Revision 897
| org.gvsig.scripting/trunk/org.gvsig.scripting/org.gvsig.scripting.app/org.gvsig.scripting.app.mainplugin/src/main/java/org/gvsig/scripting/app/InstallCert.java | ||
|---|---|---|
| 1 |
package org.gvsig.scripting.app; |
|
| 2 |
|
|
| 3 |
/* |
|
| 4 |
* Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. |
|
| 5 |
* |
|
| 6 |
* Redistribution and use in source and binary forms, with or without |
|
| 7 |
* modification, are permitted provided that the following conditions |
|
| 8 |
* are met: |
|
| 9 |
* |
|
| 10 |
* - Redistributions of source code must retain the above copyright |
|
| 11 |
* notice, this list of conditions and the following disclaimer. |
|
| 12 |
* |
|
| 13 |
* - Redistributions in binary form must reproduce the above copyright |
|
| 14 |
* notice, this list of conditions and the following disclaimer in the |
|
| 15 |
* documentation and/or other materials provided with the distribution. |
|
| 16 |
* |
|
| 17 |
* - Neither the name of Sun Microsystems nor the names of its |
|
| 18 |
* contributors may be used to endorse or promote products derived |
|
| 19 |
* from this software without specific prior written permission. |
|
| 20 |
* |
|
| 21 |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS |
|
| 22 |
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
|
| 23 |
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
| 24 |
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
|
| 25 |
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
|
| 26 |
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
|
| 27 |
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
|
| 28 |
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
|
| 29 |
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
| 30 |
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
|
| 31 |
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
| 32 |
*/ |
|
| 33 |
/** |
|
| 34 |
* Originally from: |
|
| 35 |
* http://blogs.sun.com/andreas/resource/InstallCert.java |
|
| 36 |
* Use: |
|
| 37 |
* java InstallCert hostname |
|
| 38 |
* Example: |
|
| 39 |
*% java InstallCert ecc.fedora.redhat.com |
|
| 40 |
*/ |
|
| 41 |
|
|
| 42 |
import java.io.BufferedReader; |
|
| 43 |
import java.io.File; |
|
| 44 |
import java.io.FileInputStream; |
|
| 45 |
import java.io.FileOutputStream; |
|
| 46 |
import java.io.InputStream; |
|
| 47 |
import java.io.InputStreamReader; |
|
| 48 |
import java.io.OutputStream; |
|
| 49 |
import java.security.KeyStore; |
|
| 50 |
import java.security.MessageDigest; |
|
| 51 |
import java.security.cert.CertificateException; |
|
| 52 |
import java.security.cert.X509Certificate; |
|
| 53 |
|
|
| 54 |
import javax.net.ssl.SSLContext; |
|
| 55 |
import javax.net.ssl.SSLException; |
|
| 56 |
import javax.net.ssl.SSLSocket; |
|
| 57 |
import javax.net.ssl.SSLSocketFactory; |
|
| 58 |
import javax.net.ssl.TrustManager; |
|
| 59 |
import javax.net.ssl.TrustManagerFactory; |
|
| 60 |
import javax.net.ssl.X509TrustManager; |
|
| 61 |
|
|
| 62 |
/** |
|
| 63 |
* Class used to add the server's certificate to the KeyStore |
|
| 64 |
* with your trusted certificates. |
|
| 65 |
* |
|
| 66 |
* NOTE: modified to install the certificate always into the main cacerts |
|
| 67 |
* keystore. |
|
| 68 |
*/ |
|
| 69 |
public class InstallCert {
|
|
| 70 |
|
|
| 71 |
public static void install(String host, Integer port, String passphrase) throws Exception {
|
|
| 72 |
if( passphrase==null ) {
|
|
| 73 |
passphrase = "changeit"; |
|
| 74 |
} |
|
| 75 |
if( port == null || port <1) {
|
|
| 76 |
port = 443; |
|
| 77 |
} |
|
| 78 |
main( |
|
| 79 |
new String[] {
|
|
| 80 |
host +":"+port, |
|
| 81 |
passphrase |
|
| 82 |
} |
|
| 83 |
); |
|
| 84 |
} |
|
| 85 |
|
|
| 86 |
public static void main(String[] args) throws Exception {
|
|
| 87 |
String host; |
|
| 88 |
int port; |
|
| 89 |
char[] passphrase; |
|
| 90 |
if ((args.length == 1) || (args.length == 2)) {
|
|
| 91 |
String[] c = args[0].split(":");
|
|
| 92 |
host = c[0]; |
|
| 93 |
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); |
|
| 94 |
String p = (args.length == 1) ? "changeit" : args[1]; |
|
| 95 |
passphrase = p.toCharArray(); |
|
| 96 |
} else {
|
|
| 97 |
System.out.println("Usage: java InstallCert [:port] [passphrase]");
|
|
| 98 |
return; |
|
| 99 |
} |
|
| 100 |
|
|
| 101 |
File file = null; |
|
| 102 |
// File file = new File("jssecacerts");
|
|
| 103 |
// if (file.isFile() == false) {
|
|
| 104 |
char SEP = File.separatorChar; |
|
| 105 |
File dir = |
|
| 106 |
new File(System.getProperty("java.home") + SEP + "lib" + SEP
|
|
| 107 |
+ "security"); |
|
| 108 |
// file = new File(dir, "jssecacerts"); |
|
| 109 |
// if (file.isFile() == false) {
|
|
| 110 |
file = new File(dir, "cacerts"); |
|
| 111 |
|
|
| 112 |
if (!file.canWrite()) {
|
|
| 113 |
System.err |
|
| 114 |
.println("Unable to write in the file "
|
|
| 115 |
+ file |
|
| 116 |
+ ".\nRun InstallCert as an administrator or a user with " |
|
| 117 |
+ "privileges to write in the cacerts file"); |
|
| 118 |
|
|
| 119 |
System.exit(-1); |
|
| 120 |
} |
|
| 121 |
// } |
|
| 122 |
// } |
|
| 123 |
System.out.println("Loading KeyStore " + file + "...");
|
|
| 124 |
InputStream in = new FileInputStream(file); |
|
| 125 |
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
| 126 |
ks.load(in, passphrase); |
|
| 127 |
in.close(); |
|
| 128 |
|
|
| 129 |
SSLContext context = SSLContext.getInstance("TLS");
|
|
| 130 |
TrustManagerFactory tmf = |
|
| 131 |
TrustManagerFactory.getInstance(TrustManagerFactory |
|
| 132 |
.getDefaultAlgorithm()); |
|
| 133 |
tmf.init(ks); |
|
| 134 |
X509TrustManager defaultTrustManager = |
|
| 135 |
(X509TrustManager) tmf.getTrustManagers()[0]; |
|
| 136 |
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); |
|
| 137 |
context.init(null, new TrustManager[] { tm }, null);
|
|
| 138 |
SSLSocketFactory factory = context.getSocketFactory(); |
|
| 139 |
|
|
| 140 |
System.out |
|
| 141 |
.println("Opening connection to " + host + ":" + port + "...");
|
|
| 142 |
SSLSocket socket = (SSLSocket) factory.createSocket(host, port); |
|
| 143 |
socket.setSoTimeout(10000); |
|
| 144 |
try {
|
|
| 145 |
System.out.println("Starting SSL handshake...");
|
|
| 146 |
socket.startHandshake(); |
|
| 147 |
socket.close(); |
|
| 148 |
System.out.println(); |
|
| 149 |
System.out.println("No errors, certificate is already trusted");
|
|
| 150 |
} catch (SSLException e) {
|
|
| 151 |
System.out.println(); |
|
| 152 |
e.printStackTrace(System.out); |
|
| 153 |
} |
|
| 154 |
|
|
| 155 |
X509Certificate[] chain = tm.chain; |
|
| 156 |
if (chain == null) {
|
|
| 157 |
System.out.println("Could not obtain server certificate chain");
|
|
| 158 |
return; |
|
| 159 |
} |
|
| 160 |
|
|
| 161 |
BufferedReader reader = |
|
| 162 |
new BufferedReader(new InputStreamReader(System.in)); |
|
| 163 |
|
|
| 164 |
System.out.println(); |
|
| 165 |
System.out.println("Server sent " + chain.length + " certificate(s):");
|
|
| 166 |
System.out.println(); |
|
| 167 |
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
|
|
| 168 |
MessageDigest md5 = MessageDigest.getInstance("MD5");
|
|
| 169 |
for (int i = 0; i < chain.length; i++) {
|
|
| 170 |
X509Certificate cert = chain[i]; |
|
| 171 |
System.out.println(" " + (i + 1) + " Subject "
|
|
| 172 |
+ cert.getSubjectDN()); |
|
| 173 |
System.out.println(" Issuer " + cert.getIssuerDN());
|
|
| 174 |
sha1.update(cert.getEncoded()); |
|
| 175 |
System.out.println(" sha1 " + toHexString(sha1.digest()));
|
|
| 176 |
md5.update(cert.getEncoded()); |
|
| 177 |
System.out.println(" md5 " + toHexString(md5.digest()));
|
|
| 178 |
System.out.println(); |
|
| 179 |
} |
|
| 180 |
|
|
| 181 |
// int k=0; |
|
| 182 |
// System.out |
|
| 183 |
// .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
|
|
| 184 |
// String line = reader.readLine().trim(); |
|
| 185 |
// try {
|
|
| 186 |
// k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; |
|
| 187 |
// } catch (NumberFormatException e) {
|
|
| 188 |
// System.out.println("KeyStore not changed");
|
|
| 189 |
// return; |
|
| 190 |
// } |
|
| 191 |
|
|
| 192 |
for( int k=0; k<chain.length; k++ ) {
|
|
| 193 |
X509Certificate cert = chain[k]; |
|
| 194 |
String alias = host + "-" + (k + 1); |
|
| 195 |
ks.setCertificateEntry(alias, cert); |
|
| 196 |
|
|
| 197 |
// OutputStream out = new FileOutputStream("jssecacerts");
|
|
| 198 |
OutputStream out = new FileOutputStream(file); |
|
| 199 |
ks.store(out, passphrase); |
|
| 200 |
out.close(); |
|
| 201 |
|
|
| 202 |
System.out.println(); |
|
| 203 |
System.out.println(cert); |
|
| 204 |
System.out.println(); |
|
| 205 |
System.out |
|
| 206 |
.println("Added certificate to keystore '" +
|
|
| 207 |
file + "' using alias '" + alias + "'"); |
|
| 208 |
} |
|
| 209 |
} |
|
| 210 |
|
|
| 211 |
private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); |
|
| 212 |
|
|
| 213 |
private static String toHexString(byte[] bytes) {
|
|
| 214 |
StringBuilder sb = new StringBuilder(bytes.length * 3); |
|
| 215 |
for (int b : bytes) {
|
|
| 216 |
b &= 0xff; |
|
| 217 |
sb.append(HEXDIGITS[b >> 4]); |
|
| 218 |
sb.append(HEXDIGITS[b & 15]); |
|
| 219 |
sb.append(' ');
|
|
| 220 |
} |
|
| 221 |
return sb.toString(); |
|
| 222 |
} |
|
| 223 |
|
|
| 224 |
private static class SavingTrustManager implements X509TrustManager {
|
|
| 225 |
|
|
| 226 |
private final X509TrustManager tm; |
|
| 227 |
private X509Certificate[] chain; |
|
| 228 |
|
|
| 229 |
SavingTrustManager(X509TrustManager tm) {
|
|
| 230 |
this.tm = tm; |
|
| 231 |
} |
|
| 232 |
|
|
| 233 |
public X509Certificate[] getAcceptedIssuers() {
|
|
| 234 |
throw new UnsupportedOperationException(); |
|
| 235 |
} |
|
| 236 |
|
|
| 237 |
public void checkClientTrusted(X509Certificate[] chain, String authType) |
|
| 238 |
throws CertificateException {
|
|
| 239 |
throw new UnsupportedOperationException(); |
|
| 240 |
} |
|
| 241 |
|
|
| 242 |
public void checkServerTrusted(X509Certificate[] chain, String authType) |
|
| 243 |
throws CertificateException {
|
|
| 244 |
this.chain = chain; |
|
| 245 |
tm.checkServerTrusted(chain, authType); |
|
| 246 |
} |
|
| 247 |
} |
|
| 248 |
} |
|
Also available in: Unified diff