Example 1 with TrustChainValidator
use of org.nhindirect.stagent.trust.TrustChainValidator in project nhin-d by DirectProject.
the class TrustTest method main.
public static void main(String[] args) {
CryptoExtensions.registerJCEProviders();
if (args.length == 0) {
printUsage();
System.exit(-1);
}
String[] servers = null;
String address = "";
String configServiceURL = "";
String bundleURL = "";
String certFileName = "";
String[] anchorFiles = null;
// Check parameters
for (int i = 0; i < args.length; i++) {
String arg = args[i];
// Options
if (!arg.startsWith("-")) {
System.err.println("Error: Unexpected argument [" + arg + "]\n");
printUsage();
System.exit(-1);
} else if (arg.equalsIgnoreCase("-cert")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing certificate file name");
System.exit(-1);
}
certFileName = args[++i];
} else if (arg.equalsIgnoreCase("-address")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing the email address");
System.exit(-1);
}
address = args[++i];
} else if (arg.equalsIgnoreCase("-bundleURL")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing bundle URL");
System.exit(-1);
}
bundleURL = args[++i];
} else if (arg.equalsIgnoreCase("-configServiceURL")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing config service URL");
System.exit(-1);
}
configServiceURL = args[++i];
} else if (arg.equals("-anchors")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing anchor file names");
System.exit(-1);
}
anchorFiles = args[++i].split(",");
} else if (arg.equals("-server")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing DNS server list");
System.exit(-1);
}
servers = args[++i].split(",");
} else if (arg.equals("-help")) {
printUsage();
System.exit(-1);
} else {
System.err.println("Error: Unknown argument " + arg + "\n");
printUsage();
System.exit(-1);
}
}
if (StringUtils.isEmpty(certFileName) && StringUtils.isEmpty(address)) {
System.err.println("You must provide the name of the certificate file or an email address/domain to test.");
printUsage();
}
if ((anchorFiles == null || anchorFiles.length == 0) && bundleURL.isEmpty() && configServiceURL.isEmpty()) {
System.err.println("You must provide the name of the anchor files, a bundle URL, or config service URL.");
printUsage();
}
X509Certificate certToTest = null;
if (!StringUtils.isEmpty(certFileName)) {
final File certFileToTest = new File(certFileName);
if (!certFileToTest.exists()) {
System.out.println("Certificate file " + certFileName + " does not exist.");
System.exit(-1);
return;
}
try {
certToTest = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(certFileToTest));
} catch (Exception e) {
System.out.println("Failed to load certificate: " + e.getLocalizedMessage());
System.exit(-1);
return;
}
} else {
final DNSCertificateStore dnsStore = (servers != null) ? new DNSCertificateStore(Arrays.asList(servers)) : new DNSCertificateStore();
try {
Collection<X509Certificate> certs = dnsStore.getCertificates(new InternetAddress(address));
if (certs == null || certs.size() == 0) {
System.out.println("No certs found");
System.exit(-1);
return;
} else {
System.out.println("Found " + certs.size() + " certificates via DNS");
certToTest = certs.iterator().next();
}
} catch (Exception e) {
System.out.println("Failed to load certificate via DNS: " + e.getLocalizedMessage());
System.exit(-1);
return;
}
}
try {
final Collection<X509Certificate> anchors = new ArrayList<X509Certificate>();
if (anchorFiles != null && anchorFiles.length > 0) {
for (String anchorToLoad : anchorFiles) {
final File anchorFile = new File(anchorToLoad);
if (!anchorFile.exists()) {
System.out.println("Anchor file " + certFileName + " does not exist.");
System.exit(-1);
return;
}
anchors.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(anchorFile)));
}
}
if (!bundleURL.isEmpty()) {
final byte[] bundleBytes = downloadBundleToByteArray(bundleURL);
if (bundleBytes == null) {
System.out.println("Could not get bundle at URL " + bundleURL);
System.exit(-1);
}
final Collection<X509Certificate> bundleAnchors = convertRawBundleToAnchorCollection(bundleBytes);
anchors.addAll(bundleAnchors);
}
final TrustChainValidator chainValidator = new TrustChainValidator();
final Collection<CertificateResolver> intermediateResolvers = Arrays.asList((CertificateResolver) new DNSCertificateStore());
chainValidator.setCertificateResolver(intermediateResolvers);
boolean isTrusted = chainValidator.isTrusted(certToTest, anchors);
if (isTrusted)
System.out.println("Certificate is trusted");
else
System.out.println("Certificate is NOT trusted");
} catch (Exception e) {
e.printStackTrace();
}
System.exit(0);
}
Also used :
InternetAddress(javax.mail.internet.InternetAddress)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
DNSCertificateStore(org.nhindirect.stagent.cert.impl.DNSCertificateStore)
TrustChainValidator(org.nhindirect.stagent.trust.TrustChainValidator)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
File(java.io.File)
Aggregations
File (java.io.File)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
InternetAddress (javax.mail.internet.InternetAddress)1
CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)1
DNSCertificateStore (org.nhindirect.stagent.cert.impl.DNSCertificateStore)1
TrustChainValidator (org.nhindirect.stagent.trust.TrustChainValidator)1
