Added method for checking self-signed certificates

sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java

@@ -33,6 +33,10 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
@@ -398,4 +402,15 @@ public static String convertToPem(Certificate certificate) {
         }
     }
 
+    public static <T extends Certificate> boolean isSelfSigned(T certificate) {
+        try {
+            certificate.verify(certificate.getPublicKey());
+            return true;
+        } catch (SignatureException e) {
+            return false;
+        } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException e) {
+            throw new GenericCertificateException(e);
+        }
+    }
+
 }

sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java

@@ -514,6 +514,28 @@ void getJdkTrustedCertificates() {
         assertThat(jdkTrustedCertificates).hasSizeGreaterThan(0);
     }
 
+    @Test
+    void isSelfSigned() {
+        List<Certificate> certificates = CertificateUtils.loadCertificate(PEM_LOCATION + "self-signed.pem");
+
+        assertThat(certificates).hasSize(1);
+        Certificate certificate = certificates.get(0);
+
+        boolean selfSigned = CertificateUtils.isSelfSigned(certificate);
+        assertThat(selfSigned).isTrue();
+    }
+
+    @Test
+    void isNotSelfSigned() {
+        List<Certificate> certificates = CertificateUtils.loadCertificate(PEM_LOCATION + "not-self-signed.pem");
+
+        assertThat(certificates).hasSize(1);
+        Certificate certificate = certificates.get(0);
+
+        boolean selfSigned = CertificateUtils.isSelfSigned(certificate);
+        assertThat(selfSigned).isFalse();
+    }
+
     @Test
     void notAddSubjectAndIssuerAsHeaderWhenCertificateTypeIsNotX509Certificate() throws CertificateEncodingException {
         Certificate certificate = mock(Certificate.class);

sslcontext-kickstart/src/test/resources/pem/not-self-signed.pem

@@ -0,0 +1,25 @@
+subject=CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL
+issuer=CN=Root-CA,OU=Certificate Authority,O=Thunderberry,C=NL
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIJAMyIuuDEpWwjMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAk5MMRUwEwYDVQQKEwxUaHVuZGVyYmVycnkxHjAcBgNVBAsTFUNlcnRpZmlj
+YXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHUm9vdC1DQTAeFw0yMzA4MTQyMTQzNTda
+Fw0zMzA4MTEyMTQzNTdaMEgxCzAJBgNVBAYTAk5MMRUwEwYDVQQKEwxUaHVuZGVy
+YmVycnkxEjAQBgNVBAsTCUFtc3RlcmRhbTEOMAwGA1UEAxMFSGFrYW4wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Odb4Zlv9QYrpQdtOdYp2Thiv7GsL
+5qGl6q7wgZbgSTF1ud/6jI+p0qrpIs2sSh/0OUKNrjP9SzPxo0C5CfvBWfg3YKqY
+N3+EwI8j2BsjIe/+kMyPfyU75KFDNMObUvZQgN9Jf8vmJeWu4KGdgkwDNYk89yX4
+u85RrOiz3ZqgKZZNXEVz/y/UIXcdvCEOoJu3TNCGlAkMkuJOtvneHZx15/nypTNN
+gh9GTb0Xti2hj41g/hPF4Mx09ZT/pgZ7cmYyYsoTb/XeiV0HWt5WX61ZKhb+Z/bW
+MNsOmfUAQ8XBHfUen9sNzxnhM8RsbQ2xRXiQiObeirqB8HT11GlTJnCZAgMBAAGj
+gaEwgZ4wHQYDVR0OBBYEFBzy+boSrjIurV5tNZO1ceZui7FpMAsGA1UdDwQEAwID
+uDAwBgNVHREBAf8EJjAkgglsb2NhbGhvc3SCEXJhc3BiZXJyeXBpLmxvY2FshwR/
+AAABMB8GA1UdIwQYMBaAFIdisn1KjGXGZnmhf9nFhzTS6WiAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEALiJkWBkCexEd
+ohCF7Jy8mvfUtc8VWerMa8PSKZ0p1UECa2mI54M44cHZs9jOBzs5tfD6i36oFSoU
+xwLQQvmHboKNRCyfNyDRNw3ZzzUFyPxvKBJREuvGnxis7pDdnAg6tCuh3Sp5reAL
+Bygl//mwtFsk390+5OYZYzvXLZPeUAq9eUrIOfq86hNwAlDDVCLlAbbyFogdIDCa
+4TIlkG2gU9OcvCtpa+BUxE4fUJ8NJXWxpLFeUthZcPd8Bs+EQBgfNljM5iPd4yRZ
+doJ4czEAq98OW0/P8xl1jziF4SAH87dgusXAv+7LocvUe09+3mmlKn/gBrbsBUVr
+NOflM65MHw==
+-----END CERTIFICATE-----

sslcontext-kickstart/src/test/resources/pem/self-signed.pem

@@ -0,0 +1,24 @@
+subject=CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL
+issuer=CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIJAMTkUZETirc2MA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNV
+BAYTAk5MMRUwEwYDVQQKEwxUaHVuZGVyYmVycnkxEjAQBgNVBAsTCUFtc3RlcmRh
+bTEOMAwGA1UEAxMFSGFrYW4wHhcNMjMwODE0MjEyOTI4WhcNMzMwODExMjEyOTI4
+WjBIMQswCQYDVQQGEwJOTDEVMBMGA1UEChMMVGh1bmRlcmJlcnJ5MRIwEAYDVQQL
+EwlBbXN0ZXJkYW0xDjAMBgNVBAMTBUhha2FuMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAiS7V0W/t9rkkc/NWDIgeiGvE8QCOZUEOGiClpQLo59bpR+fv
+7cnFUVKOfWrIxRJ7lWqTRhuJFiYz9UJVaVWL17vbO7+n2c39NNTY+ehtUvnNChyD
+1RywVNihAMcOevlXo6XhIpiK+TjdSNQUytN4GL+xkSCaD7270R/PCEuOKuerbQXz
+gpztoE7cPQ3EZpzKXespNaBbDsXksPXBDaMjOyQWhFcGrlE3ofXxt5uKk9oxm1t2
+VoUGrWDMvzTG+DhGrsWpUMcWtrdRmcg//9s+UCw9HoUcGFcGzod7U9TUSHpI1uhY
+diGWsctT4OK1b/y6BV6/WM+yMP+1vBaq+ryaEQIDAQABo38wfTAdBgNVHQ4EFgQU
+OryotwDEI0mMqfniKVUA2ZBwCzQwCwYDVR0PBAQDAgO4MDAGA1UdEQEB/wQmMCSC
+CWxvY2FsaG9zdIIRcmFzcGJlcnJ5cGkubG9jYWyHBH8AAAEwHQYDVR0lBBYwFAYI
+KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBk+BDrlthfABc1
+Lph3RpBUNixY6LppXBYJJG36cNE/FoegHAq161oK+V59/TnrmML8DUkfdlghLGwC
+1+awzUMEO5yijPIqmis9XyQIhpFQE/kQlafQsQeJFh6dhTyULlhmqOGvTZhIbIoM
+Cp4higiMyVuWPms88+44bpZXepOnTR5HgYNJqPzWh0Gvk9ofcMeRUZc7y9My8+k9
+vDEYajYad+RuNWYuxqmnT1/9L0H+9ddZjXEa4CSPeqlTTJmrSwanL/80+GCUDHle
+LVQVpXACAPUHgayzHb9hf/rjRvMgTj5U0rx4u51Hci+tZV4+efRJapsPqmTSaEMH
+qWWxT6ZO
+-----END CERTIFICATE-----