
}

44. SslContextTrustManagerTest#loadCertCollection()

Project: netty
File: SslContextTrustManagerTest.java
private static X509Certificate[] loadCertCollection(String[] resourceNames) throws Exception {
    CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
    X509Certificate[] certCollection = new X509Certificate[resourceNames.length];
    for (int i = 0; i < resourceNames.length; i++) {
        String resourceName = resourceNames[i];
        InputStream is = null;
        try {
            is = SslContextTest.class.getResourceAsStream(resourceName);
            assertNotNull("Cannot find " + resourceName, is);
            certCollection[i] = (X509Certificate) certFactory.generateCertificate(is);
        } finally {
            if (is != null) {
                is.close();
            }
        }
    }
    return certCollection;
}

45. SslContextTrustManagerTest#getTrustManager()

Project: netty
File: SslContextTrustManagerTest.java
private static X509TrustManager getTrustManager(String[] resourceNames) throws Exception {
    X509Certificate[] certCollection = loadCertCollection(resourceNames);
    TrustManagerFactory tmf = SslContext.buildTrustManagerFactory(certCollection, null);
    for (TrustManager tm : tmf.getTrustManagers()) {
        if (tm instanceof X509TrustManager) {
            return (X509TrustManager) tm;
        }
    }
    throw new Exception("Unable to find any X509TrustManager from this factory.");
}

46. SslContextBuilder#keyManager()

Project: netty
File: SslContextBuilder.java
/**
     * Identifying certificate for this host. {@code keyCertChainInputStream} and {@code keyInputStream} may
     * be {@code null} for client contexts, which disables mutual authentication.
     *
     * @param keyCertChainInputStream an input stream for an X.509 certificate chain in PEM format
     * @param keyInputStream an input stream for a PKCS#8 private key in PEM format
     * @param keyPassword the password of the {@code keyInputStream}, or {@code null} if it's not
     *     password-protected
     */
public SslContextBuilder keyManager(InputStream keyCertChainInputStream, InputStream keyInputStream, String keyPassword) {
    X509Certificate[] keyCertChain;
    PrivateKey key;
    try {
        keyCertChain = SslContext.toX509Certificates(keyCertChainInputStream);
    } catch (Exception e) {
        throw new IllegalArgumentException("Input stream not contain valid certificates.", e);
    }
    try {
        key = SslContext.toPrivateKey(keyInputStream, keyPassword);
    } catch (Exception e) {
        throw new IllegalArgumentException("Input stream does not contain valid private key.", e);
    }
    return keyManager(key, keyPassword, keyCertChain);
}

47. SslContextBuilder#keyManager()

Project: netty
File: SslContextBuilder.java
/**
     * Identifying certificate for this host. {@code keyCertChainFile} and {@code keyFile} may
     * be {@code null} for client contexts, which disables mutual authentication.
     *
     * @param keyCertChainFile an X.509 certificate chain file in PEM format
     * @param keyFile a PKCS#8 private key file in PEM format
     * @param keyPassword the password of the {@code keyFile}, or {@code null} if it's not
     *     password-protected
     */
public SslContextBuilder keyManager(File keyCertChainFile, File keyFile, String keyPassword) {
    X509Certificate[] keyCertChain;
    PrivateKey key;
    try {
        keyCertChain = SslContext.toX509Certificates(keyCertChainFile);
    } catch (Exception e) {
        throw new IllegalArgumentException("File does not contain valid certificates: " + keyCertChainFile, e);
    }
    try {
        key = SslContext.toPrivateKey(keyFile, keyPassword);
    } catch (Exception e) {
        throw new IllegalArgumentException("File does not contain valid private key: " + keyFile, e);
    }
    return keyManager(key, keyPassword, keyCertChain);
}

48. SslContext#buildTrustManagerFactory()

Project: netty
File: SslContext.java
static TrustManagerFactory buildTrustManagerFactory(X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(null, null);
    int i = 1;
    for (X509Certificate cert : certCollection) {
        String alias = Integer.toString(i);
        ks.setCertificateEntry(alias, cert);
        i++;
    }
    // Set up trust manager factory to use our key store.
    if (trustManagerFactory == null) {
        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    }
    trustManagerFactory.init(ks);
    return trustManagerFactory;
}

49. SslContext#getCertificatesFromBuffers()

Project: netty
File: SslContext.java
private static X509Certificate[] getCertificatesFromBuffers(ByteBuf[] certs) throws CertificateException {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate[] x509Certs = new X509Certificate[certs.length];
    try {
        for (int i = 0; i < certs.length; i++) {
            x509Certs[i] = (X509Certificate) cf.generateCertificate(new ByteBufInputStream(certs[i]));
        }
    } finally {
        for (ByteBuf buf : certs) {
            buf.release();
        }
    }
    return x509Certs;
}

50. OpenSslX509Certificate#unwrap()

Project: netty
File: OpenSslX509Certificate.java
private X509Certificate unwrap() {
    X509Certificate wrapped = this.wrapped;
    if (wrapped == null) {
        try {
            wrapped = this.wrapped = (X509Certificate) SslContext.X509_CERT_FACTORY.generateCertificate(new ByteArrayInputStream(bytes));
        } catch (CertificateException e) {
            throw new IllegalStateException(e);
        }
    }
    return wrapped;
}

51. SsoWebViewClient#getX509CertificateFromError()

Project: MyRepository-master
File: SsoWebViewClient.java
/**
     * Obtain the X509Certificate from SslError
     * @param   error     SslError
     * @return  X509Certificate from error
     */
public X509Certificate getX509CertificateFromError(SslError error) {
    Bundle bundle = SslCertificate.saveState(error.getCertificate());
    X509Certificate x509Certificate;
    byte[] bytes = bundle.getByteArray("x509-certificate");
    if (bytes == null) {
        x509Certificate = null;
    } else {
        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(bytes));
            x509Certificate = (X509Certificate) cert;
        } catch (CertificateException e) {
            x509Certificate = null;
        }
    }
    return x509Certificate;
}

52. SsoWebViewClient#onReceivedSslError()

Project: MyRepository-master
File: SsoWebViewClient.java
@Override
public void onReceivedSslError(final WebView view, final SslErrorHandler handler, SslError error) {
    Log_OC.e(TAG, "onReceivedSslError : " + error);
    // Test 1
    X509Certificate x509Certificate = getX509CertificateFromError(error);
    boolean isKnownServer = false;
    if (x509Certificate != null) {
        try {
            isKnownServer = NetworkUtils.isCertInKnownServersStore((Certificate) x509Certificate, mContext);
        } catch (Exception e) {
            Log_OC.e(TAG, "Exception: " + e.getMessage());
        }
    }
    if (isKnownServer) {
        handler.proceed();
    } else {
        ((AuthenticatorActivity) mContext).showUntrustedCertDialog(x509Certificate, error, handler);
    }
}

53. LibraryPropertiesPanel#getCertInfo()

Project: msopentech-tools-for-intellij
File: LibraryPropertiesPanel.java
private static String getCertInfo(String certURL) {
    X509Certificate acsCert = CerPfxUtil.getCert(certURL, null);
    if (acsCert != null) {
        DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
        StringBuilder certInfo = new StringBuilder();
        certInfo.append(String.format("%1$-10s", "Subject")).append(" : ").append(acsCert.getSubjectDN()).append("\n");
        certInfo.append(String.format("%1$-11s", "Issuer")).append(" : ").append(acsCert.getIssuerDN()).append("\n");
        certInfo.append(String.format("%1$-13s", "Valid")).append(" : ").append(dateFormat.format(acsCert.getNotBefore())).append(" to ").append(dateFormat.format(acsCert.getNotAfter()));
        return certInfo.toString();
    } else {
        return null;
    }
}

54. EncryptedServiceTest#testEncryptedGet()

Project: maven-framework-project
File: EncryptedServiceTest.java
@Test
public void testEncryptedGet() throws Exception {
    // LOADING THE CERTIFICATE
    X509Certificate myX509Certificate = PemUtils.decodeCertificate(Thread.currentThread().getContextClassLoader().getResourceAsStream("democert.pem"));
    // LOADING THE KEY
    PrivateKey myPrivateKey = PemUtils.decodePrivateKey(Thread.currentThread().getContextClassLoader().getResourceAsStream("demokey.pem"));
    // CREATING A CLIENT FOR THE WEB SERVICE
    Client client = new ResteasyClientBuilder().build();
    WebTarget target = client.target("http://localhost:8080/encryption-1.0/services/encrypted");
    // RETRIEVING THE RESULT OF METHOD EXECUTION
    EnvelopedInput<?> input = target.request().get(EnvelopedInput.class);
    Assert.assertEquals("Hello world", input.getEntity(String.class, myPrivateKey, myX509Certificate));
    client.close();
}

55. LdapX509AuthenticationHandlerTest#testUserWithoutLdapEntry()

Project: lumify
File: LdapX509AuthenticationHandlerTest.java
// TODO: user without any groups?
@Test(expected = LumifyException.class)
public void testUserWithoutLdapEntry() throws Exception {
    LdapSearchService ldapSearchService = new LdapSearchServiceImpl(LdapSearchServiceTest.getServerConfig(ldapServer), LdapSearchServiceTest.getSearchConfig());
    Map<String, String> map = new HashMap<String, String>();
    Configuration configuration = new HashMapConfigurationLoader(map).createConfiguration();
    AuthenticationHandler authenticationHandler = new LdapX509AuthenticationHandler(userRepository, graph, ldapSearchService, configuration);
    X509Certificate cert = LdapSearchServiceTest.getPersonCertificate("diane");
    when(request.getAttribute(X509AuthenticationHandler.CERTIFICATE_REQUEST_ATTRIBUTE)).thenReturn(new X509Certificate[] { cert });
    authenticationHandler.handle(request, response, chain);
}

56. LdapX509AuthenticationHandlerTest#testUserWithoutRequiredGroup()

Project: lumify
File: LdapX509AuthenticationHandlerTest.java
@Test
public void testUserWithoutRequiredGroup() throws Exception {
    LdapSearchService ldapSearchService = new LdapSearchServiceImpl(LdapSearchServiceTest.getServerConfig(ldapServer), LdapSearchServiceTest.getSearchConfig());
    Configuration configuration = getConfigurationWithRequiredGroups("managers");
    AuthenticationHandler authenticationHandler = new LdapX509AuthenticationHandler(userRepository, graph, ldapSearchService, configuration);
    X509Certificate cert = LdapSearchServiceTest.getPersonCertificate("bob");
    when(request.getAttribute(X509AuthenticationHandler.CERTIFICATE_REQUEST_ATTRIBUTE)).thenReturn(new X509Certificate[] { cert });
    authenticationHandler.handle(request, response, chain);
    verify(response).sendError(HttpServletResponse.SC_FORBIDDEN);
    verify(chain, never()).next(request, response);
}

57. LdapX509AuthenticationHandlerTest#testUserWithRequiredGroup()

Project: lumify
File: LdapX509AuthenticationHandlerTest.java
@Test
public void testUserWithRequiredGroup() throws Exception {
    LdapSearchService ldapSearchService = new LdapSearchServiceImpl(LdapSearchServiceTest.getServerConfig(ldapServer), LdapSearchServiceTest.getSearchConfig());
    Configuration configuration = getConfigurationWithRequiredGroups("managers");
    AuthenticationHandler authenticationHandler = new LdapX509AuthenticationHandler(userRepository, graph, ldapSearchService, configuration);
    X509Certificate cert = LdapSearchServiceTest.getPersonCertificate("carlos");
    when(request.getAttribute(X509AuthenticationHandler.CERTIFICATE_REQUEST_ATTRIBUTE)).thenReturn(new X509Certificate[] { cert });
    when(userRepository.findOrAddUser((String) notNull(), (String) notNull(), (String) isNull(), (String) notNull(), (String[]) notNull())).thenReturn(user);
    when(user.toString()).thenReturn("carlos");
    when(user.getUserId()).thenReturn("USER_carlos");
    when(request.getSession()).thenReturn(httpSession);
    authenticationHandler.handle(request, response, chain);
    verify(chain).next(request, response);
}

58. LdapX509AuthenticationHandlerTest#testUserWithoutAnyRoles()

Project: lumify
File: LdapX509AuthenticationHandlerTest.java
@Test
public void testUserWithoutAnyRoles() throws Exception {
    LdapSearchService ldapSearchService = new LdapSearchServiceImpl(LdapSearchServiceTest.getServerConfig(ldapServer), getSearchConfigWithExtraUserAttribute("role"));
    Configuration configuration = getConfigurationWithRequiredAttribute("role", "lumify_administrator");
    AuthenticationHandler authenticationHandler = new LdapX509AuthenticationHandler(userRepository, graph, ldapSearchService, configuration);
    X509Certificate cert = LdapSearchServiceTest.getPersonCertificate("carlos");
    when(request.getAttribute(X509AuthenticationHandler.CERTIFICATE_REQUEST_ATTRIBUTE)).thenReturn(new X509Certificate[] { cert });
    authenticationHandler.handle(request, response, chain);
    verify(response).sendError(HttpServletResponse.SC_FORBIDDEN);
    verify(chain, never()).next(request, response);
}

59. LdapX509AuthenticationHandlerTest#testUserWithoutRequiredRole()

Project: lumify
File: LdapX509AuthenticationHandlerTest.java
@Test
public void testUserWithoutRequiredRole() throws Exception {
    LdapSearchService ldapSearchService = new LdapSearchServiceImpl(LdapSearchServiceTest.getServerConfig(ldapServer), getSearchConfigWithExtraUserAttribute("role"));
    Configuration configuration = getConfigurationWithRequiredAttribute("role", "lumify_administrator");
    AuthenticationHandler authenticationHandler = new LdapX509AuthenticationHandler(userRepository, graph, ldapSearchService, configuration);
    X509Certificate cert = LdapSearchServiceTest.getPersonCertificate("bob");
    when(request.getAttribute(X509AuthenticationHandler.CERTIFICATE_REQUEST_ATTRIBUTE)).thenReturn(new X509Certificate[] { cert });
    authenticationHandler.handle(request, response, chain);
    verify(response).sendError(HttpServletResponse.SC_FORBIDDEN);
    verify(chain, never()).next(request, response);
}

60. LdapX509AuthenticationHandlerTest#testUserWithRequiredRole()

Project: lumify
File: LdapX509AuthenticationHandlerTest.java
@Test
public void testUserWithRequiredRole() throws Exception {
    LdapSearchService ldapSearchService = new LdapSearchServiceImpl(LdapSearchServiceTest.getServerConfig(ldapServer), getSearchConfigWithExtraUserAttribute("role"));
    Configuration configuration = getConfigurationWithRequiredAttribute("role", "lumify_administrator");
    AuthenticationHandler authenticationHandler = new LdapX509AuthenticationHandler(userRepository, graph, ldapSearchService, configuration);
    X509Certificate cert = LdapSearchServiceTest.getPersonCertificate("alice");
    when(request.getAttribute(X509AuthenticationHandler.CERTIFICATE_REQUEST_ATTRIBUTE)).thenReturn(new X509Certificate[] { cert });
    when(userRepository.findOrAddUser((String) notNull(), (String) notNull(), (String) isNull(), (String) notNull(), (String[]) notNull())).thenReturn(user);
    when(user.toString()).thenReturn("alice");
    when(user.getUserId()).thenReturn("USER_alice");
    when(request.getSession()).thenReturn(httpSession);
    authenticationHandler.handle(request, response, chain);
    verify(chain).next(request, response);
}

61. LdapX509AuthenticationHandler#extractCertificate()

Project: lumify
File: LdapX509AuthenticationHandler.java
@Override
protected X509Certificate extractCertificate(HttpServletRequest request) {
    X509Certificate cert = super.extractCertificate(request);
    if (cert != null) {
        LOGGER.info("using cert from %s request attribute", CERTIFICATE_REQUEST_ATTRIBUTE);
    } else {
        try {
            cert = getHeaderClientCert(request);
        } catch (Exception e) {
            throw new LumifyException("failed to extract cert from request header", e);
        }
        if (cert != null) {
            LOGGER.info("using cert from %s request header", ldapX509AuthenticationConfiguration.getClientCertHeader());
            LOGGER.info("client dn from %s request header is %s", ldapX509AuthenticationConfiguration.getClientDnHeader(), getHeaderClientDN(request));
        } else {
            LOGGER.error("no certificate found in request attribute %s or request header %s", CERTIFICATE_REQUEST_ATTRIBUTE, ldapX509AuthenticationConfiguration.getClientCertHeader());
            return null;
        }
    }
    return cert;
}

62. RealmManager#generateKeys()

Project: keycloak
File: RealmManager.java
public void generateKeys() {
    RealmRepresentation rep = realm.toRepresentation();
    KeyPair keyPair;
    try {
        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
        generator.initialize(2048);
        keyPair = generator.generateKeyPair();
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }
    rep.setPrivateKey(Base64.encodeBytes(keyPair.getPrivate().getEncoded()));
    rep.setPublicKey(Base64.encodeBytes(keyPair.getPublic().getEncoded()));
    X509Certificate certificate;
    try {
        certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, rep.getId());
        rep.setCertificate(Base64.encodeBytes(certificate.getEncoded()));
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    rep.setCodeSecret(org.keycloak.models.utils.KeycloakModelUtils.generateCodeSecret());
    realm.update(rep);
}

63. KeycloakModelUtils#generateKeyPairCertificate()

Project: keycloak
File: KeycloakModelUtils.java
public static CertificateRepresentation generateKeyPairCertificate(String subject) {
    KeyPair keyPair = null;
    try {
        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
        generator.initialize(2048);
        keyPair = generator.generateKeyPair();
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }
    X509Certificate certificate = null;
    try {
        certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, subject);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    String privateKeyPem = KeycloakModelUtils.getPemFromKey(keyPair.getPrivate());
    String certPem = KeycloakModelUtils.getPemFromCertificate(certificate);
    CertificateRepresentation rep = new CertificateRepresentation();
    rep.setPrivateKey(privateKeyPem);
    rep.setCertificate(certPem);
    return rep;
}

64. KeycloakModelUtils#generateRealmKeys()

Project: keycloak
File: KeycloakModelUtils.java
public static void generateRealmKeys(RealmModel realm) {
    KeyPair keyPair = null;
    try {
        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
        generator.initialize(2048);
        keyPair = generator.generateKeyPair();
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }
    realm.setPrivateKey(keyPair.getPrivate());
    realm.setPublicKey(keyPair.getPublic());
    X509Certificate certificate = null;
    try {
        certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, realm.getName());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    realm.setCertificate(certificate);
    realm.setCodeSecret(generateCodeSecret());
}

65. XMLSignatureUtil#getX509CertificateFromKeyInfoString()

Project: keycloak
File: XMLSignatureUtil.java
/**
     * Given the X509Certificate in the keyinfo element, get a {@link X509Certificate}
     *
     * @param certificateString
     *
     * @return
     *
     * @throws org.keycloak.saml.common.exceptions.ProcessingException
     */
public static X509Certificate getX509CertificateFromKeyInfoString(String certificateString) throws ProcessingException {
    X509Certificate cert = null;
    StringBuilder builder = new StringBuilder();
    builder.append("-----BEGIN CERTIFICATE-----\n").append(certificateString).append("\n-----END CERTIFICATE-----");
    String derFormattedString = builder.toString();
    try {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream bais = new ByteArrayInputStream(derFormattedString.getBytes());
        while (bais.available() > 0) {
            cert = (X509Certificate) cf.generateCertificate(bais);
        }
    } catch (java.security.cert.CertificateException e) {
        throw logger.processingError(e);
    }
    return cert;
}

66. KeyChainKeyManager#fetchCertificateChain()

Project: k-9
File: KeyChainKeyManager.java
private X509Certificate[] fetchCertificateChain(Context context, String alias) throws KeyChainException, InterruptedException, MessagingException {
    X509Certificate[] chain = KeyChain.getCertificateChain(context, alias);
    if (chain == null || chain.length == 0) {
        throw new MessagingException("No certificate chain found for: " + alias);
    }
    try {
        for (X509Certificate certificate : chain) {
            certificate.checkValidity();
        }
    } catch (CertificateException e) {
        throw new CertificateValidationException(e.getMessage(), Reason.Expired, alias);
    }
    return chain;
}

67. AccountSetupCheckSettings#handleCertificateValidationException()

Project: k-9
File: AccountSetupCheckSettings.java
private void handleCertificateValidationException(CertificateValidationException cve) {
    Log.e(K9.LOG_TAG, "Error while testing settings", cve);
    X509Certificate[] chain = cve.getCertChain();
    // Avoid NullPointerException in acceptKeyDialog()
    if (chain != null) {
        acceptKeyDialog(R.string.account_setup_failed_dlg_certificate_message_fmt, cve);
    } else {
        showErrorDialog(R.string.account_setup_failed_dlg_server_message_fmt, errorMessageForCertificateException(cve));
    }
}

68. NewSize7#main()

Project: jdk7u-jdk
File: NewSize7.java
public static void main(String[] args) throws Exception {
    String FILE = "newsize7-ks";
    new File(FILE).delete();
    KeyTool.main(("-debug -genkeypair -keystore " + FILE + " -alias a -dname cn=c -storepass changeit" + " -keypass changeit -keyalg rsa").split(" "));
    KeyStore ks = KeyStore.getInstance("JKS");
    try (FileInputStream fin = new FileInputStream(FILE)) {
        ks.load(fin, null);
    }
    Files.delete(Paths.get(FILE));
    RSAPublicKey r = (RSAPublicKey) ks.getCertificate("a").getPublicKey();
    if (r.getModulus().bitLength() != 2048) {
        throw new Exception("Bad keysize");
    }
    X509Certificate x = (X509Certificate) ks.getCertificate("a");
    if (!x.getSigAlgName().equals("SHA256withRSA")) {
        throw new Exception("Bad sigalg");
    }
}

69. Bug6415637#check()

Project: jdk7u-jdk
File: Bug6415637.java
private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e = (KeyStore.PrivateKeyEntry) store.getEntry("test", new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}

70. CertUtils#getCertFromFile()

Project: jdk7u-jdk
File: CertUtils.java
/**
     * Get a DER-encoded X.509 certificate from a file.
     *
     * @param certFilePath path to file containing DER-encoded certificate
     * @return X509Certificate
     * @throws IOException on error
     */
public static X509Certificate getCertFromFile(String certFilePath) throws IOException {
    X509Certificate cert = null;
    try {
        File certFile = new File(System.getProperty("test.src", "."), certFilePath);
        if (!certFile.canRead())
            throw new IOException("File " + certFile.toString() + " is not a readable file.");
        FileInputStream certFileInputStream = new FileInputStream(certFile);
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        cert = (X509Certificate) cf.generateCertificate(certFileInputStream);
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException("Can't construct X509Certificate: " + e.getMessage());
    }
    return cert;
}

71. VerifyNameConstraints#getCertFromFile()

Project: jdk7u-jdk
File: VerifyNameConstraints.java
/**
     * Get a DER-encoded X.509 certificate from a file.
     *
     * @param certFilePath path to file containing DER-encoded certificate
     * @return X509Certificate
     * @throws IOException on error
     */
public static X509Certificate getCertFromFile(String certFilePath) throws IOException {
    X509Certificate cert = null;
    try {
        File certFile = new File(System.getProperty("test.src", "."), certFilePath);
        FileInputStream certFileInputStream = new FileInputStream(certFile);
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        cert = (X509Certificate) cf.generateCertificate(certFileInputStream);
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException("Can't construct X509Certificate: " + e.getMessage());
    }
    return cert;
}

72. ValidateNC#getCertFromFile()

Project: jdk7u-jdk
File: ValidateNC.java
/**
     * Get a DER-encoded X.509 certificate from a file.
     *
     * @param certFilePath path to file containing DER-encoded certificate
     * @return X509Certificate
     * @throws IOException on error
     */
public static X509Certificate getCertFromFile(String certFilePath) throws IOException {
    X509Certificate cert = null;
    try {
        File certFile = new File(System.getProperty("test.src", "."), certFilePath);
        FileInputStream certFileInputStream = new FileInputStream(certFile);
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        cert = (X509Certificate) cf.generateCertificate(certFileInputStream);
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException("Can't construct X509Certificate: " + e.getMessage());
    }
    return cert;
}

73. ValidateNC#createPath()

Project: jdk7u-jdk
File: ValidateNC.java
public static void createPath(String[] certs) throws Exception {
    X509Certificate anchorCert = getCertFromFile(certs[0]);
    byte[] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
    if (nameConstraints != null) {
        DerInputStream in = new DerInputStream(nameConstraints);
        nameConstraints = in.getOctetString();
    }
    TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);
    anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
}

74. ValidateTargetConstraints#getCertFromFile()

Project: jdk7u-jdk
File: ValidateTargetConstraints.java
/**
     * Get a DER-encoded X.509 certificate from a file.
     *
     * @param certFilePath path to file containing DER-encoded certificate
     * @return X509Certificate
     * @throws IOException on error
     */
public static X509Certificate getCertFromFile(String certFilePath) throws IOException {
    X509Certificate cert = null;
    try {
        File certFile = new File(System.getProperty("test.src", "."), certFilePath);
        FileInputStream certFileInputStream = new FileInputStream(certFile);
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        cert = (X509Certificate) cf.generateCertificate(certFileInputStream);
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException("Can't construct X509Certificate: " + e.getMessage());
    }
    return cert;
}

75. BuildOddSel#getCertFromFile()

Project: jdk7u-jdk
File: BuildOddSel.java
/**
     * Get a DER-encoded X.509 certificate from a file.
     *
     * @param certFilePath path to file containing DER-encoded certificate
     * @return X509Certificate
     * @throws IOException on error
     */
public static X509Certificate getCertFromFile(String certFilePath) throws IOException {
    X509Certificate cert = null;
    try {
        File certFile = new File(System.getProperty("test.src", "."), certFilePath);
        FileInputStream certFileInputStream = new FileInputStream(certFile);
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        cert = (X509Certificate) cf.generateCertificate(certFileInputStream);
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException("Can't construct X509Certificate: " + e.getMessage());
    }
    return cert;
}

76. URICertStore#getMatchingCerts()

Project: jdk7u-jdk
File: URICertStore.java
/**
     * Iterates over the specified Collection of X509Certificates and
     * returns only those that match the criteria specified in the
     * CertSelector.
     */
private static Collection<X509Certificate> getMatchingCerts(Collection<X509Certificate> certs, CertSelector selector) {
    // if selector not specified, all certs match
    if (selector == null) {
        return certs;
    }
    List<X509Certificate> matchedCerts = new ArrayList<X509Certificate>(certs.size());
    for (X509Certificate cert : certs) {
        if (selector.match(cert)) {
            matchedCerts.add(cert);
        }
    }
    return matchedCerts;
}

77. UntrustedChecker#check()

Project: jdk7u-jdk
File: UntrustedChecker.java
@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
    X509Certificate currCert = (X509Certificate) cert;
    if (UntrustedCertificates.isUntrusted(currCert)) {
        if (debug != null) {
            debug.println("UntrustedChecker: untrusted certificate " + currCert.getSubjectX500Principal());
        }
        throw new CertPathValidatorException("Untrusted certificate: " + currCert.getSubjectX500Principal());
    }
}

78. ReverseState#updateState()

Project: jdk7u-jdk
File: ReverseState.java
/**
     * Update the state with the specified trust anchor.
     *
     * @param anchor the most-trusted CA
     */
public void updateState(TrustAnchor anchor) throws CertificateException, IOException, CertPathValidatorException {
    trustAnchor = anchor;
    X509Certificate trustedCert = anchor.getTrustedCert();
    if (trustedCert != null) {
        updateState(trustedCert);
    } else {
        X500Principal caName = anchor.getCA();
        updateState(anchor.getCAPublicKey(), caName);
    }
    // able to set the trust anchor until now.
    for (PKIXCertPathChecker checker : userCheckers) {
        if (checker instanceof AlgorithmChecker) {
            ((AlgorithmChecker) checker).trySetTrustAnchor(anchor);
        }
    }
    init = false;
}

79. ConstraintsChecker#check()

Project: jdk7u-jdk
File: ConstraintsChecker.java
/**
     * Performs the basic constraints and name constraints
     * checks on the certificate using its internal state.
     *
     * @param cert the <code>Certificate</code> to be checked
     * @param unresCritExts a <code>Collection</code> of OID strings
     * representing the current set of unresolved critical extensions
     * @throws CertPathValidatorException if the specified certificate
     * does not pass the check
     */
public void check(Certificate cert, Collection<String> unresCritExts) throws CertPathValidatorException {
    X509Certificate currCert = (X509Certificate) cert;
    i++;
    // MUST run NC check second, since it depends on BC check to
    // update remainingCerts
    checkBasicConstraints(currCert);
    verifyNameConstraints(currCert);
    if (unresCritExts != null && !unresCritExts.isEmpty()) {
        unresCritExts.remove(PKIXExtensions.BasicConstraints_Id.toString());
        unresCritExts.remove(PKIXExtensions.NameConstraints_Id.toString());
    }
}

80. BasicChecker#check()

Project: jdk7u-jdk
File: BasicChecker.java
/**
     * Performs the signature, timestamp, and subject/issuer name chaining
     * checks on the certificate using its internal state. This method does
     * not remove any critical extensions from the Collection.
     *
     * @param cert the Certificate
     * @param unresolvedCritExts a Collection of the unresolved critical
     * extensions
     * @exception CertPathValidatorException Exception thrown if certificate
     * does not verify.
     */
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
    X509Certificate currCert = (X509Certificate) cert;
    if (!sigOnly) {
        verifyTimestamp(currCert, testDate);
        verifyNameChaining(currCert, prevSubject);
    }
    verifySignature(currCert, prevPubKey, sigProvider);
    updateState(currCert);
}

81. X509SubjectNameResolver#engineLookupAndResolvePublicKey()

Project: jdk7u-jdk
File: X509SubjectNameResolver.java
/**
    * Method engineResolvePublicKey
    *
    * @param element
    * @param BaseURI
    * @param storage
    * @return null if no {@link PublicKey} could be obtained
    * @throws KeyResolverException
    */
public PublicKey engineLookupAndResolvePublicKey(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, BaseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

82. X509SKIResolver#engineLookupAndResolvePublicKey()

Project: jdk7u-jdk
File: X509SKIResolver.java
/**
    * Method engineResolvePublicKey
    *
    * @param element
    * @param BaseURI
    * @param storage
    * @return null if no {@link PublicKey} could be obtained
    * @throws KeyResolverException
    */
public PublicKey engineLookupAndResolvePublicKey(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, BaseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

83. X509IssuerSerialResolver#engineLookupAndResolvePublicKey()

Project: jdk7u-jdk
File: X509IssuerSerialResolver.java
/** @inheritDoc */
public PublicKey engineLookupAndResolvePublicKey(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, BaseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

84. X509CertificateResolver#engineLookupAndResolvePublicKey()

Project: jdk7u-jdk
File: X509CertificateResolver.java
/**
    * Method engineResolvePublicKey
    * @inheritDoc
    * @param element
    * @param BaseURI
    * @param storage
    *
    * @throws KeyResolverException
    */
public PublicKey engineLookupAndResolvePublicKey(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
    X509Certificate cert = this.engineLookupResolveX509Certificate(element, BaseURI, storage);
    if (cert != null) {
        return cert.getPublicKey();
    }
    return null;
}

85. CertificateConfigurable#reset()

Project: intellij-community
File: CertificateConfigurable.java
@Override
public void reset() {
    List<X509Certificate> original = myTrustManager.getCertificates();
    myTreeBuilder.reset(original);
    myCertificates.clear();
    myCertificates.addAll(original);
    myDetailsPanel.removeAll();
    myDetailsPanel.add(myEmptyPanel, EMPTY_PANEL);
    // fill lower panel with cards
    for (X509Certificate certificate : original) {
        addCertificatePanel(certificate);
    }
    if (!myCertificates.isEmpty()) {
        myTreeBuilder.selectFirstCertificate();
    }
    CertificateManager.Config state = CertificateManager.getInstance().getState();
    myAcceptAutomatically.setSelected(state.ACCEPT_AUTOMATICALLY);
    myCheckHostname.setSelected(state.CHECK_HOSTNAME);
    myCheckValidityPeriod.setSelected(state.CHECK_VALIDITY);
}

86. X509CertificateFactoryTest#testGet()

Project: helios
File: X509CertificateFactoryTest.java
@Test
public void testGet() throws Exception {
    final CertificateAndPrivateKey certificateAndPrivateKey = sut.get(agentProxy, identity, USERNAME);
    assertNotNull(certificateAndPrivateKey.getCertificate());
    assertNotNull(certificateAndPrivateKey.getPrivateKey());
    final X509Certificate certificate = (X509Certificate) certificateAndPrivateKey.getCertificate();
    verify(agentProxy).sign(refEq(identity), eq(certificate.getTBSCertificate()));
    assertEquals("UID=" + USERNAME, certificate.getSubjectDN().getName());
}

87. TestUtils#newSslSocketFactoryForCa()

Project: grpc-java
File: TestUtils.java
/**
   * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate.
   */
public static SSLSocketFactory newSslSocketFactoryForCa(InputStream certChain) throws Exception {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(null, null);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(new BufferedInputStream(certChain));
    X500Principal principal = cert.getSubjectX500Principal();
    ks.setCertificateEntry(principal.getName("RFC2253"), cert);
    // Set up trust manager factory to use our key store.
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(ks);
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, trustManagerFactory.getTrustManagers(), null);
    return context.getSocketFactory();
}

88. ConcurrencyTest#newClientChannel()

Project: grpc-java
File: ConcurrencyTest.java
private ManagedChannel newClientChannel() throws CertificateException, IOException {
    File clientCertChainFile = TestUtils.loadCert("client.pem");
    File clientPrivateKeyFile = TestUtils.loadCert("client.key");
    X509Certificate[] clientTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
    SslContext sslContext = GrpcSslContexts.forClient().keyManager(clientCertChainFile, clientPrivateKeyFile).trustManager(clientTrustedCaCerts).build();
    return NettyChannelBuilder.forAddress("localhost", server.getPort()).overrideAuthority(TestUtils.TEST_SERVER_HOST).negotiationType(NegotiationType.TLS).sslContext(sslContext).build();
}

89. ConcurrencyTest#newServer()

Project: grpc-java
File: ConcurrencyTest.java
/**
   * Creates and starts a new {@link TestServiceImpl} server.
   */
private Server newServer() throws CertificateException, IOException {
    File serverCertChainFile = TestUtils.loadCert("server1.pem");
    File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
    X509Certificate[] serverTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
    SslContext sslContext = GrpcSslContexts.forServer(serverCertChainFile, serverPrivateKeyFile).trustManager(serverTrustedCaCerts).clientAuth(ClientAuth.REQUIRE).build();
    return NettyServerBuilder.forPort(0).sslContext(sslContext).addService(new TestServiceImpl(serverExecutor)).build().start();
}

90. AbstractInteropTest#assertX500SubjectDn()

Project: grpc-java
File: AbstractInteropTest.java
/** Helper for asserting TLS info in SSLSession {@link io.grpc.ServerCall#attributes()} */
protected void assertX500SubjectDn(String tlsInfo) {
    TestServiceGrpc.TestServiceBlockingStub stub = TestServiceGrpc.newBlockingStub(channel).withDeadlineAfter(5, TimeUnit.SECONDS);
    stub.unaryCall(SimpleRequest.getDefaultInstance());
    List<Certificate> certificates = Lists.newArrayList();
    SSLSession sslSession = serverCallCapture.get().attributes().get(ServerCall.SSL_SESSION_KEY);
    try {
        certificates = Arrays.asList(sslSession.getPeerCertificates());
    } catch (SSLPeerUnverifiedException e) {
        fail("No cert");
    }
    X509Certificate x509cert = (X509Certificate) certificates.get(0);
    assertEquals(1, certificates.size());
    assertEquals(tlsInfo, x509cert.getSubjectDN().toString());
}

91. TesterOkHttpChannelBuilder#getTrustManagers()

Project: grpc-java
File: TesterOkHttpChannelBuilder.java
private static TrustManager[] getTrustManagers(InputStream testCa) throws Exception {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(null);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(testCa);
    X500Principal principal = cert.getSubjectX500Principal();
    ks.setCertificateEntry(principal.getName("RFC2253"), cert);
    // Set up trust manager factory to use our key store.
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(ks);
    return trustManagerFactory.getTrustManagers();
}

92. HttpTestUtil#prepareCertStore()

Project: gocd
File: HttpTestUtil.java
private void prepareCertStore(File serverKeyStore) {
    KeyPair keyPair = generateKeyPair();
    X509Certificate cert = generateCert(keyPair);
    FileOutputStream os = null;
    try {
        KeyStore store = KeyStore.getInstance("JKS");
        store.load(null, null);
        store.setKeyEntry("test", keyPair.getPrivate(), STORE_PASSWORD.toCharArray(), new Certificate[] { cert });
        os = new FileOutputStream(serverKeyStore);
        store.store(os, STORE_PASSWORD.toCharArray());
    } catch (Exception e) {
        throw new RuntimeException(e);
    } finally {
        if (os != null) {
            IOUtils.closeQuietly(os);
        }
    }
}

93. GitblitTrustManager#checkClientTrusted()

Project: gitblit
File: GitblitTrustManager.java
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    X509Certificate cert = chain[0];
    if (isRevoked(cert)) {
        String message = MessageFormat.format("Rejecting revoked certificate {0,number,0} for {1}", cert.getSerialNumber(), cert.getSubjectDN().getName());
        logger.warn(message);
        throw new CertificateException(message);
    }
    delegate.checkClientTrusted(chain, authType);
}

94. UserCertificateModel#revoke()

Project: gitblit
File: UserCertificateModel.java
public void revoke(BigInteger serial, RevocationReason reason) {
    if (revoked == null) {
        revoked = new ArrayList<String>();
    }
    revoked.add(serial.toString() + ":" + reason.ordinal());
    expires = null;
    for (X509Certificate cert : certs) {
        if (!isRevoked(cert.getSerialNumber())) {
            if (!isExpired(cert.getNotAfter())) {
                if (expires == null || cert.getNotAfter().after(expires)) {
                    expires = cert.getNotAfter();
                }
            }
        }
    }
}

95. CertificatesTableModel#getValueAt()

Project: gitblit
File: CertificatesTableModel.java
@Override
public Object getValueAt(int rowIndex, int columnIndex) {
    X509Certificate cert = ucm.certs.get(rowIndex);
    Columns col = Columns.values()[columnIndex];
    switch(col) {
        case Status:
            return ucm.getStatus(cert);
        case SerialNumber:
            return cert.getSerialNumber();
        case Issued:
            return cert.getNotBefore();
        case Expires:
            return cert.getNotAfter();
        case Reason:
            if (ucm.getStatus(cert).equals(CertificateStatus.revoked)) {
                RevocationReason r = ucm.getRevocationReason(cert.getSerialNumber());
                return Translation.get("gb." + r.name());
            }
    }
    return null;
}

96. CertificatePropertiesFileLoginModule#login()

Project: geronimo
File: CertificatePropertiesFileLoginModule.java
public boolean login() throws LoginException {
    Callback[] callbacks = new Callback[1];
    callbacks[0] = new CertificateCallback();
    try {
        handler.handle(callbacks);
    } catch (IOException ioe) {
        throw (LoginException) new LoginException().initCause(ioe);
    } catch (UnsupportedCallbackException uce) {
        throw (LoginException) new LoginException().initCause(uce);
    }
    assert callbacks.length == 1;
    X509Certificate certificate = ((CertificateCallback) callbacks[0]).getCertificate();
    if (certificate == null) {
        return false;
    }
    principal = certificate.getSubjectX500Principal();
    if (!users.containsKey(principal.getName())) {
        throw new FailedLoginException();
    }
    return true;
}

97. KeyStoreGBean#generateKeyPair()

Project: geronimo
File: KeyStoreGBean.java
public void generateKeyPair(String alias, String keyalg, Integer keysize, String sigalg, Integer validity, String cn, String ou, String o, String l, String st, String c) throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.SignatureException, java.security.InvalidKeyException, java.security.cert.CertificateException, java.io.IOException {
    KeyPairGenerator kpgen = KeyPairGenerator.getInstance(keyalg);
    kpgen.initialize(keysize.intValue());
    KeyPair keyPair = kpgen.generateKeyPair();
    X509Certificate cert = generateCert(keyPair.getPublic(), keyPair.getPrivate(), sigalg, validity.intValue(), cn, ou, o, l, st, c);
    keystore.setKeyEntry(alias, keyPair.getPrivate(), new String().toCharArray(), new Certificate[] { cert });
    saveKeyStore();
}

98. KeyStoreGBean#generateCSR()

Project: geronimo
File: KeyStoreGBean.java
public String generateCSR(String alias) throws Exception {
    // find certificate by alias
    X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
    // find private key by alias
    PrivateKey key = (PrivateKey) keystore.getKey(alias, new String("").toCharArray());
    // generate csr
    String csr = generateCSR(cert, key);
    return csr;
}

99. ClientCertificateFilter#doFilter()

Project: falcon
File: ClientCertificateFilter.java
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {
        throw new IllegalStateException("Invalid request/response object");
    }
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
    if (!enableTLS || isValid(certificates)) {
        chain.doFilter(request, response);
    } else {
        httpResponse.sendError(Response.Status.FORBIDDEN.getStatusCode(), "Request not authorized, valid certificates not presented");
    }
}

100. WSSecurity#verifyWSSec()

Project: eucalyptus
File: WSSecurity.java
public static X509Certificate verifyWSSec(final SOAPEnvelope envelope) throws Exception {
    final Element secNode = WSSecurity.getSecurityElement(envelope);
    final XMLSignature sig = WSSecurity.getXMLSignature(secNode);
    String sigValue = new String(sig.getSignatureValue());
    SecurityContext.enqueueSignature(sigValue);
    X509Certificate cert = null;
    try {
        cert = WSSecurity.verifySignature(secNode, sig);
        Logs.exhaust().debug(cert);
    } catch (Exception ex) {
        Logs.exhaust().error(ex, ex);
        throw new WebServicesException("Authentication failed: " + ex.getMessage(), ex);
    }
    return cert;
}