public void checkCertTrusted(X509Certificate[] chain, String authType, boolean isServer)
     throws CertificateException {
   Log.d(TAG, "checkCertTrusted(" + chain + ", " + authType + ", " + isServer + ")");
   try {
     Log.d(TAG, "checkCertTrusted: trying appTrustManager");
     if (isServer) appTrustManager.checkServerTrusted(chain, authType);
     else appTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException ae) {
     // if the cert is stored in our appTrustManager, we ignore expiredness
     ae.printStackTrace();
     if (isExpiredException(ae)) {
       Log.i(TAG, "checkCertTrusted: accepting expired certificate from keystore");
       return;
     }
     if (isCertKnown(chain[0])) {
       Log.i(TAG, "checkCertTrusted: accepting cert already stored in keystore");
       return;
     }
     try {
       Log.d(TAG, "checkCertTrusted: trying defaultTrustManager");
       if (isServer) defaultTrustManager.checkServerTrusted(chain, authType);
       else defaultTrustManager.checkClientTrusted(chain, authType);
     } catch (CertificateException e) {
       e.printStackTrace();
       interact(chain, authType, e);
     }
   }
 }
  /**
   * Validate the server's certificate chain is trusted.
   *
   * @param certChain The ASN.1 DER encoded bytes for certificates.
   * @param authType The key exchange algorithm name (e.g. RSA)
   * @return true if the server is trusted
   * @throws CertificateException,KeyStoreException,NoSuchAlgorithmException on error initializing
   *     the TrustManager or reading the certChain
   */
  @CalledByNativeUnchecked
  public static boolean verifyServerCertificates(byte[][] certChain, String authType)
      throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
    if (certChain == null || certChain.length == 0 || certChain[0] == null) {
      throw new IllegalArgumentException(
          "Expected non-null and non-empty certificate "
              + "chain passed as |certChain|. |certChain|="
              + certChain);
    }

    ensureInitialized();
    X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
    for (int i = 0; i < certChain.length; ++i) {
      serverCertificates[i] =
          (X509Certificate)
              sCertificateFactory.get().generateCertificate(new ByteArrayInputStream(certChain[i]));
    }

    try {
      sDefaultTrustManager.get().checkServerTrusted(serverCertificates, authType);
      return true;
    } catch (CertificateException e) {
      Log.i(TAG, "failed to validate the certificate chain, error: " + e.getMessage());
    }
    return false;
  }
Beispiel #3
0
  private searchMenuMgr() {

    try {
      KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
      trustStore.load(null, null);
      MySSLSocketFactory socketFactory = new MySSLSocketFactory(trustStore);
      socketFactory.setHostnameVerifier(MySSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
      client = new AsyncHttpClient();
      client.setSSLSocketFactory(socketFactory);
      client.setCookieStore(new PersistentCookieStore(Login_Main.getContext()));
      client.setTimeout(10000);
    } catch (KeyStoreException e) {
      e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (CertificateException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    } catch (KeyManagementException e) {
      e.printStackTrace();
    } catch (UnrecoverableKeyException e) {
      e.printStackTrace();
    }
  }
  private KeyManager[] prepareKeyManager(InputStream bksFile, String password) {
    try {
      if (bksFile == null || password == null) return null;

      KeyStore clientKeyStore = KeyStore.getInstance("BKS");
      clientKeyStore.load(bksFile, password.toCharArray());
      KeyManagerFactory keyManagerFactory =
          KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      keyManagerFactory.init(clientKeyStore, password.toCharArray());
      return keyManagerFactory.getKeyManagers();

    } catch (KeyStoreException e) {
      e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (UnrecoverableKeyException e) {
      e.printStackTrace();
    } catch (CertificateException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    } catch (Exception e) {
      e.printStackTrace();
    }
    return null;
  }
 public void checkCertTrusted(
     X509Certificate[] chain, String authType, boolean isServer, boolean interactive)
     throws CertificateException {
   LOGGER.log(Level.FINE, "checkCertTrusted(" + chain + ", " + authType + ", " + isServer + ")");
   try {
     LOGGER.log(Level.FINE, "checkCertTrusted: trying appTrustManager");
     if (isServer) appTrustManager.checkServerTrusted(chain, authType);
     else appTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException ae) {
     LOGGER.log(Level.FINER, "checkCertTrusted: appTrustManager failed", ae);
     // if the cert is stored in our appTrustManager, we ignore expiredness
     if (isExpiredException(ae)) {
       LOGGER.log(Level.INFO, "checkCertTrusted: accepting expired certificate from keystore");
       return;
     }
     if (isCertKnown(chain[0])) {
       LOGGER.log(Level.INFO, "checkCertTrusted: accepting cert already stored in keystore");
       return;
     }
     try {
       if (defaultTrustManager == null) throw ae;
       LOGGER.log(Level.FINE, "checkCertTrusted: trying defaultTrustManager");
       if (isServer) defaultTrustManager.checkServerTrusted(chain, authType);
       else defaultTrustManager.checkClientTrusted(chain, authType);
     } catch (CertificateException e) {
       e.printStackTrace();
       if (interactive) {
         interactCert(chain, authType, e);
       } else {
         throw e;
       }
     }
   }
 }
  /**
   * ִ��http���á�true:�ɹ� false:ʧ��
   *
   * @return boolean
   */
  public boolean call() {

    boolean isRet = false;

    // http
    if (null == this.caFile && null == this.certFile) {
      try {
        this.callHttp();
        isRet = true;
      } catch (IOException e) {
        this.errInfo = e.getMessage();
      }
      return isRet;
    }

    // https
    try {
      this.callHttps();
      isRet = true;
    } catch (UnrecoverableKeyException e) {
      this.errInfo = e.getMessage();
    } catch (KeyManagementException e) {
      this.errInfo = e.getMessage();
    } catch (CertificateException e) {
      this.errInfo = e.getMessage();
    } catch (KeyStoreException e) {
      this.errInfo = e.getMessage();
    } catch (NoSuchAlgorithmException e) {
      this.errInfo = e.getMessage();
    } catch (IOException e) {
      this.errInfo = e.getMessage();
    }

    return isRet;
  }
Beispiel #7
0
  public void checkServerTrusted(X509Certificate[] certs, String authType)
      throws CertificateException {
    // verify the cert chain
    verify(certs, authType);

    final TrustEngine[] engines = getTrustEngines();
    Certificate foundCert = null;
    for (int i = 0; i < engines.length; i++) {
      try {
        foundCert = engines[i].findTrustAnchor(certs);
        if (null != foundCert) return; // cert chain is trust
      } catch (final IOException e) {
        final CertificateException ce =
            new ECFCertificateException(
                "Error occurs when finding trust anchor in the cert chain",
                certs,
                authType); //$NON-NLS-1$
        ce.initCause(ce);
        throw ce;
      }
    }
    if (null == foundCert)
      throw new ECFCertificateException(
          "Valid cert chain, but no trust certificate found!", certs, authType); // $NON-NLS-1$
  }
Beispiel #8
0
  private static SSLSocketFactory getSocketFactory(Boolean d) {
    // Enable debug mode to ignore all certificates
    if (DEBUG) {
      KeyStore trustStore;
      try {
        trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);
        SSLSocketFactory sf = new DebugSSLSocketFactory(trustStore);
        sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        return sf;

      } catch (KeyStoreException e2) {
        // TODO Auto-generated catch block
        e2.printStackTrace();
      } catch (NoSuchAlgorithmException e3) {
        // TODO Auto-generated catch block
        e3.printStackTrace();
      } catch (CertificateException e3) {
        // TODO Auto-generated catch block
        e3.printStackTrace();
      } catch (IOException e3) {
        // TODO Auto-generated catch block
        e3.printStackTrace();
      } catch (KeyManagementException e2) {
        // TODO Auto-generated catch block
        e2.printStackTrace();
      } catch (UnrecoverableKeyException e2) {
        // TODO Auto-generated catch block
        e2.printStackTrace();
      }
    }

    return SSLSocketFactory.getSocketFactory();
  }
Beispiel #9
0
  private static Certificate loadCertificate(File f) {
    X509Certificate cert = null;

    Logger.I(TAG, "Loading SSL certificate from PEM file: " + f.getAbsolutePath());

    try {

      byte[] fileBuf = fileToBytes(f);
      byte[] certBytes =
          parseDERFromPEM(fileBuf, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
      cert = generateCertificateFromDER(certBytes);

      Logger.I(TAG, "SSL certificate loaded successfully");

    } catch (IOException e) {
      Logger.E(
          TAG,
          "Reading certificate file failed: "
              + e.getClass().getSimpleName()
              + ": "
              + e.getMessage());
    } catch (CertificateException e) {
      Logger.E(
          TAG,
          "Certificate generation failed: " + e.getClass().getSimpleName() + ": " + e.getMessage());
    }

    return cert;
  }
  /**
   * Gets a KeyStore containing the Certificate
   *
   * @param cert InputStream of the Certificate
   * @return KeyStore
   */
  public static KeyStore getKeystoreOfCA(InputStream cert) {

    // Load CAs from an InputStream
    InputStream caInput = null;
    Certificate ca = null;
    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      caInput = new BufferedInputStream(cert);
      ca = cf.generateCertificate(caInput);
    } catch (CertificateException e1) {
      e1.printStackTrace();
    } finally {
      try {
        if (caInput != null) {
          caInput.close();
        }
      } catch (IOException e) {
        e.printStackTrace();
      }
    }

    // Create a KeyStore containing our trusted CAs
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore = null;
    try {
      keyStore = KeyStore.getInstance(keyStoreType);
      keyStore.load(null, null);
      keyStore.setCertificateEntry("ca", ca);
    } catch (Exception e) {
      e.printStackTrace();
    }
    return keyStore;
  }
Beispiel #11
0
 /*
  * Delegate to the default trust manager.
  */
 public void checkClientTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     pkixTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException excep) {
     Logger.error(this.getClass(), excep.getMessage());
     Logger.debug(this.getClass(), excep.getMessage(), excep);
   }
 }
 static {
   CertificateFactory cf = null;
   try {
     cf = CertificateFactory.getInstance("X.509");
   } catch (CertificateException ce) {
     ce.printStackTrace(System.out);
   } finally {
     CF = cf;
   }
 }
Beispiel #13
0
 /*     */ private void readObject(ObjectInputStream paramObjectInputStream)
     /*     */ throws IOException, ClassNotFoundException
       /*     */ {
   /* 553 */ Hashtable localHashtable = null;
   /*     */
   /* 555 */ paramObjectInputStream.defaultReadObject();
   /*     */
   /* 557 */ if (this.type == null) {
     /* 558 */ throw new NullPointerException("type can't be null");
     /*     */ }
   /*     */
   /* 561 */ int i = paramObjectInputStream.readInt();
   /* 562 */ if (i > 0)
   /*     */ {
     /* 565 */ localHashtable = new Hashtable(3);
     /* 566 */ this.certs = new Certificate[i];
     /*     */ }
   /*     */
   /* 569 */ for (int j = 0; j < i; j++)
   /*     */ {
     /* 572 */ String str = paramObjectInputStream.readUTF();
     /*     */ CertificateFactory localCertificateFactory;
     /* 573 */ if (localHashtable.containsKey(str))
     /*     */ {
       /* 575 */ localCertificateFactory = (CertificateFactory) localHashtable.get(str);
       /*     */ }
     /*     */ else {
       /*     */ try {
         /* 579 */ localCertificateFactory = CertificateFactory.getInstance(str);
         /*     */ } catch (CertificateException localCertificateException1) {
         /* 581 */ throw new ClassNotFoundException(
             "Certificate factory for " + str + " not found");
         /*     */ }
       /*     */
       /* 585 */ localHashtable.put(str, localCertificateFactory);
       /*     */ }
     /*     */
     /* 588 */ byte[] arrayOfByte = null;
     /*     */ try {
       /* 590 */ arrayOfByte = new byte[paramObjectInputStream.readInt()];
       /*     */ } catch (OutOfMemoryError localOutOfMemoryError) {
       /* 592 */ throw new IOException("Certificate too big");
       /*     */ }
     /* 594 */ paramObjectInputStream.readFully(arrayOfByte);
     /* 595 */ ByteArrayInputStream localByteArrayInputStream =
         new ByteArrayInputStream(arrayOfByte);
     /*     */ try {
       /* 597 */ this.certs[j] =
           localCertificateFactory.generateCertificate(localByteArrayInputStream);
       /*     */ } catch (CertificateException localCertificateException2) {
       /* 599 */ throw new IOException(localCertificateException2.getMessage());
       /*     */ }
     /* 601 */ localByteArrayInputStream.close();
     /*     */ }
   /*     */ }
 private Subject createSubject() throws IOException {
   try {
     Certificate[] chain = engine.getSession().getPeerCertificates();
     CertPath certPath = cf.generateCertPath(asList(chain));
     return new Subject(false, Collections.<Principal>emptySet(), singleton(certPath), emptySet());
   } catch (SSLPeerUnverifiedException e) {
     throw new IOException("Failed to establish identity of SSL peer: " + e.getMessage(), e);
   } catch (CertificateException e) {
     throw new IOException("Certificate failure: " + e.getMessage(), e);
   }
 }
 /**
  * Permanently accepts a certificate for the INCOMING or OUTGOING direction by adding it to the
  * local key store.
  *
  * @param certificate
  */
 private void acceptCertificate(X509Certificate certificate) {
   try {
     mAccount.addCertificate(mDirection, certificate);
   } catch (CertificateException e) {
     showErrorDialog(
         R.string.account_setup_failed_dlg_certificate_message_fmt,
         e.getMessage() == null ? "" : e.getMessage());
   }
   AccountSetupCheckSettings.actionCheckSettings(
       AccountSetupCheckSettings.this, mAccount, mDirection);
 }
Beispiel #16
0
  private void testIt() {

    String https_url = requestURL;
    URL url;

    SSLSocketFactory socketFactory = null;

    try {

      try {
        socketFactory = createSSLContext().getSocketFactory();
      } catch (UnrecoverableKeyException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
      } catch (KeyManagementException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
      } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
      } catch (KeyStoreException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
      } catch (CertificateException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
      }

      url = new URL(https_url);
      HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
      conn.setDoInput(true); // Allow Inputs
      conn.setDoOutput(true); // Allow Outputs
      conn.setRequestMethod("POST");
      conn.setRequestProperty("Connection", "Keep-Alive");
      conn.setRequestProperty("ENCTYPE", "multipart/form-data");
      conn.setSSLSocketFactory(socketFactory);

      DataOutputStream dos = new DataOutputStream(conn.getOutputStream());

      conn.addRequestProperty("app_id", app_id);
      conn.addRequestProperty("app_key", app_key);

      // dump all cert info
      // print_https_cert(con);

      // dump all the content
      print_content(conn);

    } catch (MalformedURLException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }
  }
Beispiel #17
0
 public static X509Certificate getCaCert() {
   try {
     CertificateFactory cf = CertificateFactory.getInstance("X509");
     X509Certificate x509Cert =
         (X509Certificate) cf.generateCertificate(new FileInputStream(publicCert));
     return x509Cert;
   } catch (CertificateException e) {
     e.printStackTrace();
   } catch (FileNotFoundException e) {
     e.printStackTrace();
   }
   return null;
 }
  private PKIXCertPathBuilderResult buildCertPath(
      boolean searchAllCertStores, List<List<Vertex>> adjList) throws CertPathBuilderException {
    // Init shared variables and build certification path
    pathCompleted = false;
    trustAnchor = null;
    finalPublicKey = null;
    policyTreeResult = null;
    LinkedList<X509Certificate> certPathList = new LinkedList<>();
    try {
      buildForward(adjList, certPathList, searchAllCertStores);
    } catch (GeneralSecurityException | IOException e) {
      if (debug != null) {
        debug.println("SunCertPathBuilder.engineBuild() exception in " + "build");
        e.printStackTrace();
      }
      throw new SunCertPathBuilderException(
          "unable to find valid " + "certification path to requested target",
          e,
          new AdjacencyList(adjList));
    }

    // construct SunCertPathBuilderResult
    try {
      if (pathCompleted) {
        if (debug != null) debug.println("SunCertPathBuilder.engineBuild() " + "pathCompleted");

        // we must return a certpath which has the target
        // as the first cert in the certpath - i.e. reverse
        // the certPathList
        Collections.reverse(certPathList);

        return new SunCertPathBuilderResult(
            cf.generateCertPath(certPathList),
            trustAnchor,
            policyTreeResult,
            finalPublicKey,
            new AdjacencyList(adjList));
      }
    } catch (CertificateException e) {
      if (debug != null) {
        debug.println("SunCertPathBuilder.engineBuild() exception " + "in wrap-up");
        e.printStackTrace();
      }
      throw new SunCertPathBuilderException(
          "unable to find valid " + "certification path to requested target",
          e,
          new AdjacencyList(adjList));
    }

    return null;
  }
  @Transient
  public X509Certificate getServerCertificate() {

    if (null == this.encodedServerCertificate) {
      return null;
    }
    try {
      CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
      InputStream certificateStream = new ByteArrayInputStream(this.encodedServerCertificate);
      return (X509Certificate) certificateFactory.generateCertificate(certificateStream);
    } catch (CertificateException e) {
      throw new RuntimeException("cert factory error: " + e.getMessage());
    }
  }
 public static CertPathEntry decode(DataInputStream in) throws IOException {
   CertPathEntry entry = new CertPathEntry();
   entry.properties.decode(in);
   entry.makeCreationDate();
   int len = in.readInt();
   MeteredInputStream in2 = new MeteredInputStream(in, len);
   try {
     CertificateFactory fact = CertificateFactory.getInstance("X.509");
     entry.path = (Certificate[]) fact.generateCertificates(in2).toArray(new Certificate[0]);
   } catch (CertificateException ce) {
     throw new MalformedKeyringException(ce.toString());
   }
   return entry;
 }
 /**
  * Create a new X.509 certificate from the encoded data. The input data are expected to be the
  * ASN.1 DER encoding of the certificate.
  *
  * @param encoded The encoded certificate data.
  * @throws IOException If the certificate cannot be read, possibly from a formatting error.
  * @throws CertificateException If the data read is not an X.509 certificate.
  */
 public X509CertificateImpl(InputStream encoded) throws CertificateException, IOException {
   super();
   extensions = new HashMap();
   try {
     parse(encoded);
   } catch (IOException ioe) {
     debug(ioe);
     throw ioe;
   } catch (Exception e) {
     debug(e);
     CertificateException ce = new CertificateException(e.getMessage());
     ce.initCause(e);
     throw ce;
   }
 }
  private void sslFileTransfer(String filename) {
    try {
      KeyStore trusted = KeyStore.getInstance("BKS");
      // Get the raw resource, which contains the keystore with
      // your trusted certificates (root and any intermediate certs)
      InputStream in =
          context.getResources().openRawResource(tracker.springversion1.R.raw.mykeystore);
      trusted.load(in, "mysecret".toCharArray());

      String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
      TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
      tmf.init(trusted);

      // Create an SSLContext that uses our TrustManager
      SSLContext context = SSLContext.getInstance("TLS");
      context.init(null, tmf.getTrustManagers(), null);

      URL url = new URL(host);
      HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
      urlConnection.setSSLSocketFactory(context.getSocketFactory());

      transfer(urlConnection, filename);

      //			SSLSocketFactory sf = new SSLSocketFactory(trusted);
      //			// Hostname verification from certificate
      //			// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
      //			sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
      //
      //			Socket sslsocket = sf.createSocket();
      //			sslsocket.setKeepAlive(true);
      //
      //			InetSocketAddress address = new InetSocketAddress(host, 443);
      //			sslsocket.connect(address);
      //
      //			OutputStream sout = sslsocket.getOutputStream();

    } catch (KeyStoreException e) {
      Log.v("mark", "KeyStoreException:" + e.getMessage());
    } catch (NoSuchAlgorithmException e) {
      Log.v("mark", "NoSuchAlgorithmException:" + e.getMessage());
    } catch (CertificateException e) {
      Log.v("mark", "CertificateException:" + e.getMessage());
    } catch (IOException e) {
      Log.v("mark", "IOException:" + e.getMessage());
    } catch (KeyManagementException e) {
      Log.v("mark", "KeyManagementException:" + e.getMessage());
    }
  }
Beispiel #23
0
  private KeyStore getKeyStore() throws CertificateException, IOException {
    KeyStore ks = null;

    try {
      ks = KeyStore.getInstance("PKCS12");
      ks.load(new FileInputStream(this.pathSignature), this.passSignature.toCharArray());
    } catch (KeyStoreException e) {
      throw new IOException("Error: " + e.getMessage());
    } catch (NoSuchAlgorithmException e) {
      throw new IOException("Error: " + e.getMessage());
    } catch (CertificateException e) {
      throw new IOException("Error: " + e.getMessage());
    } catch (IOException e) {
      throw new IOException("Error: " + e.getMessage());
    }
    return ks;
  }
 private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
   int length = reader.readInt();
   if (length == -1) {
     return null;
   }
   try {
     CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
     Certificate[] result = new Certificate[length];
     for (int i = 0; i < result.length; i++) {
       String line = reader.readLine();
       byte[] bytes = Base64.decode(line, Base64.DEFAULT);
       result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
     }
     return result;
   } catch (CertificateException e) {
     throw new IOException(e.getMessage());
   }
 }
Beispiel #25
0
  private byte[] getCertFingerprint(X509Certificate cert) {
    MessageDigest md;
    byte[] fingerprint = null;
    try {

      md = MessageDigest.getInstance("SHA1");
      md.update(cert.getEncoded());

      fingerprint = md.digest();

    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (CertificateException e) {
      e.printStackTrace();
    }

    return fingerprint;
  }
    private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
      int length = readInt(source);
      if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.

      try {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        List<Certificate> result = new ArrayList<>(length);
        for (int i = 0; i < length; i++) {
          String line = source.readUtf8LineStrict();
          Buffer bytes = new Buffer();
          bytes.write(ByteString.decodeBase64(line));
          result.add(certificateFactory.generateCertificate(bytes.inputStream()));
        }
        return result;
      } catch (CertificateException e) {
        throw new IOException(e.getMessage());
      }
    }
 /**
  * Get java.security.Kestore instance from JKS
  *
  * @return
  */
 private KeyStore loadKeyStore() {
   File keySF = new File(keyStorePath);
   KeyStore keystore = null;
   try {
     FileInputStream is = new FileInputStream(keySF);
     keystore = KeyStore.getInstance(KeyStore.getDefaultType());
     keystore.load(is, keyStorePassword.toCharArray());
   } catch (KeyStoreException e) {
     e.printStackTrace();
   } catch (IOException e) {
     e.printStackTrace();
   } catch (NoSuchAlgorithmException e) {
     e.printStackTrace();
   } catch (CertificateException e) {
     e.printStackTrace();
   }
   return keystore;
 }
  static void disableCertificateValidation(Context context, OkHttpClient.Builder builder) {

    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      InputStream caInput = context.getResources().openRawResource(R.raw.ca);
      Certificate ca;
      try {
        ca = cf.generateCertificate(caInput);
        System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
      } finally {
        caInput.close();
      }
      String keyStoreType = KeyStore.getDefaultType();
      KeyStore keyStore = KeyStore.getInstance(keyStoreType);
      keyStore.load(null, null);
      keyStore.setCertificateEntry("ca", ca);

      String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
      TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
      tmf.init(keyStore);

      SSLContext sc = SSLContext.getInstance("TLS");
      sc.init(null, tmf.getTrustManagers(), null);
      HostnameVerifier hv =
          new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
              return true;
            }
          };
      sc.init(null, tmf.getTrustManagers(), null);
      builder.sslSocketFactory(sc.getSocketFactory());
      builder.hostnameVerifier(hv);
    } catch (CertificateException e) {
      e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (KeyStoreException e) {
      e.printStackTrace();
    } catch (KeyManagementException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }
  }
Beispiel #29
0
  /**
   * Retrieves the Certificate Revocation List
   *
   * @return a String object
   * @throws CRLException if there is issue generating the CRL
   * @throws IOException if there is a problem serializing the CRL
   * @httpcode 200
   */
  @GET
  @Produces({MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN})
  public String getCurrentCrl(@Context Principal principal) throws CRLException, IOException {

    String filePath = getCrlFilePath();
    File crlFile = new File(filePath);

    byte[] encoded = null;

    try {
      X509CRL crl = crlFileUtil.readCRLFile(crlFile);
      crl = crlGenerator.syncCRLWithDB(crl);
      encoded = crlFileUtil.writeCRLFile(crlFile, crl);
    } catch (CertificateException e) {
      throw new IseException(e.getMessage(), e);
    }

    return new String(encoded);
  }
Beispiel #30
0
 public static void initEncryptCert() {
   CertificateFactory cf = null;
   FileInputStream in = null;
   try {
     cf = CertificateFactory.getInstance("X.509");
     in = new FileInputStream(UPMPConstant.encryptCertPath);
     encryptCert = (X509Certificate) cf.generateCertificate(in);
   } catch (CertificateException e) {
     logger.error(e.getMessage());
   } catch (FileNotFoundException e) {
     logger.error(e.getMessage());
   } finally {
     if (null != in)
       try {
         in.close();
       } catch (IOException e) {
         logger.error(e.getMessage());
       }
   }
 }