Search in sources :

Example 11 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project TLS-Scanner by tls-attacker.

the class CertificateJudge method isSelfSigned.

public Boolean isSelfSigned() {
    try {
        // Try to verify certificate signature with its own public key
        X509Certificate cert = new X509CertImpl(certificate.getEncoded());
        PublicKey publicKey = cert.getPublicKey();
        cert.verify(publicKey);
        return true;
    } catch (SignatureException | InvalidKeyException ex) {
        return false;
    } catch (Exception e) {
        return null;
    }
}
Also used : PublicKey(java.security.PublicKey) X509CertImpl(sun.security.x509.X509CertImpl) SignatureException(java.security.SignatureException) InvalidKeyException(java.security.InvalidKeyException) X509Certificate(java.security.cert.X509Certificate) SignatureException(java.security.SignatureException) InvalidKeyException(java.security.InvalidKeyException)

Example 12 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project j2objc by google.

the class ReverseState method updateState.

/**
 * Update the state with the next certificate added to the path.
 *
 * @param cert the certificate which is used to update the state
 */
public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException {
    if (cert == null) {
        return;
    }
    /* update subject DN */
    subjectDN = cert.getSubjectX500Principal();
    /* check for key needing to inherit alg parameters */
    X509CertImpl icert = X509CertImpl.toImpl(cert);
    PublicKey newKey = cert.getPublicKey();
    if (PKIX.isDSAPublicKeyWithoutParams(newKey)) {
        newKey = BasicChecker.makeInheritedParamsKey(newKey, pubKey);
    }
    /* update subject public key */
    pubKey = newKey;
    /*
         * if this is a trusted cert (init == true), then we
         * don't update any of the remaining fields
         */
    if (init) {
        init = false;
        return;
    }
    /* update subject key identifier */
    subjKeyId = icert.getSubjectKeyIdentifierExtension();
    /* update crlSign */
    crlSign = RevocationChecker.certCanSignCrl(cert);
    /* update current name constraints */
    if (nc != null) {
        nc.merge(icert.getNameConstraintsExtension());
    } else {
        nc = icert.getNameConstraintsExtension();
        if (nc != null) {
            // Make sure we do a clone here, because we're probably
            // going to modify this object later and we don't want to
            // be sharing it with a Certificate object!
            nc = (NameConstraintsExtension) nc.clone();
        }
    }
    /* update policy state variables */
    explicitPolicy = PolicyChecker.mergeExplicitPolicy(explicitPolicy, icert, false);
    policyMapping = PolicyChecker.mergePolicyMapping(policyMapping, icert);
    inhibitAnyPolicy = PolicyChecker.mergeInhibitAnyPolicy(inhibitAnyPolicy, icert);
    certIndex++;
    /*
         * Update remaining CA certs
         */
    remainingCACerts = ConstraintsChecker.mergeBasicConstraints(cert, remainingCACerts);
    init = false;
}
Also used : PublicKey(java.security.PublicKey) X509CertImpl(sun.security.x509.X509CertImpl)

Example 13 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project j2objc by google.

the class X509CertificatePair method parse.

/* Parse the encoded bytes */
private void parse(DerValue val) throws IOException, CertificateException {
    if (val.tag != DerValue.tag_Sequence) {
        throw new IOException("Sequence tag missing for X509CertificatePair");
    }
    while (val.data != null && val.data.available() != 0) {
        DerValue opt = val.data.getDerValue();
        short tag = (byte) (opt.tag & 0x01f);
        switch(tag) {
            case TAG_FORWARD:
                if (opt.isContextSpecific() && opt.isConstructed()) {
                    if (forward != null) {
                        throw new IOException("Duplicate forward " + "certificate in X509CertificatePair");
                    }
                    opt = opt.data.getDerValue();
                    forward = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
                }
                break;
            case TAG_REVERSE:
                if (opt.isContextSpecific() && opt.isConstructed()) {
                    if (reverse != null) {
                        throw new IOException("Duplicate reverse " + "certificate in X509CertificatePair");
                    }
                    opt = opt.data.getDerValue();
                    reverse = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
                }
                break;
            default:
                throw new IOException("Invalid encoding of " + "X509CertificatePair");
        }
    }
    if (forward == null && reverse == null) {
        throw new CertificateException("at least one of certificate pair " + "must be non-null");
    }
}
Also used : DerValue(sun.security.util.DerValue) X509CertImpl(sun.security.x509.X509CertImpl) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException)

Example 14 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project j2objc by google.

the class X509Factory method parseX509orPKCS7Cert.

/*
     * Parses the data in the given input stream as a sequence of DER
     * encoded X.509 certificates (in binary or base 64 encoded format) OR
     * as a single PKCS#7 encoded blob (in binary or base64 encoded format).
     */
private Collection<? extends java.security.cert.Certificate> parseX509orPKCS7Cert(InputStream is) throws CertificateException, IOException {
    Collection<X509CertImpl> coll = new ArrayList<>();
    byte[] data = readOneBlock(is);
    if (data == null) {
        return new ArrayList<>(0);
    }
    try {
        PKCS7 pkcs7 = new PKCS7(data);
        X509Certificate[] certs = pkcs7.getCertificates();
        // certs are optional in PKCS #7
        if (certs != null) {
            return Arrays.asList(certs);
        } else {
            // no crls provided
            return new ArrayList<>(0);
        }
    } catch (ParsingException e) {
        while (data != null) {
            coll.add(new X509CertImpl(data));
            data = readOneBlock(is);
        }
    }
    return coll;
}
Also used : PKCS7(sun.security.pkcs.PKCS7) X509CertImpl(sun.security.x509.X509CertImpl) ParsingException(sun.security.pkcs.ParsingException) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate)

Example 15 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project j2objc by google.

the class X509Factory method engineGenerateCertificate.

/**
 * Generates an X.509 certificate object and initializes it with
 * the data read from the input stream <code>is</code>.
 *
 * @param is an input stream with the certificate data.
 *
 * @return an X.509 certificate object initialized with the data
 * from the input stream.
 *
 * @exception CertificateException on parsing errors.
 */
public Certificate engineGenerateCertificate(InputStream is) throws CertificateException {
    if (is == null) {
        // clear the caches (for debugging)
        certCache.clear();
        X509CertificatePair.clearCache();
    }
    try {
        byte[] encoding = readOneBlock(is);
        if (encoding != null) {
            X509CertImpl cert = (X509CertImpl) getFromCache(certCache, encoding);
            if (cert != null) {
                return cert;
            }
            cert = new X509CertImpl(encoding);
            addToCache(certCache, cert.getEncodedInternal(), cert);
            return cert;
        } else {
            throw new IOException("Empty input");
        }
    } catch (IOException ioe) {
        throw (CertificateException) new CertificateException("Could not parse certificate: " + ioe.toString()).initCause(ioe);
    }
}
Also used : X509CertImpl(sun.security.x509.X509CertImpl) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException)

Aggregations

X509CertImpl (sun.security.x509.X509CertImpl)92 CertificateException (java.security.cert.CertificateException)41 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)23 CertPathValidatorException (java.security.cert.CertPathValidatorException)17 BigInteger (java.math.BigInteger)16 PublicKey (java.security.PublicKey)15 X500Name (sun.security.x509.X500Name)14 X509CertInfo (sun.security.x509.X509CertInfo)14 AlgorithmId (sun.security.x509.AlgorithmId)13 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13 X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11 CertificateValidity (sun.security.x509.CertificateValidity)11 CertificateX509Key (sun.security.x509.CertificateX509Key)11 CertificateFactory (java.security.cert.CertificateFactory)10 CertificateVersion (sun.security.x509.CertificateVersion)10 SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8