Search in sources :

Example 11 with X509CertStoreSelector

use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project robovm by robovm.

the class PKIXCertPathBuilderSpi method engineBuild.

/**
     * Build and validate a CertPath using the given parameter.
     * 
     * @param params PKIXBuilderParameters object containing all information to
     *            build the CertPath
     */
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException {
    if (!(params instanceof PKIXBuilderParameters) && !(params instanceof ExtendedPKIXBuilderParameters)) {
        throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + ExtendedPKIXBuilderParameters.class.getName() + ".");
    }
    ExtendedPKIXBuilderParameters pkixParams = null;
    if (params instanceof ExtendedPKIXBuilderParameters) {
        pkixParams = (ExtendedPKIXBuilderParameters) params;
    } else {
        pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance((PKIXBuilderParameters) params);
    }
    Collection targets;
    Iterator targetIter;
    List certPathList = new ArrayList();
    X509Certificate cert;
    // search target certificates
    Selector certSelect = pkixParams.getTargetConstraints();
    if (!(certSelect instanceof X509CertStoreSelector)) {
        throw new CertPathBuilderException("TargetConstraints must be an instance of " + X509CertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class.");
    }
    try {
        targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getStores());
        targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getCertStores()));
    } catch (AnnotatedException e) {
        throw new ExtCertPathBuilderException("Error finding target certificate.", e);
    }
    if (targets.isEmpty()) {
        throw new CertPathBuilderException("No certificate found matching targetContraints.");
    }
    CertPathBuilderResult result = null;
    // check all potential target certificates
    targetIter = targets.iterator();
    while (targetIter.hasNext() && result == null) {
        cert = (X509Certificate) targetIter.next();
        result = build(cert, pkixParams, certPathList);
    }
    if (result == null && certPathException != null) {
        if (certPathException instanceof AnnotatedException) {
            throw new CertPathBuilderException(certPathException.getMessage(), certPathException.getCause());
        }
        throw new CertPathBuilderException("Possible certificate chain could not be validated.", certPathException);
    }
    if (result == null && certPathException == null) {
        throw new CertPathBuilderException("Unable to find certificate chain.");
    }
    return result;
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException) CertPathBuilderException(java.security.cert.CertPathBuilderException) Iterator(java.util.Iterator) ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException) Collection(java.util.Collection) ArrayList(java.util.ArrayList) List(java.util.List) Selector(org.bouncycastle.util.Selector) X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)

Example 12 with X509CertStoreSelector

use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project LinLong-Java by zhenwei1108.

the class LDAPStoreHelper method getUserCertificates.

/**
 * Returns end certificates.
 * <p>
 * The attributeDescriptorCertificate is self signed by a source of authority and holds a
 * description of the privilege and its delegation rules.
 *
 * @param selector The selector to find the certificates.
 * @return A possible empty collection with certificates.
 * @throws StoreException
 */
public Collection getUserCertificates(X509CertStoreSelector selector) throws StoreException {
    String[] attrs = splitString(params.getUserCertificateAttribute());
    String[] attrNames = splitString(params.getLdapUserCertificateAttributeName());
    String[] subjectAttributeNames = splitString(params.getUserCertificateSubjectAttributeName());
    List list = certSubjectSerialSearch(selector, attrs, attrNames, subjectAttributeNames);
    Set resultSet = createCerts(list, selector);
    if (resultSet.size() == 0) {
        X509CertStoreSelector emptySelector = new X509CertStoreSelector();
        list = certSubjectSerialSearch(emptySelector, attrs, attrNames, subjectAttributeNames);
        resultSet.addAll(createCerts(list, selector));
    }
    return resultSet;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector) ArrayList(java.util.ArrayList) List(java.util.List)

Example 13 with X509CertStoreSelector

use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project LinLong-Java by zhenwei1108.

the class X509StoreLDAPCerts method getCertificatesFromCrossCertificatePairs.

private Collection getCertificatesFromCrossCertificatePairs(X509CertStoreSelector xselector) throws StoreException {
    Set set = new HashSet();
    X509CertPairStoreSelector ps = new X509CertPairStoreSelector();
    ps.setForwardSelector(xselector);
    ps.setReverseSelector(new X509CertStoreSelector());
    Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps));
    Set forward = new HashSet();
    Set reverse = new HashSet();
    Iterator it = crossCerts.iterator();
    while (it.hasNext()) {
        X509CertificatePair pair = (X509CertificatePair) it.next();
        if (pair.getForward() != null) {
            forward.add(pair.getForward());
        }
        if (pair.getReverse() != null) {
            reverse.add(pair.getReverse());
        }
    }
    set.addAll(forward);
    set.addAll(reverse);
    return set;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) X509CertificatePair(com.github.zhenwei.provider.x509.X509CertificatePair) X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector) Iterator(java.util.Iterator) X509CertPairStoreSelector(com.github.zhenwei.provider.x509.X509CertPairStoreSelector) HashSet(java.util.HashSet)

Aggregations

ArrayList (java.util.ArrayList)10 List (java.util.List)10 HashSet (java.util.HashSet)9 Iterator (java.util.Iterator)9 Set (java.util.Set)9 X509CertStoreSelector (com.github.zhenwei.provider.x509.X509CertStoreSelector)7 X509Certificate (java.security.cert.X509Certificate)7 IOException (java.io.IOException)6 CertPathBuilderException (java.security.cert.CertPathBuilderException)6 X509CertStoreSelector (org.bouncycastle.x509.X509CertStoreSelector)6 Collection (java.util.Collection)5 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)4 ExtendedPKIXBuilderParameters (org.bouncycastle.x509.ExtendedPKIXBuilderParameters)4 CertPathBuilder (java.security.cert.CertPathBuilder)3 CertPathValidatorException (java.security.cert.CertPathValidatorException)3 PKIXCertStoreSelector (com.github.zhenwei.provider.jcajce.PKIXCertStoreSelector)2 PKIXExtendedBuilderParameters (com.github.zhenwei.provider.jcajce.PKIXExtendedBuilderParameters)2 PKIXExtendedParameters (com.github.zhenwei.provider.jcajce.PKIXExtendedParameters)2 X509CertPairStoreSelector (com.github.zhenwei.provider.x509.X509CertPairStoreSelector)2