新疆交投路损赔补偿系统 v1.0.2版本的 MD5 值为:5e336668c8c96e65d739f00d1fa2a3b9
以下内容为反编译后的 CertificateVerification.java 源代码,内容仅作参考
package com.itextpdf.text.pdf.security;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.tsp.TimeStampToken;
public class CertificateVerification {
public static String verifyCertificate(X509Certificate cert, Collection<CRL> crls, Calendar calendar) {
if (calendar == null) {
calendar = new GregorianCalendar();
}
if (cert.hasUnsupportedCriticalExtension()) {
for (String oid : cert.getCriticalExtensionOIDs()) {
if (!"2.5.29.15".equals(oid) || !cert.getKeyUsage()[0]) {
try {
if ("2.5.29.37".equals(oid) && cert.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.8")) {
}
} catch (CertificateParsingException e) {
}
return "Has unsupported critical extension";
}
}
}
try {
cert.checkValidity(calendar.getTime());
if (crls != null) {
for (CRL crl : crls) {
if (crl.isRevoked(cert)) {
return "Certificate revoked";
}
}
}
return null;
} catch (Exception e2) {
return e2.getMessage();
}
}
public static List<VerificationException> verifyCertificates(Certificate[] certs, KeyStore keystore, Collection<CRL> crls, Calendar calendar) {
List<VerificationException> result = new ArrayList<>();
if (calendar == null) {
calendar = new GregorianCalendar();
}
int k = 0;
loop0: while (true) {
if (k < certs.length) {
X509Certificate cert = (X509Certificate) certs[k];
String err = verifyCertificate(cert, crls, calendar);
if (err != null) {
result.add(new VerificationException(cert, err));
}
try {
Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
try {
String alias = aliases.nextElement();
if (keystore.isCertificateEntry(alias)) {
X509Certificate certStoreX509 = (X509Certificate) keystore.getCertificate(alias);
if (verifyCertificate(certStoreX509, crls, calendar) == null) {
try {
cert.verify(certStoreX509.getPublicKey());
break loop0;
} catch (Exception e) {
}
} else {
continue;
}
} else {
continue;
}
} catch (Exception e2) {
}
}
} catch (Exception e3) {
}
int j = 0;
while (j < certs.length) {
if (j != k) {
X509Certificate certNext = (X509Certificate) certs[j];
try {
cert.verify(certNext.getPublicKey());
break;
} catch (Exception e4) {
}
}
j++;
}
if (j == certs.length) {
result.add(new VerificationException(cert, "Cannot be verified against the KeyStore or the certificate chain"));
}
k++;
} else if (result.size() == 0) {
result.add(new VerificationException(null, "Invalid state. Possible circular certificate chain"));
}
}
return result;
}
public static List<VerificationException> verifyCertificates(Certificate[] certs, KeyStore keystore, Calendar calendar) {
return verifyCertificates(certs, keystore, null, calendar);
}
public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
if (provider == null) {
provider = "BC";
}
try {
Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
try {
String alias = aliases.nextElement();
if (keystore.isCertificateEntry(alias)) {
X509Certificate certStoreX509 = (X509Certificate) keystore.getCertificate(alias);
if (ocsp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(certStoreX509.getPublicKey()))) {
return true;
}
} else {
continue;
}
} catch (Exception e) {
}
}
} catch (Exception e2) {
}
return false;
}
public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
String alias;
if (provider == null) {
provider = "BC";
}
try {
Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
try {
alias = aliases.nextElement();
} catch (Exception e) {
}
if (keystore.isCertificateEntry(alias)) {
X509Certificate certStoreX509 = (X509Certificate) keystore.getCertificate(alias);
ts.isSignatureValid(new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509));
return true;
}
continue;
}
} catch (Exception e2) {
}
return false;
}
}