public void checkCertTrusted( X509Certificate[] chain, String authType, boolean isServer, boolean interactive) throws CertificateException { LOGGER.log(Level.FINE, "checkCertTrusted(" + chain + ", " + authType + ", " + isServer + ")"); try { LOGGER.log(Level.FINE, "checkCertTrusted: trying appTrustManager"); if (isServer) appTrustManager.checkServerTrusted(chain, authType); else appTrustManager.checkClientTrusted(chain, authType); } catch (CertificateException ae) { LOGGER.log(Level.FINER, "checkCertTrusted: appTrustManager failed", ae); // if the cert is stored in our appTrustManager, we ignore expiredness if (isExpiredException(ae)) { LOGGER.log(Level.INFO, "checkCertTrusted: accepting expired certificate from keystore"); return; } if (isCertKnown(chain[0])) { LOGGER.log(Level.INFO, "checkCertTrusted: accepting cert already stored in keystore"); return; } try { if (defaultTrustManager == null) throw ae; LOGGER.log(Level.FINE, "checkCertTrusted: trying defaultTrustManager"); if (isServer) defaultTrustManager.checkServerTrusted(chain, authType); else defaultTrustManager.checkClientTrusted(chain, authType); } catch (CertificateException e) { e.printStackTrace(); if (interactive) { interactCert(chain, authType, e); } else { throw e; } } } }
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { // verify the cert chain verify(certs, authType); final TrustEngine[] engines = getTrustEngines(); Certificate foundCert = null; for (int i = 0; i < engines.length; i++) { try { foundCert = engines[i].findTrustAnchor(certs); if (null != foundCert) return; // cert chain is trust } catch (final IOException e) { final CertificateException ce = new ECFCertificateException( "Error occurs when finding trust anchor in the cert chain", certs, authType); //$NON-NLS-1$ ce.initCause(ce); throw ce; } } if (null == foundCert) throw new ECFCertificateException( "Valid cert chain, but no trust certificate found!", certs, authType); // $NON-NLS-1$ }
public void checkCertTrusted(X509Certificate[] chain, String authType, boolean isServer) throws CertificateException { Log.d(TAG, "checkCertTrusted(" + chain + ", " + authType + ", " + isServer + ")"); try { Log.d(TAG, "checkCertTrusted: trying appTrustManager"); if (isServer) appTrustManager.checkServerTrusted(chain, authType); else appTrustManager.checkClientTrusted(chain, authType); } catch (CertificateException ae) { // if the cert is stored in our appTrustManager, we ignore expiredness ae.printStackTrace(); if (isExpiredException(ae)) { Log.i(TAG, "checkCertTrusted: accepting expired certificate from keystore"); return; } if (isCertKnown(chain[0])) { Log.i(TAG, "checkCertTrusted: accepting cert already stored in keystore"); return; } try { Log.d(TAG, "checkCertTrusted: trying defaultTrustManager"); if (isServer) defaultTrustManager.checkServerTrusted(chain, authType); else defaultTrustManager.checkClientTrusted(chain, authType); } catch (CertificateException e) { e.printStackTrace(); interact(chain, authType, e); } } }
public void verifySignature(Certificate caCert) throws SignatureException { String[] args; if (caCert != null) { try { Certificate.loadCertificateFromBuffer(caCert.getBlob()); } catch (CertificateException e) { throw new SignatureException("Invalid certificate (" + e.getMessage() + ")"); } args = new String[] { "python", "scripts/pkcs7_verifyier.py", "-in", getContentsFilename(), "-ca", caCert.getFilename() }; } else { args = new String[] {"python", "scripts/pkcs7_verifyier.py", "-in", getContentsFilename()}; } BashReader br = BashReader.read(args); if (br == null) { throw new SignatureException("Invalid command."); } if (br.getExitValue() == 0) { return; } throw new SignatureException("The signature verification has failed."); }
private PKIXCertPathBuilderResult buildCertPath( boolean searchAllCertStores, List<List<Vertex>> adjList) throws CertPathBuilderException { // Init shared variables and build certification path pathCompleted = false; trustAnchor = null; finalPublicKey = null; policyTreeResult = null; LinkedList<X509Certificate> certPathList = new LinkedList<>(); try { buildForward(adjList, certPathList, searchAllCertStores); } catch (GeneralSecurityException | IOException e) { if (debug != null) { debug.println("SunCertPathBuilder.engineBuild() exception in " + "build"); e.printStackTrace(); } throw new SunCertPathBuilderException( "unable to find valid " + "certification path to requested target", e, new AdjacencyList(adjList)); } // construct SunCertPathBuilderResult try { if (pathCompleted) { if (debug != null) debug.println("SunCertPathBuilder.engineBuild() " + "pathCompleted"); // we must return a certpath which has the target // as the first cert in the certpath - i.e. reverse // the certPathList Collections.reverse(certPathList); return new SunCertPathBuilderResult( cf.generateCertPath(certPathList), trustAnchor, policyTreeResult, finalPublicKey, new AdjacencyList(adjList)); } } catch (CertificateException e) { if (debug != null) { debug.println("SunCertPathBuilder.engineBuild() exception " + "in wrap-up"); e.printStackTrace(); } throw new SunCertPathBuilderException( "unable to find valid " + "certification path to requested target", e, new AdjacencyList(adjList)); } return null; }
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { tm.checkServerTrusted(chain, authType); } catch (CertificateException e) { Object[] answer = {"Proceed", "Exit"}; int ret = JOptionPane.showOptionDialog( null, e.getCause().getLocalizedMessage() + "\n" + "Continue connecting to this host?", "Confirm certificate exception?", JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, null, answer, answer[0]); if (ret == JOptionPane.NO_OPTION) System.exit(1); } catch (java.lang.Exception e) { throw new Exception(e.toString()); } }
private void verify(X509Certificate[] certs, String authType) throws CertificateException { final int len = certs.length; for (int i = 0; i < len; i++) { final X509Certificate currentX509Cert = certs[i]; try { if (i == len - 1) { if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN())) currentX509Cert.verify(currentX509Cert.getPublicKey()); } else { final X509Certificate nextX509Cert = certs[i + 1]; currentX509Cert.verify(nextX509Cert.getPublicKey()); } } catch (final Exception e) { final CertificateException ce = new ECFCertificateException( "Certificate chain is not valid", certs, authType); // $NON-NLS-1$ ce.initCause(e); throw ce; } } }
/** * Callback method from _scanKeychain. If an identity is found, this method will be called to * create Java certificate and private key objects from the keychain data. */ private void createKeyEntry( String alias, long creationDate, long secKeyRef, long[] secCertificateRefs, byte[][] rawCertData) throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException { KeyEntry ke = new KeyEntry(); // First, store off the private key information. This is the easy part. ke.protectedPrivKey = null; ke.keyRef = secKeyRef; // Make a creation date. if (creationDate != 0) ke.date = new Date(creationDate); else ke.date = new Date(); // Next, create X.509 Certificate objects from the raw data. This is complicated // because a certificate's public key may be too long for Java's default encryption strength. List<CertKeychainItemPair> createdCerts = new ArrayList<>(); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); for (int i = 0; i < rawCertData.length; i++) { try { InputStream input = new ByteArrayInputStream(rawCertData[i]); X509Certificate cert = (X509Certificate) cf.generateCertificate(input); input.close(); // We successfully created the certificate, so track it and its corresponding // SecCertificateRef. createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert)); } catch (CertificateException e) { // The certificate will be skipped. System.err.println("KeychainStore Ignored Exception: " + e); } } } catch (CertificateException e) { e.printStackTrace(); } catch (IOException ioe) { ioe.printStackTrace(); // How would this happen? } // We have our certificates in the List, so now extract them into an array of // Certificates and SecCertificateRefs. CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]); Certificate[] certArray = new Certificate[objArray.length]; long[] certRefArray = new long[objArray.length]; for (int i = 0; i < objArray.length; i++) { CertKeychainItemPair addedItem = objArray[i]; certArray[i] = addedItem.mCert; certRefArray[i] = addedItem.mCertificateRef; } ke.chain = certArray; ke.chainRefs = certRefArray; // If we don't have already have an item with this item's alias // create a new one for it. int uniqueVal = 1; String originalAlias = alias; while (entries.containsKey(alias.toLowerCase())) { alias = originalAlias + " " + uniqueVal; uniqueVal++; } entries.put(alias.toLowerCase(), ke); }