예제 #1
0
  /**
   * Callback method from _scanKeychain. If a trusted certificate is found, this method will be
   * called.
   */
  private void createTrustedCertEntry(
      String alias, long keychainItemRef, long creationDate, byte[] derStream) {
    TrustedCertEntry tce = new TrustedCertEntry();

    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      InputStream input = new ByteArrayInputStream(derStream);
      X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
      input.close();
      tce.cert = cert;
      tce.certRef = keychainItemRef;

      // Make a creation date.
      if (creationDate != 0) tce.date = new Date(creationDate);
      else tce.date = new Date();

      int uniqueVal = 1;
      String originalAlias = alias;

      while (entries.containsKey(alias.toLowerCase())) {
        alias = originalAlias + " " + uniqueVal;
        uniqueVal++;
      }

      entries.put(alias.toLowerCase(), tce);
    } catch (Exception e) {
      // The certificate will be skipped.
      System.err.println("KeychainStore Ignored Exception: " + e);
    }
  }
예제 #2
0
 private void initCommon() {
   if (TRY_VALIDATOR == false) {
     return;
   }
   trustedSubjects = new HashMap<X500Principal, List<PublicKey>>();
   for (Iterator t = trustedCerts.iterator(); t.hasNext(); ) {
     X509Certificate cert = (X509Certificate) t.next();
     X500Principal dn = cert.getSubjectX500Principal();
     List<PublicKey> keys;
     if (trustedSubjects.containsKey(dn)) {
       keys = trustedSubjects.get(dn);
     } else {
       keys = new ArrayList<PublicKey>();
       trustedSubjects.put(dn, keys);
     }
     keys.add(cert.getPublicKey());
   }
   try {
     factory = CertificateFactory.getInstance("X.509");
   } catch (CertificateException e) {
     throw new RuntimeException("Internal error", e);
   }
   plugin = variant.equals(VAR_PLUGIN_CODE_SIGNING);
 }
예제 #3
0
  private X509Certificate[] doValidate(X509Certificate[] chain, PKIXBuilderParameters params)
      throws CertificateException {
    try {
      setDate(params);

      // do the validation
      CertPathValidator validator = CertPathValidator.getInstance("PKIX");
      CertPath path = factory.generateCertPath(Arrays.asList(chain));
      certPathLength = chain.length;
      PKIXCertPathValidatorResult result =
          (PKIXCertPathValidatorResult) validator.validate(path, params);

      return toArray(path, result.getTrustAnchor());
    } catch (GeneralSecurityException e) {
      if (e instanceof CertPathValidatorException) {
        // check cause
        Throwable cause = e.getCause();
        if (cause != null && cause instanceof OCSPResponse.UnreliableException) {
          throw new ValidatorException(ValidatorException.T_OCSP_RESPONSE_UNRELIABLE);
        }
      }
      throw new ValidatorException("PKIX path validation failed: " + e.toString(), e);
    }
  }
예제 #4
0
  /**
   * Callback method from _scanKeychain. If an identity is found, this method will be called to
   * create Java certificate and private key objects from the keychain data.
   */
  private void createKeyEntry(
      String alias,
      long creationDate,
      long secKeyRef,
      long[] secCertificateRefs,
      byte[][] rawCertData)
      throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
    KeyEntry ke = new KeyEntry();

    // First, store off the private key information.  This is the easy part.
    ke.protectedPrivKey = null;
    ke.keyRef = secKeyRef;

    // Make a creation date.
    if (creationDate != 0) ke.date = new Date(creationDate);
    else ke.date = new Date();

    // Next, create X.509 Certificate objects from the raw data.  This is complicated
    // because a certificate's public key may be too long for Java's default encryption strength.
    List<CertKeychainItemPair> createdCerts = new ArrayList<>();

    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");

      for (int i = 0; i < rawCertData.length; i++) {
        try {
          InputStream input = new ByteArrayInputStream(rawCertData[i]);
          X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
          input.close();

          // We successfully created the certificate, so track it and its corresponding
          // SecCertificateRef.
          createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert));
        } catch (CertificateException e) {
          // The certificate will be skipped.
          System.err.println("KeychainStore Ignored Exception: " + e);
        }
      }
    } catch (CertificateException e) {
      e.printStackTrace();
    } catch (IOException ioe) {
      ioe.printStackTrace(); // How would this happen?
    }

    // We have our certificates in the List, so now extract them into an array of
    // Certificates and SecCertificateRefs.
    CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]);
    Certificate[] certArray = new Certificate[objArray.length];
    long[] certRefArray = new long[objArray.length];

    for (int i = 0; i < objArray.length; i++) {
      CertKeychainItemPair addedItem = objArray[i];
      certArray[i] = addedItem.mCert;
      certRefArray[i] = addedItem.mCertificateRef;
    }

    ke.chain = certArray;
    ke.chainRefs = certRefArray;

    // If we don't have already have an item with this item's alias
    // create a new one for it.
    int uniqueVal = 1;
    String originalAlias = alias;

    while (entries.containsKey(alias.toLowerCase())) {
      alias = originalAlias + " " + uniqueVal;
      uniqueVal++;
    }

    entries.put(alias.toLowerCase(), ke);
  }
예제 #5
0
  public static void main(String[] args) throws Exception {
    // Get a CertificateFactory for various tests
    CF = CertificateFactory.getInstance("X509");
    ByteArrayInputStream bais = new ByteArrayInputStream(readFile("int.crt").getBytes());
    X509Certificate intCA = (X509Certificate) CF.generateCertificate(bais);
    System.out.println(
        "Successfully instantiated CA cert \"" + intCA.getSubjectX500Principal() + "\"");

    CertId cid0x1500 = new CertId(intCA, new SerialNumber(0x1500));
    boolean noFailures = true;

    OCSPResponse.SingleResponse sr = getSRByFilename("ocsp-good-nonext.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    if (sr.getRevocationTime() != null) {
      throw new RuntimeException("Oops. revocationTime is non-null " + sr.getRevocationTime());
    } else if (sr.getRevocationReason() != null) {
      throw new RuntimeException("Oops. revocationReason is non-null " + sr.getRevocationReason());
    }

    sr = getSRByFilename("ocsp-good-withnext.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    sr = getSRByFilename("ocsp-good-witharchcut.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    sr = getSRByFilename("ocsp-rev-nocerts.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    sr = getSRByFilename("ocsp-rev-nonext-noinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    sr = getSRByFilename("ocsp-rev-withnext-noinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    sr = getSRByFilename("ocsp-rev-nonext-withinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    sr = getSRByFilename("ocsp-rev-withnext-withinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    try {
      sr = getSRByFilename("ocsp-rev-twonext.resp", cid0x1500);
      System.out.println("FAIL: Allowed two nextUpdate fields");
      noFailures = false;
    } catch (IOException ioe) {
      System.out.println("Caught expected exception: " + ioe);
    }

    try {
      sr = getSRByFilename("ocsp-rev-bad-sr-tag.resp", cid0x1500);
      System.out.println("FAIL: Allowed invalid singleResponse item");
      noFailures = false;
    } catch (IOException ioe) {
      System.out.println("Caught expected exception: " + ioe);
    }

    try {
      sr = getSRByFilename("ocsp-rev-sr-cont-reverse.resp", cid0x1500);
      System.out.println("FAIL: Allowed reversed " + "nextUpdate/singleExtensions");
      noFailures = false;
    } catch (IOException ioe) {
      System.out.println("Caught expected exception: " + ioe);
    }

    if (!noFailures) {
      throw new RuntimeException("One or more tests failed");
    }
  }