Skip to content

Instantly share code, notes, and snippets.

@pt2121

pt2121/gist:5534887

Created May 7, 2013 18:25
Show Gist options
  • Save pt2121/5534887 to your computer and use it in GitHub Desktop.
Save pt2121/5534887 to your computer and use it in GitHub Desktop.
Download ZIP
Verify a certificate in Java
Raw
gistfile1.txt
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
public class CertVerifier {
/**
* Checks whether given X.509 certificate is self-signed.
*/
public boolean isSelfSigned(X509Certificate cert)
throws CertificateException, NoSuchAlgorithmException,
NoSuchProviderException {
try {
// Try to verify certificate signature with its own public key
PublicKey key = cert.getPublicKey();
cert.verify(key);
return true;
} catch (SignatureException sigEx) {
// Invalid signature --> not self-signed
return false;
} catch (InvalidKeyException keyEx) {
// Invalid key --> not self-signed
return false;
}
}
private ArrayList<Certificate> readCertificate(File f)
throws CertificateException {
ArrayList<Certificate> certs = new ArrayList<Certificate>();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
BufferedInputStream in;
try {
in = new BufferedInputStream(new FileInputStream(f));
while (in.available() > 0) {
Certificate cert = cf.generateCertificate(in);
certs.add(cert);
}
in.close();
return certs;
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
/**
* Verify certFileName against checkerFileName
*/
public static boolean verify(String certFilePath, String checkerFilePath) throws CertificateException, FileNotFoundException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(certFilePath);
X509Certificate prevCert = (X509Certificate) cf.generateCertificate(in);
File file = new File(checkerFilePath);
CertVerifier verifier = new CertVerifier();
try {
ArrayList<Certificate> certs = verifier.readCertificate(file);
for (Certificate cert : certs) {
prevCert.verify(cert.getPublicKey());
}
return true;
} catch (Exception e) {
return false;
}
}
/**
* @param args
* @throws CertificateException
* @throws FileNotFoundException
*/
public static void main(String[] args) throws CertificateException, FileNotFoundException {
if(CertVerifier.verify("cert7.cer", "AetherPal-Root-CA.cer"))
System.out.println("passed");
else
System.out.println("failed");
if(CertVerifier.verify("cert6.cer", "AetherPal-Root-CA.cer"))
System.out.println("passed");
else
System.out.println("failed");
if(CertVerifier.verify("devselfsigned.cer", "devselfsigned.cer"))
System.out.println("passed");
else
System.out.println("failed");
//http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
// File file = new File("cert7.cer");
/*
CertificateFactory cf = CertificateFactory.getInstance("X.509");
//FileInputStream in = new FileInputStream("cert7.cer");
FileInputStream in = new FileInputStream("AetherPal-Root-CA.cer");
X509Certificate prevCert = (X509Certificate) cf.generateCertificate(in);
//X509Certificate prevCert = X509Certificate.getInstance(Base64.decode(Constants.CERTIFICATE,0));
//File file = new File("AetherPal-Root-CA.cer");
File file = new File("cert7.cer");
Verifier verifier = new Verifier();
try {
ArrayList<Certificate> certs = verifier.readCertificate(file);
for (Certificate cert : certs) {
prevCert.verify(cert.getPublicKey());
// if (verifier.isSelfSigned((X509Certificate) cert)) {
// System.out.println(cert.toString());
// }
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
System.out.println(e.toString());
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ArrayList<Certificate> mylist = new ArrayList<Certificate>();
FileInputStream in = new FileInputStream("cert7.cer");
Certificate c = cf.generateCertificate(in);
mylist.add(c);
CertPath cp = cf.generateCertPath(mylist);
Certificate trust = cf.generateCertificate(in);
TrustAnchor anchor = new TrustAnchor((X509Certificate) trust, null);
PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
params.setRevocationEnabled(false);
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, params);
System.out.println(result);
*/
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment