use of android.sun.security.x509.X509CertImpl in project TLS-Scanner by tls-attacker.
the class CertificateJudge method isSelfSigned.
public Boolean isSelfSigned() {
try {
// Try to verify certificate signature with its own public key
X509Certificate cert = new X509CertImpl(certificate.getEncoded());
PublicKey publicKey = cert.getPublicKey();
cert.verify(publicKey);
return true;
} catch (SignatureException | InvalidKeyException ex) {
return false;
} catch (Exception e) {
return null;
}
}
use of android.sun.security.x509.X509CertImpl in project j2objc by google.
the class ReverseState method updateState.
/**
* Update the state with the next certificate added to the path.
*
* @param cert the certificate which is used to update the state
*/
public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException {
if (cert == null) {
return;
}
/* update subject DN */
subjectDN = cert.getSubjectX500Principal();
/* check for key needing to inherit alg parameters */
X509CertImpl icert = X509CertImpl.toImpl(cert);
PublicKey newKey = cert.getPublicKey();
if (PKIX.isDSAPublicKeyWithoutParams(newKey)) {
newKey = BasicChecker.makeInheritedParamsKey(newKey, pubKey);
}
/* update subject public key */
pubKey = newKey;
/*
* if this is a trusted cert (init == true), then we
* don't update any of the remaining fields
*/
if (init) {
init = false;
return;
}
/* update subject key identifier */
subjKeyId = icert.getSubjectKeyIdentifierExtension();
/* update crlSign */
crlSign = RevocationChecker.certCanSignCrl(cert);
/* update current name constraints */
if (nc != null) {
nc.merge(icert.getNameConstraintsExtension());
} else {
nc = icert.getNameConstraintsExtension();
if (nc != null) {
// Make sure we do a clone here, because we're probably
// going to modify this object later and we don't want to
// be sharing it with a Certificate object!
nc = (NameConstraintsExtension) nc.clone();
}
}
/* update policy state variables */
explicitPolicy = PolicyChecker.mergeExplicitPolicy(explicitPolicy, icert, false);
policyMapping = PolicyChecker.mergePolicyMapping(policyMapping, icert);
inhibitAnyPolicy = PolicyChecker.mergeInhibitAnyPolicy(inhibitAnyPolicy, icert);
certIndex++;
/*
* Update remaining CA certs
*/
remainingCACerts = ConstraintsChecker.mergeBasicConstraints(cert, remainingCACerts);
init = false;
}
use of android.sun.security.x509.X509CertImpl in project j2objc by google.
the class X509CertificatePair method parse.
/* Parse the encoded bytes */
private void parse(DerValue val) throws IOException, CertificateException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Sequence tag missing for X509CertificatePair");
}
while (val.data != null && val.data.available() != 0) {
DerValue opt = val.data.getDerValue();
short tag = (byte) (opt.tag & 0x01f);
switch(tag) {
case TAG_FORWARD:
if (opt.isContextSpecific() && opt.isConstructed()) {
if (forward != null) {
throw new IOException("Duplicate forward " + "certificate in X509CertificatePair");
}
opt = opt.data.getDerValue();
forward = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
}
break;
case TAG_REVERSE:
if (opt.isContextSpecific() && opt.isConstructed()) {
if (reverse != null) {
throw new IOException("Duplicate reverse " + "certificate in X509CertificatePair");
}
opt = opt.data.getDerValue();
reverse = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
}
break;
default:
throw new IOException("Invalid encoding of " + "X509CertificatePair");
}
}
if (forward == null && reverse == null) {
throw new CertificateException("at least one of certificate pair " + "must be non-null");
}
}
use of android.sun.security.x509.X509CertImpl in project j2objc by google.
the class X509Factory method parseX509orPKCS7Cert.
/*
* Parses the data in the given input stream as a sequence of DER
* encoded X.509 certificates (in binary or base 64 encoded format) OR
* as a single PKCS#7 encoded blob (in binary or base64 encoded format).
*/
private Collection<? extends java.security.cert.Certificate> parseX509orPKCS7Cert(InputStream is) throws CertificateException, IOException {
Collection<X509CertImpl> coll = new ArrayList<>();
byte[] data = readOneBlock(is);
if (data == null) {
return new ArrayList<>(0);
}
try {
PKCS7 pkcs7 = new PKCS7(data);
X509Certificate[] certs = pkcs7.getCertificates();
// certs are optional in PKCS #7
if (certs != null) {
return Arrays.asList(certs);
} else {
// no crls provided
return new ArrayList<>(0);
}
} catch (ParsingException e) {
while (data != null) {
coll.add(new X509CertImpl(data));
data = readOneBlock(is);
}
}
return coll;
}
use of android.sun.security.x509.X509CertImpl in project j2objc by google.
the class X509Factory method engineGenerateCertificate.
/**
* Generates an X.509 certificate object and initializes it with
* the data read from the input stream <code>is</code>.
*
* @param is an input stream with the certificate data.
*
* @return an X.509 certificate object initialized with the data
* from the input stream.
*
* @exception CertificateException on parsing errors.
*/
public Certificate engineGenerateCertificate(InputStream is) throws CertificateException {
if (is == null) {
// clear the caches (for debugging)
certCache.clear();
X509CertificatePair.clearCache();
}
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
X509CertImpl cert = (X509CertImpl) getFromCache(certCache, encoding);
if (cert != null) {
return cert;
}
cert = new X509CertImpl(encoding);
addToCache(certCache, cert.getEncodedInternal(), cert);
return cert;
} else {
throw new IOException("Empty input");
}
} catch (IOException ioe) {
throw (CertificateException) new CertificateException("Could not parse certificate: " + ioe.toString()).initCause(ioe);
}
}
Aggregations