Example 11 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project robovm by robovm.
the class PKIXCertPathBuilderSpi method engineBuild.
/**
* Build and validate a CertPath using the given parameter.
*
* @param params PKIXBuilderParameters object containing all information to
* build the CertPath
*/
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException {
if (!(params instanceof PKIXBuilderParameters) && !(params instanceof ExtendedPKIXBuilderParameters)) {
throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + ExtendedPKIXBuilderParameters.class.getName() + ".");
}
ExtendedPKIXBuilderParameters pkixParams = null;
if (params instanceof ExtendedPKIXBuilderParameters) {
pkixParams = (ExtendedPKIXBuilderParameters) params;
} else {
pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance((PKIXBuilderParameters) params);
}
Collection targets;
Iterator targetIter;
List certPathList = new ArrayList();
X509Certificate cert;
// search target certificates
Selector certSelect = pkixParams.getTargetConstraints();
if (!(certSelect instanceof X509CertStoreSelector)) {
throw new CertPathBuilderException("TargetConstraints must be an instance of " + X509CertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class.");
}
try {
targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getStores());
targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getCertStores()));
} catch (AnnotatedException e) {
throw new ExtCertPathBuilderException("Error finding target certificate.", e);
}
if (targets.isEmpty()) {
throw new CertPathBuilderException("No certificate found matching targetContraints.");
}
CertPathBuilderResult result = null;
// check all potential target certificates
targetIter = targets.iterator();
while (targetIter.hasNext() && result == null) {
cert = (X509Certificate) targetIter.next();
result = build(cert, pkixParams, certPathList);
}
if (result == null && certPathException != null) {
if (certPathException instanceof AnnotatedException) {
throw new CertPathBuilderException(certPathException.getMessage(), certPathException.getCause());
}
throw new CertPathBuilderException("Possible certificate chain could not be validated.", certPathException);
}
if (result == null && certPathException == null) {
throw new CertPathBuilderException("Unable to find certificate chain.");
}
return result;
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters)
ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
Iterator(java.util.Iterator)
ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
Selector(org.bouncycastle.util.Selector)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
Example 12 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project LinLong-Java by zhenwei1108.
the class LDAPStoreHelper method getUserCertificates.
/**
* Returns end certificates.
* <p>
* The attributeDescriptorCertificate is self signed by a source of authority and holds a
* description of the privilege and its delegation rules.
*
* @param selector The selector to find the certificates.
* @return A possible empty collection with certificates.
* @throws StoreException
*/
public Collection getUserCertificates(X509CertStoreSelector selector) throws StoreException {
String[] attrs = splitString(params.getUserCertificateAttribute());
String[] attrNames = splitString(params.getLdapUserCertificateAttributeName());
String[] subjectAttributeNames = splitString(params.getUserCertificateSubjectAttributeName());
List list = certSubjectSerialSearch(selector, attrs, attrNames, subjectAttributeNames);
Set resultSet = createCerts(list, selector);
if (resultSet.size() == 0) {
X509CertStoreSelector emptySelector = new X509CertStoreSelector();
list = certSubjectSerialSearch(emptySelector, attrs, attrNames, subjectAttributeNames);
resultSet.addAll(createCerts(list, selector));
}
return resultSet;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 13 with X509CertStoreSelector
use of com.github.zhenwei.provider.x509.X509CertStoreSelector in project LinLong-Java by zhenwei1108.
the class X509StoreLDAPCerts method getCertificatesFromCrossCertificatePairs.
private Collection getCertificatesFromCrossCertificatePairs(X509CertStoreSelector xselector) throws StoreException {
Set set = new HashSet();
X509CertPairStoreSelector ps = new X509CertPairStoreSelector();
ps.setForwardSelector(xselector);
ps.setReverseSelector(new X509CertStoreSelector());
Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps));
Set forward = new HashSet();
Set reverse = new HashSet();
Iterator it = crossCerts.iterator();
while (it.hasNext()) {
X509CertificatePair pair = (X509CertificatePair) it.next();
if (pair.getForward() != null) {
forward.add(pair.getForward());
}
if (pair.getReverse() != null) {
reverse.add(pair.getReverse());
}
}
set.addAll(forward);
set.addAll(reverse);
return set;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
X509CertificatePair(com.github.zhenwei.provider.x509.X509CertificatePair)
X509CertStoreSelector(com.github.zhenwei.provider.x509.X509CertStoreSelector)
Iterator(java.util.Iterator)
X509CertPairStoreSelector(com.github.zhenwei.provider.x509.X509CertPairStoreSelector)
HashSet(java.util.HashSet)
Aggregations
ArrayList (java.util.ArrayList)10
List (java.util.List)10
HashSet (java.util.HashSet)9
Iterator (java.util.Iterator)9
Set (java.util.Set)9
X509CertStoreSelector (com.github.zhenwei.provider.x509.X509CertStoreSelector)7
X509Certificate (java.security.cert.X509Certificate)7
IOException (java.io.IOException)6
CertPathBuilderException (java.security.cert.CertPathBuilderException)6
X509CertStoreSelector (org.bouncycastle.x509.X509CertStoreSelector)6
Collection (java.util.Collection)5
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4
CertPathBuilderResult (java.security.cert.CertPathBuilderResult)4
ExtendedPKIXBuilderParameters (org.bouncycastle.x509.ExtendedPKIXBuilderParameters)4
CertPathBuilder (java.security.cert.CertPathBuilder)3
CertPathValidatorException (java.security.cert.CertPathValidatorException)3
PKIXCertStoreSelector (com.github.zhenwei.provider.jcajce.PKIXCertStoreSelector)2
PKIXExtendedBuilderParameters (com.github.zhenwei.provider.jcajce.PKIXExtendedBuilderParameters)2
PKIXExtendedParameters (com.github.zhenwei.provider.jcajce.PKIXExtendedParameters)2
X509CertPairStoreSelector (com.github.zhenwei.provider.x509.X509CertPairStoreSelector)2
