Changeset 8b42896


Ignore:
Timestamp:
Dec 8, 2015 2:07:38 AM (5 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
81cb62f
Parents:
9ba5ad7
Message:

Crypto: Consolidate certificate import methods

Location:
core/java/src/net/i2p/crypto
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/CertUtil.java

    r9ba5ad7 r8b42896  
    22
    33import java.io.File;
     4import java.io.FileInputStream;
     5import java.io.InputStream;
    46import java.io.IOException;
    57import java.io.OutputStream;
    68import java.io.OutputStreamWriter;
    79import java.io.PrintWriter;
     10import java.security.GeneralSecurityException;
     11import java.security.PublicKey;
    812import java.security.cert.Certificate;
     13import java.security.cert.CertificateFactory;
    914import java.security.cert.CertificateEncodingException;
    1015import java.security.cert.X509Certificate;
     
    135140        l.log(level, msg, t);
    136141    }
     142
     143    /**
     144     *  Get the Java public key from a X.509 certificate file.
     145     *  Throws if the certificate is invalid (e.g. expired).
     146     *
     147     *  @return non-null, throws on all errors including certificate invalid
     148     *  @since 0.9.24 moved from SU3File private method
     149     */
     150    public static PublicKey loadKey(File kd) throws IOException, GeneralSecurityException {
     151        return loadCert(kd).getPublicKey();
     152    }
     153
     154    /**
     155     *  Get the certificate from a X.509 certificate file.
     156     *  Throws if the certificate is invalid (e.g. expired).
     157     *
     158     *  @return non-null, throws on all errors including certificate invalid
     159     *  @since 0.9.24 adapted from SU3File private method
     160     */
     161    public static X509Certificate loadCert(File kd) throws IOException, GeneralSecurityException {
     162        InputStream fis = null;
     163        try {
     164            fis = new FileInputStream(kd);
     165            CertificateFactory cf = CertificateFactory.getInstance("X.509");
     166            X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
     167            cert.checkValidity();
     168            return cert;
     169        } catch (IllegalArgumentException iae) {
     170            // java 1.8.0_40-b10, openSUSE
     171            // Exception in thread "main" java.lang.IllegalArgumentException: Input byte array has wrong 4-byte ending unit
     172            // at java.util.Base64$Decoder.decode0(Base64.java:704)
     173            throw new GeneralSecurityException("cert error", iae);
     174        } finally {
     175            try { if (fis != null) fis.close(); } catch (IOException foo) {}
     176        }
     177    }
    137178}
  • core/java/src/net/i2p/crypto/DirKeyRing.java

    r9ba5ad7 r8b42896  
    3636     *
    3737     *  CN check unsupported on Android.
     38     *
     39     *  @return null if file doesn't exist, throws on all other errors
    3840     */
    3941    public PublicKey getKey(String keyName, String scope, SigType type)
     
    4850        if (!kd.exists())
    4951            return null;
    50         InputStream fis = null;
    51         try {
    52             fis = new FileInputStream(kd);
    53             CertificateFactory cf = CertificateFactory.getInstance("X.509");
    54             X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
    55             cert.checkValidity();
    56             if (!SystemVersion.isAndroid()) {
    57                 // getSubjectValue() unsupported on Android.
    58                 // Any cert problems will be caught in non-Android testing.
    59                 String cn = CertUtil.getSubjectValue(cert, "CN");
    60                 if (!keyName.equals(cn))
    61                     throw new GeneralSecurityException("CN mismatch: " + cn);
    62             }
    63             return cert.getPublicKey();
    64         } catch (IllegalArgumentException iae) {
    65             // java 1.8.0_40-b10, openSUSE
    66             throw new GeneralSecurityException("Bad cert", iae);
    67         } finally {
    68             try { if (fis != null) fis.close(); } catch (IOException foo) {}
     52        X509Certificate cert = CertUtil.loadCert(kd);
     53        if (!SystemVersion.isAndroid()) {
     54            // getSubjectValue() unsupported on Android.
     55            // Any cert problems will be caught in non-Android testing.
     56            String cn = CertUtil.getSubjectValue(cert, "CN");
     57            if (!keyName.equals(cn))
     58                throw new GeneralSecurityException("CN mismatch: " + cn);
    6959        }
     60        return cert.getPublicKey();
    7061    }
    7162
  • core/java/src/net/i2p/crypto/KeyStoreUtil.java

    r9ba5ad7 r8b42896  
    1313import java.security.cert.CertificateExpiredException;
    1414import java.security.cert.CertificateNotYetValidException;
    15 import java.security.cert.CertificateFactory;
    1615import java.security.cert.X509Certificate;
    1716import java.util.Enumeration;
     
    318317     */
    319318    public static boolean addCert(File file, String alias, KeyStore ks) {
    320         InputStream fis = null;
    321         try {
    322             fis = new FileInputStream(file);
    323             CertificateFactory cf = CertificateFactory.getInstance("X.509");
    324             X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
     319        try {
     320            X509Certificate cert = CertUtil.loadCert(file);
    325321            info("Read X509 Certificate from " + file.getAbsolutePath() +
    326322                          " Issuer: " + cert.getIssuerX500Principal() +
     
    328324                          "; Valid From: " + cert.getNotBefore() +
    329325                          " To: " + cert.getNotAfter());
    330             try {
    331                 cert.checkValidity();
    332             } catch (CertificateExpiredException cee) {
    333                 String s = "Rejecting expired X509 Certificate: " + file.getAbsolutePath();
    334                 // Android often has old system certs
    335                 if (SystemVersion.isAndroid())
    336                     warn(s, cee);
    337                 else
    338                     error(s, cee);
    339                 return false;
    340             } catch (CertificateNotYetValidException cnyve) {
    341                 error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), cnyve);
    342                 return false;
    343             }
    344326            ks.setCertificateEntry(alias, cert);
    345327            info("Now trusting X509 Certificate, Issuer: " + cert.getIssuerX500Principal());
     328        } catch (CertificateExpiredException cee) {
     329            String s = "Rejecting expired X509 Certificate: " + file.getAbsolutePath();
     330            // Android often has old system certs
     331            if (SystemVersion.isAndroid())
     332                warn(s, cee);
     333            else
     334                error(s, cee);
     335            return false;
     336        } catch (CertificateNotYetValidException cnyve) {
     337            error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), cnyve);
     338            return false;
    346339        } catch (GeneralSecurityException gse) {
    347340            error("Error reading X509 Certificate: " + file.getAbsolutePath(), gse);
     
    350343            error("Error reading X509 Certificate: " + file.getAbsolutePath(), ioe);
    351344            return false;
    352         } catch (IllegalArgumentException iae) {
    353             // java 1.8.0_40-b10, openSUSE
    354             // Exception in thread "main" java.lang.IllegalArgumentException: Input byte array has wrong 4-byte ending unit
    355             // at java.util.Base64$Decoder.decode0(Base64.java:704)
    356             error("Error reading X509 Certificate: " + file.getAbsolutePath(), iae);
    357             return false;
    358         } finally {
    359             try { if (fis != null) fis.close(); } catch (IOException foo) {}
    360345        }
    361346        return true;
  • core/java/src/net/i2p/crypto/SU3File.java

    r9ba5ad7 r8b42896  
    1616import java.security.PrivateKey;
    1717import java.security.PublicKey;
    18 import java.security.cert.CertificateFactory;
    19 import java.security.cert.X509Certificate;
    2018import java.util.ArrayList;
    2119import java.util.Arrays;
     
    979977     */
    980978    private static PublicKey loadKey(File kd) throws IOException {
    981         InputStream fis = null;
    982         try {
    983             fis = new FileInputStream(kd);
    984             CertificateFactory cf = CertificateFactory.getInstance("X.509");
    985             X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
    986             cert.checkValidity();
    987             return cert.getPublicKey();
     979        try {
     980            return CertUtil.loadKey(kd);
    988981        } catch (GeneralSecurityException gse) {
    989982            IOException ioe = new IOException("cert error");
    990983            ioe.initCause(gse);
    991984            throw ioe;
    992         } catch (IllegalArgumentException iae) {
    993             // java 1.8.0_40-b10, openSUSE
    994             IOException ioe = new IOException("cert error");
    995             ioe.initCause(iae);
    996             throw ioe;
    997         } finally {
    998             try { if (fis != null) fis.close(); } catch (IOException foo) {}
    999985        }
    1000986    }
Note: See TracChangeset for help on using the changeset viewer.