Example 6 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project LinLong-Java by zhenwei1108.
the class LDAPStoreHelper method getCrossCertificatePairs.
/**
* Returns cross certificate pairs.
*
* @param selector The selector to use to find the cross certificates.
* @return A possible empty collection with {@link X509CertificatePair}s
* @throws StoreException
*/
public Collection getCrossCertificatePairs(X509CertPairStoreSelector selector) throws StoreException {
String[] attrs = splitString(params.getCrossCertificateAttribute());
String[] attrNames = splitString(params.getLdapCrossCertificateAttributeName());
String[] subjectAttributeNames = splitString(params.getCrossCertificateSubjectAttributeName());
List list = crossCertificatePairSubjectSearch(selector, attrs, attrNames, subjectAttributeNames);
Set resultSet = createCrossCertificatePairs(list, selector);
if (resultSet.size() == 0) {
X509CertStoreSelector emptyCertselector = new X509CertStoreSelector();
X509CertPairStoreSelector emptySelector = new X509CertPairStoreSelector();
emptySelector.setForwardSelector(emptyCertselector);
emptySelector.setReverseSelector(emptyCertselector);
list = crossCertificatePairSubjectSearch(emptySelector, attrs, attrNames, subjectAttributeNames);
resultSet.addAll(createCrossCertificatePairs(list, selector));
}
return resultSet;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector)
ArrayList(java.util.ArrayList)
List(java.util.List)
X509CertPairStoreSelector(com.github.zhenwei.provider.x509.X509CertPairStoreSelector)
Example 7 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project LinLong-Java by zhenwei1108.
the class X509StoreLDAPCerts method engineGetMatches.
/**
* Returns a collection of matching certificates from the LDAP location.
* <p>
* The selector must be a of type <code>X509CertStoreSelector</code>. If it is not an empty
* collection is returned.
* </p><p>
* The implementation searches only for CA certificates, if the method {@link
* java.security.cert.X509CertSelector#getBasicConstraints()} is greater or equal to 0. If it is
* -2 only end certificates are searched.
* </p><p>
* The subject and the serial number for end certificates should be reasonable criterias for a
* selector.
* </p>
*
* @param selector The selector to use for finding.
* @return A collection with the matches.
* @throws StoreException if an exception occurs while searching.
*/
public Collection engineGetMatches(Selector selector) throws StoreException {
if (!(selector instanceof X509CertStoreSelector)) {
return Collections.EMPTY_SET;
}
X509CertStoreSelector xselector = (X509CertStoreSelector) selector;
Set set = new HashSet();
// test if only CA certificates should be selected
if (xselector.getBasicConstraints() > 0) {
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
} else // only end certificates should be selected
if (xselector.getBasicConstraints() == -2) {
set.addAll(helper.getUserCertificates(xselector));
} else // nothing specified
{
set.addAll(helper.getUserCertificates(xselector));
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
}
return set;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector)
HashSet(java.util.HashSet)
Example 8 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project LinLong-Java by zhenwei1108.
the class PKIXAttrCertPathBuilderSpi method engineBuild.
/**
* Build and validate a CertPath using the given parameter.
*
* @param params PKIXBuilderParameters object containing all information to build the CertPath
*/
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException {
if (!(params instanceof PKIXBuilderParameters) && !(params instanceof ExtendedPKIXBuilderParameters) && !(params instanceof PKIXExtendedBuilderParameters)) {
throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + PKIXExtendedBuilderParameters.class.getName() + ".");
}
List targetStores = new ArrayList();
PKIXExtendedBuilderParameters paramsPKIX;
if (params instanceof PKIXBuilderParameters) {
PKIXExtendedBuilderParameters.Builder paramsPKIXBldr = new PKIXExtendedBuilderParameters.Builder((PKIXBuilderParameters) params);
if (params instanceof ExtendedPKIXParameters) {
ExtendedPKIXBuilderParameters extPKIX = (ExtendedPKIXBuilderParameters) params;
paramsPKIXBldr.addExcludedCerts(extPKIX.getExcludedCerts());
paramsPKIXBldr.setMaxPathLength(extPKIX.getMaxPathLength());
targetStores = extPKIX.getStores();
}
paramsPKIX = paramsPKIXBldr.build();
} else {
paramsPKIX = (PKIXExtendedBuilderParameters) params;
}
Collection targets;
Iterator targetIter;
List certPathList = new ArrayList();
X509AttributeCertificate cert;
// search target certificates
PKIXExtendedParameters baseParams = paramsPKIX.getBaseParameters();
Selector certSelect = baseParams.getTargetConstraints();
if (!(certSelect instanceof X509AttributeCertStoreSelector)) {
throw new CertPathBuilderException("TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class.");
}
try {
targets = findCertificates((X509AttributeCertStoreSelector) certSelect, targetStores);
} catch (AnnotatedException e) {
throw new ExtCertPathBuilderException("Error finding target attribute certificate.", e);
}
if (targets.isEmpty()) {
throw new CertPathBuilderException("No attribute certificate found matching targetConstraints.");
}
CertPathBuilderResult result = null;
// check all potential target certificates
targetIter = targets.iterator();
while (targetIter.hasNext() && result == null) {
cert = (X509AttributeCertificate) targetIter.next();
X509CertStoreSelector selector = new X509CertStoreSelector();
Principal[] principals = cert.getIssuer().getPrincipals();
LinkedHashSet issuers = new LinkedHashSet();
for (int i = 0; i < principals.length; i++) {
try {
if (principals[i] instanceof X500Principal) {
selector.setSubject(((X500Principal) principals[i]).getEncoded());
}
PKIXCertStoreSelector certStoreSelector = new PKIXCertStoreSelector.Builder(selector).build();
CertPathValidatorUtilities.findCertificates(issuers, certStoreSelector, baseParams.getCertStores());
CertPathValidatorUtilities.findCertificates(issuers, certStoreSelector, baseParams.getCertificateStores());
} catch (AnnotatedException e) {
throw new ExtCertPathBuilderException("Public key certificate for attribute certificate cannot be searched.", e);
} catch (IOException e) {
throw new ExtCertPathBuilderException("cannot encode X500Principal.", e);
}
}
if (issuers.isEmpty()) {
throw new CertPathBuilderException("Public key certificate for attribute certificate cannot be found.");
}
Iterator it = issuers.iterator();
while (it.hasNext() && result == null) {
result = build(cert, (X509Certificate) it.next(), paramsPKIX, certPathList);
}
}
if (result == null && certPathException != null) {
throw new ExtCertPathBuilderException("Possible certificate chain could not be validated.", certPathException);
}
if (result == null && certPathException == null) {
throw new CertPathBuilderException("Unable to find certificate chain.");
}
return result;
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
ExtendedPKIXBuilderParameters(com.github.zhenwei.provider.x509.ExtendedPKIXBuilderParameters)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
ArrayList(java.util.ArrayList)
X509AttributeCertificate(com.github.zhenwei.provider.x509.X509AttributeCertificate)
PKIXExtendedBuilderParameters(com.github.zhenwei.provider.jcajce.PKIXExtendedBuilderParameters)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
ExtCertPathBuilderException(com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
X509AttributeCertStoreSelector(com.github.zhenwei.provider.x509.X509AttributeCertStoreSelector)
Selector(com.github.zhenwei.core.util.Selector)
PKIXCertStoreSelector(com.github.zhenwei.provider.jcajce.PKIXCertStoreSelector)
X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ExtendedPKIXBuilderParameters(com.github.zhenwei.provider.x509.ExtendedPKIXBuilderParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector)
X509AttributeCertStoreSelector(com.github.zhenwei.provider.x509.X509AttributeCertStoreSelector)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
PKIXCertStoreSelector(com.github.zhenwei.provider.jcajce.PKIXCertStoreSelector)
PKIXExtendedParameters(com.github.zhenwei.provider.jcajce.PKIXExtendedParameters)
ExtendedPKIXParameters(com.github.zhenwei.provider.x509.ExtendedPKIXParameters)
ExtCertPathBuilderException(com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException)
Collection(java.util.Collection)
X500Principal(javax.security.auth.x500.X500Principal)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Example 9 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project XobotOS by xamarin.
the class CertPathValidatorUtilities method findIssuerCerts.
/**
* Find the issuer certificates of a given certificate.
*
* @param cert
* The certificate for which an issuer should be found.
* @param pkixParams
* @return A <code>Collection</code> object containing the issuer
* <code>X509Certificate</code>s. Never <code>null</code>.
*
* @exception AnnotatedException
* if an error occurs.
*/
protected static Collection findIssuerCerts(X509Certificate cert, ExtendedPKIXBuilderParameters pkixParams) throws AnnotatedException {
X509CertStoreSelector certSelect = new X509CertStoreSelector();
Set certs = new HashSet();
try {
certSelect.setSubject(cert.getIssuerX500Principal().getEncoded());
} catch (IOException ex) {
throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", ex);
}
Iterator iter;
try {
List matches = new ArrayList();
matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getCertStores()));
matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getStores()));
matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getAdditionalStores()));
iter = matches.iterator();
} catch (AnnotatedException e) {
throw new AnnotatedException("Issuer certificate cannot be searched.", e);
}
X509Certificate issuer = null;
while (iter.hasNext()) {
issuer = (X509Certificate) iter.next();
// issuer cannot be verified because possible DSA inheritance
// parameters are missing
certs.add(issuer);
}
return certs;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
HashSet(java.util.HashSet)
Example 10 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project XobotOS by xamarin.
the class PKIXCertPathBuilderSpi method engineBuild.
/**
* Build and validate a CertPath using the given parameter.
*
* @param params PKIXBuilderParameters object containing all information to
* build the CertPath
*/
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException {
if (!(params instanceof PKIXBuilderParameters) && !(params instanceof ExtendedPKIXBuilderParameters)) {
throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + ExtendedPKIXBuilderParameters.class.getName() + ".");
}
ExtendedPKIXBuilderParameters pkixParams = null;
if (params instanceof ExtendedPKIXBuilderParameters) {
pkixParams = (ExtendedPKIXBuilderParameters) params;
} else {
pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance((PKIXBuilderParameters) params);
}
Collection targets;
Iterator targetIter;
List certPathList = new ArrayList();
X509Certificate cert;
// search target certificates
Selector certSelect = pkixParams.getTargetConstraints();
if (!(certSelect instanceof X509CertStoreSelector)) {
throw new CertPathBuilderException("TargetConstraints must be an instance of " + X509CertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class.");
}
try {
targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getStores());
targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getCertStores()));
} catch (AnnotatedException e) {
throw new ExtCertPathBuilderException("Error finding target certificate.", e);
}
if (targets.isEmpty()) {
throw new CertPathBuilderException("No certificate found matching targetContraints.");
}
CertPathBuilderResult result = null;
// check all potential target certificates
targetIter = targets.iterator();
while (targetIter.hasNext() && result == null) {
cert = (X509Certificate) targetIter.next();
result = build(cert, pkixParams, certPathList);
}
if (result == null && certPathException != null) {
if (certPathException instanceof AnnotatedException) {
throw new CertPathBuilderException(certPathException.getMessage(), certPathException.getCause());
}
throw new CertPathBuilderException("Possible certificate chain could not be validated.", certPathException);
}
if (result == null && certPathException == null) {
throw new CertPathBuilderException("Unable to find certificate chain.");
}
return result;
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters)
ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
Iterator(java.util.Iterator)
ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
Selector(org.bouncycastle.util.Selector)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
Aggregations
ArrayList (java.util.ArrayList)10
List (java.util.List)10
HashSet (java.util.HashSet)9
Iterator (java.util.Iterator)9
Set (java.util.Set)9
X509CertStoreSelector (com.github.zhenwei.provider.x509.X509CertStoreSelector)7
X509Certificate (java.security.cert.X509Certificate)7
IOException (java.io.IOException)6
CertPathBuilderException (java.security.cert.CertPathBuilderException)6
X509CertStoreSelector (org.bouncycastle.x509.X509CertStoreSelector)6
Collection (java.util.Collection)5
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4
CertPathBuilderResult (java.security.cert.CertPathBuilderResult)4
ExtendedPKIXBuilderParameters (org.bouncycastle.x509.ExtendedPKIXBuilderParameters)4
CertPathBuilder (java.security.cert.CertPathBuilder)3
CertPathValidatorException (java.security.cert.CertPathValidatorException)3
PKIXCertStoreSelector (com.github.zhenwei.provider.jcajce.PKIXCertStoreSelector)2
PKIXExtendedBuilderParameters (com.github.zhenwei.provider.jcajce.PKIXExtendedBuilderParameters)2
PKIXExtendedParameters (com.github.zhenwei.provider.jcajce.PKIXExtendedParameters)2
X509CertPairStoreSelector (com.github.zhenwei.provider.x509.X509CertPairStoreSelector)2
