1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
|
/*******************************************************************************
* Copyright (c) 2008, 2018 Jay Rosenthal and others.
*
*
* This program and the accompanying materials
* are made available under the terms of the Eclipse Public License 2.0
* which accompanies this distribution, and is available at
* https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*
* Contributors:
* Jay Rosenthal - initial API and implementation
*******************************************************************************/
package org.eclipse.equinox.internal.security.ui;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.*;
import org.eclipse.jface.viewers.IStructuredContentProvider;
import org.eclipse.jface.viewers.Viewer;
import org.eclipse.osgi.util.NLS;
/**
* X509CertificateAttributeContentProvider
* Structured content provided for an <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/cert/X509Certificate.html">X509Certificate </a>
* object.
* <p>
* Currently this only supports the attributes exposed directly by X509Certificate. Some commonly used extensions
* may not be displayed. Contributions and enhancements are welcomed.
*
*/
public class X509CertificateAttributeContentProvider implements IStructuredContentProvider {
private static String LABEL_KEYUSAGE_DIGITALSIGNATURE = "digitalSignature"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_NONREPUDIATION = "nonRepudiation"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_KEYENCIPHERMENT = "keyEncipherment"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_DATAENCIPHERMENT = "dataEncipherment"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_KEYAGREEMENT = "keyAgreement"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_CERTSIGN = "keyCertSign"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_CRLSIGN = "cRLSign"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_ENCIPHERONLY = "encipherOnly"; //$NON-NLS-1$
private static String LABEL_KEYUSAGE_DECIPHERONLY = "decipherOnly"; //$NON-NLS-1$
private ArrayList<X509CertificateAttribute> elements = new ArrayList<>();
private Viewer viewer = null;
private static String listDelim = ", "; //$NON-NLS-1$
private static final DateFormat _df = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.FULL);
// TODO - This is a bit ugly but gets the job done... Maybe this should be a class of it's own ??
private static String keyUsageStrings[] = {LABEL_KEYUSAGE_DIGITALSIGNATURE, LABEL_KEYUSAGE_NONREPUDIATION, LABEL_KEYUSAGE_KEYENCIPHERMENT, LABEL_KEYUSAGE_DATAENCIPHERMENT, LABEL_KEYUSAGE_KEYAGREEMENT, LABEL_KEYUSAGE_CERTSIGN, LABEL_KEYUSAGE_CRLSIGN, LABEL_KEYUSAGE_ENCIPHERONLY, LABEL_KEYUSAGE_DECIPHERONLY};
public X509CertificateAttributeContentProvider() {
super();
}
public Object[] getElements(Object inputElement) {
return elements.toArray();
}
public void dispose() {
// TODO Auto-generated method stub
}
public void setSelection(X509Certificate curCert) {
inputChanged(viewer, null, curCert);
if (viewer != null)
viewer.refresh();
}
public void clear(boolean refresh) {
elements.clear();
if (refresh && viewer != null)
viewer.refresh();
}
public void clear() {
clear(true);
}
public void inputChanged(Viewer aViewer, Object oldInput, Object newInput) {
viewer = aViewer;
clear(false); // clear the viewer.
// Be safe ... check the input
if (newInput instanceof X509Certificate) {
X509Certificate theCert = (X509Certificate) newInput;
X509CertificateAttribute ver = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_VERSION, Integer.valueOf(theCert.getVersion()).toString());
elements.add(ver);
X509CertificateAttribute serialNum = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_SERIAL_NUM, theCert.getSerialNumber().toString());
elements.add(serialNum);
X509CertificateAttribute validFrom = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_VALID_FROM, _df.format(theCert.getNotBefore()), theCert.getNotBefore());
elements.add(validFrom);
X509CertificateAttribute validTo = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_VALID_TO, _df.format(theCert.getNotAfter()), theCert.getNotAfter());
elements.add(validTo);
X509CertificateAttribute issuedBy = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_ISSUED_BY, theCert.getIssuerX500Principal().getName(), theCert.getIssuerX500Principal());
elements.add(issuedBy);
X509CertificateAttribute IssuedToItem = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_ISSUED_TO, theCert.getSubjectX500Principal().getName(), theCert.getSubjectX500Principal());
elements.add(IssuedToItem);
X509CertificateAttribute sigAlgoItem = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_SIG_ALGO, theCert.getSigAlgName());
elements.add(sigAlgoItem);
boolean keyUsagesArray[] = theCert.getKeyUsage();
StringBuilder keyUsages = new StringBuilder();
//
// Only set the string field, If we got some data
if (keyUsagesArray != null && keyUsagesArray.length > 0) {
for (int i = 0; i < keyUsagesArray.length; i++) {
if (keyUsagesArray[i])
keyUsages.append(keyUsageStrings[i] + listDelim);
}
X509CertificateAttribute keyUsage = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_KEY_USAGE, (keyUsages.toString()).substring(0, keyUsages.length() - 2), theCert.getKeyUsage());
elements.add(keyUsage);
}
/*
* Thumbprint is not actually "in" the certificate. It is computed on the fly...
*/
X509CertificateAttribute thumbPrintItem = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_THMBPRINT, getThumbprint(theCert, "SHA1")); //$NON-NLS-1$
elements.add(thumbPrintItem);
PublicKey pubKey = theCert.getPublicKey();
X509CertificateAttribute pubKeyInfoItem = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_THMBPRINTX509_PUBKEY_INFO, getHex(pubKey.getEncoded()));
elements.add(pubKeyInfoItem);
try {
Collection<List<?>> subAltNamesVctr = theCert.getSubjectAlternativeNames();
// StringBuffer bfrSubAltNames = new StringBuffer();
if (subAltNamesVctr != null && subAltNamesVctr.size() > 0) {
// TODO - Make alt names into a displayable list...
// For now just display that they exist..
X509CertificateAttribute subAltItem = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_SUB_ALT_NAMES, "Has Subject Alternate Names" /*bfrSubAltNames.toString()*/, theCert.getSubjectAlternativeNames()); //$NON-NLS-1$
elements.add(subAltItem);
}
} catch (CertificateParsingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
int basicCnstrnts = theCert.getBasicConstraints();
Integer basicConstraint = Integer.valueOf(basicCnstrnts);
StringBuilder basicCnstrntsBfr = new StringBuilder();
if (basicCnstrnts == -1) {
// Not a CA
basicCnstrntsBfr.append(SecurityUIMsg.LABEL_NAMECONSTRAINTS_NOTCA + listDelim);
} else {
basicCnstrntsBfr.append(SecurityUIMsg.LABEL_NAMECONSTRAINTS_ISCA + listDelim);
if (basicCnstrnts == Integer.MAX_VALUE) {
// MAX_VALUE means "no limit to the allowed length of the certification path."
basicCnstrntsBfr.append(NLS.bind(SecurityUIMsg.LABEL_NAMECONSTRAINTS_PATHLENGTH, new Object[] {SecurityUIMsg.LABEL_NAMECONSTRAINTS_PATHLENGTH_UNLIMITED}) + listDelim);
} else {
basicCnstrntsBfr.append(NLS.bind(SecurityUIMsg.LABEL_NAMECONSTRAINTS_PATHLENGTH, new Object[] {basicConstraint}) + listDelim);
}
}
X509CertificateAttribute basicConstraints = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_BASIC_CNSTRNTS, (basicCnstrntsBfr.toString()).substring(0, basicCnstrntsBfr.length() - 2), basicConstraint);
elements.add(basicConstraints);
List<String> exKeyUsg;
try {
exKeyUsg = theCert.getExtendedKeyUsage();
StringBuilder exKeyUsgBfr = new StringBuilder();
if (exKeyUsg != null && exKeyUsg.size() > 0) {
for (String string : exKeyUsg) {
exKeyUsgBfr.append((string) + listDelim);
}
X509CertificateAttribute exKeyUsgProp = new X509CertificateAttribute(SecurityUIMsg.CERTPROP_X509_EXKEY_USAGE, (exKeyUsgBfr.toString()).substring(0, exKeyUsgBfr.length() - 2), theCert.getExtendedKeyUsage());
elements.add(exKeyUsgProp);
}
} catch (CertificateParsingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
private String getHex(byte buf[]) {
String result = ""; //$NON-NLS-1$
if (buf != null) {
for (int i = 0; i < buf.length; i++) {
if (i > 0)
result += " "; //$NON-NLS-1$
short sValue = buf[i];
int curInt = 0;
curInt += sValue;
String converted = Integer.toHexString(curInt);
if (converted.length() > 2)
converted = converted.substring(converted.length() - 2);
result += converted.toUpperCase();
}
}
return result;
}
private MessageDigest getDigest(String thumAlg) {
MessageDigest md = null;
try {
md = MessageDigest.getInstance(thumAlg);
} catch (Exception e) {
// TODO - Handle the exception or log it..
}
return md;
}
private String getThumbprint(X509Certificate curCert, String thumAlg) {
String thumbPrint = ""; //$NON-NLS-1$
try {
MessageDigest md = getDigest(thumAlg);
md.update(curCert.getEncoded());
byte rawDigest[] = md.digest();
thumbPrint = getHex(rawDigest);
} catch (Exception e) {
// Might if thumb print algorithm can not be loaded.
}
return thumbPrint;
}
}
|
