Merge pull request #21 from RUB-NDS/sha256fingerprint-refactoring

Sha256fingerprint refactoring

Author: ic0ns

src/main/java/de/rub/nds/tlsscanner/probe/certificate/CertificateReport.java

@@ -21,6 +21,8 @@ public interface CertificateReport {
 
     public Certificate getCertificate();
 
+    public String getSHA256Fingerprint();
+
     public String getSubject();
 
     public String getCommonNames();

src/main/java/de/rub/nds/tlsscanner/probe/certificate/CertificateReportGenerator.java

@@ -11,10 +11,14 @@
 import de.rub.nds.tlsattacker.core.constants.HashAlgorithm;
 import de.rub.nds.tlsattacker.core.constants.SignatureAlgorithm;
 import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.util.LinkedList;
 import java.util.List;
+import javax.xml.bind.DatatypeConverter;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.bouncycastle.asn1.x500.RDN;
@@ -29,9 +33,9 @@
  * @author Robert Merget - [email protected]
  */
 public class CertificateReportGenerator {
-    
+
     private static final Logger LOGGER = LogManager.getLogger(CertificateReportGenerator.class.getName());
-    
+
     public static List<CertificateReport> generateReports(Certificate certs) {
         List<CertificateReport> reportList = new LinkedList<>();
         if (certs != null) {
@@ -41,7 +45,7 @@ public static List<CertificateReport> generateReports(Certificate certs) {
         }
         return reportList;
     }
-    
+
     public static CertificateReport generateReport(org.bouncycastle.asn1.x509.Certificate cert) {
         CertificateReportImplementation report = new CertificateReportImplementation();
         setSubject(report, cert);
@@ -61,36 +65,37 @@ public static CertificateReport generateReport(org.bouncycastle.asn1.x509.Certif
         setRevoked(report, cert);
         setDnsCCA(report, cert);
         setTrusted(report, cert);
+        setSha256Hash(report, cert);
         report.setCertificate(cert);
         return report;
     }
-    
+
     private static void setSubject(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
         X500Name x500name = cert.getSubject();
         RDN cn = x500name.getRDNs(BCStyle.CN)[0];
         report.setCommonNames(IETFUtils.valueToString(cn.getFirst().getValue()));
     }
-    
+
     private static void setCommonNames(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
         X500Name x500name = cert.getSubject();
         RDN cn = x500name.getRDNs(BCStyle.CN)[0];
         report.setCommonNames(IETFUtils.valueToString(cn.getFirst().getValue()));
     }
-    
+
     private static void setAlternativeNames(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
-        
+
     }
-    
+
     private static void setValidFrom(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
         report.setValidFrom(cert.getStartDate().getDate());
     }
-    
+
     private static void setValidTo(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
         report.setValidTo(cert.getEndDate().getDate());
     }
-    
+
     private static void setPubkey(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
         try {
             X509Certificate x509Cert = new X509CertificateObject(cert);
@@ -99,15 +104,15 @@ private static void setPubkey(CertificateReportImplementation report, org.bouncy
             // TODO log could not set public key
         }
     }
-    
+
     private static void setWeakDebianKey(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
     }
-    
+
     private static void setIssuer(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
         report.setIssuer(cert.getIssuer().toString());
     }
-    
+
     private static void setSignatureAndHashAlgorithm(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
         String sigAndHashString = null;
@@ -129,34 +134,43 @@ private static void setSignatureAndHashAlgorithm(CertificateReportImplementation
             LOGGER.debug("Could not extraxt SignatureAndHashAlgorithm from String:" + sigAndHashString, E);
         }
     }
-    
+
     private static void setExtendedValidation(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
-        
+
     }
-    
+
     private static void setCeritifcateTransparency(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
     }
-    
+
     private static void setOcspMustStaple(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
     }
-    
+
     private static void setCRLSupported(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
     }
-    
+
     private static void setOcspSupported(CertificateReportImplementation report,
             org.bouncycastle.asn1.x509.Certificate cert) {
     }
-    
+
     private static void setRevoked(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
     }
-    
+
     private static void setDnsCCA(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
     }
-    
+
     private static void setTrusted(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
     }
+
+    private static void setSha256Hash(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
+        try {
+            report.setSha256FingerprintHex(DatatypeConverter.printHexBinary(
+                    MessageDigest.getInstance("SHA-256").digest(cert.getEncoded())).toLowerCase());
+        } catch (IOException | NoSuchAlgorithmException e) {
+            LOGGER.warn("Could not create SHA-256 Hash", e);
+        }
+    }
 }

src/main/java/de/rub/nds/tlsscanner/probe/certificate/CertificateReportImplementation.java

@@ -9,10 +9,12 @@
 package de.rub.nds.tlsscanner.probe.certificate;
 
 import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
+
 import java.security.PublicKey;
 import java.util.Date;
 import org.bouncycastle.asn1.x509.Certificate;
 
+
 /**
  *
  * @author Robert Merget - [email protected]
@@ -37,6 +39,7 @@ class CertificateReportImplementation implements CertificateReport {
     private Boolean dnsCAA;
     private Boolean trusted;
     private Certificate certificate;
+    private String sha256FingerprintHex;
 
     public CertificateReportImplementation() {
     }
@@ -46,6 +49,15 @@ public Certificate getCertificate() {
         return certificate;
     }
 
+    @Override
+    public String getSHA256Fingerprint() {
+        return sha256FingerprintHex;
+    }
+
+    public void setSha256FingerprintHex(String sha256FingerprintHex) {
+        this.sha256FingerprintHex = sha256FingerprintHex;
+    }
+
     public void setCertificate(Certificate certificate) {
         this.certificate = certificate;
     }
@@ -206,6 +218,7 @@ public void setTrusted(Boolean trusted) {
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();
+        builder.append("Fingerprint: ").append(sha256FingerprintHex).append("\n");
         if (subject != null) {
             builder.append("Subject: ").append(subject).append("\n");
         }