package com.paypal;import java.io.File;import java.io.FileInputStream;import

1. package com.paypal;
2.  
3. import java.io.File;
4. import java.io.FileInputStream;
5. import java.io.IOException;
6. import java.io.InputStream;
7. import java.security.InvalidKeyException;
8. import java.security.KeyStore;
9. import java.security.KeyStoreException;
10. import java.security.NoSuchAlgorithmException;
11. import java.security.NoSuchProviderException;
12. import java.security.SignatureException;
13. import java.security.cert.Certificate;
14. import java.security.cert.CertificateException;
15. import java.security.cert.CertificateFactory;
16. import java.security.cert.X509Certificate;
17. import java.util.ArrayList;
18. import java.util.Arrays;
19. import java.util.Collection;
20. import java.util.Collections;
21. import java.util.Enumeration;
22. import java.util.Iterator;
23. import java.util.List;
24.  
25. import javax.net.ssl.TrustManager;
26. import javax.net.ssl.TrustManagerFactory;
27. import javax.net.ssl.X509TrustManager;
28.  
29. public class ValidateCert {
30.  
31. public static void main(String[] args) {
32. ValidateCert certcheck = new ValidateCert();
33.  
34. String clientCertloc = ".." + "/CertTestingProject/src/resources/cert/34-server-chain.crt";
35. String trustCertloc = ".." + "/CertTestingProject/src/resources/cert/root-12-chain.crt";
36.  
37.  
38. try {
39. System.out.println("Is Valid: " + certcheck.testCertificate(clientCertloc, trustCertloc));
40. } catch (Exception ex) {
41. System.out.println(ex.getMessage());
42. ex.printStackTrace();
43. }
44. }
45.  
46. @SuppressWarnings("unchecked")
47. public boolean testCertificate(String clientCertloc, String trustCertloc) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, InvalidKeyException, NoSuchProviderException, SignatureException{
48.  
49. // Create a Certificate Factory
50. CertificateFactory cf = CertificateFactory.getInstance("X.509");
51.  
52. // Read and add the certificate to chain
53. InputStream in = new FileInputStream(clientCertloc);
54. Collection<X509Certificate> clientCerts = (Collection<X509Certificate>) cf.generateCertificates(in);
55.  
56. String authType = "RSA";
57. X509Certificate[] chain = clientCerts.toArray(new X509Certificate[0]);
58.  
59. List<X509Certificate> list = Arrays.asList(chain);
60.  
61. Collections.reverse(list);
62. chain = list.toArray(new X509Certificate[0]);
63.  
64. // Root CA - Verisign
65. Collection<X509Certificate> allCerts = (Collection<X509Certificate>) CertificateFactory.getInstance("X509").generateCertificates(new FileInputStream(new File(trustCertloc)));
66.  
67. // Create a Keystore and load the Root CA Cert
68. //KeyStore keyStore = KeyStore.getInstance("JKS");
69. KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
70. keyStore.load(null, "".toCharArray());
71.  
72. // Iterate through each certificate and add to keystore
73. int i = 0;
74. System.out.println("############# Trusted Certificates ###################");
75. for (Iterator<X509Certificate> payPalCertificate = allCerts.iterator(); payPalCertificate.hasNext();) {
76. X509Certificate x509Certificate = (X509Certificate) payPalCertificate.next();
77. keyStore.setCertificateEntry("paypalCert" + i, x509Certificate);
78. printCertificate(x509Certificate);
79. i++;
80. }
81.  
82. Enumeration enumeration = keyStore.aliases();
83. while(enumeration.hasMoreElements()) {
84. String alias = (String)enumeration.nextElement();
85. System.out.println("alias name: " + alias);
86. Certificate certificate = keyStore.getCertificate(alias);
87. //System.out.println(certificate.toString());
88.  
89. }
90.  
91. System.out.println("\n\n############# Client Chain ###################");
92. for (int j = 0; j < chain.length; j++) {
93. printCertificate(chain[j]);
94. }
95.  
96. System.out.println("");
97.  
98. // Create TrustManager
99. TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
100. trustManagerFactory.init(keyStore);
101. TrustManager trustManagers[] = trustManagerFactory.getTrustManagers();
102.  
103. // For Each TrustManager of type X509
104. for(TrustManager trustManager : trustManagers) {
105. if(trustManager instanceof X509TrustManager) {
106. X509TrustManager pkixTrustManager = (X509TrustManager) trustManager;
107. // Check the trust manager if server is trusted
108. pkixTrustManager.checkClientTrusted(chain, authType);
109. // Checks that the certificate is currently valid. It is if the current date and time are within the validity period given in the certificate.
110. for (X509Certificate cert : chain) {
111. cert.checkValidity();
112. }
113. // If nothing goes wrong, return true.
114. return true;
115. }
116. }
117. // Catch all kind of exceptions and return false here. To be done
118. return false;
119. }
120.  
121. public static void printCertificate(X509Certificate cert) {
122. System.out.println(
123. "Subject : " + cert.getSubjectDN() + "\n\t\t Version: "
124. + cert.getVersion() + " Constraints: "
125. + cert.getBasicConstraints()
126. + "\n\t\t Issuer: " + cert.getIssuerDN()
127. + "\n"
128. );
129. }
130.  
131. }