Search in sources :

Example 1 with DNSCertificateStore

use of org.nhindirect.stagent.cert.impl.DNSCertificateStore in project nhin-d by DirectProject.

the class DNSCertDumper method main.

public static void main(String[] args) {
    if (args.length == 0) {
        printUsage();
        System.exit(-1);
    }
    //String emailAddress = "Richard_Campbell@direct.healthvault-stage.com";
    //String emailAddress = "ca.direct.healthvault-stage.com";
    //String emailAddress = "ca.direct.healthvault-stage.com";
    //"beau@direct3.h1sp.com";
    String emailAddress = "";
    String[] servers = null;
    String outFile = null;
    // Check parameters
    for (int i = 0; i < args.length; i++) {
        String arg = args[i];
        // Options
        if (!arg.startsWith("-")) {
            System.err.println("Error: Unexpected argument [" + arg + "]\n");
            printUsage();
            System.exit(-1);
        } else if (arg.equalsIgnoreCase("-add")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing email address");
                System.exit(-1);
            }
            emailAddress = args[++i];
        } else if (arg.equals("-server")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing DNS server list");
                System.exit(-1);
            }
            servers = args[++i].split(",");
        } else if (arg.equals("-out")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing output file.");
                System.exit(-1);
            }
            outFile = args[++i];
        } else if (arg.equals("-help")) {
            printUsage();
            System.exit(-1);
        } else {
            System.err.println("Error: Unknown argument " + arg + "\n");
            printUsage();
            System.exit(-1);
        }
    }
    if (emailAddress == null || emailAddress.isEmpty()) {
        System.err.println("You must provide an email address.");
        printUsage();
    } else {
        DNSCertificateStore dnsStore = (servers != null) ? new DNSCertificateStore(Arrays.asList(servers)) : new DNSCertificateStore();
        try {
            Collection<X509Certificate> certs = dnsStore.getCertificates(new InternetAddress(emailAddress));
            if (certs == null || certs.size() == 0) {
                System.out.println("No certs found");
            } else {
                int idx = 1;
                for (X509Certificate cert : certs) {
                    String certFileName = "";
                    String certFileHold = (outFile == null || outFile.isEmpty()) ? emailAddress + ".der" : outFile;
                    if (certs.size() > 1) {
                        int index = certFileHold.lastIndexOf(".");
                        if (index < 0)
                            certFileHold += "(" + idx + ")";
                        else {
                            certFileName = certFileHold.substring(0, index - 1) + "(" + idx + ")" + certFileHold.substring(index);
                        }
                    } else
                        certFileName = certFileHold;
                    File certFile = new File(certFileName);
                    if (certFile.exists())
                        certFile.delete();
                    System.out.println("Writing cert file: " + certFile.getAbsolutePath());
                    FileUtils.writeByteArrayToFile(certFile, cert.getEncoded());
                    ++idx;
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    System.exit(0);
}
Also used : DNSCertificateStore(org.nhindirect.stagent.cert.impl.DNSCertificateStore) InternetAddress(javax.mail.internet.InternetAddress) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 2 with DNSCertificateStore

use of org.nhindirect.stagent.cert.impl.DNSCertificateStore in project nhin-d by DirectProject.

the class TrustTest method main.

public static void main(String[] args) {
    CryptoExtensions.registerJCEProviders();
    if (args.length == 0) {
        printUsage();
        System.exit(-1);
    }
    String[] servers = null;
    String address = "";
    String configServiceURL = "";
    String bundleURL = "";
    String certFileName = "";
    String[] anchorFiles = null;
    // Check parameters
    for (int i = 0; i < args.length; i++) {
        String arg = args[i];
        // Options
        if (!arg.startsWith("-")) {
            System.err.println("Error: Unexpected argument [" + arg + "]\n");
            printUsage();
            System.exit(-1);
        } else if (arg.equalsIgnoreCase("-cert")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing certificate file name");
                System.exit(-1);
            }
            certFileName = args[++i];
        } else if (arg.equalsIgnoreCase("-address")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing the email address");
                System.exit(-1);
            }
            address = args[++i];
        } else if (arg.equalsIgnoreCase("-bundleURL")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing bundle URL");
                System.exit(-1);
            }
            bundleURL = args[++i];
        } else if (arg.equalsIgnoreCase("-configServiceURL")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing config service URL");
                System.exit(-1);
            }
            configServiceURL = args[++i];
        } else if (arg.equals("-anchors")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing anchor file names");
                System.exit(-1);
            }
            anchorFiles = args[++i].split(",");
        } else if (arg.equals("-server")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing DNS server list");
                System.exit(-1);
            }
            servers = args[++i].split(",");
        } else if (arg.equals("-help")) {
            printUsage();
            System.exit(-1);
        } else {
            System.err.println("Error: Unknown argument " + arg + "\n");
            printUsage();
            System.exit(-1);
        }
    }
    if (StringUtils.isEmpty(certFileName) && StringUtils.isEmpty(address)) {
        System.err.println("You must provide the name of the certificate file or an email address/domain to test.");
        printUsage();
    }
    if ((anchorFiles == null || anchorFiles.length == 0) && bundleURL.isEmpty() && configServiceURL.isEmpty()) {
        System.err.println("You must provide the name of the anchor files, a bundle URL, or config service URL.");
        printUsage();
    }
    X509Certificate certToTest = null;
    if (!StringUtils.isEmpty(certFileName)) {
        final File certFileToTest = new File(certFileName);
        if (!certFileToTest.exists()) {
            System.out.println("Certificate file " + certFileName + " does not exist.");
            System.exit(-1);
            return;
        }
        try {
            certToTest = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(certFileToTest));
        } catch (Exception e) {
            System.out.println("Failed to load certificate: " + e.getLocalizedMessage());
            System.exit(-1);
            return;
        }
    } else {
        final DNSCertificateStore dnsStore = (servers != null) ? new DNSCertificateStore(Arrays.asList(servers)) : new DNSCertificateStore();
        try {
            Collection<X509Certificate> certs = dnsStore.getCertificates(new InternetAddress(address));
            if (certs == null || certs.size() == 0) {
                System.out.println("No certs found");
                System.exit(-1);
                return;
            } else {
                System.out.println("Found " + certs.size() + " certificates via DNS");
                certToTest = certs.iterator().next();
            }
        } catch (Exception e) {
            System.out.println("Failed to load certificate via DNS: " + e.getLocalizedMessage());
            System.exit(-1);
            return;
        }
    }
    try {
        final Collection<X509Certificate> anchors = new ArrayList<X509Certificate>();
        if (anchorFiles != null && anchorFiles.length > 0) {
            for (String anchorToLoad : anchorFiles) {
                final File anchorFile = new File(anchorToLoad);
                if (!anchorFile.exists()) {
                    System.out.println("Anchor file " + certFileName + " does not exist.");
                    System.exit(-1);
                    return;
                }
                anchors.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(anchorFile)));
            }
        }
        if (!bundleURL.isEmpty()) {
            final byte[] bundleBytes = downloadBundleToByteArray(bundleURL);
            if (bundleBytes == null) {
                System.out.println("Could not get bundle at URL " + bundleURL);
                System.exit(-1);
            }
            final Collection<X509Certificate> bundleAnchors = convertRawBundleToAnchorCollection(bundleBytes);
            anchors.addAll(bundleAnchors);
        }
        final TrustChainValidator chainValidator = new TrustChainValidator();
        final Collection<CertificateResolver> intermediateResolvers = Arrays.asList((CertificateResolver) new DNSCertificateStore());
        chainValidator.setCertificateResolver(intermediateResolvers);
        boolean isTrusted = chainValidator.isTrusted(certToTest, anchors);
        if (isTrusted)
            System.out.println("Certificate is trusted");
        else
            System.out.println("Certificate is NOT trusted");
    } catch (Exception e) {
        e.printStackTrace();
    }
    System.exit(0);
}
Also used : InternetAddress(javax.mail.internet.InternetAddress) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) DNSCertificateStore(org.nhindirect.stagent.cert.impl.DNSCertificateStore) TrustChainValidator(org.nhindirect.stagent.trust.TrustChainValidator) CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver) File(java.io.File)

Aggregations

File (java.io.File)2 X509Certificate (java.security.cert.X509Certificate)2 InternetAddress (javax.mail.internet.InternetAddress)2 DNSCertificateStore (org.nhindirect.stagent.cert.impl.DNSCertificateStore)2 ArrayList (java.util.ArrayList)1 CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)1 TrustChainValidator (org.nhindirect.stagent.trust.TrustChainValidator)1