1 /*
   2  * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 package build.tools.blacklistedcertsconverter;
  25 
  26 import java.security.MessageDigest;
  27 import java.security.cert.Certificate;
  28 import java.security.cert.CertificateFactory;
  29 import java.security.cert.X509Certificate;
  30 import java.util.Collection;
  31 import java.util.Set;
  32 import java.util.TreeSet;
  33 
  34 
  35 /**
  36  * Converts blacklisted.certs.pem from System.in to blacklisted.certs in
  37  * System.out. The input must start with a #! line including the fingerprint
  38  * algorithm. The output is sorted and unique.
  39  */
  40 public class BlacklistedCertsConverter {
  41 
  42     public static void main(String[] args) throws Exception {
  43 
  44         byte[] pattern = "#! java BlacklistedCertsConverter ".getBytes();
  45         String mdAlg = "";
  46 
  47         for (int i=0; ; i++) {
  48             int n = System.in.read();
  49             if (n < 0) {
  50                 throw new Exception("Unexpected EOF");
  51             }
  52             if (i < pattern.length) {
  53                 if (n != pattern[i]) {
  54                     throw new Exception("The first line must start with \""
  55                             + new String(pattern) + "\"");
  56                 }
  57             } else if (i < pattern.length + 100) {
  58                 if (n < 32) {
  59                     break;
  60                 } else {
  61                     mdAlg = mdAlg + String.format("%c", n);
  62                 }
  63             }
  64         }
  65 
  66         mdAlg = mdAlg.trim();
  67         System.out.println("Algorithm=" + mdAlg);
  68 
  69         CertificateFactory cf = CertificateFactory.getInstance("X.509");
  70         Collection<? extends Certificate> certs
  71                 = cf.generateCertificates(System.in);
  72 
  73         // Output sorted so that it's easy to locate an entry.
  74         Set<String> fingerprints = new TreeSet<>();
  75         for (Certificate cert: certs) {
  76             fingerprints.add(
  77                     getCertificateFingerPrint(mdAlg, (X509Certificate)cert));
  78         }
  79 
  80         for (String s: fingerprints) {
  81             System.out.println(s);
  82         }
  83     }
  84 
  85     /**
  86      * Converts a byte to hex digit and writes to the supplied buffer
  87      */
  88     private static void byte2hex(byte b, StringBuffer buf) {
  89         char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
  90                 '9', 'A', 'B', 'C', 'D', 'E', 'F' };
  91         int high = ((b & 0xf0) >> 4);
  92         int low = (b & 0x0f);
  93         buf.append(hexChars[high]);
  94         buf.append(hexChars[low]);
  95     }
  96 
  97     /**
  98      * Gets the requested finger print of the certificate.
  99      */
 100     private static String getCertificateFingerPrint(
 101             String mdAlg, X509Certificate cert) throws Exception {
 102         byte[] encCertInfo = cert.getEncoded();
 103         MessageDigest md = MessageDigest.getInstance(mdAlg);
 104         byte[] digest = md.digest(encCertInfo);
 105         StringBuffer buf = new StringBuffer();
 106         for (int i = 0; i < digest.length; i++) {
 107             byte2hex(digest[i], buf);
 108         }
 109         return buf.toString();
 110     }
 111 }