1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.security.MessageDigest; 25 import java.security.NoSuchAlgorithmException; 26 import java.security.cert.Certificate; 27 import java.security.cert.CertificateEncodingException; 28 import java.security.cert.CertificateFactory; 29 import java.security.cert.X509Certificate; 30 import java.util.Collection; 31 32 /** 33 * This is the tool to convert blacklisted.certs.pem to blacklisted.certs. 34 * Every time a new blacklisted certs is added, please append the PEM format 35 * to the end of blacklisted.certs.pem (with proper comments) and then use 36 * this tool to generate an updated blacklisted.certs. Make sure to include 37 * changes to both in a changeset. 38 */ 39 public class BlacklistedCertsConverter { 40 public static void main(String[] args) throws Exception { 41 if (args.length == 0) { 42 System.out.println("Usage: java BlacklistedCertsConverter SHA-256" + 43 " < blacklisted.certs.pem > blacklisted.certs"); 44 System.exit(1); 45 } 46 String mdAlg = args[0]; 47 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 48 Collection<? extends Certificate> certs 49 = cf.generateCertificates(System.in); 50 System.out.println("Algorithm=" + mdAlg); 51 for (Certificate cert: certs) { 52 System.out.println( 53 getCertificateFingerPrint(mdAlg, (X509Certificate)cert)); 54 } 55 } 56 57 /** 58 * Converts a byte to hex digit and writes to the supplied buffer 59 */ 60 private static void byte2hex(byte b, StringBuffer buf) { 61 char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', 62 '9', 'A', 'B', 'C', 'D', 'E', 'F' }; 63 int high = ((b & 0xf0) >> 4); 64 int low = (b & 0x0f); 65 buf.append(hexChars[high]); 66 buf.append(hexChars[low]); 67 } 68 69 /** 70 * Gets the requested finger print of the certificate. 71 */ 72 private static String getCertificateFingerPrint(String mdAlg, 73 X509Certificate cert) { 74 String fingerPrint = ""; 75 try { 76 byte[] encCertInfo = cert.getEncoded(); 77 MessageDigest md = MessageDigest.getInstance(mdAlg); 78 byte[] digest = md.digest(encCertInfo); 79 StringBuffer buf = new StringBuffer(); 80 for (int i = 0; i < digest.length; i++) { 81 byte2hex(digest[i], buf); 82 } 83 fingerPrint = buf.toString(); 84 } catch (NoSuchAlgorithmException | CertificateEncodingException e) { 85 // ignored 86 } 87 return fingerPrint; 88 } 89 }