1 /*
   2  * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package build.tools.blacklistedcertsconverter;
  27 
  28 import java.security.MessageDigest;
  29 import java.security.cert.Certificate;
  30 import java.security.cert.CertificateFactory;
  31 import java.security.cert.X509Certificate;
  32 import java.util.Collection;
  33 import java.util.Set;
  34 import java.util.TreeSet;
  35 
  36 
  37 /**
  38  * Converts blacklisted.certs.pem from System.in to blacklisted.certs in
  39  * System.out. The input must start with a #! line including the fingerprint
  40  * algorithm. The output is sorted and unique.
  41  */
  42 public class BlacklistedCertsConverter {
  43 
  44     public static void main(String[] args) throws Exception {
  45 
  46         byte[] pattern = "#! java BlacklistedCertsConverter ".getBytes();
  47         String mdAlg = "";
  48 
  49         for (int i=0; ; i++) {
  50             int n = System.in.read();
  51             if (n < 0) {
  52                 throw new Exception("Unexpected EOF");
  53             }
  54             if (i < pattern.length) {
  55                 if (n != pattern[i]) {
  56                     throw new Exception("The first line must start with \""
  57                             + new String(pattern) + "\"");
  58                 }
  59             } else if (i < pattern.length + 100) {
  60                 if (n < 32) {
  61                     break;
  62                 } else {
  63                     mdAlg = mdAlg + String.format("%c", n);
  64                 }
  65             }
  66         }
  67 
  68         mdAlg = mdAlg.trim();
  69         System.out.println("Algorithm=" + mdAlg);
  70 
  71         CertificateFactory cf = CertificateFactory.getInstance("X.509");
  72         Collection<? extends Certificate> certs
  73                 = cf.generateCertificates(System.in);
  74 
  75         // Output sorted so that it's easy to locate an entry.
  76         Set<String> fingerprints = new TreeSet<>();
  77         for (Certificate cert: certs) {
  78             fingerprints.add(
  79                     getCertificateFingerPrint(mdAlg, (X509Certificate)cert));
  80         }
  81 
  82         for (String s: fingerprints) {
  83             System.out.println(s);
  84         }
  85     }
  86 
  87     /**
  88      * Converts a byte to hex digit and writes to the supplied buffer
  89      */
  90     private static void byte2hex(byte b, StringBuffer buf) {
  91         char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
  92                 '9', 'A', 'B', 'C', 'D', 'E', 'F' };
  93         int high = ((b & 0xf0) >> 4);
  94         int low = (b & 0x0f);
  95         buf.append(hexChars[high]);
  96         buf.append(hexChars[low]);
  97     }
  98 
  99     /**
 100      * Gets the requested finger print of the certificate.
 101      */
 102     private static String getCertificateFingerPrint(
 103             String mdAlg, X509Certificate cert) throws Exception {
 104         byte[] encCertInfo = cert.getEncoded();
 105         MessageDigest md = MessageDigest.getInstance(mdAlg);
 106         byte[] digest = md.digest(encCertInfo);
 107         StringBuffer buf = new StringBuffer();
 108         for (int i = 0; i < digest.length; i++) {
 109             byte2hex(digest[i], buf);
 110         }
 111         return buf.toString();
 112     }
 113 }