credentialutil.java

jxta官方例程

                if (LOG.isEnabledFor(Level.INFO)) {
                    LOG.info("checking for certificate: " + pid);
                }

                try {
                    exists = pc.getTrustedCertificate(pid) != null;
                } catch (KeyStoreException kse) {
                    if (LOG.isEnabledFor(Level.DEBUG)) {
                        LOG.debug("can't get certificate: " + pid, kse);
                    }
                } catch (IOException ioe) {
                    if (LOG.isEnabledFor(Level.DEBUG)) {
                        LOG.debug("can't get certificate: " + pid, ioe);
                    }
                }

                if (LOG.isEnabledFor(Level.INFO)) {
                    LOG.info("certificate exists: " + exists);
                }
            }

            if (! exists) {
                X509Certificate[] x509s = psec != null ? psec.getCertificateChain() : null;

                if (pc != null &&
                        pid != null &&
                        x509s != null &&
                        x509s.length > 0) {
                    if (LOG.isEnabledFor(Level.INFO)) {
                        LOG.info("importing certificates: " + pid);
                    }

                    X509Certificate x509 = null;
                    ID cid = null;
                    boolean isTrusted = false;
                    boolean first = true;
                    boolean bail = false;
                    String s = null;
                    String v = null;

                    if (LOG.isEnabledFor(Level.INFO)) {
                        LOG.info("processing certificates: " + x509s.length);
                    }

                    for (int i = 0; i < x509s.length && ! isTrusted && ! bail; i++) {
                        x509 = x509s[i];
                        v = null;

                        try {
                            x509.checkValidity();
                        } catch (CertificateExpiredException cee) {
                            v = STRINGS.getString("error.certificate.expired");
                        } catch (CertificateNotYetValidException cnvye) {
                            v = STRINGS.getString("error.certificate.notYetValid");
                        }

                        s = SUBJECT + COLON + getSubject(x509) + NEW_LINE +
                                FINGER_PRINT + COLON + getFingerPrint(x509) +
                                (v != null ? NEW_LINE + VALIDITY + COLON + v + NEW_LINE +
                                        START_DATE + COLON + getStartDate(x509) + NEW_LINE +
                                        END_DATE + COLON + getEndDate(x509) + NEW_LINE +
                                        DATE + COLON + getDate() : "");

                        if (LOG.isEnabledFor(Level.INFO)) {
                            LOG.info("certificate[" + i + "]: " + s);
                        }

                        if (JOptionPane.showConfirmDialog((Component) myjxta.getView(),
                                s, STRINGS.getString("label.certificate.validate"),
                                JOptionPane.YES_NO_OPTION, JOptionPane.QUESTION_MESSAGE) ==
                                JOptionPane.YES_OPTION) {
                            if (LOG.isEnabledFor(Level.INFO)) {
                                LOG.info("import accepted");
                            }

                            try {
                                isTrusted = pc.getTrustedCertificateID(x509) != null;

                                if (LOG.isEnabledFor(Level.INFO)) {
                                    LOG.info("certificate is trusted: " + isTrusted);
                                }

                                if (! isTrusted) {
                                    cid = first ? pid : IDFactory.newCodatID(cpg.getPeerGroupID(),
                                            new ByteArrayInputStream(x509.getEncoded()));
                                    first = false;

                                    pc.erase(cid);
                                    pc.setTrustedCertificate(cid, x509);

                                    s = STRINGS.getString("status.peer.1to1.certificate.imported") +
                                            ": " + cid;

                                    myjxta.setStatus(s);

                                    if (LOG.isEnabledFor(Level.INFO)) {
                                        LOG.info(s);
                                    }

                                    if (LOG.isEnabledFor(Level.DEBUG)) {
                                        LOG.debug("certificate imported: " + cid);
                                    }
                                }

                                imported = true;
                            } catch (KeyStoreException ke) {
                                imported = false;

                                if (LOG.isEnabledFor(Level.ERROR)) {
                                    LOG.error("keystore error", ke);
                                }
                            } catch (CertificateEncodingException cee) {
                                imported = false;

                                if (LOG.isEnabledFor(Level.ERROR)) {
                                    LOG.error("certificate error", cee);
                                }
                            } catch (IOException ioe) {
                                imported = false;

                                if (LOG.isEnabledFor(Level.ERROR)) {
                                    LOG.error("can't read certificate", ioe);
                                }
                            }
                        } else {
                            bail = true;

                            if (LOG.isEnabledFor(Level.INFO)) {
                                LOG.info("import revoked");
                            }
                        }
                    }
                } else {
                    if (LOG.isEnabledFor(Level.INFO)) {
                        LOG.info("can't process certificates");
                    }
                }
            }
        } else {
            if (LOG.isEnabledFor(Level.ERROR)) {
                LOG.error("not authorized");
            }
        }

        return exists || imported;
    }

    private static X500Principal getSubject(X509Certificate c) {
        return c.getSubjectX500Principal();
    }

    private static String getFingerPrint(Certificate c) {
        if (LOG.isEnabledFor(Level.INFO)) {
            LOG.info("getFingerPrint");
        }

        StringBuffer sb = null;
        byte[] ba = null;

        try {
            ba = MessageDigest.getInstance(ALGORITHM).digest(c.getEncoded());
        } catch (Exception e) {
            if (LOG.isEnabledFor(Level.INFO)) {
                LOG.info("can't get messsage digest", e);
            }
        }

        if (ba != null) {
            sb = new StringBuffer();

            byte b;

            for (int i = 0; i < ba.length; i++) {
                b = ba[i];

                sb.append(CHAR_MAP[(b & 0xf0) >> 4]);
                sb.append(CHAR_MAP[b & 0xf]);

                if (i < ba.length - 1) {
                    sb.append(":");
                }
            }
        }

        String fp = sb != null ? sb.toString() : null;

        if (LOG.isEnabledFor(Level.INFO)) {
            LOG.info("fingerPrint: " + fp);
        }

        return fp;
    }

    private static Date getStartDate(X509Certificate c) {
        return c.getNotBefore();
    }

    private static Date getEndDate(X509Certificate c) {
        return c.getNotAfter();
    }

    private static String getDate() {
        return DATE_FORMATTER.format(new Date(System.currentTimeMillis()));
    }
}