credentialutil.java

Myjxta的源代码 基于JXTA的P2P即时通信系统

                    exists = pc.getTrustedCertificate(pid) != null;
                } catch (KeyStoreException kse) {
                    if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
                        LOG.log(Level.FINE, "can\'t get certificate: " + pid, kse);
                    }
                } catch (IOException ioe) {
                    if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) {
                        LOG.log(Level.SEVERE, "can\'t get certificate: " + pid, ioe);
                    }
                }

                if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                    LOG.info("certificate exists: " + exists);
                }
            }

            if (!exists) {
                X509Certificate[] x509s = psec != null ? psec.getCertificateChain() : null;

                if (pc != null &&
                        pid != null &&
                        x509s != null &&
                        x509s.length > 0) {
                    if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                        LOG.info("importing certificates: " + pid);
                    }

                    X509Certificate x509;
                    ID cid;
                    boolean isTrusted = false;
                    boolean first = true;
                    boolean bail = false;
                    String s;
                    String v;

                    if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                        LOG.info("processing certificates: " + x509s.length);
                    }

                    for (int i = 0; i < x509s.length && !isTrusted && !bail; i++) {
                        x509 = x509s[i];
                        v = null;
                        try {
                            x509.checkValidity();
                        }
                        catch (CertificateExpiredException cee) {
                            v = STRINGS.getString("error.certificate.expired");
                        }
                        catch (CertificateNotYetValidException cnvye) {
                            v = STRINGS.getString("error.certificate.notYetValid");
                        }
                        s = SUBJECT + COLON + getSubject(x509) + NEW_LINE +
                                FINGER_PRINT + COLON + getFingerPrint(x509) +
                                (v != null ? NEW_LINE + VALIDITY + COLON + v +
                                        NEW_LINE + START_DATE + COLON +
                                        getStartDate(x509) + NEW_LINE +
                                        END_DATE + COLON + getEndDate(x509) +
                                        NEW_LINE + DATE + COLON + getDate()
                                        : "");
                        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                            LOG.info("certificate[" + i + "]: " + s);
                        }
                        if (JOptionPane.showConfirmDialog((Component) myjxta.getView(),
                                s,
                                STRINGS.getString("label.certificate.validate"),
                                JOptionPane.YES_NO_OPTION,
                                JOptionPane.QUESTION_MESSAGE) ==
                                JOptionPane.YES_OPTION) {
                            if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                                LOG.info("import accepted");
                            }
                            try {
                                isTrusted = pc.getTrustedCertificateID(x509) !=
                                        null;
                                if (Logging.SHOW_INFO &&
                                        LOG.isLoggable(Level.INFO)) {
                                    LOG.info("certificate is trusted: " +
                                            isTrusted);
                                }
                                if (!isTrusted) {
                                    cid = first ? pid
                                            : IDFactory.newCodatID(cpg.getPeerGroupID(),
                                            new ByteArrayInputStream(x509.getEncoded()));
                                    first = false;
                                    pc.erase(cid);
                                    pc.setTrustedCertificate(cid, x509);
                                    s = STRINGS.getString("status.peer.1to1.certificate.imported") +
                                            ": " + cid;
                                    myjxta.setStatus(s);
                                    if (Logging.SHOW_INFO &&
                                            LOG.isLoggable(Level.INFO)) {
                                        LOG.info(s);
                                    }
                                    if (Logging.SHOW_FINE &&
                                            LOG.isLoggable(Level.FINE)) {
                                        LOG.fine("certificate imported: " + cid);
                                    }
                                }
                                imported = true;
                            }
                            catch (KeyStoreException ke) {
                                imported = false;
                                if (Logging.SHOW_SEVERE &&
                                        LOG.isLoggable(Level.SEVERE)) {
                                    LOG.log(Level.SEVERE, "keystore error", ke);
                                }
                            }
                            catch (CertificateEncodingException cee) {
                                imported = false;
                                if (Logging.SHOW_SEVERE &&
                                        LOG.isLoggable(Level.SEVERE)) {
                                    LOG.log(Level.SEVERE, "certificate error",
                                            cee);
                                }
                            }
                            catch (IOException ioe) {
                                imported = false;
                                if (Logging.SHOW_SEVERE &&
                                        LOG.isLoggable(Level.SEVERE)) {
                                    LOG.log(Level.SEVERE,
                                            "can\'t read certificate", ioe);
                                }
                            }
                        } else {
                            bail = true;
                            if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                                LOG.info("import revoked");
                            }
                        }
                    }
                } else {
                    if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                        LOG.info("can\'t process certificates");
                    }
                }
            }
        } else {
            if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) {
                LOG.severe("not authorized");
            }
        }

        return exists || imported;
    }

    private static X500Principal getSubject(X509Certificate c) {
        return c.getSubjectX500Principal();
    }

    private static String getFingerPrint(Certificate c) {
        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
            LOG.info("getFingerPrint");
        }

        StringBuffer sb = null;
        byte[] ba = null;

        try {
            ba = MessageDigest.getInstance(ALGORITHM).digest(c.getEncoded());
        } catch (Exception e) {
            if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                LOG.log(Level.INFO, "can\'t get messsage digest", e);
            }
        }

        if (ba != null) {
            sb = new StringBuffer();

            byte b;

            for (int i = 0; i < ba.length; i++) {
                b = ba[i];

                sb.append(CHAR_MAP[(b & 0xf0) >> 4]);
                sb.append(CHAR_MAP[b & 0xf]);

                if (i < ba.length - 1) {
                    sb.append(":");
                }
            }
        }

        String fp = sb != null ? sb.toString() : null;

        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
            LOG.info("fingerPrint: " + fp);
        }

        return fp;
    }

    private static Date getStartDate(X509Certificate c) {
        return c.getNotBefore();
    }

    private static Date getEndDate(X509Certificate c) {
        return c.getNotAfter();
    }

    private static String getDate() {
        return DATE_FORMATTER.format(new Date(System.currentTimeMillis()));
    }
}