📄 trustedcacertstore.java
字号:
/*
* SSL-Explorer
*
* Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package com.maverick.ssl;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.Hashtable;
import com.maverick.crypto.asn1.ASN1OctetString;
import com.maverick.crypto.asn1.ASN1Sequence;
import com.maverick.crypto.asn1.DERInputStream;
import com.maverick.crypto.asn1.DERObjectIdentifier;
import com.maverick.crypto.asn1.x509.CertificateException;
import com.maverick.crypto.asn1.x509.X509Certificate;
import com.maverick.crypto.asn1.x509.X509CertificateStructure;
import com.maverick.crypto.digests.MD5Digest;
import com.maverick.crypto.digests.SHA1Digest;
import com.maverick.crypto.publickey.PublicKey;
import com.maverick.crypto.publickey.Rsa;
import com.maverick.crypto.publickey.RsaPublicKey;
public class TrustedCACertStore {
static Hashtable temporarilyTrusted = new Hashtable();
public TrustedCACertStore() {
}
public boolean isTrustedCertificate(X509Certificate x509,
boolean allowInvalidCertificates,
boolean allowUntrustedCertificates) throws
SSLException {
try {
//System.out.println(x509.getSubjectDN().toString());
//System.out.println(x509.getIssuerDN().toString());
if (CertificateStore.getInstance().contains(x509.getIssuerDN().toString())) {
//System.out.println("issuer is trusted.. checking certificate");
X509Certificate trusted = (X509Certificate) CertificateStore.getInstance().get(x509.getIssuerDN().toString());
//System.out.println("Testing " + trusted.getIssuerDN().toString());
// Verify the signature of the certificate with the trusted certificate
PublicKey publickey = trusted.getPublicKey();
if (publickey instanceof RsaPublicKey) {
// Verify the signature
if (x509.getSigAlgName().equals("MD5WithRSAEncryption")) {
try {
byte[] blob = x509.getSignature();
// Check for signed bit
if((blob[0] & 0x80) == 0x80) {
blob = new byte[x509.getSignature().length+1];
blob[0] = 0;
System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
}
BigInteger input = new BigInteger(blob);
RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();
BigInteger decoded = Rsa.doPublic(input, r.getModulus(),
r.getPublicExponent());
BigInteger result = Rsa.removePKCS1(decoded, 0x01);
byte[] sig = result.toByteArray();
MD5Digest digest = new MD5Digest();
digest.update(x509.getTBSCertificate(), 0,
x509.getTBSCertificate().length);
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
DERInputStream der = new DERInputStream(
new ByteArrayInputStream(sig));
ASN1Sequence o = (ASN1Sequence) der.readObject();
ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);
DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);
byte[] actual = o3.getOctets();
for (int i = 0; i < actual.length; i++) {
if (actual[i] != hash[i]) {
return false;
}
}
}
catch (IOException ex1) {
throw new SSLException(SSLException.INTERNAL_ERROR,
ex1.getMessage());
}
} else if(x509.getSigAlgName().equals("SHA1WithRSAEncryption")) {
try {
byte[] blob = x509.getSignature();
// Check for signed bit
if((blob[0] & 0x80) == 0x80) {
blob = new byte[x509.getSignature().length+1];
blob[0] = 0;
System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
}
BigInteger input = new BigInteger(blob);
RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();
BigInteger decoded = Rsa.doPublic(input, r.getModulus(),
r.getPublicExponent());
BigInteger result = Rsa.removePKCS1(decoded, 0x01);
byte[] sig = result.toByteArray();
SHA1Digest digest = new SHA1Digest();
digest.update(x509.getTBSCertificate(), 0,
x509.getTBSCertificate().length);
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
DERInputStream der = new DERInputStream(
new ByteArrayInputStream(sig));
ASN1Sequence o = (ASN1Sequence) der.readObject();
ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);
DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);
byte[] actual = o3.getOctets();
for (int i = 0; i < actual.length; i++) {
if (actual[i] != hash[i]) {
return false;
}
}
}
catch (IOException ex1) {
throw new SSLException(SSLException.INTERNAL_ERROR,
ex1.getMessage());
}
} else
throw new SSLException(SSLException.UNSUPPORTED_CERTIFICATE,
x509.getSigAlgName() +
" signature algorithm is currently not supported");
// Verify the validity
try {
//System.out.println("Checking validity of certificate");
trusted.checkValidity();
x509.checkValidity();
}
catch (CertificateException ex2) {
//System.out.println("Certificate is invalid");
if(allowInvalidCertificates) {
//System.out.println("Ignoring as invalid certs = true");
return true;
}
else {
if(CertificatePrompt.prompt != null) {
String str = new String(x509.getSignature());
if(temporarilyTrusted.containsKey(str) || CertificatePrompt.prompt.invalid(x509) != CertificatePrompt.ABORT) {
temporarilyTrusted.put(str, x509);
return true;
}
}
}
return false;
}
return true;
}
else {
throw new SSLException(SSLException.UNSUPPORTED_CERTIFICATE,
"Unsupported public key in X509 certificate");
}
}
else {
//System.out.println("Certificate is not trusted. checking validity");
try {
x509.checkValidity();
}
catch (CertificateException ex2) {
//System.out.println("Certificate is invalid (2)");
if(allowInvalidCertificates) {
//System.out.println("invalid cets = true");
return true;
}
else {
if(CertificatePrompt.prompt != null) {
String str = new String(x509.getSignature());
if(temporarilyTrusted.containsKey(str) || CertificatePrompt.prompt.invalid(x509) != CertificatePrompt.ABORT) {
temporarilyTrusted.put(str, x509);
return true;
}
}
}
return false;
}
//System.out.println("Checking for untrusted flag");
if(allowUntrustedCertificates) {
//System.out.println("Certificate is ok untrusted=true");
return true;
}
else {
if(CertificatePrompt.prompt != null) {
String str = new String(x509.getSignature());
if(temporarilyTrusted.containsKey(str) || CertificatePrompt.prompt.untrusted(x509) != CertificatePrompt.ABORT) {
temporarilyTrusted.put(str, x509);
return true;
}
}
}
return false;
}
}
catch (CertificateException ex) {
throw new SSLException(SSLException.UNSUPPORTED_CERTIFICATE,
ex.getMessage());
}
catch(IOException ex) {
ex.printStackTrace();
throw new SSLException(SSLException.UNSUPPORTED_CERTIFICATE,
"Error getting certificate from trust store");
}
}
private void log(String msg, byte[] buf) {
//System.out.print(msg + ": ");
for(int i=0;i<buf.length;i++) {
//System.out.print(Integer.toHexString(buf[i] & 0xFF).toUpperCase() + " ");
}
//System.out.println();
}
public static void main(String[] args) {
TrustedCACertStore store = new TrustedCACertStore();
DERInputStream der = null;
InputStream in = null;
try {
in = new FileInputStream("c:\\exported.cer");
der = new DERInputStream(in);
ASN1Sequence certificate = (ASN1Sequence) der.readObject();
com.maverick.crypto.asn1.x509.X509Certificate x509 = new com.
maverick.
crypto.asn1.x509.X509Certificate(
X509CertificateStructure.getInstance(certificate));
/* if (store.isTrustedCertificate(x509, false, false)) {
//System.out.println("Success");
} else {
//System.out.println("Failure");
}*/
} catch(Exception ex) {
ex.printStackTrace();
}finally {
//Util.closeStream(der);
//Util.closeStream(in);
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -