Java Code Examples for java.security.cert.Certificate#equals()

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem;

    Enumeration<String> e = entries.keys();
    while (e.hasMoreElements()) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if ((entry instanceof PrivateKeyEntry) &&
                   (((PrivateKeyEntry)entry).chain != null)) {
            certElem = ((PrivateKeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
    * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    permissionCheck();
    Certificate certElem;

    for (Enumeration e = entries.keys(); e.hasMoreElements(); ) {
        String alias = (String)e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if (((KeyEntry)entry).chain != null) {
            certElem = ((KeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem;

    for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if (((KeyEntry)entry).chain != null) {
            certElem = ((KeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem;

    Enumeration<String> e = entries.keys();
    while (e.hasMoreElements()) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if ((entry instanceof PrivateKeyEntry) &&
                   (((PrivateKeyEntry)entry).chain != null)) {
            certElem = ((PrivateKeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem = null;

    for (Enumeration<String> e = engineAliases(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Entry entry = entries.get(alias);
        if (entry instanceof PrivateKeyEntry) {
            if (((PrivateKeyEntry) entry).chain != null) {
                certElem = ((PrivateKeyEntry) entry).chain[0];
            }
        } else if (entry instanceof CertEntry &&
                ((CertEntry) entry).trustedKeyUsage != null) {
            certElem = ((CertEntry) entry).cert;
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem;

    Enumeration<String> e = entries.keys();
    while (e.hasMoreElements()) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if ((entry instanceof PrivateKeyEntry) &&
                   (((PrivateKeyEntry)entry).chain != null)) {
            certElem = ((PrivateKeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem;

    for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if (((KeyEntry)entry).chain != null) {
            certElem = ((KeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem = null;

    for (Enumeration<String> e = engineAliases(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Entry entry = entries.get(alias);
        if (entry instanceof PrivateKeyEntry) {
            if (((PrivateKeyEntry) entry).chain != null) {
                certElem = ((PrivateKeyEntry) entry).chain[0];
            }
        } else if (entry instanceof CertEntry &&
                ((CertEntry) entry).trustedKeyUsage != null) {
            certElem = ((CertEntry) entry).cert;
        } else {
            continue;
        }
        if (certElem != null && certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem;

    for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if (((KeyEntry)entry).chain != null) {
            certElem = ((KeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Test logic (environment has set up)
 */
private void runTest() throws FileNotFoundException, CertificateException,
        KeyStoreException, IOException, NoSuchAlgorithmException {
    Certificate cert;
    CertificateFactory cf;
    try (FileInputStream fi = new FileInputStream(CERT_PATH)) {
        cf = CertificateFactory.getInstance("X.509");
        cert = cf.generateCertificate(fi);
        KeyStore ks = KeyStore.getInstance(
                Utils.KeyStoreType.pkcs12.name());
        ks.load(null, null);
        ks.setCertificateEntry(ALIAS, cert);
        Utils.saveKeyStore(ks, KEYSTORE_PATH, PASSWORD);
        ks = Utils.loadKeyStore(KEYSTORE_PATH, Utils.KeyStoreType.pkcs12,
                PASSWORD);
        final Certificate ksCert = ks.getCertificate(ALIAS);
        if (!ksCert.equals(cert)) {
            err.println("Orig cert: " + cert.toString());
            err.println("Cert from keystore: " + ksCert.toString());
            throw new RuntimeException("Certificates don't match");
        }
    }
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered
 * is a <i>trusted certificate entry</i>, the given certificate is
 * compared to that entry's certificate. If the entry being considered is
 * a <i>key entry</i>, the given certificate is compared to the first
 * element of that entry's certificate chain (if a chain exists).
 *
 * @param cert the certificate to match with.
 *
 * @return the (alias) name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public String engineGetCertificateAlias(Certificate cert) {
    Certificate certElem;

    for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
            certElem = ((TrustedCertEntry)entry).cert;
        } else if (((KeyEntry)entry).chain != null) {
            certElem = ((KeyEntry)entry).chain[0];
        } else {
            continue;
        }
        if (certElem.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

public static void assertCertificateInKeyStore(Certificate certificate,
                                               KeyStore keyStore) throws Exception {
    boolean found = false;
    for (String alias: Collections.list(keyStore.aliases())) {
        if (!keyStore.isCertificateEntry(alias)) {
            continue;
        }
        Certificate keyStoreCertificate = keyStore.getCertificate(alias);
        if (certificate.equals(keyStoreCertificate)) {
            found = true;
            break;
        }
    }
    assertTrue(found);
}
 

public String engineGetCertificateAlias(Certificate cert) {
    for (Iterator keys = trustedCerts.keySet().iterator(); keys.hasNext(); ) {
        String alias = (String) keys.next();
        if (cert.equals(trustedCerts.get(alias)))
            return alias;
    }
    return null;
}
 

/**
 * Establishes a certificate chain (using trusted certificates in the
 * keystore and cacerts), starting with the reply (certToVerify)
 * and ending at a self-signed certificate found in the keystore.
 *
 * @param userCert optional existing certificate, mostly likely be the
 *                 original self-signed cert created by -genkeypair.
 *                 It must have the same public key as certToVerify
 *                 but cannot be the same cert.
 * @param certToVerify the starting certificate to build the chain
 * @returns the established chain, might be null if user decides not
 */
private Certificate[] establishCertChain(Certificate userCert,
                                         Certificate certToVerify)
    throws Exception
{
    if (userCert != null) {
        // Make sure that the public key of the certificate reply matches
        // the original public key in the keystore
        PublicKey origPubKey = userCert.getPublicKey();
        PublicKey replyPubKey = certToVerify.getPublicKey();
        if (!origPubKey.equals(replyPubKey)) {
            throw new Exception(rb.getString
                    ("Public.keys.in.reply.and.keystore.don.t.match"));
        }

        // If the two certs are identical, we're done: no need to import
        // anything
        if (certToVerify.equals(userCert)) {
            throw new Exception(rb.getString
                    ("Certificate.reply.and.certificate.in.keystore.are.identical"));
        }
    }

    // Build a hash table of all certificates in the keystore.
    // Use the subject distinguished name as the key into the hash table.
    // All certificates associated with the same subject distinguished
    // name are stored in the same hash table entry as a vector.
    Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs = null;
    if (keyStore.size() > 0) {
        certs = new Hashtable<>(11);
        keystorecerts2Hashtable(keyStore, certs);
    }
    if (trustcacerts) {
        if (caks!=null && caks.size()>0) {
            if (certs == null) {
                certs = new Hashtable<>(11);
            }
            keystorecerts2Hashtable(caks, certs);
        }
    }

    // start building chain
    Vector<Pair<String,X509Certificate>> chain = new Vector<>(2);
    if (buildChain(
            new Pair<>(rb.getString("the.input"),
                       (X509Certificate) certToVerify),
            chain, certs)) {
        for (Pair<String,X509Certificate> p : chain) {
            checkWeak(p.fst, p.snd);
        }
        Certificate[] newChain =
                new Certificate[chain.size()];
        // buildChain() returns chain with self-signed root-cert first and
        // user-cert last, so we need to invert the chain before we store
        // it
        int j=0;
        for (int i=chain.size()-1; i>=0; i--) {
            newChain[j] = chain.elementAt(i).snd;
            j++;
        }
        return newChain;
    } else {
        throw new Exception
            (rb.getString("Failed.to.establish.chain.from.reply"));
    }
}
 

/**
 * Establishes a certificate chain (using trusted certificates in the
 * keystore), starting with the user certificate
 * and ending at a self-signed certificate found in the keystore.
 *
 * @param userCert the user certificate of the alias
 * @param certToVerify the single certificate provided in the reply
 */
private Certificate[] establishCertChain(Certificate userCert,
                                         Certificate certToVerify)
    throws Exception
{
    if (userCert != null) {
        // Make sure that the public key of the certificate reply matches
        // the original public key in the keystore
        PublicKey origPubKey = userCert.getPublicKey();
        PublicKey replyPubKey = certToVerify.getPublicKey();
        if (!origPubKey.equals(replyPubKey)) {
            throw new Exception(rb.getString
                    ("Public.keys.in.reply.and.keystore.don.t.match"));
        }

        // If the two certs are identical, we're done: no need to import
        // anything
        if (certToVerify.equals(userCert)) {
            throw new Exception(rb.getString
                    ("Certificate.reply.and.certificate.in.keystore.are.identical"));
        }
    }

    // Build a hash table of all certificates in the keystore.
    // Use the subject distinguished name as the key into the hash table.
    // All certificates associated with the same subject distinguished
    // name are stored in the same hash table entry as a vector.
    Hashtable<Principal, Vector<Certificate>> certs = null;
    if (keyStore.size() > 0) {
        certs = new Hashtable<Principal, Vector<Certificate>>(11);
        keystorecerts2Hashtable(keyStore, certs);
    }
    if (trustcacerts) {
        if (caks!=null && caks.size()>0) {
            if (certs == null) {
                certs = new Hashtable<Principal, Vector<Certificate>>(11);
            }
            keystorecerts2Hashtable(caks, certs);
        }
    }

    // start building chain
    Vector<Certificate> chain = new Vector<>(2);
    if (buildChain((X509Certificate)certToVerify, chain, certs)) {
        Certificate[] newChain = new Certificate[chain.size()];
        // buildChain() returns chain with self-signed root-cert first and
        // user-cert last, so we need to invert the chain before we store
        // it
        int j=0;
        for (int i=chain.size()-1; i>=0; i--) {
            newChain[j] = chain.elementAt(i);
            j++;
        }
        return newChain;
    } else {
        throw new Exception
            (rb.getString("Failed.to.establish.chain.from.reply"));
    }
}
 

@Override
public String engineGetCertificateAlias(Certificate cert) {
    return cert.equals(bazCert) ? baz : null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered was
 * created by a call to <code>setCertificateEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>TrustedCertificateEntry</code>,
 * then the given certificate is compared to that entry's certificate.
 *
 * <p> If the entry being considered was
 * created by a call to <code>setKeyEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>PrivateKeyEntry</code>,
 * then the given certificate is compared to the first
 * element of that entry's certificate chain.
 *
 * @param cert the certificate to match with.
 *
 * @return the alias name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public synchronized String engineGetCertificateAlias(Certificate cert) {
    token.ensureValid();
    Enumeration<String> e = engineAliases();
    while (e.hasMoreElements()) {
        String alias = e.nextElement();
        Certificate tokenCert = engineGetCertificate(alias);
        if (tokenCert != null && tokenCert.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered was
 * created by a call to <code>setCertificateEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>TrustedCertificateEntry</code>,
 * then the given certificate is compared to that entry's certificate.
 *
 * <p> If the entry being considered was
 * created by a call to <code>setKeyEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>PrivateKeyEntry</code>,
 * then the given certificate is compared to the first
 * element of that entry's certificate chain.
 *
 * @param cert the certificate to match with.
 *
 * @return the alias name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public synchronized String engineGetCertificateAlias(Certificate cert) {
    token.ensureValid();
    Enumeration<String> e = engineAliases();
    while (e.hasMoreElements()) {
        String alias = e.nextElement();
        Certificate tokenCert = engineGetCertificate(alias);
        if (tokenCert != null && tokenCert.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered was
 * created by a call to <code>setCertificateEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>TrustedCertificateEntry</code>,
 * then the given certificate is compared to that entry's certificate.
 *
 * <p> If the entry being considered was
 * created by a call to <code>setKeyEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>PrivateKeyEntry</code>,
 * then the given certificate is compared to the first
 * element of that entry's certificate chain.
 *
 * @param cert the certificate to match with.
 *
 * @return the alias name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public synchronized String engineGetCertificateAlias(Certificate cert) {
    token.ensureValid();
    Enumeration<String> e = engineAliases();
    while (e.hasMoreElements()) {
        String alias = e.nextElement();
        Certificate tokenCert = engineGetCertificate(alias);
        if (tokenCert != null && tokenCert.equals(cert)) {
            return alias;
        }
    }
    return null;
}
 

/**
 * Returns the (alias) name of the first keystore entry whose certificate
 * matches the given certificate.
 *
 * <p>This method attempts to match the given certificate with each
 * keystore entry. If the entry being considered was
 * created by a call to <code>setCertificateEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>TrustedCertificateEntry</code>,
 * then the given certificate is compared to that entry's certificate.
 *
 * <p> If the entry being considered was
 * created by a call to <code>setKeyEntry</code>,
 * or created by a call to <code>setEntry</code> with a
 * <code>PrivateKeyEntry</code>,
 * then the given certificate is compared to the first
 * element of that entry's certificate chain.
 *
 * @param cert the certificate to match with.
 *
 * @return the alias name of the first entry with matching certificate,
 * or null if no such entry exists in this keystore.
 */
public synchronized String engineGetCertificateAlias(Certificate cert) {
    token.ensureValid();
    Enumeration<String> e = engineAliases();
    while (e.hasMoreElements()) {
        String alias = e.nextElement();
        Certificate tokenCert = engineGetCertificate(alias);
        if (tokenCert != null && tokenCert.equals(cert)) {
            return alias;
        }
    }
    return null;
}