/** * Returns a string describing this code signer. * * @return A string comprising the signer's certificate and a timestamp, if present. */ public String toString() { StringBuffer sb = new StringBuffer(); sb.append("("); sb.append("Signer: " + signerCertPath.getCertificates().get(0)); if (timestamp != null) { sb.append("timestamp: " + timestamp); } sb.append(")"); return sb.toString(); }
/** * Validates an attribute certificate with the given certificate path. * * <p><code>params</code> must be an instance of <code>ExtendedPKIXParameters</code>. * * <p>The target constraints in the <code>params</code> must be an <code> * X509AttributeCertStoreSelector</code> with at least the attribute certificate criterion set. * Obey that also target informations may be necessary to correctly validate this attribute * certificate. * * <p>The attribute certificate issuer must be added to the trusted attribute issuers with {@link * ExtendedPKIXParameters#setTrustedACIssuers(Set)}. * * @param certPath The certificate path which belongs to the attribute certificate issuer public * key certificate. * @param params The PKIX parameters. * @return A <code>PKIXCertPathValidatorResult</code> of the result of validating the <code> * certPath</code>. * @throws InvalidAlgorithmParameterException if <code>params</code> is inappropriate for this * validator. * @throws CertPathValidatorException if the verification fails. */ public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { if (!(params instanceof ExtendedPKIXParameters)) { throw new InvalidAlgorithmParameterException( "Parameters must be a " + ExtendedPKIXParameters.class.getName() + " instance."); } ExtendedPKIXParameters pkixParams = (ExtendedPKIXParameters) params; Selector certSelect = pkixParams.getTargetConstraints(); if (!(certSelect instanceof X509AttributeCertStoreSelector)) { throw new InvalidAlgorithmParameterException( "TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class."); } X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect).getAttributeCert(); CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, pkixParams); CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, pkixParams); X509Certificate issuerCert = (X509Certificate) certPath.getCertificates().get(0); RFC3281CertPathUtilities.processAttrCert3(issuerCert, pkixParams); RFC3281CertPathUtilities.processAttrCert4(issuerCert, pkixParams); RFC3281CertPathUtilities.processAttrCert5(attrCert, pkixParams); // 6 already done in X509AttributeCertStoreSelector RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, pkixParams); RFC3281CertPathUtilities.additionalChecks(attrCert, pkixParams); Date date = null; try { date = CertPathValidatorUtilities.getValidCertDateFromValidityModel(pkixParams, null, -1); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException( "Could not get validity date from attribute certificate.", e); } RFC3281CertPathUtilities.checkCRLs( attrCert, pkixParams, issuerCert, date, certPath.getCertificates()); return result; }
private static X509Certificate[] toArray(CertPath path, TrustAnchor anchor) throws CertificateException { List list = path.getCertificates(); X509Certificate[] chain = new X509Certificate[list.size() + 1]; list.toArray(chain); X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert == null) { throw new ValidatorException("TrustAnchor must be specified as certificate"); } chain[chain.length - 1] = trustedCert; return chain; }
protected static Date getValidCertDateFromValidityModel( ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index) throws AnnotatedException { if (paramsPKIX.getValidityModel() == ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL) { // if end cert use given signing/encryption/... time if (index <= 0) { return CertPathValidatorUtilities.getValidDate(paramsPKIX); // else use time when previous cert was created } else { if (index - 1 == 0) { DERGeneralizedTime dateOfCertgen = null; try { byte[] extBytes = ((X509Certificate) certPath.getCertificates().get(index - 1)) .getExtensionValue( ISISMTTObjectIdentifiers.id_isismtt_at_dateOfCertGen.getId()); if (extBytes != null) { dateOfCertgen = DERGeneralizedTime.getInstance(ASN1Primitive.fromByteArray(extBytes)); } } catch (IOException e) { throw new AnnotatedException("Date of cert gen extension could not be read."); } catch (IllegalArgumentException e) { throw new AnnotatedException("Date of cert gen extension could not be read."); } if (dateOfCertgen != null) { try { return dateOfCertgen.getDate(); } catch (ParseException e) { throw new AnnotatedException( "Date from date of cert gen extension could not be parsed.", e); } } return ((X509Certificate) certPath.getCertificates().get(index - 1)).getNotBefore(); } else { return ((X509Certificate) certPath.getCertificates().get(index - 1)).getNotBefore(); } } } else { return getValidDate(paramsPKIX); } }
public String toString() { return "Signature verification [" + "\n signName=" + signName + "\n name=" + name + "\n subject=" + subject + "\n date=" + date.getTime() + "\n reason=" + reason + "\n location=" + location + "\n revision=" + revision + "\n wholeDocument=" + wholeDocument + "\n modified=" + modified + "\n certificationLevel=" + getCertificationLevel().name() + "\n signCertTrustedAndValid=" + signCertTrustedAndValid + "\n ocspPresent=" + ocspPresent + "\n ocspValid=" + ocspValid + "\n crlPresent=" + crlPresent + "\n ocspInCertPresent=" + ocspInCertPresent + "\n ocspInCertValid=" + ocspInCertValid + "\n timeStampTokenPresent=" + tsTokenPresent + "\n timeStampTokenValidationFail=" + (tsTokenValidationResult == null ? "no" : tsTokenValidationResult.getMessage()) + "\n fails=" + (fails == null ? "no" : Arrays.asList(fails)) + "\n certPath=" + (certPath == null ? "no" : certPath.getCertificates()) + "\n signingCertificate=" + (signingCertificate == null ? "no" : signingCertificate.toString()) + "\n]"; }
/** 读取指定路径下APK文件签名 */ @SuppressWarnings({"unchecked"}) public static String getJarSignature(String filePath) throws Exception { if (null == filePath) { return null; } String resultSign = ""; String resultKey = ""; List<ZipEntry> names = new ArrayList<ZipEntry>(); ZipFile zf = new ZipFile(filePath); Enumeration<ZipEntry> zi = (Enumeration<ZipEntry>) zf.entries(); while (zi.hasMoreElements()) { ZipEntry ze = zi.nextElement(); String name = ze.getName(); if (name.startsWith("META-INF/") && (name.endsWith(".RSA") || name.endsWith(".DSA"))) { names.add(ze); } } Collections.sort( names, new Comparator<ZipEntry>() { @Override public int compare(ZipEntry obj1, ZipEntry obj2) { if (obj1 != null && obj2 != null) { return obj1.getName().compareToIgnoreCase(obj2.getName()); } return 0; } }); for (ZipEntry ze : names) { InputStream is = zf.getInputStream(ze); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); CertPath cp = cf.generateCertPath(is, "PKCS7"); List<?> list = cp.getCertificates(); for (Object obj : list) { if (!(obj instanceof X509Certificate)) continue; X509Certificate cert = (X509Certificate) obj; StringBuilder builder = new StringBuilder(); builder.setLength(0); byte[] key = getPKBytes(cert.getPublicKey()); for (byte aKey : key) { builder.append(String.format("%02X", aKey)); } resultKey += builder.toString(); builder.setLength(0); byte[] signature = cert.getSignature(); for (byte aSignature : signature) { builder.append(String.format("%02X", aSignature)); } resultSign += builder.toString(); } } catch (CertificateException e) { Logger.i(e.toString()); } is.close(); } if (!TextUtils.isEmpty(resultKey) && !TextUtils.isEmpty(resultSign)) { return hashCode(resultKey) + "," + hashCode(resultSign); } return null; }
public void performTest() throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); X509Certificate rootCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(rootCertBin)); X509Certificate interCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(interCertBin)); X509Certificate finalCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(finalCertBin)); // Testing CertPath generation from List List list = new ArrayList(); list.add(interCert); CertPath certPath1 = cf.generateCertPath(list); // Testing CertPath encoding as PkiPath byte[] encoded = certPath1.getEncoded("PkiPath"); // Testing CertPath generation from InputStream ByteArrayInputStream inStream = new ByteArrayInputStream(encoded); CertPath certPath2 = cf.generateCertPath(inStream, "PkiPath"); // Comparing both CertPathes if (!certPath2.equals(certPath1)) { fail("CertPath differ after encoding and decoding."); } encoded = certPath1.getEncoded("PKCS7"); // Testing CertPath generation from InputStream inStream = new ByteArrayInputStream(encoded); certPath2 = cf.generateCertPath(inStream, "PKCS7"); // Comparing both CertPathes if (!certPath2.equals(certPath1)) { fail("CertPath differ after encoding and decoding."); } encoded = certPath1.getEncoded("PEM"); // Testing CertPath generation from InputStream inStream = new ByteArrayInputStream(encoded); certPath2 = cf.generateCertPath(inStream, "PEM"); // Comparing both CertPathes if (!certPath2.equals(certPath1)) { fail("CertPath differ after encoding and decoding."); } // // empty list test // list = new ArrayList(); CertPath certPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(list); if (certPath.getCertificates().size() != 0) { fail("list wrong size."); } // // exception tests // testExceptions(); }
public static X509Certificate[] getX509Certificates(CertPath certPath) { Preconditions.checkArgument(certPath.getType().equals(CertificateFactories.X_509)); List<X509Certificate> certificates = (List<X509Certificate>) certPath.getCertificates(); return certificates.toArray(new X509Certificate[certificates.size()]); }
/* */ public CertPathValidatorResult engineValidate( CertPath paramCertPath, CertPathParameters paramCertPathParameters) /* */ throws CertPathValidatorException, InvalidAlgorithmParameterException /* */ { /* 98 */ if (debug != null) { /* 99 */ debug.println("PKIXCertPathValidator.engineValidate()..."); /* */ } /* 101 */ if (!(paramCertPathParameters instanceof PKIXParameters)) { /* 102 */ throw new InvalidAlgorithmParameterException( "inappropriate parameters, must be an instance of PKIXParameters"); /* */ } /* */ /* 106 */ if ((!paramCertPath.getType().equals("X.509")) && (!paramCertPath.getType().equals("X509"))) { /* 107 */ throw new InvalidAlgorithmParameterException( "inappropriate certification path type specified, must be X.509 or X509"); /* */ } /* */ /* 111 */ PKIXParameters localPKIXParameters = (PKIXParameters) paramCertPathParameters; /* */ /* 115 */ Set localSet = localPKIXParameters.getTrustAnchors(); /* 116 */ for (Object localObject1 = localSet.iterator(); ((Iterator) localObject1).hasNext(); ) { localObject2 = (TrustAnchor) ((Iterator) localObject1).next(); /* 117 */ if (((TrustAnchor) localObject2).getNameConstraints() != null) { /* 118 */ throw new InvalidAlgorithmParameterException( "name constraints in trust anchor not supported"); /* */ } /* */ /* */ } /* */ /* 133 */ localObject1 = new ArrayList(paramCertPath.getCertificates()); /* */ /* 135 */ if (debug != null) { /* 136 */ if (((ArrayList) localObject1).isEmpty()) { /* 137 */ debug.println("PKIXCertPathValidator.engineValidate() certList is empty"); /* */ } /* */ /* 140 */ debug.println("PKIXCertPathValidator.engineValidate() reversing certpath..."); /* */ } /* */ /* 143 */ Collections.reverse((List) localObject1); /* */ /* 148 */ populateVariables(localPKIXParameters); /* */ /* 152 */ Object localObject2 = null; /* 153 */ if (!((ArrayList) localObject1).isEmpty()) { /* 154 */ localObject2 = (X509Certificate) ((ArrayList) localObject1).get(0); /* */ } /* */ /* 157 */ Object localObject3 = null; /* */ /* 161 */ for (TrustAnchor localTrustAnchor : localSet) { /* 162 */ X509Certificate localX509Certificate = localTrustAnchor.getTrustedCert(); /* 163 */ if (localX509Certificate != null) { /* 164 */ if (debug != null) { /* 165 */ debug.println( "PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null"); /* */ } /* */ /* 171 */ if (isWorthTrying(localX509Certificate, (X509Certificate) localObject2)) /* */ { /* 175 */ if (debug != null) /* 176 */ debug.println( "anchor.getTrustedCert().getSubjectX500Principal() = " + localX509Certificate.getSubjectX500Principal()); /* */ } /* */ } /* */ else /* */ { /* 181 */ if (debug != null) { /* 182 */ debug.println( "PKIXCertPathValidator.engineValidate(): anchor.getTrustedCert() == null"); /* */ } /* */ /* */ try /* */ { /* 188 */ PolicyNodeImpl localPolicyNodeImpl = new PolicyNodeImpl( null, "2.5.29.32.0", null, false, Collections.singleton("2.5.29.32.0"), false); /* */ /* 191 */ PolicyNode localPolicyNode = doValidate( localTrustAnchor, paramCertPath, (ArrayList) localObject1, localPKIXParameters, localPolicyNodeImpl); /* */ /* 194 */ return new PKIXCertPathValidatorResult( localTrustAnchor, localPolicyNode, this.basicChecker.getPublicKey()); /* */ } /* */ catch (CertPathValidatorException localCertPathValidatorException) /* */ { /* 198 */ localObject3 = localCertPathValidatorException; /* */ } /* */ } /* */ /* */ } /* */ /* 204 */ if (localObject3 != null) { /* 205 */ throw localObject3; /* */ } /* */ /* 208 */ throw new CertPathValidatorException( "Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); /* */ }