All Downloads are FREE. Search and download functionalities are using the official Maven repository.

de.rub.nds.x509attacker.trust.TrustAnchorManager Maven / Gradle / Ivy

Go to download

X.509-Attacker is a tool based on ASN.1 Tool for creating arbitrary certificates; including especially invalid and malformed certificates. Since X.509 certificates encode their contents in ASN.1, this tool extends the features of ASN.1 Tool in terms of certificate signing. Also, X.509-Attacker introduces a feature of referencing XML elements in order to avoid redundancies when defining certificates in XML.

The newest version!
/*
 * X.509-Attacker - A Library for Arbitrary X.509 Certificates
 *
 * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH
 *
 * Licensed under Apache License, Version 2.0
 * http://www.apache.org/licenses/LICENSE-2.0.txt
 */
package de.rub.nds.x509attacker.trust;

import de.rub.nds.modifiablevariable.util.ComparableByteArray;
import de.rub.nds.x509attacker.x509.model.X509Certificate;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

public class TrustAnchorManager {

    private static final Logger LOGGER = LogManager.getLogger();

    private List trustPlatformList;

    private HashMap trustAnchors;

    private Set trustAnchorSet;

    public TrustAnchorManager() {
        this.trustPlatformList = new LinkedList<>();
        this.trustAnchors = new HashMap<>();
        this.trustAnchorSet = new LinkedHashSet<>();
    }

    public void addTrustPlaform(TrustPlatform platform) {
        trustPlatformList.add(platform);
        for (X509Certificate anchor : platform.getTrustAnchors()) {
            if (!trustAnchors.containsKey(new ComparableByteArray(anchor.getSha256Fingerprint()))) {
                trustAnchors.put(new ComparableByteArray(anchor.getSha256Fingerprint()), anchor);
            }
        }
        for (X509Certificate entry : platform.getBlockedTrustAnchors()) {
            if (!trustAnchors.containsKey(new ComparableByteArray(entry.getSha256Fingerprint()))) {
                trustAnchors.put(new ComparableByteArray(entry.getSha256Fingerprint()), entry);
            }
        }
    }

    public List getTrustPlatformList() {
        return trustPlatformList;
    }

    public boolean isTrustAnchor(X509Certificate certificate) {
        if (trustAnchors.containsKey(new ComparableByteArray(certificate.getSha256Fingerprint()))) {
            LOGGER.debug("Found a trustAnchor for certificate");
            return true;
        } else {
            return false;
        }
    }

    public Set getTrustAnchorSet() {
        return trustAnchorSet;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy