248 lines
9.0 KiB
Java
248 lines
9.0 KiB
Java
|
/*
|
||
|
* Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
|
||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||
|
*
|
||
|
* This code is free software; you can redistribute it and/or modify it
|
||
|
* under the terms of the GNU General Public License version 2 only, as
|
||
|
* published by the Free Software Foundation.
|
||
|
*
|
||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||
|
* accompanied this code).
|
||
|
*
|
||
|
* You should have received a copy of the GNU General Public License version
|
||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||
|
*
|
||
|
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||
|
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||
|
* have any questions.
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
*
|
||
|
* @author Sean Mullan
|
||
|
* @author Steve Hanna
|
||
|
*
|
||
|
*/
|
||
|
import java.io.ByteArrayOutputStream;
|
||
|
import java.io.File;
|
||
|
import java.io.FileInputStream;
|
||
|
import java.io.InputStream;
|
||
|
import java.io.IOException;
|
||
|
import java.security.cert.CertificateFactory;
|
||
|
import java.security.cert.CertPath;
|
||
|
import java.security.cert.CertPathBuilder;
|
||
|
import java.security.cert.CertPathValidator;
|
||
|
import java.security.cert.CertStore;
|
||
|
import java.security.cert.CollectionCertStoreParameters;
|
||
|
import java.security.cert.PKIXBuilderParameters;
|
||
|
import java.security.cert.PKIXCertPathBuilderResult;
|
||
|
import java.security.cert.PKIXCertPathValidatorResult;
|
||
|
import java.security.cert.PKIXParameters;
|
||
|
import java.security.cert.X509Certificate;
|
||
|
import java.security.cert.X509CRL;
|
||
|
import java.util.ArrayList;
|
||
|
import java.util.HashSet;
|
||
|
import java.util.List;
|
||
|
import java.util.Set;
|
||
|
|
||
|
/**
|
||
|
* Static utility methods useful for testing certificate/certpath APIs.
|
||
|
*/
|
||
|
public class CertUtils {
|
||
|
|
||
|
private CertUtils() {}
|
||
|
|
||
|
/**
|
||
|
* Get a DER-encoded X.509 certificate from a file.
|
||
|
*
|
||
|
* @param certFilePath path to file containing DER-encoded certificate
|
||
|
* @return X509Certificate
|
||
|
* @throws IOException on error
|
||
|
*/
|
||
|
public static X509Certificate getCertFromFile(String certFilePath)
|
||
|
throws IOException {
|
||
|
X509Certificate cert = null;
|
||
|
try {
|
||
|
File certFile = new File(System.getProperty("test.src", "."),
|
||
|
certFilePath);
|
||
|
if (!certFile.canRead())
|
||
|
throw new IOException("File " +
|
||
|
certFile.toString() +
|
||
|
" is not a readable file.");
|
||
|
FileInputStream certFileInputStream =
|
||
|
new FileInputStream(certFile);
|
||
|
CertificateFactory cf = CertificateFactory.getInstance("X509");
|
||
|
cert = (X509Certificate)
|
||
|
cf.generateCertificate(certFileInputStream);
|
||
|
} catch (Exception e) {
|
||
|
e.printStackTrace();
|
||
|
throw new IOException("Can't construct X509Certificate: " +
|
||
|
e.getMessage());
|
||
|
}
|
||
|
return cert;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Get a DER-encoded X.509 CRL from a file.
|
||
|
*
|
||
|
* @param crlFilePath path to file containing DER-encoded CRL
|
||
|
* @return X509CRL
|
||
|
* @throws IOException on error
|
||
|
*/
|
||
|
public static X509CRL getCRLFromFile(String crlFilePath)
|
||
|
throws IOException {
|
||
|
X509CRL crl = null;
|
||
|
try {
|
||
|
File crlFile = new File(System.getProperty("test.src", "."),
|
||
|
crlFilePath);
|
||
|
if (!crlFile.canRead())
|
||
|
throw new IOException("File " +
|
||
|
crlFile.toString() +
|
||
|
" is not a readable file.");
|
||
|
FileInputStream crlFileInputStream =
|
||
|
new FileInputStream(crlFile);
|
||
|
CertificateFactory cf = CertificateFactory.getInstance("X509");
|
||
|
crl = (X509CRL) cf.generateCRL(crlFileInputStream);
|
||
|
} catch (Exception e) {
|
||
|
e.printStackTrace();
|
||
|
throw new IOException("Can't construct X509CRL: " +
|
||
|
e.getMessage());
|
||
|
}
|
||
|
return crl;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Read a bunch of certs from files and create a CertPath from them.
|
||
|
*
|
||
|
* @param fileNames an array of <code>String</code>s that are file names
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static CertPath buildPath(String [] fileNames) throws Exception {
|
||
|
return buildPath("", fileNames);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Read a bunch of certs from files and create a CertPath from them.
|
||
|
*
|
||
|
* @param relPath relative path containing certs (must end in
|
||
|
* file.separator)
|
||
|
* @param fileNames an array of <code>String</code>s that are file names
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static CertPath buildPath(String relPath, String [] fileNames)
|
||
|
throws Exception {
|
||
|
List<X509Certificate> list = new ArrayList<X509Certificate>();
|
||
|
for (int i = 0; i < fileNames.length; i++) {
|
||
|
list.add(0, getCertFromFile(relPath + fileNames[i]));
|
||
|
}
|
||
|
CertificateFactory cf = CertificateFactory.getInstance("X509");
|
||
|
return(cf.generateCertPath(list));
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Read a bunch of certs from files and create a CertStore from them.
|
||
|
*
|
||
|
* @param fileNames an array of <code>String</code>s that are file names
|
||
|
* @return the <code>CertStore</code> created
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static CertStore createStore(String [] fileNames) throws Exception {
|
||
|
return createStore("", fileNames);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Read a bunch of certs from files and create a CertStore from them.
|
||
|
*
|
||
|
* @param relPath relative path containing certs (must end in
|
||
|
* file.separator)
|
||
|
* @param fileNames an array of <code>String</code>s that are file names
|
||
|
* @return the <code>CertStore</code> created
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static CertStore createStore(String relPath, String [] fileNames)
|
||
|
throws Exception {
|
||
|
Set<X509Certificate> certs = new HashSet<X509Certificate>();
|
||
|
for (int i = 0; i < fileNames.length; i++) {
|
||
|
certs.add(getCertFromFile(relPath + fileNames[i]));
|
||
|
}
|
||
|
return CertStore.getInstance("Collection",
|
||
|
new CollectionCertStoreParameters(certs));
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Read a bunch of CRLs from files and create a CertStore from them.
|
||
|
*
|
||
|
* @param fileNames an array of <code>String</code>s that are file names
|
||
|
* @return the <code>CertStore</code> created
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static CertStore createCRLStore(String [] fileNames)
|
||
|
throws Exception {
|
||
|
return createCRLStore("", fileNames);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Read a bunch of CRLs from files and create a CertStore from them.
|
||
|
*
|
||
|
* @param relPath relative path containing CRLs (must end in file.separator)
|
||
|
* @param fileNames an array of <code>String</code>s that are file names
|
||
|
* @return the <code>CertStore</code> created
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static CertStore createCRLStore(String relPath, String [] fileNames)
|
||
|
throws Exception {
|
||
|
Set<X509CRL> crls = new HashSet<X509CRL>();
|
||
|
for (int i = 0; i < fileNames.length; i++) {
|
||
|
crls.add(getCRLFromFile(relPath + fileNames[i]));
|
||
|
}
|
||
|
return CertStore.getInstance("Collection",
|
||
|
new CollectionCertStoreParameters(crls));
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Perform a PKIX path build. On failure, throw an exception.
|
||
|
*
|
||
|
* @param params PKIXBuilderParameters to use in validation
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static PKIXCertPathBuilderResult build(PKIXBuilderParameters params)
|
||
|
throws Exception {
|
||
|
CertPathBuilder builder =
|
||
|
CertPathBuilder.getInstance("PKIX");
|
||
|
return (PKIXCertPathBuilderResult) builder.build(params);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Perform a PKIX validation. On failure, throw an exception.
|
||
|
*
|
||
|
* @param path CertPath to validate
|
||
|
* @param params PKIXParameters to use in validation
|
||
|
* @throws Exception on error
|
||
|
*/
|
||
|
public static PKIXCertPathValidatorResult validate
|
||
|
(CertPath path, PKIXParameters params) throws Exception {
|
||
|
CertPathValidator validator =
|
||
|
CertPathValidator.getInstance("PKIX");
|
||
|
return (PKIXCertPathValidatorResult) validator.validate(path, params);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Reads the entire input stream into a byte array.
|
||
|
*/
|
||
|
private static byte[] getTotalBytes(InputStream is) throws IOException {
|
||
|
byte[] buffer = new byte[8192];
|
||
|
ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
|
||
|
int n;
|
||
|
baos.reset();
|
||
|
while ((n = is.read(buffer, 0, buffer.length)) != -1) {
|
||
|
baos.write(buffer, 0, n);
|
||
|
}
|
||
|
return baos.toByteArray();
|
||
|
}
|
||
|
}
|