@Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { throw new CertificateException(); }
private void checkRevoked(X509Certificate[] x509Certificates) throws CertificateException { for (X509Certificate cert : x509Certificates) { for (CRL crl : crls) { if (crl.isRevoked(cert)) { throw new CertificateException("Certificate revoked"); } } } } @Override
@Override public Principal getLocalPrincipal() { Certificate[] local = localCerts; if (local == null || local.length == 0) { return null; } return ((java.security.cert.X509Certificate) local[0]).getIssuerX500Principal(); }
/** Returns true if {@code toVerify} was signed by {@code signingCert}'s public key. */ private boolean verifySignature(X509Certificate toVerify, X509Certificate signingCert) { if (!toVerify.getIssuerDN().equals(signingCert.getSubjectDN())) return false; try { toVerify.verify(signingCert.getPublicKey()); return true; } catch (GeneralSecurityException verifyFailed) { return false; } }
/** Returns the trusted CA certificate that signed {@code cert}. */ private X509Certificate findByIssuerAndSignature(X509Certificate cert) { X500Principal issuer = cert.getIssuerX500Principal(); Set<X509Certificate> subjectCaCerts = subjectToCaCerts.get(issuer); if (subjectCaCerts == null) return null; for (X509Certificate caCert : subjectCaCerts) { PublicKey publicKey = caCert.getPublicKey(); try { cert.verify(publicKey); return caCert; } catch (Exception ignored) { } } return null; }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (!Arrays.equals(cert.getEncoded(), chain[0].getEncoded())) { throw new CertificateException("Server cert not trusted"); } } @Override
private String describeCertificate( X509Certificate certificate ) { return "Subject: " + certificate.getSubjectDN() + ", Issuer: " + certificate.getIssuerDN(); }
static ByteString sha1(X509Certificate x509Certificate) { return ByteString.of(x509Certificate.getPublicKey().getEncoded()).sha1(); }
/** Returns the remote peer's principle, or null if that peer is anonymous. */ public @Nullable Principal peerPrincipal() { return !peerCertificates.isEmpty() ? ((X509Certificate) peerCertificates.get(0)).getSubjectX500Principal() : null; }
private List<String> names(List<Certificate> certificates) { ArrayList<String> strings = new ArrayList<>(); for (Certificate cert : certificates) { if (cert instanceof X509Certificate) { strings.add(String.valueOf(((X509Certificate) cert).getSubjectDN())); } else { strings.add(cert.getType()); } } return strings; } }
@Override public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { mDelegate.checkValidity(); }
private void writeCertList(BufferedSink sink, List<Certificate> certificates) throws IOException { try { sink.writeDecimalLong(certificates.size()) .writeByte('\n'); for (int i = 0, size = certificates.size(); i < size; i++) { byte[] bytes = certificates.get(i).getEncoded(); String line = ByteString.of(bytes).base64(); sink.writeUtf8(line) .writeByte('\n'); } } catch (CertificateEncodingException e) { throw new IOException(e.getMessage()); } }
@Override public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { mDelegate.verify(key); }
@Override public String engineGetCertificateAlias(Certificate cert) { if (cert instanceof X509Certificate) { for (X509Certificate x509Certificate : certificateChain) { if (x509Certificate.equals(cert)) { return SslContext.ALIAS; } } } return null; }
public CertificateManager(Certificate cert) { this.cert = cert; String type = cert.getType(); if (type.equals(CERTIFICATE_TYPE_NAME) && cert instanceof X509Certificate) { x509cert = (X509Certificate) cert; } }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (!Arrays.equals(cert.getEncoded(), chain[0].getEncoded())) { throw new CertificateException("Client cert not trusted"); } } @Override
static ByteString sha256(X509Certificate x509Certificate) { return ByteString.of(x509Certificate.getPublicKey().getEncoded()).sha256(); }
/** Returns the local principle, or null if this peer is anonymous. */ public @Nullable Principal localPrincipal() { return !localCertificates.isEmpty() ? ((X509Certificate) localCertificates.get(0)).getSubjectX500Principal() : null; }
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { mDelegate.checkValidity(date); }
public String generatePublicKey() { PublicKey publicKey = x509cert.getPublicKey(); if (publicKey instanceof RSAPublicKey) { return generateRSAPublicKey(); } if (publicKey instanceof DSAPublicKey) { return generateDSAPublicKey(); } return ""; }