de.rub.nds.x509attacker.trust.TrustPlatform Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of x509-attacker Show documentation
Show all versions of x509-attacker Show documentation
X.509-Attacker is a tool based on ASN.1 Tool for creating arbitrary certificates; including especially
invalid and malformed certificates. Since X.509 certificates encode their contents in ASN.1, this tool extends
the features of ASN.1 Tool in terms of certificate signing. Also, X.509-Attacker introduces a feature of
referencing XML elements in order to avoid redundancies when defining certificates in XML.
The newest version!
/*
* X.509-Attacker - A Library for Arbitrary X.509 Certificates
*
* Copyright 2014-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH
*
* Licensed under Apache License, Version 2.0
* http://www.apache.org/licenses/LICENSE-2.0.txt
*/
package de.rub.nds.x509attacker.trust;
import de.rub.nds.x509attacker.x509.model.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
public class TrustPlatform {
private final String platform;
private final String version;
private final String url;
private final Date lastUpdate;
private final List trustAnchors;
private final List blockedTrustAnchors;
public TrustPlatform() {
blockedTrustAnchors = null;
trustAnchors = null;
lastUpdate = null;
platform = null;
url = null;
version = null;
}
public TrustPlatform(
String platform,
String version,
String url,
Date lastUpdate,
List certificateEntries,
List blockedCertificateEntries) {
this.platform = platform;
this.version = version;
this.url = url;
this.lastUpdate = lastUpdate;
this.trustAnchors = certificateEntries;
this.blockedTrustAnchors = blockedCertificateEntries;
}
public String getPlatform() {
return platform;
}
public String getVersion() {
return version;
}
public String getUrl() {
return url;
}
public Date getLastUpdate() {
return lastUpdate;
}
public List getTrustAnchors() {
return trustAnchors;
}
public List getBlockedTrustAnchors() {
return blockedTrustAnchors;
}
public boolean isTrusted(byte[] sha256Fingerprint) {
for (X509Certificate anchor : trustAnchors) {
if (Arrays.equals(anchor.getSha256Fingerprint(), sha256Fingerprint)) {
return true;
}
}
return false;
}
public boolean isBlacklisted(byte[] sha256Fingerprint) {
for (X509Certificate anchor : blockedTrustAnchors) {
if (Arrays.equals(anchor.getSha256Fingerprint(), sha256Fingerprint)) {
return true;
}
}
return false;
}
/**
* Returns the trust anchor with a given sha256 fingerprint.If the subject is not trusted or not
* found null is returned
*
* @param sha256Fingerprint The sha2-256 fingerprint of the certificate that we are searching
* for
* @return The relevant trustAnchor or null if not found
*/
public X509Certificate getTrustedCertificateEntry(byte[] sha256Fingerprint) {
for (X509Certificate anchor : trustAnchors) {
if (Arrays.equals(anchor.getSha256Fingerprint(), sha256Fingerprint)) {
return anchor;
}
}
return null;
}
/**
* Returns the blacklisted anchor with a given sha256 fingerprint.If the subject is not
* blacklisted or not found null is returned
*
* @param sha256Fingerprint The sha2-256 fingerprint of the certificate that we are searching
* for
* @return The relevant trustAnchor or null if not found
*/
public X509Certificate getBlacklistedCertificateEntry(byte[] sha256Fingerprint) {
for (X509Certificate anchor : blockedTrustAnchors) {
if (Arrays.equals(anchor.getSha256Fingerprint(), sha256Fingerprint)) {
return anchor;
}
}
return null;
}
}