1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package build.tools.blacklistedcertsconverter; 27 28 import java.security.MessageDigest; 29 import java.security.cert.Certificate; 30 import java.security.cert.CertificateFactory; 31 import java.security.cert.X509Certificate; 32 import java.util.Collection; 33 import java.util.Set; 34 import java.util.TreeSet; 35 36 37 /** 38 * Converts blacklisted.certs.pem from System.in to blacklisted.certs in 39 * System.out. The input must start with a #! line including the fingerprint 40 * algorithm. The output is sorted and unique. 41 */ 42 public class BlacklistedCertsConverter { 43 44 public static void main(String[] args) throws Exception { 45 46 byte[] pattern = "#! java BlacklistedCertsConverter ".getBytes(); 47 String mdAlg = ""; 48 49 for (int i=0; ; i++) { 50 int n = System.in.read(); 51 if (n < 0) { 52 throw new Exception("Unexpected EOF"); 53 } 54 if (i < pattern.length) { 55 if (n != pattern[i]) { 56 throw new Exception("The first line must start with \"" 57 + new String(pattern) + "\""); 58 } 59 } else if (i < pattern.length + 100) { 60 if (n < 32) { 61 break; 62 } else { 63 mdAlg = mdAlg + String.format("%c", n); 64 } 65 } 66 } 67 68 mdAlg = mdAlg.trim(); 69 System.out.println("Algorithm=" + mdAlg); 70 71 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 72 Collection<? extends Certificate> certs 73 = cf.generateCertificates(System.in); 74 75 // Output sorted so that it's easy to locate an entry. 76 Set<String> fingerprints = new TreeSet<>(); 77 for (Certificate cert: certs) { 78 fingerprints.add( 79 getCertificateFingerPrint(mdAlg, (X509Certificate)cert)); 80 } 81 82 for (String s: fingerprints) { 83 System.out.println(s); 84 } 85 } 86 87 /** 88 * Converts a byte to hex digit and writes to the supplied buffer 89 */ 90 private static void byte2hex(byte b, StringBuffer buf) { 91 char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', 92 '9', 'A', 'B', 'C', 'D', 'E', 'F' }; 93 int high = ((b & 0xf0) >> 4); 94 int low = (b & 0x0f); 95 buf.append(hexChars[high]); 96 buf.append(hexChars[low]); 97 } 98 99 /** 100 * Gets the requested finger print of the certificate. 101 */ 102 private static String getCertificateFingerPrint( 103 String mdAlg, X509Certificate cert) throws Exception { 104 byte[] encCertInfo = cert.getEncoded(); 105 MessageDigest md = MessageDigest.getInstance(mdAlg); 106 byte[] digest = md.digest(encCertInfo); 107 StringBuffer buf = new StringBuffer(); 108 for (int i = 0; i < digest.length; i++) { 109 byte2hex(digest[i], buf); 110 } 111 return buf.toString(); 112 } 113 }