1 import java.io.*; 2 import java.net.URL ; 3 import java.net.URLConnection ; 4 import java.security.*; 5 import java.security.cert.*; 6 import java.util.*; 7 import java.security.cert.X509Certificate ; 8 import java.security.cert.PKIXParameters ; 9 10 15 16 public class ValidateCertUseCRL { 17 18 21 private static final String ROOT_CA_CERT = "DemoCA.pem"; 22 23 42 public static void main(String [] args) { 43 try { 44 CertPath cp = null; 45 Vector<X509Certificate > certs = new Vector<X509Certificate >(); 46 URL url = null; 47 48 if (args.length == 0 || args.length > 2) { 49 System.out.println( 50 "Usage: java ValidateCertUseCRL <cert-file> [<CRL-location>]"); 51 System.exit(-1); 52 } 53 54 certs.add(getCertFromFile(args[0])); 56 57 if (args.length == 2) { 59 url = new URL (args[1]); 60 System.out.println("Using the CRL at: " + args[1]); 61 System.out.println("to check the revocation status of: " + 62 certs.elementAt(0)); 63 System.out.println(); 64 } else { 65 System.out.println("Using the CRL specified in the " + 66 "cert to check the revocation status of: " + 67 certs.elementAt(0)); 68 System.out.println(); 69 System.setProperty("com.sun.security.enableCRLDP", "true"); 70 } 71 72 CertificateFactory cf = CertificateFactory.getInstance("X509"); 74 cp = (CertPath)cf.generateCertPath(certs); 75 76 X509Certificate rootCACert = getCertFromFile(ROOT_CA_CERT); 78 79 TrustAnchor ta = new TrustAnchor(rootCACert, null); 81 Set<TrustAnchor> trustedCerts = new HashSet<TrustAnchor>(); 82 trustedCerts.add(ta); 83 84 PKIXParameters params = new PKIXParameters (trustedCerts); 86 87 if (url != null) { 89 URLConnection connection = url.openConnection(); 90 connection.setDoInput(true); 91 connection.setUseCaches(false); 92 DataInputStream inStream = 93 new DataInputStream(connection.getInputStream()); 94 X509CRL crl = (X509CRL)cf.generateCRL(inStream); 95 inStream.close(); 96 params.addCertStore(CertStore.getInstance("Collection", 97 new CollectionCertStoreParameters( 98 Collections.singletonList(crl)))); 99 } 100 101 CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); 103 PKIXCertPathValidatorResult cpv_result = 104 (PKIXCertPathValidatorResult) cpv.validate(cp, params); 105 X509Certificate trustedCert = (X509Certificate ) 106 cpv_result.getTrustAnchor().getTrustedCert(); 107 108 if (trustedCert == null) { 109 System.out.println("Trusted Cert = NULL"); 110 } else { 111 System.out.println("Trusted CA DN = " + 112 trustedCert.getSubjectDN()); 113 } 114 115 } catch (CertPathValidatorException e) { 116 e.printStackTrace(); 117 System.exit(1); 118 119 } catch(Exception e) { 120 e.printStackTrace(); 121 System.exit(-1); 122 } 123 System.out.println("CERTIFICATE VALIDATION SUCCEEDED"); 124 System.exit(0); 125 } 126 127 130 private static X509Certificate getCertFromFile(String path) { 131 X509Certificate cert = null; 132 try { 133 134 File certFile = new File(path); 135 if (!certFile.canRead()) 136 throw new IOException(" File " + certFile.toString() + 137 " is unreadable"); 138 139 FileInputStream fis = new FileInputStream(path); 140 CertificateFactory cf = CertificateFactory.getInstance("X509"); 141 cert = (X509Certificate )cf.generateCertificate(fis); 142 143 } catch(Exception e) { 144 System.out.println("Can't construct X509 Certificate. " + 145 e.getMessage()); 146 } 147 return cert; 148 } 149 } 150 | Popular Tags |