24 posts categorized "java"

11/01/2010

Groovy: New EVNark Release - v0.3.5

This Halloween weekend before taking the kids out, I did some googling and found a large enough number of new Policy OIDs that a new evnark release was warranted.  New in this release is recognition of extended validation certificates from AffirmTrustTrustCenter (aka TC TrustCenter), Certum, and Keynectis.  

In addition. some CA's have multiple OIDs for their EV certs, so, I have added additional EV OIDs for GoDaddy, DigiCert, and Izenpe.  

The changes in this release brings the number of Extended Validation Certificate CAs recognized by EVNark up to 27, which, if I am not mistaken, are more certs recognized by evnark than by Safari, Chrome, or Firefox.

The EVNark page has been updated and you can download a copy directly off that page.  Updated source is below.

 

#!/usr/bin/env groovy
// usage: 'evnark [-h/--host "hostname"] [-p/--port "port"]'
//
// v0.2 
//   + Adds hostname lookup exception handling
//   + Adds connection Timeout exception handling
//   + Modified the output so that it will now state
//     whether or not an EV cert was found.
//
// v0.3
//   + changed display so that successes are now
//     displayed with a green bar
// v0.3.5
//   + Added TrustCenter aka TC TrustCenter
//   + Added Certum
//   + Added KEYNECTIS
//   + Added additional ev policy id's for GoDaddy, Digicert, Izenpe


import java.security.*
import javax.net.ssl.*
import sun.security.x509.* 

/* This section sets up the command 
   line arguments portion of this script. */ 

def cli = new CliBuilder( usage: 'evnark [-h/--host "hostname"] [-p/--port "port"]' )
  cli.h( longOpt:'host', args:1, required:true, type:GString, 'The host or site you want to test' )
  cli.p( longOpt:'port', args:1, required:false, type:GString, 'Optional. Defaults to port 443')

def opt = cli.parse(args)
  if (!opt) return
  if (opt.h) host = opt.h

def port = 443
  if (opt.p) port = Integer.parseInt(opt.p)

// Create the socket
def factory = SSLSocketFactory.getDefault()

try {
  socket = factory.createSocket()
  socketaddr = new InetSocketAddress(host, port)
  socket.connect(socketaddr, 5000)
  } catch(UnknownHostException ex) {
      println "Hostname Resolution Failed.  Is ${host} a valid host?"
      return
  } catch(SocketTimeoutException ex) {
      println "Connection Timed Out. Is ${host} up or available?"
      return
  } 

try {
  socket.addHandshakeCompletedListener( new listener() )
  
  socket.startHandshake() 
  } catch(SSLHandshakeException ex) {
    println "CERTIFICATE PEER COULD NOT BE VERIFIED"
  } catch(SSLException ex) {
      println "The port number you specified (${port}) does not appear to be an ssl port"
  }

  class listener implements HandshakeCompletedListener {
  void handshakeCompleted(HandshakeCompletedEvent e) {

  def ev_oids = [
    // 'A-Trust GmbH':' Doesn't appear to offer the .yet',
    'AC Camerfirma SA':' 1.3.6.1.4.1.17326.10.14.2',
    'AffirmTrust':'1.3.6.1.4.1.34697.2.1',
    'AffirmTrust':'1.3.6.1.4.1.34697.2.2',
    'AffirmTrust':'1.3.6.1.4.1.34697.2.3',
    'AffirmTrust':'1.3.6.1.4.1.34697.2.4',
    'Buypass AS':'2.16.578.1.26.1.3.3',
    'Certum':'1.2.616.1.113527.2.5.1.1',
    'Comodo CA Limited':'1.3.6.1.4.1.6449.1.2.1.5.1',
    'Cybertrust, Inc':'1.3.6.1.4.1.6334.1.100.1',
    'D-TRUST GmbH':'1.3.6.1.4.1.4788.2.202.1',
    // 'DanID':' Doesn't appear to offer the yet ',
    'DigiCert Inc':'2.16.840.1.114412.2.1',
    'DigiCert Inc':'2.16.840.1.114412.1.3.0.2',
    'DigiNotar':'2.16.528.1.1001.1.1.1.12.6.1.1.1',
    // 'Echoworx Corporation':' Doesn't appear to offer them yet',
    'Entrust, Inc.':'2.16.840.1.114028.10.1.2',
    'GeoTrust Inc.':'1.3.6.1.4.1.14370.1.6',
    // 'Getronics PinkRoccade':'Doesn't appear to offer them yet',
    'GlobalSign nv-sa':'1.3.6.1.4.1.4146.1.1',
    'The Go Daddy Group, Inc.':'2.16.840.1.114413.1.7.23.3',
    'The Go Daddy Group, Inc. (Starfield)':'2.16.840.1.114414.1.7.23.3',
    // 'IdenTrust, Inc.':' Doesn't appear to offer the yet',
    // 'IpsCA, IPS Certification Authority s.l.':' ',
    'Izenpe S.A.':'1.3.6.1.4.1.14777.6.1.1',
    'Izenpe S.A.':'1.3.6.1.4.1.14777.6.1.2',
    'KEYNECTIS (aka Certplus)':'1.3.6.1.4.1.22234.2.5.2.3.1',
    'Network Solutions L.L.C.':'1.3.6.1.4.1.782.1.2.1.8.1',
    'QuoVadis Limited':'1.3.6.1.4.1.8024.0.2.100.1.2',
    // 'RSA Security, Inc.':' ',
    'SECOM Trust Systems CO.,LTD.':'1.2.392.200091.100.721.1',
    'SecureTrust Corporation':'2.16.840.1.114404.1.1.2.4.1',
    // 'Skaitmeninio sertifikavimo centras (SSC)':' ',
    'StartCom Ltd.':'1.3.6.1.4.1.23223.2',
    'Starfield Technologies':'2.16.840.1.114414.1.7.23.3',
    'SwissSign AG':'2.16.756.1.89.1.2.1.1',
    // 'T-Systems Enterprise Services GmbH':' ',
    'TC TrustCenter GMBh':'1.2.276.0.44.1.1.1.4',
    'Thawte, Inc.':'2.16.840.1.113733.1.7.48.1',
    // 'Trustis Limited':Doesn't appear to offer them yet',
    'ValiCert, Inc.':'2.16.840.1.114414.1.7.23.3',
    'VeriSign, Inc.':'2.16.840.1.113733.1.7.23.6',
    'Wells Fargo WellsSecure':'2.16.840.1.114171.500.9'
  ]

  def certs = e.getPeerCertificates()
  def crt = certs[0]
  def intcrt = certs[1]

  def ext = crt.getCertificatePoliciesExtension()
  def policies = ext.get(CertificatePoliciesExtension.POLICIES)
    for ( PolicyInformation info in policies ) {
      CertificatePolicyId id = info.getPolicyIdentifier()
        def certpolicyid = id.getIdentifier().toString()
        //println ""
        //println "Found Certificate Policy ID: ${certpolicyid}"
      if ( ev_oids.any { it.value == certpolicyid } )
        println "\033[0;42m" + " This host uses an Extended Validation Cert " + "\033[0m" + "\nThe Certficate Policy ID is: ${certpolicyid}\n"
        else 
        println "This host does NOT use an Extended Validation Cert\nThe Certificate Policy ID is: ${certpolicyid}\n"

    }
  }
}

socket.close()

09/27/2010

Groovy News: Gaelyk 0.5 Released

A major new upgrade was just announced for Gaelyk.  Version 0.5 was released.  New in this release, (which I have copied from the release announcement):

In addition to these new features, the version of Groovy was upgraded to 1.7.5 (including a performance improvement affecting Gaelyk), and some bugs were fixed, like the include and caching combination.

You can download this new version here, and see the release notes:

 

09/10/2010

Groovy News: Gaelyk 0.4.4 Released

Gaelyk 0.4.4 was just released.  Get it from the Download section on the Gaelyk site.  New in this version, (copied/pasted from the announcement):

  • Updated the Google App Engine SDK to the latest 1.3.7 version
  • Jabber and incoming email groovlets now have their implicit logger (gaelyk.email and gaelyk.jabber)
  • Plugins are now impacting Jabber and incoming email groovlets as well
  • Fixed a bug the conversion of String to Datastore's Category type (thanks for the contribution!)
  • Internal refactorings of the caching logic
  • Added namespace support for multitenancy, added in SDK 1.3.7:
    • a namespace is added in the binding, pointing at NamespaceManager, the SDK class dealing with 
    • new method namespace.of("customerA") { ... } to execute a closure in the context of a specific namespace