private void keystorecerts2Hashtable(KeyStore keystore, Hashtable hashtable) throws Exception { Enumeration enumeration = keystore.aliases(); do { if(!enumeration.hasMoreElements()) break; String s = (String)enumeration.nextElement(); java.security.cert.Certificate certificate = keystore.getCertificate(s); if(certificate != null) { java.security.Principal principal = ((X509Certificate)certificate).getSubjectDN(); Vector vector = (Vector)hashtable.get(principal); if(vector == null) { vector = new Vector(); vector.addElement(certificate); } else if(!vector.contains(certificate)) vector.addElement(certificate); hashtable.put(principal, vector); } } while(true); }
/** * @tests java.security.Identity#certificates() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "certificates", args = {} ) public void test_certificates() throws Exception { IdentitySubclass sub = new IdentitySubclass("test", new IdentityScopeSubclass()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert[] = new X509Certificate[1]; cert[0] = (X509Certificate) cf.generateCertificate(certArray); sub.setPublicKey(cert[0].getPublicKey()); CertificateImpl certImpl = new CertificateImpl(cert[0]); sub.addCertificate(certImpl); java.security.Certificate[] certs = sub.certificates(); assertEquals("Certificate not contained in the identity", certs[0], certImpl); }
private void doCertReq(String s, String s1, PrintStream printstream) throws Exception { if(s == null) s = keyAlias; Object aobj[] = recoverPrivateKey(s, storePass, keyPass); PrivateKey privatekey = (PrivateKey)aobj[0]; if(keyPass == null) keyPass = (char[])(char[])aobj[1]; java.security.cert.Certificate certificate = keyStore.getCertificate(s); if(certificate == null) { MessageFormat messageformat = new MessageFormat(rb.getString("alias has no public key (certificate)")); Object aobj1[] = { s }; throw new Exception(messageformat.format(((Object) (aobj1)))); } PKCS10 pkcs10 = new PKCS10(certificate.getPublicKey()); if(s1 == null) { String s2 = privatekey.getAlgorithm(); if(s2.equalsIgnoreCase("DSA") || s2.equalsIgnoreCase("DSS")) s1 = "SHA1WithDSA"; else if(s2.equalsIgnoreCase("RSA")) s1 = "MD5WithRSA"; else throw new Exception(rb.getString("Cannot derive signature algorithm")); } Signature signature = Signature.getInstance(s1); signature.initSign(privatekey); X500Name x500name = new X500Name(((X509Certificate)certificate).getSubjectDN().toString()); X500Signer x500signer = new X500Signer(signature, x500name); pkcs10.encodeAndSign(x500signer); pkcs10.print(printstream); }
private void doPrintCert(InputStream inputstream, PrintStream printstream) throws Exception { Collection collection = null; try { collection = cf.generateCertificates(inputstream); } catch(CertificateException certificateexception) { throw new Exception(rb.getString("Failed to parse input"), certificateexception); } if(collection.isEmpty()) throw new Exception(rb.getString("Empty input")); java.security.cert.Certificate acertificate[] = (java.security.cert.Certificate[])(java.security.cert.Certificate[])collection.toArray(new java.security.cert.Certificate[collection.size()]); for(int i = 0; i < acertificate.length; i++) { X509Certificate x509certificate = null; try { x509certificate = (X509Certificate)acertificate[i]; } catch(ClassCastException classcastexception) { throw new Exception(rb.getString("Not X.509 certificate")); } if(acertificate.length > 1) { MessageFormat messageformat = new MessageFormat(rb.getString("Certificate[(i + 1)]:")); Object aobj[] = { new Integer(i + 1) }; printstream.println(messageformat.format(((Object) (aobj)))); } printX509Cert(x509certificate, printstream); if(i < acertificate.length - 1) printstream.println(); } }
private boolean installReply(String s, InputStream inputstream) throws Exception { if(s == null) s = keyAlias; Object aobj[] = recoverPrivateKey(s, storePass, keyPass); PrivateKey privatekey = (PrivateKey)aobj[0]; if(keyPass == null) keyPass = (char[])(char[])aobj[1]; java.security.cert.Certificate certificate = keyStore.getCertificate(s); if(certificate == null) { MessageFormat messageformat = new MessageFormat(rb.getString("alias has no public key (certificate)")); Object aobj1[] = { s }; throw new Exception(messageformat.format(((Object) (aobj1)))); } Collection collection = cf.generateCertificates(inputstream); if(collection.isEmpty()) throw new Exception(rb.getString("Reply has no certificates")); java.security.cert.Certificate acertificate[] = (java.security.cert.Certificate[])(java.security.cert.Certificate[])collection.toArray(new java.security.cert.Certificate[collection.size()]); java.security.cert.Certificate acertificate1[]; if(acertificate.length == 1) acertificate1 = establishCertChain(certificate, acertificate[0]); else acertificate1 = validateReply(s, certificate, acertificate); if(acertificate1 != null) { keyStore.setKeyEntry(s, privatekey, keyPass == null ? storePass : keyPass, acertificate1); return true; } else { return false; } }
private void dumpCert(java.security.cert.Certificate certificate, PrintStream printstream) throws IOException, CertificateException { if(rfc) { BASE64Encoder base64encoder = new BASE64Encoder(); printstream.println("-----BEGIN CERTIFICATE-----"); base64encoder.encodeBuffer(certificate.getEncoded(), printstream); printstream.println("-----END CERTIFICATE-----"); } else { printstream.write(certificate.getEncoded()); } }
private String getCertFingerPrint(String s, java.security.cert.Certificate certificate) throws Exception { byte abyte0[] = certificate.getEncoded(); MessageDigest messagedigest = MessageDigest.getInstance(s); byte abyte1[] = messagedigest.digest(abyte0); return toHexString(abyte1); }
private java.security.cert.Certificate[] establishCertChain(java.security.cert.Certificate certificate, java.security.cert.Certificate certificate1) throws Exception { if(certificate != null) { java.security.PublicKey publickey = certificate.getPublicKey(); java.security.PublicKey publickey1 = certificate1.getPublicKey(); if(!publickey.equals(publickey1)) throw new Exception(rb.getString("Public keys in reply and keystore don't match")); if(certificate1.equals(certificate)) throw new Exception(rb.getString("Certificate reply and certificate in keystore are identical")); } Hashtable hashtable = null; if(keyStore.size() > 0) { hashtable = new Hashtable(11); keystorecerts2Hashtable(keyStore, hashtable); } if(trustcacerts && caks != null && caks.size() > 0) { if(hashtable == null) hashtable = new Hashtable(11); keystorecerts2Hashtable(caks, hashtable); } Vector vector = new Vector(2); if(buildChain((X509Certificate)certificate1, vector, hashtable)) { java.security.cert.Certificate acertificate[] = new java.security.cert.Certificate[vector.size()]; int i = 0; for(int j = vector.size() - 1; j >= 0; j--) { acertificate[i] = (java.security.cert.Certificate)vector.elementAt(j); i++; } return acertificate; } else { throw new Exception(rb.getString("Failed to establish chain from reply")); } }
private void doImportIdentityDatabase(InputStream inputstream) throws Exception { java.security.cert.Certificate acertificate[] = null; boolean flag = false; IdentityDatabase identitydatabase = IdentityDatabase.fromStream(inputstream); Enumeration enumeration = identitydatabase.identities(); do { if(!enumeration.hasMoreElements()) break; Identity identity = (Identity)enumeration.nextElement(); X509Certificate x509certificate = null; if((!(identity instanceof SystemSigner) || !((SystemSigner)identity).isTrusted()) && (!(identity instanceof SystemIdentity) || !((SystemIdentity)identity).isTrusted())) continue; if(keyStore.containsAlias(identity.getName())) { MessageFormat messageformat = new MessageFormat(rb.getString("Keystore entry for <id.getName()> already exists")); Object aobj[] = { identity.getName() }; System.err.println(messageformat.format(((Object) (aobj)))); continue; } Certificate acertificate1[] = identity.certificates(); if(acertificate1 == null || acertificate1.length <= 0) continue; DerOutputStream deroutputstream = new DerOutputStream(); acertificate1[0].encode(deroutputstream); byte abyte0[] = deroutputstream.toByteArray(); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(abyte0); x509certificate = (X509Certificate)cf.generateCertificate(bytearrayinputstream); bytearrayinputstream.close(); if(isSelfSigned(x509certificate)) { java.security.PublicKey publickey = x509certificate.getPublicKey(); try { x509certificate.verify(publickey); } catch(Exception exception) { continue; } } if(identity instanceof SystemSigner) { MessageFormat messageformat1 = new MessageFormat(rb.getString("Creating keystore entry for <id.getName()> ...")); Object aobj1[] = { identity.getName() }; System.err.println(messageformat1.format(((Object) (aobj1)))); if(acertificate == null) acertificate = new java.security.cert.Certificate[1]; acertificate[0] = x509certificate; PrivateKey privatekey = ((SystemSigner)identity).getPrivateKey(); keyStore.setKeyEntry(identity.getName(), privatekey, storePass, acertificate); } else { keyStore.setCertificateEntry(identity.getName(), x509certificate); } kssave = true; } while(true); if(!kssave) System.err.println(rb.getString("No entries from identity database added")); }
private void doPrintEntry(String s, PrintStream printstream, boolean flag) throws Exception { if(storePass == null && flag) printWarning(); if(!keyStore.containsAlias(s)) { MessageFormat messageformat = new MessageFormat(rb.getString("Alias <alias> does not exist")); Object aobj[] = { s }; throw new Exception(messageformat.format(((Object) (aobj)))); } if(verbose || rfc || debug) { MessageFormat messageformat1 = new MessageFormat(rb.getString("Alias name: alias")); Object aobj1[] = { s }; printstream.println(messageformat1.format(((Object) (aobj1)))); if(!token) { MessageFormat messageformat2 = new MessageFormat(rb.getString("Creation date: keyStore.getCreationDate(alias)")); Object aobj4[] = { keyStore.getCreationDate(s) }; printstream.println(messageformat2.format(((Object) (aobj4)))); } } else if(!token) { MessageFormat messageformat3 = new MessageFormat(rb.getString("alias, keyStore.getCreationDate(alias), ")); Object aobj2[] = { s, keyStore.getCreationDate(s) }; printstream.print(messageformat3.format(((Object) (aobj2)))); } else { MessageFormat messageformat4 = new MessageFormat(rb.getString("alias, ")); Object aobj3[] = { s }; printstream.print(messageformat4.format(((Object) (aobj3)))); } if(keyStore.isKeyEntry(s)) { if(verbose || rfc || debug) printstream.println(rb.getString("Entry type: keyEntry")); else printstream.println(rb.getString("keyEntry,")); java.security.cert.Certificate acertificate[] = keyStore.getCertificateChain(s); if(acertificate != null) if(verbose || rfc || debug) { printstream.println((new StringBuilder()).append(rb.getString("Certificate chain length: ")).append(acertificate.length).toString()); for(int i = 0; i < acertificate.length; i++) { MessageFormat messageformat5 = new MessageFormat(rb.getString("Certificate[(i + 1)]:")); Object aobj5[] = { new Integer(i + 1) }; printstream.println(messageformat5.format(((Object) (aobj5)))); if(verbose && (acertificate[i] instanceof X509Certificate)) printX509Cert((X509Certificate)(X509Certificate)acertificate[i], printstream); else if(debug) printstream.println(acertificate[i].toString()); else dumpCert(acertificate[i], printstream); } } else { printstream.println((new StringBuilder()).append(rb.getString("Certificate fingerprint (MD5): ")).append(getCertFingerPrint("MD5", acertificate[0])).toString()); } } else { java.security.cert.Certificate certificate = keyStore.getCertificate(s); if(verbose && (certificate instanceof X509Certificate)) { printstream.println(rb.getString("Entry type: trustedCertEntry\n")); printX509Cert((X509Certificate)certificate, printstream); } else if(rfc) { printstream.println(rb.getString("Entry type: trustedCertEntry\n")); dumpCert(certificate, printstream); } else if(debug) { printstream.println(certificate.toString()); } else { printstream.println(rb.getString("trustedCertEntry,")); printstream.println((new StringBuilder()).append(rb.getString("Certificate fingerprint (MD5): ")).append(getCertFingerPrint("MD5", certificate)).toString()); } } }
private boolean addTrustedCert(String s, InputStream inputstream) throws Exception { X509Certificate x509certificate; if(s == null) throw new Exception(rb.getString("Must specify alias")); if(keyStore.containsAlias(s)) { MessageFormat messageformat = new MessageFormat(rb.getString("Certificate not imported, alias <alias> already exists")); Object aobj[] = { s }; throw new Exception(messageformat.format(((Object) (aobj)))); } x509certificate = null; try { x509certificate = (X509Certificate)cf.generateCertificate(inputstream); } catch(ClassCastException classcastexception) { throw new Exception(rb.getString("Input not an X.509 certificate")); } catch(CertificateException certificateexception) { throw new Exception(rb.getString("Input not an X.509 certificate")); } boolean flag = false; if(isSelfSigned(x509certificate)) { x509certificate.verify(x509certificate.getPublicKey()); flag = true; } if(noprompt) { keyStore.setCertificateEntry(s, x509certificate); return true; } String s1 = null; String s3 = keyStore.getCertificateAlias(x509certificate); if(s3 != null) { MessageFormat messageformat1 = new MessageFormat(rb.getString("Certificate already exists in keystore under alias <trustalias>")); Object aobj1[] = { s3 }; System.err.println(messageformat1.format(((Object) (aobj1)))); s1 = getYesNoReply(rb.getString("Do you still want to add it? [no]: ")); } else if(flag) { if(trustcacerts && caks != null && (s3 = caks.getCertificateAlias(x509certificate)) != null) { MessageFormat messageformat2 = new MessageFormat(rb.getString("Certificate already exists in system-wide CA keystore under alias <trustalias>")); Object aobj2[] = { s3 }; System.err.println(messageformat2.format(((Object) (aobj2)))); s1 = getYesNoReply(rb.getString("Do you still want to add it to your own keystore? [no]: ")); } if(s3 == null) { printX509Cert(x509certificate, System.out); s1 = getYesNoReply(rb.getString("Trust this certificate? [no]: ")); } } if(s1 != null) if(s1.equals("YES")) { keyStore.setCertificateEntry(s, x509certificate); return true; } else { return false; } java.security.cert.Certificate acertificate[] = establishCertChain(null, x509certificate); // DECOMPILE? // if(acertificate == null) // break MISSING_BLOCK_LABEL_469; keyStore.setCertificateEntry(s, x509certificate); return true; // DECOMPILE? // Exception exception; // exception; // printX509Cert(x509certificate, System.out); // String s2 = getYesNoReply(rb.getString("Trust this certificate? [no]: ")); // if(s2.equals("YES")) { // keyStore.setCertificateEntry(s, x509certificate); // return true; // } else{ // return false; // } // return false; }
private boolean isTrusted(java.security.cert.Certificate certificate) throws Exception { if(keyStore.getCertificateAlias(certificate) != null) return true; return trustcacerts && caks != null && caks.getCertificateAlias(certificate) != null; }
private void initSSL() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException { if (this.getKeyManagerFactory() == null) { return; } KeyStore cacerts = KeyStore.getInstance(KeyStore.getDefaultType()); String cacertsPath = System.getProperty("javax.net.ssl.trustStore"); if (cacertsPath == null) { cacertsPath = System.getProperty("java.home") + "/lib/security/cacerts"; } cacerts.load(new FileInputStream(cacertsPath), null); Enumeration<String> enumer = cacerts.aliases(); while (enumer.hasMoreElements()) { String alias = enumer.nextElement(); java.security.cert.Certificate cert = cacerts.getCertificate(alias); this.ks.setCertificateEntry(alias, cert); } SSLContext sslctx = SSLContexts.custom().loadTrustMaterial(this.ks).loadKeyMaterial(this.ks,this.cfg.getKeyStorePassword().toCharArray()).build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslctx,SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); PlainConnectionSocketFactory sf = PlainConnectionSocketFactory.getSocketFactory(); httpClientRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", sf) .register("https", sslsf) .build(); globalHttpClientConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.IGNORE_COOKIES).setRedirectsEnabled(false).setAuthenticationEnabled(false).build(); }
