1 import java.io.*; 2 import java.net.URI ; 3 import java.security.*; 4 import java.security.cert.*; 5 import java.util.*; 6 import java.security.cert.X509Certificate ; 7 import java.security.cert.PKIXParameters ; 8 9 12 13 public class ValidateCertUseOCSP { 14 15 18 private static final String ROOT_CA_CERT = "RootCA.pem"; 19 20 23 private static final String OCSP_SERVER_CERT = "OCSPServer.pem"; 24 25 44 public static void main(String [] args) { 45 try { 46 CertPath cp = null; 47 Vector certs = new Vector(); 48 URI ocspServer = null; 49 50 if (args.length == 0 || args.length > 2) { 51 System.out.println( 52 "Usage: java ValidateCert <cert-file> [<OCSP-server>]"); 53 System.exit(-1); 54 } 55 56 certs.add(getCertFromFile(args[0])); 58 59 if (args.length == 2) { 61 ocspServer = new URI (args[1]); 62 System.out.println("Using the OCSP server at: " + args[1]); 63 System.out.println("to check the revocation status of: " + 64 certs.elementAt(0)); 65 System.out.println(); 66 } else { 67 System.out.println("Using the OCSP server specified in the " + 68 "cert to check the revocation status of: " + 69 certs.elementAt(0)); 70 System.out.println(); 71 } 72 73 CertificateFactory cf = CertificateFactory.getInstance("X509"); 75 cp = (CertPath)cf.generateCertPath(certs); 76 77 X509Certificate rootCACert = getCertFromFile(ROOT_CA_CERT); 79 80 TrustAnchor ta = new TrustAnchor(rootCACert, null); 82 Set trustedCertsSet = new HashSet(); 83 trustedCertsSet.add(ta); 84 85 Set certSet = new HashSet(); 87 X509Certificate ocspCert = getCertFromFile(OCSP_SERVER_CERT); 88 certSet.add(ocspCert); 89 CertStoreParameters storeParams = 90 new CollectionCertStoreParameters(certSet); 91 CertStore store = CertStore.getInstance("Collection", storeParams); 92 93 PKIXParameters params = null; 95 params = new PKIXParameters (trustedCertsSet); 96 params.addCertStore(store); 97 98 Security.setProperty("ocsp.enable", "true"); 100 if (ocspServer != null) { 101 Security.setProperty("ocsp.responderURL", args[1]); 102 Security.setProperty("ocsp.responderCertSubjectName", 103 ocspCert.getSubjectX500Principal().getName()); 104 } 105 106 CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); 108 PKIXCertPathValidatorResult cpv_result = 109 (PKIXCertPathValidatorResult) cpv.validate(cp, params); 110 X509Certificate trustedCert = (X509Certificate ) 111 cpv_result.getTrustAnchor().getTrustedCert(); 112 113 if (trustedCert == null) { 114 System.out.println("Trsuted Cert = NULL"); 115 } else { 116 System.out.println("Trusted CA DN = " + 117 trustedCert.getSubjectDN()); 118 } 119 120 } catch (CertPathValidatorException e) { 121 e.printStackTrace(); 122 System.exit(1); 123 124 } catch(Exception e) { 125 e.printStackTrace(); 126 System.exit(-1); 127 } 128 System.out.println("CERTIFICATE VALIDATION SUCCEEDED"); 129 System.exit(0); 130 } 131 132 135 private static X509Certificate getCertFromFile(String path) { 136 X509Certificate cert = null; 137 try { 138 139 File certFile = new File(path); 140 if (!certFile.canRead()) 141 throw new IOException(" File " + certFile.toString() + 142 " is unreadable"); 143 144 FileInputStream fis = new FileInputStream(path); 145 CertificateFactory cf = CertificateFactory.getInstance("X509"); 146 cert = (X509Certificate )cf.generateCertificate(fis); 147 148 } catch(Exception e) { 149 System.out.println("Can't construct X509 Certificate. " + 150 e.getMessage()); 151 } 152 return cert; 153 } 154 } 155 | Popular Tags |