Examples with Certificate java.security.cert.Certificate used on opensource projects

Example 56 with Certificate

use of java.security.cert.Certificate in project robovm by robovm.

the class CertStoreCollectionSpi method engineGetCertificates.

public Collection engineGetCertificates(CertSelector selector) throws CertStoreException {
    List col = new ArrayList();
    Iterator iter = params.getCollection().iterator();
    if (selector == null) {
        while (iter.hasNext()) {
            Object obj = iter.next();
            if (obj instanceof Certificate) {
                col.add(obj);
            }
        }
    } else {
        while (iter.hasNext()) {
            Object obj = iter.next();
            if ((obj instanceof Certificate) && selector.match((Certificate) obj)) {
                col.add(obj);
            }
        }
    }
    return col;
}

Example 57 with Certificate

use of java.security.cert.Certificate in project robovm by robovm.

the class X509CertificateObject method equals.

public boolean equals(Object o) {
    if (o == this) {
        return true;
    }
    if (!(o instanceof Certificate)) {
        return false;
    }
    Certificate other = (Certificate) o;
    try {
        byte[] b1 = this.getEncoded();
        byte[] b2 = other.getEncoded();
        return Arrays.areEqual(b1, b2);
    } catch (CertificateEncodingException e) {
        return false;
    }
}

Example 58 with Certificate

use of java.security.cert.Certificate in project robovm by robovm.

the class JarUtils method verifySignature.

/**
     * This method handle all the work with  PKCS7, ASN1 encoding, signature verifying,
     * and certification path building.
     * See also PKCS #7: Cryptographic Message Syntax Standard:
     * http://www.ietf.org/rfc/rfc2315.txt
     * @param signature - the input stream of signature file to be verified
     * @param signatureBlock - the input stream of corresponding signature block file
     * @return array of certificates used to verify the signature file
     * @throws IOException - if some errors occurs during reading from the stream
     * @throws GeneralSecurityException - if signature verification process fails
     */
public static Certificate[] verifySignature(InputStream signature, InputStream signatureBlock) throws IOException, GeneralSecurityException {
    BerInputStream bis = new BerInputStream(signatureBlock);
    ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
    SignedData signedData = info.getSignedData();
    if (signedData == null) {
        throw new IOException("No SignedData found");
    }
    Collection<org.apache.harmony.security.x509.Certificate> encCerts = signedData.getCertificates();
    if (encCerts.isEmpty()) {
        return null;
    }
    X509Certificate[] certs = new X509Certificate[encCerts.size()];
    int i = 0;
    for (org.apache.harmony.security.x509.Certificate encCert : encCerts) {
        certs[i++] = new X509CertImpl(encCert);
    }
    List<SignerInfo> sigInfos = signedData.getSignerInfos();
    SignerInfo sigInfo;
    if (!sigInfos.isEmpty()) {
        sigInfo = sigInfos.get(0);
    } else {
        return null;
    }
    // Issuer
    X500Principal issuer = sigInfo.getIssuer();
    // Certificate serial number
    BigInteger snum = sigInfo.getSerialNumber();
    // Locate the certificate
    int issuerSertIndex = 0;
    for (i = 0; i < certs.length; i++) {
        if (issuer.equals(certs[i].getIssuerDN()) && snum.equals(certs[i].getSerialNumber())) {
            issuerSertIndex = i;
            break;
        }
    }
    if (i == certs.length) {
        // No issuer certificate found
        return null;
    }
    if (certs[issuerSertIndex].hasUnsupportedCriticalExtension()) {
        throw new SecurityException("Can not recognize a critical extension");
    }
    // Get Signature instance
    final String daOid = sigInfo.getDigestAlgorithm();
    final String daName = sigInfo.getDigestAlgorithmName();
    final String deaOid = sigInfo.getDigestEncryptionAlgorithm();
    String alg = null;
    Signature sig = null;
    if (daOid != null && deaOid != null) {
        alg = daOid + "with" + deaOid;
        try {
            sig = Signature.getInstance(alg);
        } catch (NoSuchAlgorithmException e) {
        }
        // Try to convert to names instead of OID.
        if (sig == null) {
            final String deaName = sigInfo.getDigestEncryptionAlgorithmName();
            alg = daName + "with" + deaName;
            try {
                sig = Signature.getInstance(alg);
            } catch (NoSuchAlgorithmException e) {
            }
        }
    }
    /*
         * TODO figure out the case in which we'd only use digestAlgorithm and
         * add a test for it.
         */
    if (sig == null && daOid != null) {
        alg = daOid;
        try {
            sig = Signature.getInstance(alg);
        } catch (NoSuchAlgorithmException e) {
        }
        if (sig == null && daName != null) {
            alg = daName;
            try {
                sig = Signature.getInstance(alg);
            } catch (NoSuchAlgorithmException e) {
            }
        }
    }
    // We couldn't find a valid Signature type.
    if (sig == null) {
        return null;
    }
    sig.initVerify(certs[issuerSertIndex]);
    // If the authenticatedAttributes field of SignerInfo contains more than zero attributes,
    // compute the message digest on the ASN.1 DER encoding of the Attributes value.
    // Otherwise, compute the message digest on the data.
    List<AttributeTypeAndValue> atr = sigInfo.getAuthenticatedAttributes();
    byte[] sfBytes = new byte[signature.available()];
    signature.read(sfBytes);
    if (atr == null) {
        sig.update(sfBytes);
    } else {
        sig.update(sigInfo.getEncodedAuthenticatedAttributes());
        // If the authenticatedAttributes field contains the message-digest attribute,
        // verify that it equals the computed digest of the signature file
        byte[] existingDigest = null;
        for (AttributeTypeAndValue a : atr) {
            if (Arrays.equals(a.getType().getOid(), MESSAGE_DIGEST_OID)) {
                if (existingDigest != null) {
                    throw new SecurityException("Too many MessageDigest attributes");
                }
                Collection<?> entries = a.getValue().getValues(ASN1OctetString.getInstance());
                if (entries.size() != 1) {
                    throw new SecurityException("Too many values for MessageDigest attribute");
                }
                existingDigest = (byte[]) entries.iterator().next();
            }
        }
        // message digest entry.
        if (existingDigest == null) {
            throw new SecurityException("Missing MessageDigest in Authenticated Attributes");
        }
        MessageDigest md = null;
        if (daOid != null) {
            md = MessageDigest.getInstance(daOid);
        }
        if (md == null && daName != null) {
            md = MessageDigest.getInstance(daName);
        }
        if (md == null) {
            return null;
        }
        byte[] computedDigest = md.digest(sfBytes);
        if (!Arrays.equals(existingDigest, computedDigest)) {
            throw new SecurityException("Incorrect MD");
        }
    }
    if (!sig.verify(sigInfo.getEncryptedDigest())) {
        throw new SecurityException("Incorrect signature");
    }
    return createChain(certs[issuerSertIndex], certs);
}

Example 59 with Certificate

use of java.security.cert.Certificate in project robovm by robovm.

the class HandshakeCompletedEventTest method test_getPeerCertificates.

/**
     * @throws IOException
     * javax.net.ssl.HandshakeCompletedEvent#getPeerCertificates()
     */
public final void test_getPeerCertificates() throws IOException {
    mySSLSession session = new mySSLSession("localhost", 1080, null);
    SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
    try {
        event.getPeerCertificates();
        fail("SSLPeerUnverifiedException wasn't thrown");
    } catch (SSLPeerUnverifiedException expected) {
    }
    session = new mySSLSession((X509Certificate[]) null);
    event = new HandshakeCompletedEvent(socket, session);
    Certificate[] res = event.getPeerCertificates();
    assertEquals(3, res.length);
}

Example 60 with Certificate

use of java.security.cert.Certificate in project robovm by robovm.

the class CertificateTest method getCertList.

private List<Certificate> getCertList(boolean useMD2root, boolean includeRootInChain) throws Exception {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    if (useMD2root) {
        certs[0] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCertMD2.getBytes()));
        certs[1] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert1Chain1.getBytes()));
        certs[2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert2Chain1.getBytes()));
    } else {
        certs[0] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCertMD5.getBytes()));
        certs[1] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert1Chain2.getBytes()));
        certs[2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert2Chain2.getBytes()));
    }
    ArrayList<Certificate> result = new ArrayList<Certificate>();
    result.add(certs[2]);
    result.add(certs[1]);
    if (includeRootInChain) {
        result.add(certs[0]);
    }
    return result;
}