Java Code Examples for javax.security.auth.x500.X500Principal#equals()
The following examples show how to use
javax.security.auth.x500.X500Principal#equals() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ForwardBuilder.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
/** * Verifies whether the input certificate completes the path. * Checks the cert against each trust anchor that was specified, in order, * and returns true as soon as it finds a valid anchor. * Returns true if the cert matches a trust anchor specified as a * certificate or if the cert verifies with a trust anchor that * was specified as a trusted {pubkey, caname} pair. Returns false if none * of the trust anchors are valid for this cert. * * @param cert the certificate to test * @return a boolean value indicating whether the cert completes the path. */ @Override boolean isPathCompleted(X509Certificate cert) { for (TrustAnchor anchor : trustAnchors) { if (anchor.getTrustedCert() != null) { if (cert.equals(anchor.getTrustedCert())) { this.trustAnchor = anchor; return true; } else { continue; } } X500Principal principal = anchor.getCA(); PublicKey publicKey = anchor.getCAPublicKey(); if (principal != null && publicKey != null && principal.equals(cert.getSubjectX500Principal())) { if (publicKey.equals(cert.getPublicKey())) { // the cert itself is a trust anchor this.trustAnchor = anchor; return true; } // else, it is a self-issued certificate of the anchor } // Check subject/issuer name chaining if (principal == null || !principal.equals(cert.getIssuerX500Principal())) { continue; } // skip anchor if it contains a DSA key with no DSA params if (PKIX.isDSAPublicKeyWithoutParams(publicKey)) { continue; } /* * Check signature */ try { cert.verify(publicKey, buildParams.sigProvider()); } catch (InvalidKeyException ike) { if (debug != null) { debug.println("ForwardBuilder.isPathCompleted() invalid " + "DSA key found"); } continue; } catch (GeneralSecurityException e){ if (debug != null) { debug.println("ForwardBuilder.isPathCompleted() " + "unexpected exception"); e.printStackTrace(); } continue; } this.trustAnchor = anchor; return true; } return false; }
Example 2
Source File: PKCS12KeyStore.java From hottub with GNU General Public License v2.0 | 6 votes |
private boolean validateChain(Certificate[] certChain) { for (int i = 0; i < certChain.length-1; i++) { X500Principal issuerDN = ((X509Certificate)certChain[i]).getIssuerX500Principal(); X500Principal subjectDN = ((X509Certificate)certChain[i+1]).getSubjectX500Principal(); if (!(issuerDN.equals(subjectDN))) return false; } // Check for loops in the chain. If there are repeated certs, // the Set of certs in the chain will contain fewer certs than // the chain Set<Certificate> set = new HashSet<>(Arrays.asList(certChain)); return set.size() == certChain.length; }
Example 3
Source File: DirectoryCertificateSource.java From android_9.0.0_r45 with Apache License 2.0 | 5 votes |
private Set<X509Certificate> findCerts(X500Principal subj, CertSelector selector) { String hash = getHash(subj); Set<X509Certificate> certs = null; for (int index = 0; index >= 0; index++) { String fileName = hash + "." + index; if (!new File(mDir, fileName).exists()) { break; } if (isCertMarkedAsRemoved(fileName)) { continue; } X509Certificate cert = readCertificate(fileName); if (cert == null) { continue; } if (!subj.equals(cert.getSubjectX500Principal())) { continue; } if (selector.match(cert)) { if (certs == null) { certs = new ArraySet<X509Certificate>(); } certs.add(cert); } } return certs != null ? certs : Collections.<X509Certificate>emptySet(); }
Example 4
Source File: BasicChecker.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
/** * Internal method to check that cert has a valid DN to be next in a chain */ private void verifyNameChaining(X509Certificate cert) throws CertPathValidatorException { if (prevSubject != null) { String msg = "subject/issuer name chaining"; if (debug != null) debug.println("---checking " + msg + "..."); X500Principal currIssuer = cert.getIssuerX500Principal(); // reject null or empty issuer DNs if (X500Name.asX500Name(currIssuer).isEmpty()) { throw new CertPathValidatorException (msg + " check failed: " + "empty/null issuer DN in certificate is invalid", null, null, -1, PKIXReason.NAME_CHAINING); } if (!(currIssuer.equals(prevSubject))) { throw new CertPathValidatorException (msg + " check failed", null, null, -1, PKIXReason.NAME_CHAINING); } if (debug != null) debug.println(msg + " verified."); } }
Example 5
Source File: X509CertificatePair.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
private void checkPair() throws CertificateException { /* if either of pair is missing, return w/o error */ if (forward == null || reverse == null) { return; } /* * If both elements of the pair are present, check that they * are a valid pair. */ X500Principal fwSubject = forward.getSubjectX500Principal(); X500Principal fwIssuer = forward.getIssuerX500Principal(); X500Principal rvSubject = reverse.getSubjectX500Principal(); X500Principal rvIssuer = reverse.getIssuerX500Principal(); if (!fwIssuer.equals(rvSubject) || !rvIssuer.equals(fwSubject)) { throw new CertificateException("subject and issuer names in " + "forward and reverse certificates do not match"); } /* check signatures unless key parameters are missing */ try { PublicKey pk = reverse.getPublicKey(); if (!(pk instanceof DSAPublicKey) || ((DSAPublicKey)pk).getParams() != null) { forward.verify(pk); } pk = forward.getPublicKey(); if (!(pk instanceof DSAPublicKey) || ((DSAPublicKey)pk).getParams() != null) { reverse.verify(pk); } } catch (GeneralSecurityException e) { throw new CertificateException("invalid signature: " + e.getMessage()); } }
Example 6
Source File: X509CertificatePair.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
private void checkPair() throws CertificateException { /* if either of pair is missing, return w/o error */ if (forward == null || reverse == null) { return; } /* * If both elements of the pair are present, check that they * are a valid pair. */ X500Principal fwSubject = forward.getSubjectX500Principal(); X500Principal fwIssuer = forward.getIssuerX500Principal(); X500Principal rvSubject = reverse.getSubjectX500Principal(); X500Principal rvIssuer = reverse.getIssuerX500Principal(); if (!fwIssuer.equals(rvSubject) || !rvIssuer.equals(fwSubject)) { throw new CertificateException("subject and issuer names in " + "forward and reverse certificates do not match"); } /* check signatures unless key parameters are missing */ try { PublicKey pk = reverse.getPublicKey(); if (!(pk instanceof DSAPublicKey) || ((DSAPublicKey)pk).getParams() != null) { forward.verify(pk); } pk = forward.getPublicKey(); if (!(pk instanceof DSAPublicKey) || ((DSAPublicKey)pk).getParams() != null) { reverse.verify(pk); } } catch (GeneralSecurityException e) { throw new CertificateException("invalid signature: " + e.getMessage()); } }
Example 7
Source File: BasicChecker.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
/** * Internal method to check that cert has a valid DN to be next in a chain */ private void verifyNameChaining(X509Certificate cert) throws CertPathValidatorException { if (prevSubject != null) { String msg = "subject/issuer name chaining"; if (debug != null) debug.println("---checking " + msg + "..."); X500Principal currIssuer = cert.getIssuerX500Principal(); // reject null or empty issuer DNs if (X500Name.asX500Name(currIssuer).isEmpty()) { throw new CertPathValidatorException (msg + " check failed: " + "empty/null issuer DN in certificate is invalid", null, null, -1, PKIXReason.NAME_CHAINING); } if (!(currIssuer.equals(prevSubject))) { throw new CertPathValidatorException (msg + " check failed", null, null, -1, PKIXReason.NAME_CHAINING); } if (debug != null) debug.println(msg + " verified."); } }
Example 8
Source File: X509CRLEntryImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
void setCertificateIssuer(X500Principal crlIssuer, X500Principal certIssuer) { if (crlIssuer.equals(certIssuer)) { this.certIssuer = null; } else { this.certIssuer = certIssuer; } }
Example 9
Source File: BasicChecker.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
/** * Internal method to check that cert has a valid DN to be next in a chain */ private void verifyNameChaining(X509Certificate cert) throws CertPathValidatorException { if (prevSubject != null) { String msg = "subject/issuer name chaining"; if (debug != null) debug.println("---checking " + msg + "..."); X500Principal currIssuer = cert.getIssuerX500Principal(); // reject null or empty issuer DNs if (X500Name.asX500Name(currIssuer).isEmpty()) { throw new CertPathValidatorException (msg + " check failed: " + "empty/null issuer DN in certificate is invalid", null, null, -1, PKIXReason.NAME_CHAINING); } if (!(currIssuer.equals(prevSubject))) { throw new CertPathValidatorException (msg + " check failed", null, null, -1, PKIXReason.NAME_CHAINING); } if (debug != null) debug.println(msg + " verified."); } }
Example 10
Source File: BasicChecker.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
/** * Internal method to check that cert has a valid DN to be next in a chain */ private void verifyNameChaining(X509Certificate cert) throws CertPathValidatorException { if (prevSubject != null) { String msg = "subject/issuer name chaining"; if (debug != null) debug.println("---checking " + msg + "..."); X500Principal currIssuer = cert.getIssuerX500Principal(); // reject null or empty issuer DNs if (X500Name.asX500Name(currIssuer).isEmpty()) { throw new CertPathValidatorException (msg + " check failed: " + "empty/null issuer DN in certificate is invalid", null, null, -1, PKIXReason.NAME_CHAINING); } if (!(currIssuer.equals(prevSubject))) { throw new CertPathValidatorException (msg + " check failed", null, null, -1, PKIXReason.NAME_CHAINING); } if (debug != null) debug.println(msg + " verified."); } }
Example 11
Source File: DerIsConstructor.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) { try { // create 2 different X500Principals X500Principal p = new X500Principal("o=sun, cn=duke"); X500Principal p2 = new X500Principal("o=sun, cn=dukette"); // get the encoded bytes for the 2 principals byte[] encoded = p.getEncoded(); byte[] encoded2 = p2.getEncoded(); // create a ByteArrayInputStream with the // encodings from the 2 principals byte[] all = new byte[encoded.length + encoded2.length]; System.arraycopy(encoded, 0, all, 0, encoded.length); System.arraycopy(encoded2, 0, all, encoded.length, encoded2.length); ByteArrayInputStream bais = new ByteArrayInputStream(all); // create 2 new X500Principals from the ByteArrayInputStream X500Principal pp = new X500Principal(bais); X500Principal pp2 = new X500Principal(bais); // sanity check the 2 new principals if (p.equals(pp) && p2.equals(pp2) && !pp.equals(pp2)) { System.out.println("Test 1 passed"); } else { throw new SecurityException("Test 1 failed"); } // corrupt the ByteArrayInputStream and see if the // mark/reset worked byte[] all2 = new byte[all.length]; System.arraycopy(all, 0, all2, 0, all.length); all2[encoded.length + 2] = (byte)-1; bais = new ByteArrayInputStream(all2); // this should work X500Principal ppp = new X500Principal(bais); // this should throw an IOException due to stream corruption int origAvailable = bais.available(); try { X500Principal ppp2 = new X500Principal(bais); throw new SecurityException("Test 2 (part a) failed"); } catch (IllegalArgumentException iae) { if (bais.available() == origAvailable) { System.out.println("Test 2 passed"); } else { throw new SecurityException("Test 2 (part b) failed"); } } } catch (Exception e) { e.printStackTrace(); throw new SecurityException(e.getMessage()); } }
Example 12
Source File: LdapTlsHandshakeExceptionClassifier.java From directory-ldap-api with Apache License 2.0 | 4 votes |
public static LdapTlsHandshakeFailCause classify( Throwable cause, X509Certificate certificate ) { LdapTlsHandshakeFailCause failCause = new LdapTlsHandshakeFailCause(); failCause.setCause( cause ); Throwable rootCause = ExceptionUtils.getRootCause( cause ); failCause.setRootCause( rootCause ); if ( rootCause instanceof CertificateExpiredException ) { failCause.setReason( BasicReason.EXPIRED ); failCause.setReasonPhrase( "Certificate expired" ); } else if ( rootCause instanceof CertificateNotYetValidException ) { failCause.setReason( BasicReason.NOT_YET_VALID ); failCause.setReasonPhrase( "Certificate not yet valid" ); } else if ( rootCause instanceof CertPathBuilderException ) { failCause.setReason( LdapApiReason.NO_VALID_CERTIFICATION_PATH ); failCause.setReasonPhrase( "Failed to build certification path" ); if ( certificate != null ) { X500Principal issuerX500Principal = certificate.getIssuerX500Principal(); X500Principal subjectX500Principal = certificate.getSubjectX500Principal(); if ( issuerX500Principal.equals( subjectX500Principal ) ) { failCause.setReason( LdapApiReason.SELF_SIGNED ); failCause.setReasonPhrase( "Self signed certificate" ); } } } else if ( rootCause instanceof CertPathValidatorException ) { CertPathValidatorException cpve = ( CertPathValidatorException ) rootCause; failCause.setReason( cpve.getReason() ); failCause.setReasonPhrase( "Failed to verify certification path" ); } else { failCause.setReason( BasicReason.UNSPECIFIED ); failCause.setReasonPhrase( "Unspecified" ); } return failCause; }
Example 13
Source File: Equals.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) { // test regular equals X500Principal p1 = new X500Principal(p1String); X500Principal p2 = new X500Principal(p2String); printName("Principal 1:", p1String, p1); printName("Principal 2:", p2String, p2); if (!p1.equals(p2)) throw new SecurityException("Equals test failed: #1"); X500Principal notEqual = new X500Principal("cn=test2"); if (p1.equals(notEqual)) throw new SecurityException("Equals test failed: #2"); if (p1.equals(null)) throw new SecurityException("Equals test failed: #3"); if (p1.hashCode() != p2.hashCode()) throw new SecurityException("Equals test failed: #4"); // test multiple AVA's in an RDN X500Principal p3 = new X500Principal(p3String); X500Principal p4 = new X500Principal(p4String); printName("Principal 3:", p3String, p3); printName("Principal 4:", p4String, p4); if (!p3.equals(p4)) throw new SecurityException("Equals test failed: #5"); if (p1.equals(p3) || p2.equals(p3)) throw new SecurityException("Equals test failed: #6"); if (p3.hashCode() != p4.hashCode()) throw new SecurityException("Equals test failed: #7"); X500Principal p5 = new X500Principal(p5String); X500Principal p6 = new X500Principal(p6String); printName("Principal 5:", p5String, p5); printName("Principal 6:", p6String, p6); if (!p5.equals(p6)) throw new SecurityException("Equals test failed: #8"); if (p5.hashCode() != p6.hashCode()) throw new SecurityException("Equals test failed: #9"); X500Principal p7 = new X500Principal(p7String); X500Principal p8 = new X500Principal(p8String); printName("Principal 7:", p7String, p7); printName("Principal 8:", p8String, p8); if (!p7.equals(p8)) throw new SecurityException("Equals test failed: #10"); if (p7.hashCode() != p8.hashCode()) throw new SecurityException("Equals test failed: #11"); System.out.println("Equals test passed"); }
Example 14
Source File: Equals.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) { // test regular equals X500Principal p1 = new X500Principal(p1String); X500Principal p2 = new X500Principal(p2String); printName("Principal 1:", p1String, p1); printName("Principal 2:", p2String, p2); if (!p1.equals(p2)) throw new SecurityException("Equals test failed: #1"); X500Principal notEqual = new X500Principal("cn=test2"); if (p1.equals(notEqual)) throw new SecurityException("Equals test failed: #2"); if (p1.equals(null)) throw new SecurityException("Equals test failed: #3"); if (p1.hashCode() != p2.hashCode()) throw new SecurityException("Equals test failed: #4"); // test multiple AVA's in an RDN X500Principal p3 = new X500Principal(p3String); X500Principal p4 = new X500Principal(p4String); printName("Principal 3:", p3String, p3); printName("Principal 4:", p4String, p4); if (!p3.equals(p4)) throw new SecurityException("Equals test failed: #5"); if (p1.equals(p3) || p2.equals(p3)) throw new SecurityException("Equals test failed: #6"); if (p3.hashCode() != p4.hashCode()) throw new SecurityException("Equals test failed: #7"); X500Principal p5 = new X500Principal(p5String); X500Principal p6 = new X500Principal(p6String); printName("Principal 5:", p5String, p5); printName("Principal 6:", p6String, p6); if (!p5.equals(p6)) throw new SecurityException("Equals test failed: #8"); if (p5.hashCode() != p6.hashCode()) throw new SecurityException("Equals test failed: #9"); X500Principal p7 = new X500Principal(p7String); X500Principal p8 = new X500Principal(p8String); printName("Principal 7:", p7String, p7); printName("Principal 8:", p8String, p8); if (!p7.equals(p8)) throw new SecurityException("Equals test failed: #10"); if (p7.hashCode() != p8.hashCode()) throw new SecurityException("Equals test failed: #11"); System.out.println("Equals test passed"); }
Example 15
Source File: Equals.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) { // test regular equals X500Principal p1 = new X500Principal(p1String); X500Principal p2 = new X500Principal(p2String); printName("Principal 1:", p1String, p1); printName("Principal 2:", p2String, p2); if (!p1.equals(p2)) throw new SecurityException("Equals test failed: #1"); X500Principal notEqual = new X500Principal("cn=test2"); if (p1.equals(notEqual)) throw new SecurityException("Equals test failed: #2"); if (p1.equals(null)) throw new SecurityException("Equals test failed: #3"); if (p1.hashCode() != p2.hashCode()) throw new SecurityException("Equals test failed: #4"); // test multiple AVA's in an RDN X500Principal p3 = new X500Principal(p3String); X500Principal p4 = new X500Principal(p4String); printName("Principal 3:", p3String, p3); printName("Principal 4:", p4String, p4); if (!p3.equals(p4)) throw new SecurityException("Equals test failed: #5"); if (p1.equals(p3) || p2.equals(p3)) throw new SecurityException("Equals test failed: #6"); if (p3.hashCode() != p4.hashCode()) throw new SecurityException("Equals test failed: #7"); X500Principal p5 = new X500Principal(p5String); X500Principal p6 = new X500Principal(p6String); printName("Principal 5:", p5String, p5); printName("Principal 6:", p6String, p6); if (!p5.equals(p6)) throw new SecurityException("Equals test failed: #8"); if (p5.hashCode() != p6.hashCode()) throw new SecurityException("Equals test failed: #9"); X500Principal p7 = new X500Principal(p7String); X500Principal p8 = new X500Principal(p8String); printName("Principal 7:", p7String, p7); printName("Principal 8:", p8String, p8); if (!p7.equals(p8)) throw new SecurityException("Equals test failed: #10"); if (p7.hashCode() != p8.hashCode()) throw new SecurityException("Equals test failed: #11"); System.out.println("Equals test passed"); }
Example 16
Source File: X509CertImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Utility method to test if a certificate is self-issued. This is * the case iff the subject and issuer X500Principals are equal. */ public static boolean isSelfIssued(X509Certificate cert) { X500Principal subject = cert.getSubjectX500Principal(); X500Principal issuer = cert.getIssuerX500Principal(); return subject.equals(issuer); }
Example 17
Source File: X509CertImpl.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
/** * Utility method to test if a certificate is self-issued. This is * the case iff the subject and issuer X500Principals are equal. */ public static boolean isSelfIssued(X509Certificate cert) { X500Principal subject = cert.getSubjectX500Principal(); X500Principal issuer = cert.getIssuerX500Principal(); return subject.equals(issuer); }
Example 18
Source File: DerIsConstructor.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) { try { // create 2 different X500Principals X500Principal p = new X500Principal("o=sun, cn=duke"); X500Principal p2 = new X500Principal("o=sun, cn=dukette"); // get the encoded bytes for the 2 principals byte[] encoded = p.getEncoded(); byte[] encoded2 = p2.getEncoded(); // create a ByteArrayInputStream with the // encodings from the 2 principals byte[] all = new byte[encoded.length + encoded2.length]; System.arraycopy(encoded, 0, all, 0, encoded.length); System.arraycopy(encoded2, 0, all, encoded.length, encoded2.length); ByteArrayInputStream bais = new ByteArrayInputStream(all); // create 2 new X500Principals from the ByteArrayInputStream X500Principal pp = new X500Principal(bais); X500Principal pp2 = new X500Principal(bais); // sanity check the 2 new principals if (p.equals(pp) && p2.equals(pp2) && !pp.equals(pp2)) { System.out.println("Test 1 passed"); } else { throw new SecurityException("Test 1 failed"); } // corrupt the ByteArrayInputStream and see if the // mark/reset worked byte[] all2 = new byte[all.length]; System.arraycopy(all, 0, all2, 0, all.length); all2[encoded.length + 2] = (byte)-1; bais = new ByteArrayInputStream(all2); // this should work X500Principal ppp = new X500Principal(bais); // this should throw an IOException due to stream corruption int origAvailable = bais.available(); try { X500Principal ppp2 = new X500Principal(bais); throw new SecurityException("Test 2 (part a) failed"); } catch (IllegalArgumentException iae) { if (bais.available() == origAvailable) { System.out.println("Test 2 passed"); } else { throw new SecurityException("Test 2 (part b) failed"); } } } catch (Exception e) { e.printStackTrace(); throw new SecurityException(e.getMessage()); } }
Example 19
Source File: X509CRL.java From jdk8u_jdk with GNU General Public License v2.0 | 3 votes |
/** * Get the CRL entry, if any, for the given certificate. * * <p>This method can be used to lookup CRL entries in indirect CRLs, * that means CRLs that contain entries from issuers other than the CRL * issuer. The default implementation will only return entries for * certificates issued by the CRL issuer. Subclasses that wish to * support indirect CRLs should override this method. * * @param certificate the certificate for which a CRL entry is to be looked * up * @return the entry for the given certificate, or null if no such entry * exists in this CRL. * @exception NullPointerException if certificate is null * * @since 1.5 */ public X509CRLEntry getRevokedCertificate(X509Certificate certificate) { X500Principal certIssuer = certificate.getIssuerX500Principal(); X500Principal crlIssuer = getIssuerX500Principal(); if (certIssuer.equals(crlIssuer) == false) { return null; } return getRevokedCertificate(certificate.getSerialNumber()); }
Example 20
Source File: X509CRL.java From JDKSourceCode1.8 with MIT License | 3 votes |
/** * Get the CRL entry, if any, for the given certificate. * * <p>This method can be used to lookup CRL entries in indirect CRLs, * that means CRLs that contain entries from issuers other than the CRL * issuer. The default implementation will only return entries for * certificates issued by the CRL issuer. Subclasses that wish to * support indirect CRLs should override this method. * * @param certificate the certificate for which a CRL entry is to be looked * up * @return the entry for the given certificate, or null if no such entry * exists in this CRL. * @exception NullPointerException if certificate is null * * @since 1.5 */ public X509CRLEntry getRevokedCertificate(X509Certificate certificate) { X500Principal certIssuer = certificate.getIssuerX500Principal(); X500Principal crlIssuer = getIssuerX500Principal(); if (certIssuer.equals(crlIssuer) == false) { return null; } return getRevokedCertificate(certificate.getSerialNumber()); }