CertificateInfo.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.certificate;

  23. import java.io.Serializable;
  24. import java.math.BigInteger;
  25. import java.security.InvalidAlgorithmParameterException;
  26. import java.security.InvalidKeyException;
  27. import java.security.KeyStoreException;
  28. import java.security.MessageDigest;
  29. import java.security.NoSuchAlgorithmException;
  30. import java.security.NoSuchProviderException;
  31. import java.security.SignatureException;
  32. import java.security.cert.CertPathValidator;
  33. import java.security.cert.CertPathValidatorException;
  34. import java.security.cert.CertStore;
  35. import java.security.cert.CertificateEncodingException;
  36. import java.security.cert.CertificateException;
  37. import java.security.cert.CertificateExpiredException;
  38. import java.security.cert.CertificateFactory;
  39. import java.security.cert.CertificateNotYetValidException;
  40. import java.security.cert.CertificateParsingException;
  41. import java.security.cert.PKIXParameters;
  42. import java.util.ArrayList;
  43. import java.util.Date;
  44. import java.util.Enumeration;
  45. import java.util.List;

  47. import javax.security.auth.x500.X500Principal;

  49. import org.openspcoop2.utils.LoggerWrapperFactory;
  50. import org.openspcoop2.utils.UtilsException;
  51. import org.openspcoop2.utils.date.DateManager;
  52. import org.openspcoop2.utils.io.Base64Utilities;

  54. /**
  55.  * CertificateInfo
  56.  *
  57.  * @author Poli Andrea (apoli@link.it)
  58.  * @author $Author$
  59.  * @version $Rev$, $Date$
  60.  */
  61. public class CertificateInfo implements Serializable {

  63.     /**
  64.      * 
  65.      */
  66.     private static final long serialVersionUID = 1L;
  67.     
  68.     private java.security.cert.X509Certificate certificate;

  70.     private String name;
  71.     
  72.     private byte[] digest;
  73.     private String digestBase64Encoded;
  74.     
  75.     public CertificateInfo(java.security.cert.X509Certificate certificate, String name) {
  76.         this.certificate = certificate;
  77.         this.name = name;
  78.     }

  80.     public String getName() {
  81.         return this.name;
  82.     }
  83.     
  84.     public CertificatePrincipal getSubject() {
  85.         if(this.certificate.getSubjectX500Principal()!=null) {
  86.             return new CertificatePrincipal(this.certificate.getSubjectX500Principal(), PrincipalType.SUBJECT);
  87.         }
  88.         return null;
  89.     }
  90.     
  91.     public CertificatePrincipal getIssuer() {
  92.         if(this.certificate.getIssuerX500Principal()!=null) {
  93.             return new CertificatePrincipal(this.certificate.getIssuerX500Principal(), PrincipalType.ISSUER);
  94.         }
  95.         return null;
  96.     }
  97.     
  98.     public String getSerialNumber() {
  99.         if(this.certificate.getSerialNumber()!=null) {
  100.             return this.certificate.getSerialNumber().toString();
  101.         }
  102.         else {
  103.             return null;
  104.         }
  105.     }
  106.     public String getSerialNumberHex() {
  107.         if(this.certificate.getSerialNumber()!=null) {
  108.             return this.certificate.getSerialNumber().toString(16);
  109.         }
  110.         else {
  111.             return null;
  112.         }
  113.     }
  114.     public String getSerialNumberHex(String delimiter) {
  115.         if(this.certificate.getSerialNumber()!=null) {
  116.             return formatSerialNumberHex(this.certificate.getSerialNumber(), delimiter);
  117.         }
  118.         else {
  119.             return null;
  120.         }
  121.     }
  122.     public static String formatSerialNumberHex(String serialNumber) {
  123.         return (new BigInteger(serialNumber)).toString(16);
  124.     }
  125.     public static String formatSerialNumberHex(String serialNumber, String delimiter) {
  126.         return formatSerialNumberHex(new BigInteger(serialNumber), delimiter);
  127.     }
  128.     public static String formatSerialNumberHex(BigInteger bi, String delimiter) {
  129.         byte[] bytes = bi.toByteArray();
  130.         StringBuilder sb = new StringBuilder();
  131.         for (byte b : bytes) {
  132.             String f = "%02X"+delimiter;
  133.             sb.append(String.format(f, b));
  134.         }
  135.         String s = sb.toString();
  136.         if(s.endsWith(delimiter) && s.length()>delimiter.length()) {
  137.             return s.substring(0, (s.length()-delimiter.length()));
  138.         }
  139.         else {
  140.             return s;
  141.         }
  142.     }
  143.     
  144.     public java.security.cert.X509Certificate getCertificate() {
  145.         return this.certificate;
  146.     }
  147.     
  148.     public String getPEMEncoded() throws UtilsException {
  149.         return CertificateUtils.toPEM(this.certificate);
  150.     }
  151.     public byte[] getEncoded() throws UtilsException {
  152.         try {
  153.             return this.certificate.getEncoded();
  154.         }catch(Exception e) {
  155.             throw new UtilsException(e.getMessage(), e);
  156.         }
  157.     }
  158.     
  159.     public byte[] digest() throws CertificateException {
  160.         return this.digest("MD5");
  161.     }
  162.     public byte[] digest(String algoritmo) throws CertificateException {
  163.         if(this.digest==null) {
  164.             this.initDigest(algoritmo);
  165.         }
  166.         return this.digest;
  167.     }
  168.     private synchronized void initDigest(String algoritmo) throws CertificateException {
  169.         try {
  170.             if(this.digest==null) {
  171.                 MessageDigest digestEngine = org.openspcoop2.utils.digest.MessageDigestFactory.getMessageDigest(algoritmo);
  172.                 digestEngine.update(this.certificate.getEncoded());
  173.                 this.digest = digestEngine.digest();
  174.             }
  175.         }catch(Exception e) {
  176.             throw new CertificateException(e.getMessage(),e);
  177.         }
  178.     }
  179.     
  180.     public String digestBase64Encoded() throws CertificateException {
  181.         return this.digestBase64Encoded("MD5");
  182.     }
  183.     public String digestBase64Encoded(String algoritmo) throws CertificateException {
  184.         if(this.digestBase64Encoded==null) {
  185.             this.initDigestBase64Encoded(algoritmo);
  186.         }
  187.         return this.digestBase64Encoded;
  188.     }
  189.     private synchronized void initDigestBase64Encoded(String algoritmo) throws CertificateException {
  190.         try {
  191.             if(this.digestBase64Encoded==null) {
  192.                 this.digestBase64Encoded = Base64Utilities.encodeAsString(this.digest(algoritmo));
  193.             }
  194.         }catch(Exception e) {
  195.             throw new CertificateException(e.getMessage(),e);
  196.         }
  197.     }
  198.     
  199.     public Date getNotAfter() {
  200.         return this.certificate.getNotAfter();
  201.     }
  202.     
  203.     public Date getNotBefore() {
  204.         return this.certificate.getNotBefore();
  205.     }
  206.     
  207.     public String getSigAlgName() {
  208.         return this.certificate.getSigAlgName();
  209.     }
  210.     
  211.     public String getType() {
  212.         return this.certificate.getType();
  213.     }
  214.     
  215.     public int getVersion() {
  216.         return this.certificate.getVersion();
  217.     }
  218.     
  219.     public List<KeyUsage> getKeyUsage(){
  220.         return KeyUsage.getKeyUsage(this.certificate);
  221.     }
  222.     public boolean[] getKeyUsageAsMap() {
  223.         return this.certificate.getKeyUsage();
  224.     }
  225.     public boolean hasKeyUsage(KeyUsage keyUsage) {
  226.         return keyUsage.hasKeyUsage(this.certificate);
  227.     }
  228.     public boolean hasKeyUsage(String keyUsage) {
  229.         return hasKeyUsage(KeyUsage.valueOf(keyUsage.toUpperCase()));
  230.     }
  231.     public boolean hasKeyUsageByArrayBooleanPosition(int arrayBooleanPosition) {
  232.         return KeyUsage.existsKeyUsageByArrayBooleanPosition(this.certificate, arrayBooleanPosition);
  233.     }
  234.     public boolean hasKeyUsageByBouncycastleCode(int bouncycastelValue) throws CertificateEncodingException {
  235.         return KeyUsage.existsKeyUsageByBouncycastleCode(this.certificate.getEncoded(), bouncycastelValue);
  236.     }
  237.     
  238.     public List<ExtendedKeyUsage> getExtendedKeyUsage() throws CertificateParsingException{
  239.         return ExtendedKeyUsage.getKeyUsage(this.certificate);
  240.     }
  241.     public List<String> getExtendedKeyUsageByOID() throws CertificateParsingException {
  242.         return this.certificate.getExtendedKeyUsage();
  243.     }
  244.     public boolean hasExtendedKeyUsage(ExtendedKeyUsage keyUsage) throws CertificateParsingException {
  245.         return keyUsage.hasKeyUsage(this.certificate);
  246.     }
  247.     public boolean hasExtendedKeyUsage(String keyUsage) throws CertificateParsingException {
  248.         return hasExtendedKeyUsage(ExtendedKeyUsage.valueOf(keyUsage.toUpperCase()));
  249.     }
  250.     public boolean hasExtendedKeyUsageByOID(String oid) throws CertificateParsingException {
  251.         return ExtendedKeyUsage.existsKeyUsageByOID(this.certificate,oid);
  252.     }
  253.     public boolean hasExtendedKeyUsageByBouncycastleKeyPurposeId(String oid) throws CertificateEncodingException {
  254.         return ExtendedKeyUsage.existsKeyUsageByBouncycastleKeyPurposeId(this.certificate.getEncoded(),oid);
  255.     }
  256.     
  257.     public List<CertificatePolicy> getCertificatePolicies() throws CertificateEncodingException {
  258.         return CertificatePolicy.getCertificatePolicies(this.certificate.getEncoded());
  259.     }
  260.     public CertificatePolicy getCertificatePolicy(String oid) throws CertificateParsingException, CertificateEncodingException {
  261.         return getCertificatePolicyByOID(oid);
  262.     }
  263.     public CertificatePolicy getCertificatePolicyByOID(String oid) throws CertificateParsingException, CertificateEncodingException {
  264.         if(oid==null) {
  265.             throw new CertificateParsingException("Param oid undefined");
  266.         }
  267.         List<CertificatePolicy> l = getCertificatePolicies();
  268.         if(l!=null && !l.isEmpty()) {
  269.             for (CertificatePolicy certificatePolicy : l) {
  270.                 if(oid.equals(certificatePolicy.getOID())) {
  271.                     return certificatePolicy;
  272.                 }
  273.             }
  274.         }
  275.         return null;
  276.     }
  277.     public boolean hasCertificatePolicy(String oid) throws CertificateParsingException, CertificateEncodingException {
  278.         if(oid==null) {
  279.             throw new CertificateParsingException("Param oid undefined");
  280.         }
  281.         return this.getCertificatePolicyByOID(oid)!=null;
  282.     }
  283.     
  284.     public BasicConstraints getBasicConstraints() throws CertificateParsingException, CertificateEncodingException {
  285.         return BasicConstraints.getBasicConstraints(this.certificate.getEncoded());
  286.     }
  287.     public boolean isCA() throws CertificateParsingException, CertificateEncodingException {
  288.         BasicConstraints bc = this.getBasicConstraints();
  289.         return bc !=null && bc.isCA();
  290.     }
  291.     public long getPathLen() throws CertificateParsingException, CertificateEncodingException {
  292.         BasicConstraints bc = this.getBasicConstraints();
  293.         return bc !=null ? bc.getPathLen() : -1;
  294.     }
  295.     
  296.     public AuthorityKeyIdentifier getAuthorityKeyIdentifier() throws CertificateParsingException, CertificateEncodingException {
  297.         return AuthorityKeyIdentifier.getAuthorityKeyIdentifier(this.certificate.getEncoded());
  298.     }
  299.     
  300.     public AuthorityInformationAccess getAuthorityInformationAccess() throws CertificateParsingException, CertificateEncodingException {
  301.         return AuthorityInformationAccess.getAuthorityInformationAccess(this.certificate.getEncoded());
  302.     }
  303.     
  304.     public CRLDistributionPoints getCRLDistributionPoints() throws CertificateEncodingException {
  305.         return CRLDistributionPoints.getCRLDistributionPoints(this.certificate.getEncoded());
  306.     }
  307.     
  308.     public SubjectAlternativeNames getSubjectAlternativeNames() throws CertificateEncodingException {
  309.         return SubjectAlternativeNames.getSubjectAlternativeNames(this.certificate.getEncoded());
  310.     }
  311.     public List<String> getAlternativeNames() throws CertificateEncodingException {
  312.         SubjectAlternativeNames subjectAlternativeNames = this.getSubjectAlternativeNames();
  313.         return subjectAlternativeNames !=null ? subjectAlternativeNames.getAlternativeNames() : null;
  314.     }
  315.     
  316.     public Extensions getExtensions() throws CertificateEncodingException {
  317.         return Extensions.getExtensions(this.certificate.getEncoded());
  318.     }
  319.     
  320.     /**
  321.      * Utility method to test if a certificate is self-issued. This is
  322.      * the case iff the subject and issuer X500Principals are equal.
  323.      */
  324.     public boolean isSelfIssued() {
  325.         X500Principal subject = this.certificate.getSubjectX500Principal();
  326.         X500Principal issuer = this.certificate.getIssuerX500Principal();
  327.         return subject.equals(issuer);
  328.     }

  330.     /**
  331.      * Utility method to test if a certificate is self-signed. This is
  332.      * the case iff the subject and issuer X500Principals are equal
  333.      * AND the certificate's subject public key can be used to verify
  334.      * the certificate. In case of exception, returns false.
  335.      */
  336.     public boolean isSelfSigned() {
  337.         return this.isSelfSigned(null);
  338.     }
  339.     public boolean isSelfSigned(String sigProvider) {
  340.         if (isSelfIssued()) {
  341.             try {
  342.                 if (sigProvider == null) {
  343.                     this.certificate.verify(this.certificate.getPublicKey());
  344.                 } else {
  345.                     this.certificate.verify(this.certificate.getPublicKey(), sigProvider);
  346.                 }
  347.                 return true;
  348.             } catch (Exception e) {
  349.                 // In case of exception, return false
  350.             }
  351.         }
  352.         return false;
  353.     }
  354.     
  355.     public boolean isValid() {
  356.         try {
  357.             this.certificate.checkValidity(DateManager.getDate());
  358.             return true;
  359.         }catch(Exception e) {
  360.             return false;
  361.         }
  362.     }
  363.     public void checkValid() throws CertificateExpiredException, CertificateNotYetValidException {
  364.         checkValid(DateManager.getDate());
  365.     }
  366.     public void checkValid(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
  367.         this.certificate.checkValidity(date!=null ? date : DateManager.getDate());
  368.     }
  369.     
  370.     public boolean isValid(CertStore crlCertstore, KeyStore trustStore) {
  371.         try {
  372.             this.checkValid(crlCertstore, trustStore);
  373.             return true;
  374.         }catch(Exception e) {
  375.             return false;
  376.         }
  377.     }
  378.     public void checkValid(CertStore crlCertstore, KeyStore trustStore) throws CertPathValidatorException, InvalidAlgorithmParameterException, CertificateException, KeyStoreException, SecurityException, NoSuchAlgorithmException {
  379.         checkValid(crlCertstore, trustStore, DateManager.getDate());
  380.     }
  381.     public void checkValid(CertStore crlCertstore, KeyStore trustStore, Date date) throws CertPathValidatorException, InvalidAlgorithmParameterException, CertificateException, KeyStoreException, SecurityException, NoSuchAlgorithmException {
  382.         PKIXParameters pkixParameters = new PKIXParameters(trustStore.getKeystore());
  383.         pkixParameters.setDate(date!=null ? date : DateManager.getDate()); // per validare i certificati scaduti
  384.         pkixParameters.addCertStore(crlCertstore);
  385.         pkixParameters.setRevocationEnabled(true);
  386.         CertPathValidator certPathValidator = org.openspcoop2.utils.certificate.CertificateFactory.getCertPathValidator();
  387.         List<java.security.cert.Certificate> lCertificate = new ArrayList<>();
  388.         lCertificate.add(this.certificate);
  389.         CertificateFactory certificateFactory = org.openspcoop2.utils.certificate.CertificateFactory.getCertificateFactory();
  390.         certPathValidator.validate(certificateFactory.generateCertPath(lCertificate), pkixParameters);
  391.     }
  392.     
  393.     public boolean isVerified(KeyStore trustStore, boolean checkSameCertificateInTrustStore) {
  394.         try {
  395.             Enumeration<String> aliasesEnum = trustStore.aliases();
  396.             while (aliasesEnum.hasMoreElements()) {
  397.                 String alias = aliasesEnum.nextElement();
  398.                 java.security.cert.Certificate certificateReaded = trustStore.getCertificate(alias);
  399.                 if(checkSameCertificateInTrustStore && this.equalsEngine(certificateReaded)) {
  400.                     return true;
  401.                 }
  402.                 if(this.isVerified(certificateReaded)) {
  403.                     return true;
  404.                 }
  405.             }
  406.         }catch(Exception e) {
  407.             // ignore
  408.         }
  409.         return false;
  410.     }
  411.     public boolean isVerified(CertificateInfo caCert) {
  412.         return this.isVerified(caCert.getCertificate());
  413.     }
  414.     public boolean isVerified(java.security.cert.Certificate caCert) {
  415.         try {
  416.             this.certificate.verify(caCert.getPublicKey());
  417.             return true;
  418.         }catch(Exception e) {
  419.             return false;
  420.         }
  421.     }
  422.     public void verify(CertificateInfo caCert) throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
  423.         verify(caCert.getCertificate());
  424.     }
  425.     public void verify(java.security.cert.Certificate caCert) throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
  426.         this.certificate.verify(caCert.getPublicKey());
  427.     }
  428.     
  429.     @Override
  430.     public boolean equals(Object certificate) {
  431.         return this.equalsEngine(certificate);
  432.     }
  433.     private boolean equalsEngine(Object certificate) {
  434.         if(certificate instanceof java.security.cert.X509Certificate) {
  435.             java.security.cert.X509Certificate x509 = (java.security.cert.X509Certificate) certificate;
  436.             return this.equals(x509, true);
  437.         }
  438.         else if(certificate instanceof java.security.cert.Certificate) {
  439.             if(this.getCertificate()!=null) {
  440.                 java.security.cert.Certificate cer = (java.security.cert.Certificate) certificate;
  441.                 return this.getCertificate().equals(cer);
  442.             }
  443.         }
  444.         else if(certificate instanceof CertificateInfo) {
  445.             CertificateInfo c = (CertificateInfo) certificate;
  446.             return this.equals(c.getCertificate(), true);
  447.         }
  448.         return false;
  449.     }
  450.     /** GiĆ  gestite nell'equals(Object)
  451.     public boolean equals(java.security.cert.X509Certificate certificate) {
  452.         return this.equals(certificate, true);
  453.     }
  454.     public boolean equals(CertificateInfo certificate) {
  455.         return this.equals(certificate.getCertificate(), true);
  456.     }*/
  457.     
  458.     public boolean equals(java.security.cert.X509Certificate certificate, boolean strictVerifier) {
  459.         CertificateInfo certificateCheck = new CertificateInfo(certificate, "check");
  460.         return this.equals(certificateCheck, strictVerifier);
  461.     }
  462.     public boolean equals(CertificateInfo certificate, boolean strictVerifier) {
  463.         if(strictVerifier) {
  464.             return this.getCertificate().equals(certificate.getCertificate());
  465.         }
  466.         else {
  467.             try {
  468.                 boolean checkIssuer = this.getIssuer().getNameNormalized().equals(certificate.getIssuer().getNameNormalized());
  469.                 boolean checkSubject = this.getSubject().getNameNormalized().equals(certificate.getSubject().getNameNormalized());
  470.                 return checkIssuer && checkSubject;
  471.             }catch(Exception e) {
  472.                 LoggerWrapperFactory.getLogger(CertificateInfo.class.getName()).error(e.getMessage(),e);
  473.                 return false;
  474.             }
  475.         }
  476.     }
  477.     
  478.     public boolean equals(X500Principal principal) {
  479.         if(principal==null) {
  480.             return false;
  481.         }
  482.         X500Principal subject = this.certificate.getSubjectX500Principal();
  483.         return principal.equals(subject);
  484.     }
  485.     
  486.     @Override
  487.     public String toString() {
  488.         StringBuilder bf = new StringBuilder();
  489.         CertificateUtils.printCertificate(bf, this.certificate, this.name);
  490.         return bf.toString();
  491.     }
  492.     
  493.     @Override
  494.     public int hashCode() {
  495.         return this.toString().hashCode();
  496.     }
  497. }
Created with JaCoCo 0.8.8.202204050719