org.bouncycastle.pkix.util.X509CertificateFormatter Maven / Gradle / Ivy
package org.bouncycastle.pkix.util;
import java.io.FileReader;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.DefaultSignatureNameFinder;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
/**
* A general class for X.509 certificate "pretty printing".
*/
public class X509CertificateFormatter
{
private static Map oidMap = new HashMap();
private static Map keyAlgMap = new HashMap();
private static Map extUsageMap = new HashMap();
private static Map usageMap = new HashMap();
static
{
oidMap.put(Extension.subjectDirectoryAttributes, "subjectDirectoryAttributes");
oidMap.put(Extension.subjectKeyIdentifier, "subjectKeyIdentifier");
oidMap.put(Extension.keyUsage, "keyUsage");
oidMap.put(Extension.privateKeyUsagePeriod, "privateKeyUsagePeriod");
oidMap.put(Extension.subjectAlternativeName, "subjectAlternativeName");
oidMap.put(Extension.issuerAlternativeName, "issuerAlternativeName");
oidMap.put(Extension.basicConstraints, "basicConstraints");
oidMap.put(Extension.cRLNumber, "cRLNumber");
oidMap.put(Extension.reasonCode, "reasonCode");
oidMap.put(Extension.instructionCode, "instructionCode");
oidMap.put(Extension.invalidityDate, "invalidityDate");
oidMap.put(Extension.deltaCRLIndicator, "deltaCRLIndicator");
oidMap.put(Extension.issuingDistributionPoint, "issuingDistributionPoint");
oidMap.put(Extension.certificateIssuer, "certificateIssuer");
oidMap.put(Extension.nameConstraints, "nameConstraints");
oidMap.put(Extension.cRLDistributionPoints, "cRLDistributionPoints");
oidMap.put(Extension.certificatePolicies, "certificatePolicies");
oidMap.put(Extension.policyMappings, "policyMappings");
oidMap.put(Extension.authorityKeyIdentifier, "authorityKeyIdentifier");
oidMap.put(Extension.policyConstraints, "policyConstraints");
oidMap.put(Extension.extendedKeyUsage, "extendedKeyUsage");
oidMap.put(Extension.freshestCRL, "freshestCRL");
oidMap.put(Extension.inhibitAnyPolicy, "inhibitAnyPolicy");
oidMap.put(Extension.authorityInfoAccess, "authorityInfoAccess");
oidMap.put(Extension.subjectInfoAccess, "subjectInfoAccess");
oidMap.put(Extension.logoType, "logoType");
oidMap.put(Extension.biometricInfo, "biometricInfo");
oidMap.put(Extension.qCStatements, "qCStatements");
oidMap.put(Extension.auditIdentity, "auditIdentity");
oidMap.put(Extension.noRevAvail, "noRevAvail");
oidMap.put(Extension.targetInformation, "targetInformation");
oidMap.put(Extension.expiredCertsOnCRL, "expiredCertsOnCRL");
usageMap.put(KeyUsage.digitalSignature, "digitalSignature");
usageMap.put(KeyUsage.nonRepudiation, "nonRepudiation");
usageMap.put(KeyUsage.keyEncipherment, "keyEncipherment");
usageMap.put(KeyUsage.dataEncipherment, "dataEncipherment");
usageMap.put(KeyUsage.keyAgreement, "keyAgreement");
usageMap.put(KeyUsage.keyCertSign, "keyCertSign");
usageMap.put(KeyUsage.cRLSign, "cRLSign");
usageMap.put(KeyUsage.encipherOnly, "encipherOnly");
usageMap.put(KeyUsage.decipherOnly, "decipherOnly");
extUsageMap.put(KeyPurposeId.anyExtendedKeyUsage, "anyExtendedKeyUsage");
extUsageMap.put(KeyPurposeId.id_kp_serverAuth, "id_kp_serverAuth");
extUsageMap.put(KeyPurposeId.id_kp_clientAuth, "id_kp_clientAuth");
extUsageMap.put(KeyPurposeId.id_kp_codeSigning, "id_kp_codeSigning");
extUsageMap.put(KeyPurposeId.id_kp_emailProtection, "id_kp_emailProtection");
extUsageMap.put(KeyPurposeId.id_kp_ipsecEndSystem, "id_kp_ipsecEndSystem");
extUsageMap.put(KeyPurposeId.id_kp_ipsecTunnel, "id_kp_ipsecTunnel");
extUsageMap.put(KeyPurposeId.id_kp_ipsecUser, "id_kp_ipsecUser");
extUsageMap.put(KeyPurposeId.id_kp_timeStamping, "id_kp_timeStamping");
extUsageMap.put(KeyPurposeId.id_kp_OCSPSigning, "id_kp_OCSPSigning");
extUsageMap.put(KeyPurposeId.id_kp_dvcs, "id_kp_dvcs");
extUsageMap.put(KeyPurposeId.id_kp_sbgpCertAAServerAuth, "id_kp_sbgpCertAAServerAuth");
extUsageMap.put(KeyPurposeId.id_kp_scvp_responder, "id_kp_scvp_responder");
extUsageMap.put(KeyPurposeId.id_kp_eapOverPPP, "id_kp_eapOverPPP");
extUsageMap.put(KeyPurposeId.id_kp_eapOverLAN, "id_kp_eapOverLAN");
extUsageMap.put(KeyPurposeId.id_kp_scvpServer, "id_kp_scvpServer");
extUsageMap.put(KeyPurposeId.id_kp_scvpClient, "id_kp_scvpClient");
extUsageMap.put(KeyPurposeId.id_kp_ipsecIKE, "id_kp_ipsecIKE");
extUsageMap.put(KeyPurposeId.id_kp_capwapAC, "id_kp_capwapAC");
extUsageMap.put(KeyPurposeId.id_kp_capwapWTP, "id_kp_capwapWTP");
extUsageMap.put(KeyPurposeId.id_kp_cmcCA, "id_kp_cmcCA");
extUsageMap.put(KeyPurposeId.id_kp_cmcRA, "id_kp_cmcRA");
extUsageMap.put(KeyPurposeId.id_kp_cmKGA, "id_kp_cmKGA");
extUsageMap.put(KeyPurposeId.id_kp_smartcardlogon, "id_kp_smartcardlogon");
extUsageMap.put(KeyPurposeId.id_kp_macAddress, "id_kp_macAddress");
extUsageMap.put(KeyPurposeId.id_kp_msSGC, "id_kp_msSGC");
extUsageMap.put(KeyPurposeId.id_kp_nsSGC, "id_kp_nsSGC");
keyAlgMap.put(PKCSObjectIdentifiers.rsaEncryption, "rsaEncryption");
keyAlgMap.put(X9ObjectIdentifiers.id_ecPublicKey, "id_ecPublicKey");
keyAlgMap.put(EdECObjectIdentifiers.id_Ed25519, "id_Ed25519");
keyAlgMap.put(EdECObjectIdentifiers.id_Ed448, "id_Ed448");
}
private static String oidToLabel(ASN1ObjectIdentifier oid)
{
String oidStr = oidMap.get(oid);
if (oidStr != null)
{
return oidStr;
}
return oid.getId();
}
private static String keyAlgToLabel(ASN1ObjectIdentifier oid)
{
String oidStr = keyAlgMap.get(oid);
if (oidStr != null)
{
return oidStr;
}
return oid.getId();
}
private static final String spaceStr = " ";
private static String spaces(int length)
{
return spaceStr.substring(0, length);
}
private static String indent(String pad, String detail, String nl)
{
StringBuilder bld = new StringBuilder();
int index;
int last = 0;
detail = detail.substring(0, detail.length() - nl.length());
while ((index = detail.indexOf(nl)) > 0)
{
bld.append(detail.substring(last, index));
bld.append(nl);
bld.append(pad);
if (last < detail.length())
{
detail = detail.substring(index + nl.length());
}
}
// a single line.
if (bld.length() == 0)
{
return detail;
}
else
{
bld.append(detail);
}
return bld.toString();
}
static void prettyPrintData(byte[] sig, StringBuilder buf, String nl)
{
if (sig.length > 20)
{
// -DM Hex.toHexString
buf.append(Hex.toHexString(sig, 0, 20)).append(nl);
format(buf, sig, nl);
}
else
{
// -DM Hex.toHexString
buf.append(Hex.toHexString(sig)).append(nl);
}
}
static void format(StringBuilder buf, byte[] data, String nl)
{
for (int i = 20; i < data.length; i += 20)
{
if (i < data.length - 20)
{
// -DM Hex.toHexString
buf.append(" ").append(Hex.toHexString(data, i, 20)).append(nl);
}
else
{
// -DM Hex.toHexString
buf.append(" ").append(Hex.toHexString(data, i, data.length - i)).append(nl);
}
}
}
public static String asString(X509CertificateHolder certHolder)
{
StringBuilder buf = new StringBuilder();
String nl = Strings.lineSeparator();
String sigAlgorithm = new DefaultSignatureNameFinder().getAlgorithmName(certHolder.getSignatureAlgorithm());
sigAlgorithm = sigAlgorithm.replace("WITH", "with");
String pubKeyAlgorithm = keyAlgToLabel(certHolder.getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm());
buf.append(" [0] Version: ").append(certHolder.getVersionNumber()).append(nl);
buf.append(" SerialNumber: ").append(certHolder.getSerialNumber()).append(nl);
buf.append(" IssuerDN: ").append(certHolder.getIssuer()).append(nl);
buf.append(" Start Date: ").append(certHolder.getNotBefore()).append(nl);
buf.append(" Final Date: ").append(certHolder.getNotAfter()).append(nl);
buf.append(" SubjectDN: ").append(certHolder.getSubject()).append(nl);
buf.append(" Public Key: ").append(pubKeyAlgorithm).append(nl);
buf.append(" ");
prettyPrintData(certHolder.getSubjectPublicKeyInfo().getPublicKeyData().getOctets(), buf, nl);
Extensions extensions = certHolder.getExtensions();
if (extensions != null)
{
Enumeration e = extensions.oids();
if (e.hasMoreElements())
{
buf.append(" Extensions: ").append(nl);
}
while (e.hasMoreElements())
{
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
Extension ext = extensions.getExtension(oid);
if (ext.getExtnValue() != null)
{
byte[] octs = ext.getExtnValue().getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
String pad = " ";
try
{
String label = oidToLabel(oid);
buf.append(pad).append(label);
buf.append(": critical(").append(ext.isCritical()).append(") ").append(nl);
pad += spaces(2 + label.length());
if (oid.equals(Extension.basicConstraints))
{
BasicConstraints bc = BasicConstraints.getInstance(dIn.readObject());
buf.append(pad).append("isCA : " + bc.isCA()).append(nl);
if (bc.isCA())
{
buf.append(spaces(2 + label.length()));
buf.append("pathLenConstraint : " + bc.getPathLenConstraint()).append(nl);
}
}
else if (oid.equals(Extension.keyUsage))
{
KeyUsage usage = KeyUsage.getInstance(dIn.readObject());
buf.append(pad);
boolean first = true;
for (Iterator it = usageMap.keySet().iterator(); it.hasNext(); )
{
int bit = it.next();
if (usage.hasUsages(bit))
{
if (!first)
{
buf.append(", ");
}
else
{
first = false;
}
buf.append(usageMap.get(bit));
}
}
buf.append(nl);
}
else if (oid.equals(Extension.extendedKeyUsage))
{
ExtendedKeyUsage usage = ExtendedKeyUsage.getInstance(dIn.readObject());
buf.append(pad);
boolean first = true;
for (Iterator it = extUsageMap.keySet().iterator(); it.hasNext(); )
{
KeyPurposeId purpose = it.next();
if (usage.hasKeyPurposeId(purpose))
{
if (!first)
{
buf.append(", ");
}
else
{
first = false;
}
buf.append(extUsageMap.get(purpose));
}
}
buf.append(nl);
}
else
{
buf.append(pad).append("value = ").append(indent(pad + spaces(8), ASN1Dump.dumpAsString(dIn.readObject()), nl)).append(nl);
//buf.append(" value = ").append("*****").append(nl);
}
}
catch (Exception ex)
{
ex.printStackTrace();
buf.append(oid.getId());
// buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl);
buf.append(" value = ").append("*****").append(nl);
}
}
else
{
buf.append(nl);
}
}
}
buf.append(" Signature Algorithm: ").append(sigAlgorithm).append(nl);
buf.append(" Signature: ");
prettyPrintData(certHolder.getSignature(), buf, nl);
return buf.toString();
}
public static void main(String[] args)
throws Exception
{
PEMParser p = new PEMParser(new FileReader(args[0]));
// -DM System.out.println
System.out.println(asString((X509CertificateHolder)p.readObject()));
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy