de.rub.nds.x509attacker.filesystem.CertificateIo Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of x509-attacker Show documentation
Show all versions of x509-attacker Show documentation
X.509-Attacker is a tool based on ASN.1 Tool for creating arbitrary certificates; including especially
invalid and malformed certificates. Since X.509 certificates encode their contents in ASN.1, this tool extends
the features of ASN.1 Tool in terms of certificate signing. Also, X.509-Attacker introduces a feature of
referencing XML elements in order to avoid redundancies when defining certificates in XML.
The newest version!
/*
* X.509-Attacker - A Library for Arbitrary X.509 Certificates
*
* Copyright 2014-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH
*
* Licensed under Apache License, Version 2.0
* http://www.apache.org/licenses/LICENSE-2.0.txt
*/
package de.rub.nds.x509attacker.filesystem;
import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.x509attacker.chooser.X509Chooser;
import de.rub.nds.x509attacker.context.X509Context;
import de.rub.nds.x509attacker.x509.X509CertificateChain;
import de.rub.nds.x509attacker.x509.model.X509Certificate;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.cert.CertificateEncodingException;
import java.util.Base64;
import java.util.LinkedList;
import java.util.List;
import java.util.function.Consumer;
import org.bouncycastle.crypto.tls.Certificate;
public class CertificateIo {
private static final String CERTIFICATE_PEM_PREFIX = "-----BEGIN CERTIFICATE-----";
private static final String CERTIFICATE_PEM_SUFFIX = "-----END CERTIFICATE-----";
private static final int LENGTH_FIELD_BYTE_LENGTH = 3;
private CertificateIo() {}
public static X509CertificateChain readPemChain(File file) throws IOException {
return readPemChain(new FileInputStream(file));
}
public static X509CertificateChain readPemChain(InputStream inputStream) throws IOException {
X509Context context = new X509Context();
X509Chooser chooser = context.getChooser();
X509CertificateChain chain = new X509CertificateChain();
List byteList = readPemCertificateByteList(inputStream);
for (CertificateBytes certificateBytes : byteList) {
X509Certificate x509Certificate = new X509Certificate("x509Certificate");
x509Certificate
.getParser(chooser)
.parse(
new BufferedInputStream(
new ByteArrayInputStream(certificateBytes.getBytes())));
chain.addCertificate(x509Certificate);
}
return chain;
}
public static List readPemCertificateByteList(InputStream inputStream)
throws IOException {
BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
List byteList = new LinkedList<>();
reader.lines()
.forEach(
new Consumer() {
private ByteArrayOutputStream stream = null;
@Override
public void accept(String line) {
if (line.contains(CERTIFICATE_PEM_PREFIX)) {
stream = new ByteArrayOutputStream();
} else if (line.contains(CERTIFICATE_PEM_SUFFIX)) {
if (stream == null) {
throw new RuntimeException(
"Could not parse certificate chain");
}
byte[] certificateBytes =
Base64.getDecoder().decode(stream.toByteArray());
byteList.add(new CertificateBytes(certificateBytes));
stream = null;
} else {
try {
if (stream == null) {
throw new RuntimeException(
"Could not parse certificate chain");
}
stream.write(line.strip().getBytes());
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
}
});
return byteList;
}
public static X509CertificateChain readRawChain(InputStream inputStream) throws IOException {
X509CertificateChain chain = new X509CertificateChain();
// Outer length field
byte[] lengthField = new byte[LENGTH_FIELD_BYTE_LENGTH];
inputStream.read(lengthField);
int outLength = ArrayConverter.bytesToInt(lengthField);
ByteArrayInputStream subCertificateListStream =
new ByteArrayInputStream(inputStream.readNBytes(outLength));
while (subCertificateListStream.available() > 0) {
chain.addCertificate(readRawCertificate(subCertificateListStream));
}
return chain;
}
public static X509CertificateChain readRawCertificateAsChain(InputStream inputStream)
throws IOException {
X509Context context = new X509Context();
X509Chooser chooser = context.getChooser();
byte[] lengthField = new byte[LENGTH_FIELD_BYTE_LENGTH];
inputStream.read(lengthField);
int length = ArrayConverter.bytesToInt(lengthField);
BufferedInputStream certificateInputStream =
new BufferedInputStream(new ByteArrayInputStream(inputStream.readNBytes(length)));
X509Certificate certificate = new X509Certificate("certificate");
certificate.getParser(chooser).parse(certificateInputStream);
X509CertificateChain chain = new X509CertificateChain();
chain.addCertificate(certificate);
return chain;
}
public static X509Certificate readRawCertificate(InputStream inputStream) throws IOException {
X509Context context = new X509Context();
X509Chooser chooser = context.getChooser();
byte[] lengthField = new byte[LENGTH_FIELD_BYTE_LENGTH];
inputStream.read(lengthField);
int length = ArrayConverter.bytesToInt(lengthField);
BufferedInputStream certificateInputStream =
new BufferedInputStream(new ByteArrayInputStream(inputStream.readNBytes(length)));
X509Certificate certificate = new X509Certificate("certificate");
certificate.getParser(chooser).parse(certificateInputStream);
return certificate;
}
public static X509CertificateChain convert(Certificate certificateList) {
X509Context context = new X509Context();
X509Chooser chooser = context.getChooser();
try {
X509CertificateChain chain = new X509CertificateChain();
for (org.bouncycastle.asn1.x509.Certificate certificate :
certificateList.getCertificateList()) {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
certificate.encodeTo(outputStream);
X509Certificate x509Certificate = new X509Certificate("certificate");
x509Certificate
.getParser(chooser)
.parse(
new BufferedInputStream(
new ByteArrayInputStream(outputStream.toByteArray())));
chain.addCertificate(x509Certificate);
}
return chain;
} catch (IOException ex) {
throw new RuntimeException("Could not convert certificate");
}
}
public static X509CertificateChain convert(java.security.cert.Certificate certificate) {
X509Context context = new X509Context();
X509Chooser chooser = context.getChooser();
try {
X509CertificateChain chain = new X509CertificateChain();
X509Certificate x509Certificate = new X509Certificate("certificate");
x509Certificate
.getParser(chooser)
.parse(
new BufferedInputStream(
new ByteArrayInputStream(certificate.getEncoded())));
chain.addCertificate(x509Certificate);
return chain;
} catch (CertificateEncodingException ex) {
throw new RuntimeException("Could not convert certificate");
}
}
}