Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.paypal;
- import java.io.File;
- import java.io.FileInputStream;
- import java.io.IOException;
- import java.io.InputStream;
- import java.security.InvalidKeyException;
- import java.security.KeyStore;
- import java.security.KeyStoreException;
- import java.security.NoSuchAlgorithmException;
- import java.security.NoSuchProviderException;
- import java.security.SignatureException;
- import java.security.cert.Certificate;
- import java.security.cert.CertificateException;
- import java.security.cert.CertificateFactory;
- import java.security.cert.X509Certificate;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.Collection;
- import java.util.Collections;
- import java.util.Enumeration;
- import java.util.Iterator;
- import java.util.List;
- import javax.net.ssl.TrustManager;
- import javax.net.ssl.TrustManagerFactory;
- import javax.net.ssl.X509TrustManager;
- public class ValidateCert {
- public static void main(String[] args) {
- ValidateCert certcheck = new ValidateCert();
- String clientCertloc = ".." + "/CertTestingProject/src/resources/cert/34-server-chain.crt";
- String trustCertloc = ".." + "/CertTestingProject/src/resources/cert/root-12-chain.crt";
- try {
- System.out.println("Is Valid: " + certcheck.testCertificate(clientCertloc, trustCertloc));
- } catch (Exception ex) {
- System.out.println(ex.getMessage());
- ex.printStackTrace();
- }
- }
- @SuppressWarnings("unchecked")
- public boolean testCertificate(String clientCertloc, String trustCertloc) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, InvalidKeyException, NoSuchProviderException, SignatureException{
- // Create a Certificate Factory
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- // Read and add the certificate to chain
- InputStream in = new FileInputStream(clientCertloc);
- Collection<X509Certificate> clientCerts = (Collection<X509Certificate>) cf.generateCertificates(in);
- String authType = "RSA";
- X509Certificate[] chain = clientCerts.toArray(new X509Certificate[0]);
- List<X509Certificate> list = Arrays.asList(chain);
- Collections.reverse(list);
- chain = list.toArray(new X509Certificate[0]);
- // Root CA - Verisign
- Collection<X509Certificate> allCerts = (Collection<X509Certificate>) CertificateFactory.getInstance("X509").generateCertificates(new FileInputStream(new File(trustCertloc)));
- // Create a Keystore and load the Root CA Cert
- //KeyStore keyStore = KeyStore.getInstance("JKS");
- KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- keyStore.load(null, "".toCharArray());
- // Iterate through each certificate and add to keystore
- int i = 0;
- System.out.println("############# Trusted Certificates ###################");
- for (Iterator<X509Certificate> payPalCertificate = allCerts.iterator(); payPalCertificate.hasNext();) {
- X509Certificate x509Certificate = (X509Certificate) payPalCertificate.next();
- keyStore.setCertificateEntry("paypalCert" + i, x509Certificate);
- printCertificate(x509Certificate);
- i++;
- }
- Enumeration enumeration = keyStore.aliases();
- while(enumeration.hasMoreElements()) {
- String alias = (String)enumeration.nextElement();
- System.out.println("alias name: " + alias);
- Certificate certificate = keyStore.getCertificate(alias);
- //System.out.println(certificate.toString());
- }
- System.out.println("\n\n############# Client Chain ###################");
- for (int j = 0; j < chain.length; j++) {
- printCertificate(chain[j]);
- }
- System.out.println("");
- // Create TrustManager
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- trustManagerFactory.init(keyStore);
- TrustManager trustManagers[] = trustManagerFactory.getTrustManagers();
- // For Each TrustManager of type X509
- for(TrustManager trustManager : trustManagers) {
- if(trustManager instanceof X509TrustManager) {
- X509TrustManager pkixTrustManager = (X509TrustManager) trustManager;
- // Check the trust manager if server is trusted
- pkixTrustManager.checkClientTrusted(chain, authType);
- // Checks that the certificate is currently valid. It is if the current date and time are within the validity period given in the certificate.
- for (X509Certificate cert : chain) {
- cert.checkValidity();
- }
- // If nothing goes wrong, return true.
- return true;
- }
- }
- // Catch all kind of exceptions and return false here. To be done
- return false;
- }
- public static void printCertificate(X509Certificate cert) {
- System.out.println(
- "Subject : " + cert.getSubjectDN() + "\n\t\t Version: "
- + cert.getVersion() + " Constraints: "
- + cert.getBasicConstraints()
- + "\n\t\t Issuer: " + cert.getIssuerDN()
- + "\n"
- );
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement