Example 6 with Certificate
use of java.security.cert.Certificate in project buck by facebook.
the class ApkBuilderStep method createKeystoreProperties.
private PrivateKeyAndCertificate createKeystoreProperties() throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyStore keystore = KeyStore.getInstance(JARSIGNER_KEY_STORE_TYPE);
KeystoreProperties keystoreProperties = keystorePropertiesSupplier.get();
InputStream inputStream = filesystem.getInputStreamForRelativePath(pathToKeystore);
char[] keystorePassword = keystoreProperties.getStorepass().toCharArray();
try {
keystore.load(inputStream, keystorePassword);
} catch (IOException | NoSuchAlgorithmException | CertificateException e) {
throw new HumanReadableException(e, "%s is an invalid keystore.", pathToKeystore);
}
String alias = keystoreProperties.getAlias();
char[] keyPassword = keystoreProperties.getKeypass().toCharArray();
Key key = keystore.getKey(alias, keyPassword);
// key can be null if alias/password is incorrect.
if (key == null) {
throw new HumanReadableException("The keystore [%s] key.alias [%s] does not exist or does not identify a key-related " + "entry", pathToKeystore, alias);
}
Certificate certificate = keystore.getCertificate(alias);
return new PrivateKeyAndCertificate((PrivateKey) key, (X509Certificate) certificate);
}
Also used :
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStore(java.security.KeyStore)
HumanReadableException(com.facebook.buck.util.HumanReadableException)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 7 with Certificate
use of java.security.cert.Certificate in project Libraries-for-Android-Developers by eoecn.
the class MySSLSocketFactory method getKeystoreOfCA.
/**
* Gets a KeyStore containing the Certificate
*
* @param cert InputStream of the Certificate
* @return KeyStore
*/
public static KeyStore getKeystoreOfCA(InputStream cert) {
// Load CAs from an InputStream
InputStream caInput = null;
Certificate ca = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
caInput = new BufferedInputStream(cert);
ca = (Certificate) cf.generateCertificate(caInput);
} catch (CertificateException e1) {
e1.printStackTrace();
} finally {
try {
caInput.close();
} catch (IOException e) {
e.printStackTrace();
}
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", (java.security.cert.Certificate) ca);
} catch (Exception e) {
e.printStackTrace();
}
return keyStore;
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
BufferedInputStream(java.io.BufferedInputStream)
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 8 with Certificate
use of java.security.cert.Certificate in project android_frameworks_base by ParanoidAndroid.
the class PackageParser method collectCertificates.
public boolean collectCertificates(Package pkg, int flags) {
pkg.mSignatures = null;
WeakReference<byte[]> readBufferRef;
byte[] readBuffer = null;
synchronized (mSync) {
readBufferRef = mReadBuffer;
if (readBufferRef != null) {
mReadBuffer = null;
readBuffer = readBufferRef.get();
}
if (readBuffer == null) {
readBuffer = new byte[8192];
readBufferRef = new WeakReference<byte[]>(readBuffer);
}
}
try {
JarFile jarFile = new JarFile(mArchiveSourcePath);
Certificate[] certs = null;
if ((flags & PARSE_IS_SYSTEM) != 0) {
// If this package comes from the system image, then we
// can trust it... we'll just use the AndroidManifest.xml
// to retrieve its signatures, not validating all of the
// files.
JarEntry jarEntry = jarFile.getJarEntry(ANDROID_MANIFEST_FILENAME);
certs = loadCertificates(jarFile, jarEntry, readBuffer);
if (certs == null) {
Slog.e(TAG, "Package " + pkg.packageName + " has no certificates at entry " + jarEntry.getName() + "; ignoring!");
jarFile.close();
mParseError = PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES;
return false;
}
if (DEBUG_JAR) {
Slog.i(TAG, "File " + mArchiveSourcePath + ": entry=" + jarEntry + " certs=" + (certs != null ? certs.length : 0));
if (certs != null) {
final int N = certs.length;
for (int i = 0; i < N; i++) {
Slog.i(TAG, " Public key: " + certs[i].getPublicKey().getEncoded() + " " + certs[i].getPublicKey());
}
}
}
} else {
Enumeration<JarEntry> entries = jarFile.entries();
while (entries.hasMoreElements()) {
final JarEntry je = entries.nextElement();
if (je.isDirectory())
continue;
final String name = je.getName();
if (name.startsWith("META-INF/"))
continue;
if (ANDROID_MANIFEST_FILENAME.equals(name)) {
pkg.manifestDigest = ManifestDigest.fromInputStream(jarFile.getInputStream(je));
}
final Certificate[] localCerts = loadCertificates(jarFile, je, readBuffer);
if (DEBUG_JAR) {
Slog.i(TAG, "File " + mArchiveSourcePath + " entry " + je.getName() + ": certs=" + certs + " (" + (certs != null ? certs.length : 0) + ")");
}
if (localCerts == null) {
Slog.e(TAG, "Package " + pkg.packageName + " has no certificates at entry " + je.getName() + "; ignoring!");
jarFile.close();
mParseError = PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES;
return false;
} else if (certs == null) {
certs = localCerts;
} else {
// Ensure all certificates match.
for (int i = 0; i < certs.length; i++) {
boolean found = false;
for (int j = 0; j < localCerts.length; j++) {
if (certs[i] != null && certs[i].equals(localCerts[j])) {
found = true;
break;
}
}
if (!found || certs.length != localCerts.length) {
Slog.e(TAG, "Package " + pkg.packageName + " has mismatched certificates at entry " + je.getName() + "; ignoring!");
jarFile.close();
mParseError = PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES;
return false;
}
}
}
}
}
jarFile.close();
synchronized (mSync) {
mReadBuffer = readBufferRef;
}
if (certs != null && certs.length > 0) {
final int N = certs.length;
pkg.mSignatures = new Signature[certs.length];
for (int i = 0; i < N; i++) {
pkg.mSignatures[i] = new Signature(certs[i].getEncoded());
}
} else {
Slog.e(TAG, "Package " + pkg.packageName + " has no certificates; ignoring!");
mParseError = PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES;
return false;
}
} catch (CertificateEncodingException e) {
Slog.w(TAG, "Exception reading " + mArchiveSourcePath, e);
mParseError = PackageManager.INSTALL_PARSE_FAILED_CERTIFICATE_ENCODING;
return false;
} catch (IOException e) {
Slog.w(TAG, "Exception reading " + mArchiveSourcePath, e);
mParseError = PackageManager.INSTALL_PARSE_FAILED_CERTIFICATE_ENCODING;
return false;
} catch (RuntimeException e) {
Slog.w(TAG, "Exception reading " + mArchiveSourcePath, e);
mParseError = PackageManager.INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION;
return false;
}
return true;
}
Also used :
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
JarFile(java.util.jar.JarFile)
JarEntry(java.util.jar.JarEntry)
Certificate(java.security.cert.Certificate)
Example 9 with Certificate
use of java.security.cert.Certificate in project android_frameworks_base by ParanoidAndroid.
the class CertificateChainValidator method doHandshakeAndValidateServerCertificates.
/**
* Performs the handshake and server certificates validation
* Notice a new chain will be rebuilt by tracing the issuer and subject
* before calling checkServerTrusted().
* And if the last traced certificate is self issued and it is expired, it
* will be dropped.
* @param sslSocket The secure connection socket
* @param domain The website domain
* @return An SSL error object if there is an error and null otherwise
*/
public SslError doHandshakeAndValidateServerCertificates(HttpsConnection connection, SSLSocket sslSocket, String domain) throws IOException {
// get a valid SSLSession, close the socket if we fail
SSLSession sslSession = sslSocket.getSession();
if (!sslSession.isValid()) {
closeSocketThrowException(sslSocket, "failed to perform SSL handshake");
}
// retrieve the chain of the server peer certificates
Certificate[] peerCertificates = sslSocket.getSession().getPeerCertificates();
if (peerCertificates == null || peerCertificates.length == 0) {
closeSocketThrowException(sslSocket, "failed to retrieve peer certificates");
} else {
// update the SSL certificate associated with the connection
if (connection != null) {
if (peerCertificates[0] != null) {
connection.setCertificate(new SslCertificate((X509Certificate) peerCertificates[0]));
}
}
}
return verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, domain, "RSA");
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 10 with Certificate
use of java.security.cert.Certificate in project android_frameworks_base by ParanoidAndroid.
the class RecoverySystem method getTrustedCerts.
/** @return the set of certs that can be used to sign an OTA package. */
private static HashSet<Certificate> getTrustedCerts(File keystore) throws IOException, GeneralSecurityException {
HashSet<Certificate> trusted = new HashSet<Certificate>();
if (keystore == null) {
keystore = DEFAULT_KEYSTORE;
}
ZipFile zip = new ZipFile(keystore);
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Enumeration<? extends ZipEntry> entries = zip.entries();
while (entries.hasMoreElements()) {
ZipEntry entry = entries.nextElement();
InputStream is = zip.getInputStream(entry);
try {
trusted.add(cf.generateCertificate(is));
} finally {
is.close();
}
}
} finally {
zip.close();
}
return trusted;
}
Also used :
ZipFile(java.util.zip.ZipFile)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ZipEntry(java.util.zip.ZipEntry)
CertificateFactory(java.security.cert.CertificateFactory)
HashSet(java.util.HashSet)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
Certificate (java.security.cert.Certificate)723
X509Certificate (java.security.cert.X509Certificate)469
CertificateFactory (java.security.cert.CertificateFactory)272
ByteArrayInputStream (java.io.ByteArrayInputStream)237
KeyStore (java.security.KeyStore)133
PrivateKey (java.security.PrivateKey)132
IOException (java.io.IOException)106
CertificateException (java.security.cert.CertificateException)102
KeyFactory (java.security.KeyFactory)89
KeyStoreException (java.security.KeyStoreException)88
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)72
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)69
PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)63
ArrayList (java.util.ArrayList)63
TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)56
Entry (java.security.KeyStore.Entry)53
PublicKey (java.security.PublicKey)48
InputStream (java.io.InputStream)40
FileInputStream (java.io.FileInputStream)39
Key (java.security.Key)36
