JarVerifier.java example

Explorer
monsiaj-master
- src
  - jp
    - or
      - med
        orca
        monsiaj
        FileUtils.java
        JarVerifier.java
        Loader.java
        ZipUtils.java
  - org
    - montsuqi
/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package jp.or.med.orca.monsiaj;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/**
 *
 * @author mihara
 */
public class JarVerifier {

    public static void main(String[] args) throws Exception {
        System.out.println(verify(new JarFile(args[0])));
    }

    private static boolean verifyCert(Certificate[] chain, X509Certificate[] trustCerts) {
        if (chain == null || chain.length == 0) {
            return false;
        }
        if (trustCerts == null || trustCerts.length == 0) {
            return false;
        }

        for (X509Certificate tc : trustCerts) {
            X509Certificate root = (X509Certificate) chain[chain.length - 1];
            X509Certificate leaf = (X509Certificate) chain[0];

            try {
                root.verify(tc.getPublicKey());
                for (Certificate c : chain) {
                    X509Certificate xc = (X509Certificate) c;
                    xc.checkValidity();
                }
                if (!leaf.getSubjectDN().getName().contains("CN=Japan Medical Association")) {
                    return false;
                }                
                return true;
            } catch (Exception ex) {
                // do nothing
            }
        }
        return false;
    }

    public static boolean verify(JarFile jar) throws Exception {
        X509Certificate[] certs = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);

        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                certs = x509TrustManager.getAcceptedIssuers();
            }
        }

        boolean result = false;
        Enumeration<JarEntry> entries = jar.entries();
        while (entries.hasMoreElements()) {
            JarEntry entry = entries.nextElement();
            try {
                InputStream iis = jar.getInputStream(entry);
            } catch (SecurityException se) {
                return false;
            }
            if (verifyCert(entry.getCertificates(), certs)) {
                result = true;
            }
        }
        return result;
    }
}