1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package build.tools.blacklistedcertsconverter; 25 26 import java.security.MessageDigest; 27 import java.security.cert.Certificate; 28 import java.security.cert.CertificateFactory; 29 import java.security.cert.X509Certificate; 30 import java.util.Collection; 31 import java.util.Set; 32 import java.util.TreeSet; 33 34 35 /** 36 * Converts blacklisted.certs.pem from System.in to blacklisted.certs in 37 * System.out. The input must start with a #! line including the fingerprint 38 * algorithm. The output is sorted and unique. 39 */ 40 public class BlacklistedCertsConverter { 41 42 public static void main(String[] args) throws Exception { 43 44 byte[] pattern = "#! java BlacklistedCertsConverter ".getBytes(); 45 String mdAlg = ""; 46 47 for (int i=0; ; i++) { 48 int n = System.in.read(); 49 if (n < 0) { 50 throw new Exception("Unexpected EOF"); 51 } 52 if (i < pattern.length) { 53 if (n != pattern[i]) { 54 throw new Exception("The first line must start with \"" 55 + new String(pattern) + "\""); 56 } 57 } else if (i < pattern.length + 100) { 58 if (n < 32) { 59 break; 60 } else { 61 mdAlg = mdAlg + String.format("%c", n); 62 } 63 } 64 } 65 66 mdAlg = mdAlg.trim(); 67 System.out.println("Algorithm=" + mdAlg); 68 69 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 70 Collection<? extends Certificate> certs 71 = cf.generateCertificates(System.in); 72 73 // Output sorted so that it's easy to locate an entry. 74 Set<String> fingerprints = new TreeSet<>(); 75 for (Certificate cert: certs) { 76 fingerprints.add( 77 getCertificateFingerPrint(mdAlg, (X509Certificate)cert)); 78 } 79 80 for (String s: fingerprints) { 81 System.out.println(s); 82 } 83 } 84 85 /** 86 * Converts a byte to hex digit and writes to the supplied buffer 87 */ 88 private static void byte2hex(byte b, StringBuffer buf) { 89 char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', 90 '9', 'A', 'B', 'C', 'D', 'E', 'F' }; 91 int high = ((b & 0xf0) >> 4); 92 int low = (b & 0x0f); 93 buf.append(hexChars[high]); 94 buf.append(hexChars[low]); 95 } 96 97 /** 98 * Gets the requested finger print of the certificate. 99 */ 100 private static String getCertificateFingerPrint( 101 String mdAlg, X509Certificate cert) throws Exception { 102 byte[] encCertInfo = cert.getEncoded(); 103 MessageDigest md = MessageDigest.getInstance(mdAlg); 104 byte[] digest = md.digest(encCertInfo); 105 StringBuffer buf = new StringBuffer(); 106 for (int i = 0; i < digest.length; i++) { 107 byte2hex(digest[i], buf); 108 } 109 return buf.toString(); 110 } 111 }