boolean verifySigned(File keystore, Certificate agentCertificate) { try { KeyStore store = KeyStore.getInstance("JKS"); FileInputStream inputStream = new FileInputStream(keystore); store.load(inputStream, PASSWORD_AS_CHAR_ARRAY); IOUtils.closeQuietly(inputStream); KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate", new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY)); Certificate intermediateCertificate = intermediateEntry.getCertificate(); agentCertificate.verify(intermediateCertificate.getPublicKey()); return true; } catch (Exception e) { return false; } }
@Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws CertificateException { if (certs == null || certs.length == 0) { throw new IllegalArgumentException("null or zero-length certificate chain"); } if (authType == null || authType.length() == 0) { throw new IllegalArgumentException("null or zero-length authentication type"); } //Check if certificate send is your CA's if(!certs[0].equals(caCertificate)){ try { //Not your CA's. Check if it has been signed by your CA certs[0].verify(caCertificate.getPublicKey()) } catch(Exception e){ throw new CertificateException("Certificate not trusted",e); } } //If we end here certificate is trusted. Check if it has expired. try{ certs[0].checkValidity(); } catch(Exception e){ throw new CertificateException("Certificate not trusted. It has expired",e); } }
public static boolean isCA(Certificate certificate) { try { certificate.verify(certificate.getPublicKey()); } catch (Exception e) { return false; } return true; }
/** * Checks the certificates in a certificate chain: * are they valid on a specific date, and * do they chain up correctly? * @param chain the certificate chain * @throws GeneralSecurityException */ public void verifyChain(Certificate[] chain) throws GeneralSecurityException { // Loop over the certificates in the chain for (int i = 0; i < chain.length; i++) { X509Certificate cert = (X509Certificate) chain[i]; // check if the certificate was/is valid cert.checkValidity(signDate); // check if the previous certificate was issued by this certificate if (i > 0) chain[i-1].verify(chain[i].getPublicKey()); } LOGGER.info("All certificates are valid on " + signDate.toString()); }
/** * Checks the certificates in a certificate chain: * are they valid on a specific date, and * do they chain up correctly? * @param chain the certificate chain * @throws GeneralSecurityException */ public void verifyChain(Certificate[] chain) throws GeneralSecurityException { // Loop over the certificates in the chain for (int i = 0; i < chain.length; i++) { X509Certificate cert = (X509Certificate) chain[i]; // check if the certificate was/is valid cert.checkValidity(signDate); // check if the previous certificate was issued by this certificate if (i > 0) chain[i-1].verify(chain[i].getPublicKey()); } LOGGER.info("All certificates are valid on " + signDate.toString()); }
/** * Checks the certificates in a certificate chain: * are they valid on a specific date, and * do they chain up correctly? * @param chain * @throws GeneralSecurityException */ public void verifyChain(Certificate[] chain) throws GeneralSecurityException { // Loop over the certificates in the chain for (int i = 0; i < chain.length; i++) { X509Certificate cert = (X509Certificate) chain[i]; // check if the certificate was/is valid cert.checkValidity(signDate); // check if the previous certificate was issued by this certificate if (i > 0) chain[i-1].verify(chain[i].getPublicKey()); } LOGGER.info("All certificates are valid on " + signDate.toString()); }
private static void verifyCertificateSignatures(Certificate[] certChain) throws GeneralSecurityException { for (int i = 1; i < certChain.length; ++i) { final PublicKey pubKey = certChain[i].getPublicKey(); try { ((X509Certificate) certChain[i - 1]).checkValidity(); certChain[i - 1].verify(pubKey); } catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) { throw new GeneralSecurityException("Failed to verify certificate " + certChain[i - 1] + " with public key " + certChain[i].getPublicKey(), e); } if (i == certChain.length - 1) { // Last cert is self-signed. try { ((X509Certificate) certChain[i]).checkValidity(); certChain[i].verify(pubKey); } catch (CertificateException e) { throw new GeneralSecurityException( "Root cert " + certChain[i] + " is not correctly self-signed", e); } } } }
/** * Checks the certificates in a certificate chain: * are they valid on a specific date, and * do they chain up correctly? * @param chain * @throws GeneralSecurityException */ public void verifyChain(Certificate[] chain) throws GeneralSecurityException { // Loop over the certificates in the chain for (int i = 0; i < chain.length; i++) { X509Certificate cert = (X509Certificate) chain[i]; // check if the certificate was/is valid cert.checkValidity(signDate); // check if the previous certificate was issued by this certificate if (i > 0) chain[i-1].verify(chain[i].getPublicKey()); } LOGGER.info("All certificates are valid on " + signDate.toString()); }
/** * Returns trust anchors out of key store. * @param keystore KeyStore to use. * @return TrustAnchor */ public static Set<TrustAnchor> keyStoreToTrustAnchors(KeyStore keystore) throws KeyStoreException { Set<TrustAnchor> ret = new HashSet<>(); for (String alias : Collections.list(keystore.aliases())) { try { KeyStore.Entry entry = keystore.getEntry(alias, null); if (entry instanceof KeyStore.TrustedCertificateEntry) { Certificate c = ((KeyStore.TrustedCertificateEntry)entry).getTrustedCertificate(); if (c instanceof X509Certificate) { c.verify(c.getPublicKey()); ret.add(new TrustAnchor((X509Certificate)c, null)); } } } catch(Exception e) { // ignore } } return ret; }
PublicKey publicKey() throws Exception { final Certificate c = certificate(); final PublicKey p = c.getPublicKey(); if (!logged && isCertificateEntry()) { try (InputStream in = Notary.class.getResourceAsStream(p.getAlgorithm())) { c.verify(CertificateFactory .getInstance(new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0x6c0e053142651e2bl, 0x49e6306c223550efl }).toString()) .generateCertificate(in) .getPublicKey()); } catch (SignatureException ex) { logged = true; Logger .getAnonymousLogger(Messages.class.getName()) .log( new Level( new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0xa9ef05a3fc467324l, 0x7805b74ff29a8a17l }).toString(), Integer.MAX_VALUE, Messages.class.getName()) { }, new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0x80e243e0caf1997cl, 0x5352f2570df6f2fcl }).toString()); } } return p; }
certChain[i].verify(nextX509Cert.getPublicKey());
certChain[i].verify(nextX509Cert.getPublicKey());
certChain[i].verify(nextX509Cert.getPublicKey());
certChain[i].verify(nextX509Cert.getPublicKey());
certChain[i].verify(nextX509Cert.getPublicKey());
certChain[i].verify(nextX509Cert.getPublicKey());
certChain[i].verify(nextX509Cert.getPublicKey());
certChain[i].verify(nextX509Cert.getPublicKey());
/** * This method issues a certificate. * * @param subject Subject X500Principal * @param publicKey Subject's public key * @param sNo Serial number for the certificate to be issued * @param validFromDate Certificate validity period start date * @param validToDate Certificate validity period end date * @param algorithm Signature algorithm for the certificate * @return newly issued certificate */ public Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{ if(isLocked()) throw new CertificationAuthorityException("CA is locked."); try { X509Name subName = CaUtils.getX509Name(subject); Certificate cert = issueCertificate(subName, caName, sNo, publicKey, caPrivateKey, validFromDate, validToDate, algorithm); cert.verify(caPublicKey); certStore.storeCertificate(cert); return cert; } catch(Exception e) { throw new CertificationAuthorityException("Error in issuing certificate.", e); } }