MD5 校验值:5b2f76b46161c466bc88d86a648cdd26
CertificateVerification.java 文件包含反编译后的源代码,请注意,该内容仅供学习和参考使用,不得用于非法用途。
package com.itextpdf.text.pdf.security;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.tsp.TimeStampToken;
public class CertificateVerification {
public static String verifyCertificate(X509Certificate x509Certificate, Collection<CRL> collection, Calendar calendar) {
if (calendar == null) {
calendar = new GregorianCalendar();
}
if (x509Certificate.hasUnsupportedCriticalExtension()) {
for (String str : x509Certificate.getCriticalExtensionOIDs()) {
if (!"2.5.29.15".equals(str) || !x509Certificate.getKeyUsage()[0]) {
try {
if (!"2.5.29.37".equals(str) || !x509Certificate.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.8")) {
return "Has unsupported critical extension";
}
} catch (CertificateParsingException unused) {
return "Has unsupported critical extension";
}
}
}
}
try {
x509Certificate.checkValidity(calendar.getTime());
if (collection == null) {
return null;
}
Iterator<CRL> it = collection.iterator();
while (it.hasNext()) {
if (it.next().isRevoked(x509Certificate)) {
return "Certificate revoked";
}
}
return null;
} catch (Exception e3) {
return e3.getMessage();
}
}
public static List<VerificationException> verifyCertificates(Certificate[] certificateArr, KeyStore keyStore, Collection<CRL> collection, Calendar calendar) {
ArrayList arrayList = new ArrayList();
if (calendar == null) {
calendar = new GregorianCalendar();
}
for (int i4 = 0; i4 < certificateArr.length; i4++) {
X509Certificate x509Certificate = (X509Certificate) certificateArr[i4];
String verifyCertificate = verifyCertificate(x509Certificate, collection, calendar);
if (verifyCertificate != null) {
arrayList.add(new VerificationException(x509Certificate, verifyCertificate));
}
try {
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
try {
String nextElement = aliases.nextElement();
if (keyStore.isCertificateEntry(nextElement)) {
X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(nextElement);
if (verifyCertificate(x509Certificate2, collection, calendar) == null) {
x509Certificate.verify(x509Certificate2.getPublicKey());
return arrayList;
}
}
} catch (Exception unused) {
}
}
} catch (Exception unused2) {
}
int i5 = 0;
while (i5 < certificateArr.length) {
if (i5 != i4) {
try {
x509Certificate.verify(((X509Certificate) certificateArr[i5]).getPublicKey());
break;
} catch (Exception unused3) {
continue;
}
}
i5++;
}
if (i5 == certificateArr.length) {
arrayList.add(new VerificationException(x509Certificate, "Cannot be verified against the KeyStore or the certificate chain"));
}
}
if (arrayList.size() == 0) {
arrayList.add(new VerificationException(null, "Invalid state. Possible circular certificate chain"));
}
return arrayList;
}
public static boolean verifyOcspCertificates(BasicOCSPResp basicOCSPResp, KeyStore keyStore, String str) {
if (str == null) {
str = "BC";
}
try {
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
try {
String nextElement = aliases.nextElement();
if (keyStore.isCertificateEntry(nextElement)) {
if (basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(str).build(((X509Certificate) keyStore.getCertificate(nextElement)).getPublicKey()))) {
return true;
}
}
} catch (Exception unused) {
}
}
return false;
} catch (Exception unused2) {
return false;
}
}
public static boolean verifyTimestampCertificates(TimeStampToken timeStampToken, KeyStore keyStore, String str) {
String nextElement;
if (str == null) {
str = "BC";
}
try {
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
try {
nextElement = aliases.nextElement();
} catch (Exception unused) {
}
if (keyStore.isCertificateEntry(nextElement)) {
timeStampToken.isSignatureValid(new JcaSimpleSignerInfoVerifierBuilder().setProvider(str).build((X509Certificate) keyStore.getCertificate(nextElement)));
return true;
}
}
return false;
} catch (Exception unused2) {
return false;
}
}
public static List<VerificationException> verifyCertificates(Certificate[] certificateArr, KeyStore keyStore, Calendar calendar) {
return verifyCertificates(certificateArr, keyStore, null, calendar);
}
}