private void certDetails(StringBuffer si, X509Certificate c) { SimpleDateFormat validityDateFormater = new SimpleDateFormat("yyyy-MM-dd"); si.append("\n"); si.append(c.getSubjectDN().toString()); si.append("\n"); si.append(validityDateFormater.format(c.getNotBefore())); si.append(" - "); si.append(validityDateFormater.format(c.getNotAfter())); si.append("\nSHA-256: "); si.append(certHash(c, "SHA-256")); si.append("\nSHA-1: "); si.append(certHash(c, "SHA-1")); si.append("\nSigned by: "); si.append(c.getIssuerDN().toString()); si.append("\n"); }
/* * Returns the list of root certificates * The list of certificates we received is an array of certificates * we have to determine * 1) how many chain do we have (a chain stops when verifier of a cert is * not the signer of the next cert in the list * 2) build a cert with the leaf signer and the root verifier for each chain */ public CertificatePair[] getRootCertificates() { if (rootCertificates == null) { rootCertificates = new CertificatePair[0]; List rootCertificatesList = new ArrayList(); if (certificates != null && certificates.size() > 0) { Iterator iter = certificates.iterator(); while (iter.hasNext()) { Certificate[] certs = (Certificate[]) iter.next(); if (certs != null && certs.length > 0) { CertificatePair pair = new CertificatePair(); pair.setIssuer(certs[0]); for (int i = 0; i < certs.length - 1; i++) { X509Certificate x509certRoot = (X509Certificate) certs[i]; X509Certificate x509certIssuer = (X509Certificate) certs[i + 1]; if (!x509certRoot.getIssuerDN().equals(x509certIssuer.getSubjectDN())) { pair.setRoot(x509certRoot); if (!rootCertificatesList.contains(pair)) { rootCertificatesList.add(pair); } pair = new CertificatePair(); pair.setIssuer(x509certIssuer); } } // add the latest one if (pair != null) { pair.setRoot(certs[certs.length - 1]); if (!rootCertificatesList.contains(pair)) { rootCertificatesList.add(pair); } } } } } if (rootCertificatesList.size() > 0) { rootCertificates = new CertificatePair[rootCertificatesList.size()]; rootCertificatesList.toArray(rootCertificates); } } return rootCertificates; }
/** * Checks certification path by IssuerX500Principal keyed in CAroot<br> * <br> * Risale il certification path attraverso IssuerX500Principal chiave in CAroot * * @return true: if certification path is valid */ public boolean getPathValid() { isPathValid = true; X509Certificate certChild = cert; X509Certificate certParent = null; while (!certChild.getIssuerDN().equals(certChild.getSubjectDN())) { // finche' la CA non è autofirmata try { certParent = CAroot.getCACertificate(certChild.getIssuerX500Principal()); } catch (GeneralSecurityException ex) { // la CA non è presente nella root isPathValid = false; return isPathValid; } certChild = certParent; } ; return isPathValid; }
private void verify(X509Certificate[] certs, String authType) throws CertificateException { final int len = certs.length; for (int i = 0; i < len; i++) { final X509Certificate currentX509Cert = certs[i]; try { if (i == len - 1) { if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN())) currentX509Cert.verify(currentX509Cert.getPublicKey()); } else { final X509Certificate nextX509Cert = certs[i + 1]; currentX509Cert.verify(nextX509Cert.getPublicKey()); } } catch (final Exception e) { final CertificateException ce = new ECFCertificateException( "Certificate chain is not valid", certs, authType); // $NON-NLS-1$ ce.initCause(e); throw ce; } } }
private String certChainMessage(final X509Certificate[] chain, CertificateException cause) { Throwable e = cause; Log.d(TAG, "certChainMessage for " + e); StringBuffer si = new StringBuffer(); if (e.getCause() != null) { e = e.getCause(); si.append(e.getLocalizedMessage()); // si.append("\n"); } for (X509Certificate c : chain) { si.append("\n\n"); si.append(c.getSubjectDN().toString()); si.append("\nMD5: "); si.append(certHash(c, "MD5")); si.append("\nSHA1: "); si.append(certHash(c, "SHA-1")); si.append("\nSigned by: "); si.append(c.getIssuerDN().toString()); } return si.toString(); }
/* * Initializes the signerInfo and the VerifierInfo from the Certificate Pair */ private void initializeCertificates() { X509Certificate certRoot = null; X509Certificate certIssuer = null; CertificatePair trustedCertificate; if (getFoundCertificate() == null) { CertificatePair[] certs = getRootCertificates(); if (certs.length == 0) return; trustedCertificate = certs[0]; } else { trustedCertificate = getFoundCertificate(); } certRoot = (X509Certificate) trustedCertificate.getRoot(); certIssuer = (X509Certificate) trustedCertificate.getIssuer(); StringBuffer strb = new StringBuffer(); strb.append(issuerString(certIssuer.getSubjectDN())); strb.append("\r\n"); // $NON-NLS-1$ strb.append( NLS.bind( Messages.JarVerificationResult_ValidBetween, (new String[] { dateString(certIssuer.getNotBefore()), dateString(certIssuer.getNotAfter()) }))); strb.append(checkValidity(certIssuer)); signerInfo = strb.toString(); if (certIssuer != null && !certIssuer.equals(certRoot)) { strb = new StringBuffer(); strb.append(issuerString(certIssuer.getIssuerDN())); strb.append("\r\n"); // $NON-NLS-1$ strb.append( NLS.bind( Messages.JarVerificationResult_ValidBetween, (new String[] { dateString(certRoot.getNotBefore()), dateString(certRoot.getNotAfter()) }))); strb.append(checkValidity(certRoot)); verifierInfo = strb.toString(); } }