issuercertificateutil.java

开源的OpenId的一个java实现

package org.wso2.solutions.identity.relyingparty.saml;

import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import org.apache.ws.security.components.crypto.X509NameTokenizer;
import org.wso2.solutions.identity.relyingparty.RelyingPartyException;

public class IssuerCertificateUtil {

    /**
     * This method checks whether the certificate is present in the certificate store
     */
    public static boolean checkSystemStoree(X509Certificate signedCert,
            KeyStore trustStore, KeyStore systemStore) throws Exception {

        boolean isCertValid = false;

        String certIssuerName = signedCert.getIssuerDN().getName();

        // validity period
        signedCert.checkValidity();

        // is Trusted? checking in System store.
        try {
            isCertValid = systemStore.containsAlias(certIssuerName);
        } catch (Exception e) {
            throw new RelyingPartyException("errorLoadingTrustedKeystore", e);
        }

        return isCertValid;

    }

    /**
     * Performs the black list check
     * @param blackList Array of Lists. One Array element contains the Issuer's cert DN
     * @param cert
     * @return
     * @throws RelyingPartyException
     */
    public static boolean doBlackListCheck(List[] blackList,
            X509Certificate cert) throws RelyingPartyException {
        boolean isGreenLight = true;

        if (cert == null) {
            throw new RelyingPartyException("noCertInToken");
        }

        if (blackList == null) {
            isGreenLight = true;
        } else {
            String value = cert.getIssuerDN().getName();
            List certDN = getDNOfIssuer(value);
            for (int i = 0; i < blackList.length; i++) {
                List issuerDN = blackList[i];
                if (certDN.equals(issuerDN)) {
                    isGreenLight = false;
                    break;
                }
            }
        }

        return isGreenLight;
    }

    /**
     * Do a white list check
     * 
     * @param whiteList Array of Lists. One Array element contains the Issuer's cert DN
     * @param cert
     * @return
     * @throws RelyingPartyException
     */
    public static boolean doWhiteListCheck(List[] whiteList,
            X509Certificate cert) throws RelyingPartyException {
        boolean isGreenLight = false;

        if (cert == null) {
            throw new RelyingPartyException("noCertInToken");
        }
        if (whiteList != null) {
            String inString = cert.getIssuerDN().getName();
            List certDN = getDNOfIssuer(inString);
            for (int i = 0; i < whiteList.length; i++) {
                List issuerDN = whiteList[i];
                if (certDN.equals(issuerDN)) {
                    isGreenLight = true;
                    break;
                }
            }
        }
        return isGreenLight;
    }

    /**
     * Retrieves the CN of the subject of the given Certificate
     * @param cert
     * @return
     */
    public static String getCNOfSubject(X509Certificate cert) {
        String dn = cert.getIssuerDN().getName();
        if (dn.contains("CN=")) {
            int beginIndex = dn.indexOf("CN=");
            int endIndex = dn.indexOf(",", beginIndex);
            String name = dn.substring(beginIndex + 3, endIndex).trim();
            return name;
        }
        return null;
    }

    /**
     * Retrieves the DN Of Issuer
     * @param inString
     * @return
     */
    public static List getDNOfIssuer(String inString) {

        X509NameTokenizer nmTokens = new X509NameTokenizer(inString);
        List lst = new ArrayList();

        while (nmTokens.hasMoreTokens()) {
            lst.add(nmTokens.nextToken());
        }
        Collections.sort(lst);
        return lst;
    }

}