Java Code Examples for sun.security.tools.KeyStoreUtil#isSelfSigned()

The following examples show how to use sun.security.tools.KeyStoreUtil#isSelfSigned() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Main.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Recursively tries to establish chain from pool of certs starting from
 * certToVerify until a self-signed cert is found, and fill the certs found
 * into chain. Each cert in the chain signs the next one.
 *
 * This method is able to recover from an error, say, if certToVerify
 * is signed by certA but certA has no issuer in certs and itself is not
 * self-signed, the method can try another certB that also signs
 * certToVerify and look for signer of certB, etc, etc.
 *
 * Each cert in chain comes with a label showing its origin. The label is
 * used in the warning message when the cert is considered a risk.
 *
 * @param certToVerify the cert that needs to be verified.
 * @param chain the chain that's being built.
 * @param certs the pool of trusted certs
 *
 * @return true if successful, false otherwise.
 */
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
        Vector<Pair<String,X509Certificate>> chain,
        Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
    if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
        // reached self-signed root cert;
        // no verification needed because it's trusted.
        chain.addElement(certToVerify);
        return true;
    }

    Principal issuer = certToVerify.snd.getIssuerDN();

    // Get the issuer's certificate(s)
    Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
    if (vec == null) {
        return false;
    }

    // Try out each certificate in the vector, until we find one
    // whose public key verifies the signature of the certificate
    // in question.
    for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
         issuerCerts.hasMoreElements(); ) {
        Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
        PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
        try {
            certToVerify.snd.verify(issuerPubKey);
        } catch (Exception e) {
            continue;
        }
        if (buildChain(issuerCert, chain, certs)) {
            chain.addElement(certToVerify);
            return true;
        }
    }
    return false;
}
 
Example 2
Source File: Main.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Recursively tries to establish chain from pool of certs starting from
 * certToVerify until a self-signed cert is found, and fill the certs found
 * into chain. Each cert in the chain signs the next one.
 *
 * This method is able to recover from an error, say, if certToVerify
 * is signed by certA but certA has no issuer in certs and itself is not
 * self-signed, the method can try another certB that also signs
 * certToVerify and look for signer of certB, etc, etc.
 *
 * Each cert in chain comes with a label showing its origin. The label is
 * used in the warning message when the cert is considered a risk.
 *
 * @param certToVerify the cert that needs to be verified.
 * @param chain the chain that's being built.
 * @param certs the pool of trusted certs
 *
 * @return true if successful, false otherwise.
 */
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
        Vector<Pair<String,X509Certificate>> chain,
        Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
    if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
        // reached self-signed root cert;
        // no verification needed because it's trusted.
        chain.addElement(certToVerify);
        return true;
    }

    Principal issuer = certToVerify.snd.getIssuerDN();

    // Get the issuer's certificate(s)
    Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
    if (vec == null) {
        return false;
    }

    // Try out each certificate in the vector, until we find one
    // whose public key verifies the signature of the certificate
    // in question.
    for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
         issuerCerts.hasMoreElements(); ) {
        Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
        PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
        try {
            certToVerify.snd.verify(issuerPubKey);
        } catch (Exception e) {
            continue;
        }
        if (buildChain(issuerCert, chain, certs)) {
            chain.addElement(certToVerify);
            return true;
        }
    }
    return false;
}
 
Example 3
Source File: Main.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Recursively tries to establish chain from pool of certs starting from
 * certToVerify until a self-signed cert is found, and fill the certs found
 * into chain. Each cert in the chain signs the next one.
 *
 * This method is able to recover from an error, say, if certToVerify
 * is signed by certA but certA has no issuer in certs and itself is not
 * self-signed, the method can try another certB that also signs
 * certToVerify and look for signer of certB, etc, etc.
 *
 * Each cert in chain comes with a label showing its origin. The label is
 * used in the warning message when the cert is considered a risk.
 *
 * @param certToVerify the cert that needs to be verified.
 * @param chain the chain that's being built.
 * @param certs the pool of trusted certs
 *
 * @return true if successful, false otherwise.
 */
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
        Vector<Pair<String,X509Certificate>> chain,
        Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
    if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
        // reached self-signed root cert;
        // no verification needed because it's trusted.
        chain.addElement(certToVerify);
        return true;
    }

    Principal issuer = certToVerify.snd.getIssuerDN();

    // Get the issuer's certificate(s)
    Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
    if (vec == null) {
        return false;
    }

    // Try out each certificate in the vector, until we find one
    // whose public key verifies the signature of the certificate
    // in question.
    for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
         issuerCerts.hasMoreElements(); ) {
        Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
        PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
        try {
            certToVerify.snd.verify(issuerPubKey);
        } catch (Exception e) {
            continue;
        }
        if (buildChain(issuerCert, chain, certs)) {
            chain.addElement(certToVerify);
            return true;
        }
    }
    return false;
}
 
Example 4
Source File: Main.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Recursively tries to establish chain from pool of certs starting from
 * certToVerify until a self-signed cert is found, and fill the certs found
 * into chain. Each cert in the chain signs the next one.
 *
 * This method is able to recover from an error, say, if certToVerify
 * is signed by certA but certA has no issuer in certs and itself is not
 * self-signed, the method can try another certB that also signs
 * certToVerify and look for signer of certB, etc, etc.
 *
 * Each cert in chain comes with a label showing its origin. The label is
 * used in the warning message when the cert is considered a risk.
 *
 * @param certToVerify the cert that needs to be verified.
 * @param chain the chain that's being built.
 * @param certs the pool of trusted certs
 *
 * @return true if successful, false otherwise.
 */
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
        Vector<Pair<String,X509Certificate>> chain,
        Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
    if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
        // reached self-signed root cert;
        // no verification needed because it's trusted.
        chain.addElement(certToVerify);
        return true;
    }

    Principal issuer = certToVerify.snd.getIssuerDN();

    // Get the issuer's certificate(s)
    Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
    if (vec == null) {
        return false;
    }

    // Try out each certificate in the vector, until we find one
    // whose public key verifies the signature of the certificate
    // in question.
    for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
            issuerCerts.hasMoreElements(); ) {
        Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
        PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
        try {
            certToVerify.snd.verify(issuerPubKey);
        } catch (Exception e) {
            continue;
        }
        if (buildChain(issuerCert, chain, certs)) {
            chain.addElement(certToVerify);
            return true;
        }
    }
    return false;
}
 
Example 5
Source File: Main.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Recursively tries to establish chain from pool of certs starting from
 * certToVerify until a self-signed cert is found, and fill the certs found
 * into chain. Each cert in the chain signs the next one.
 *
 * This method is able to recover from an error, say, if certToVerify
 * is signed by certA but certA has no issuer in certs and itself is not
 * self-signed, the method can try another certB that also signs
 * certToVerify and look for signer of certB, etc, etc.
 *
 * Each cert in chain comes with a label showing its origin. The label is
 * used in the warning message when the cert is considered a risk.
 *
 * @param certToVerify the cert that needs to be verified.
 * @param chain the chain that's being built.
 * @param certs the pool of trusted certs
 *
 * @return true if successful, false otherwise.
 */
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
        Vector<Pair<String,X509Certificate>> chain,
        Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
    if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
        // reached self-signed root cert;
        // no verification needed because it's trusted.
        chain.addElement(certToVerify);
        return true;
    }

    Principal issuer = certToVerify.snd.getIssuerDN();

    // Get the issuer's certificate(s)
    Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
    if (vec == null) {
        return false;
    }

    // Try out each certificate in the vector, until we find one
    // whose public key verifies the signature of the certificate
    // in question.
    for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
            issuerCerts.hasMoreElements(); ) {
        Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
        PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
        try {
            certToVerify.snd.verify(issuerPubKey);
        } catch (Exception e) {
            continue;
        }
        if (buildChain(issuerCert, chain, certs)) {
            chain.addElement(certToVerify);
            return true;
        }
    }
    return false;
}
 
Example 6
Source File: Main.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Recursively tries to establish chain from pool of certs starting from
 * certToVerify until a self-signed cert is found, and fill the certs found
 * into chain. Each cert in the chain signs the next one.
 *
 * This method is able to recover from an error, say, if certToVerify
 * is signed by certA but certA has no issuer in certs and itself is not
 * self-signed, the method can try another certB that also signs
 * certToVerify and look for signer of certB, etc, etc.
 *
 * Each cert in chain comes with a label showing its origin. The label is
 * used in the warning message when the cert is considered a risk.
 *
 * @param certToVerify the cert that needs to be verified.
 * @param chain the chain that's being built.
 * @param certs the pool of trusted certs
 *
 * @return true if successful, false otherwise.
 */
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
        Vector<Pair<String,X509Certificate>> chain,
        Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
    if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
        // reached self-signed root cert;
        // no verification needed because it's trusted.
        chain.addElement(certToVerify);
        return true;
    }

    Principal issuer = certToVerify.snd.getIssuerDN();

    // Get the issuer's certificate(s)
    Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
    if (vec == null) {
        return false;
    }

    // Try out each certificate in the vector, until we find one
    // whose public key verifies the signature of the certificate
    // in question.
    for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
         issuerCerts.hasMoreElements(); ) {
        Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
        PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
        try {
            certToVerify.snd.verify(issuerPubKey);
        } catch (Exception e) {
            continue;
        }
        if (buildChain(issuerCert, chain, certs)) {
            chain.addElement(certToVerify);
            return true;
        }
    }
    return false;
}
 
Example 7
Source File: Main.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Returns a string of singer info, with a newline at the end
 */
private String signerInfo(CodeSigner signer, String tab) {
    if (cacheForSignerInfo.containsKey(signer)) {
        return cacheForSignerInfo.get(signer);
    }
    StringBuilder sb = new StringBuilder();
    List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
    // display the signature timestamp, if present
    Date timestamp;
    Timestamp ts = signer.getTimestamp();
    if (ts != null) {
        sb.append(printTimestamp(tab, ts));
        sb.append('\n');
        timestamp = ts.getTimestamp();
    } else {
        timestamp = null;
        noTimestamp = true;
    }
    // display the certificate(sb). The first one is end-entity cert and
    // its KeyUsage should be checked.
    boolean first = true;
    for (Certificate c : certs) {
        sb.append(printCert(tab, c, true, timestamp, first));
        sb.append('\n');
        first = false;
    }
    try {
        validateCertChain(certs);
    } catch (Exception e) {
        chainNotValidated = true;
        chainNotValidatedReason = e;
        sb.append(tab).append(rb.getString(".CertPath.not.validated."))
                .append(e.getLocalizedMessage()).append("]\n"); // TODO
    }
    if (certs.size() == 1
            && KeyStoreUtil.isSelfSigned((X509Certificate)certs.get(0))) {
        signerSelfSigned = true;
    }
    String result = sb.toString();
    cacheForSignerInfo.put(signer, result);
    return result;
}