1 28 package net.sf.jguard.ext.authentication.certificates; 29 30 import java.io.File ; 31 import java.io.FileInputStream ; 32 import java.io.FileNotFoundException ; 33 import java.io.IOException ; 34 import java.security.cert.CertificateException ; 35 import java.security.cert.CertificateFactory ; 36 import java.security.cert.TrustAnchor ; 37 import java.security.cert.X509CRL ; 38 import java.security.cert.X509Certificate ; 39 import java.util.Arrays ; 40 import java.util.HashSet ; 41 import java.util.Iterator ; 42 import java.util.List ; 43 import java.util.Set ; 44 import java.util.logging.Level ; 45 import java.util.logging.Logger ; 46 47 53 public class CertUtils { 54 55 private static final String X509 = "X509"; 56 57 private static final Logger logger = Logger.getLogger(CertUtils.class.getName()); 58 59 64 public static X509Certificate getCertFromFile(String path) { 65 X509Certificate cert = null; 66 67 File certFile = new File (path); 68 if (!certFile.canRead()){ 69 logger.severe(" File " + certFile.toString() +" is unreadable"); 70 return null; 71 } 72 FileInputStream fis = null; 73 try { 74 fis = new FileInputStream (path); 75 } catch (FileNotFoundException e) { 76 logger.log(Level.SEVERE, "", e); 77 return null; 78 79 } 80 CertificateFactory cf; 81 try { 82 cf = CertificateFactory.getInstance(CertUtils.X509); 83 cert = (X509Certificate )cf.generateCertificate(fis); 84 } catch (CertificateException e) { 85 logger.log(Level.SEVERE, "", e); 86 return null; 87 }finally{ 88 try { 89 fis.close(); 90 } catch (IOException e) { 91 logger.log(Level.SEVERE, "", e); 92 } 93 } 94 95 return cert; 96 } 97 98 103 public static Set getCertsFromDirectory(String directoryPath){ 104 Set certsSet = new HashSet (); 105 if(directoryPath==null){ 106 return certsSet; 107 } 108 File file = new File (directoryPath); 109 List filesAndDirectories =Arrays.asList(file.listFiles()); 110 Iterator it = filesAndDirectories.iterator(); 111 112 while(it.hasNext()){ 113 File tempFile = (File )it.next(); 114 if(tempFile.isFile()){ 115 certsSet.add(getCertFromFile(tempFile.getPath())); 116 } 117 } 118 119 return certsSet; 120 } 121 122 128 public static Set getTrustedAnchorsFromDirectory(String directoryPath){ 129 Set trustedAnchors = new HashSet (); 130 Set certs = getCertsFromDirectory(directoryPath); 131 Iterator itCerts = certs.iterator(); 132 while(itCerts.hasNext()){ 133 X509Certificate cert = (X509Certificate )itCerts.next(); 134 TrustAnchor trustAnchor = new TrustAnchor (cert,null); 135 trustedAnchors.add(trustAnchor); 136 } 137 return trustedAnchors; 138 } 139 140 147 public static Set getTrustedAnchorsFromDirectory(String directoryPath,byte[] nameConstraints){ 148 Set trustedAnchors = new HashSet (); 149 Set certs = getCertsFromDirectory(directoryPath); 150 Iterator itCerts = certs.iterator(); 151 while(itCerts.hasNext()){ 152 X509Certificate cert = (X509Certificate )itCerts.next(); 153 TrustAnchor trustAnchor = new TrustAnchor (cert,nameConstraints); 154 trustedAnchors.add(trustAnchor); 155 } 156 return trustedAnchors; 157 } 158 159 163 private void inspectCRL(X509CRL crl) { 164 165 logger.finest("crl="+crl.toString()); 166 logger.finest("crlType="+crl.getType()); 167 logger.finest("crl next update Date="+crl.getNextUpdate()); 168 logger.finest("crl issuer DN="+crl.getIssuerDN().getName()); 169 logger.finest("crl signature algorithm name ="+crl.getSigAlgName()); 170 logger.finest("crl signature algorithm oid ="+crl.getSigAlgOID()); 171 logger.finest("crl version ="+crl.getVersion()); 172 logger.finest("crl update Date ="+crl.getThisUpdate()); 173 174 Set revokedCertificates = crl.getRevokedCertificates(); 175 Iterator itRevokedCerts = revokedCertificates.iterator(); 176 while(itRevokedCerts.hasNext()){ 177 X509Certificate certificate = (X509Certificate )itRevokedCerts.next(); 178 logger.finest(certificate.toString()); 179 } 180 Set criticalExtensions = crl.getCriticalExtensionOIDs(); 181 Iterator itCritExtensions = criticalExtensions.iterator(); 182 while(itCritExtensions.hasNext()){ 183 String oid = (String )itCritExtensions.next(); 184 logger.finest(" critical extension = "+oid); 185 } 186 Set nonCriticalExtensions = crl.getNonCriticalExtensionOIDs(); 187 Iterator itNonCritExtensions = nonCriticalExtensions.iterator(); 188 while(itNonCritExtensions.hasNext()){ 189 String oid = (String )itNonCritExtensions.next(); 190 logger.finest(" non critical extension = "+oid); 191 } 192 193 } 194 195 } 196 | Popular Tags |