Examples with CertPath java.security.cert.CertPath used on opensource projects

Example 56 with CertPath

use of java.security.cert.CertPath in project robovm by robovm.

the class CertificateTest method testVerifyMD2_chain.

public void testVerifyMD2_chain() throws Exception {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    // First check with the trust anchor not included in the chain
    CertPath path = certificateFactory.generateCertPath(getCertList(true, false));
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
    PKIXParameters params = createPKIXParams();
    CertPathValidatorResult res = certPathValidator.validate(path, params);
    assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
    PKIXCertPathValidatorResult r = (PKIXCertPathValidatorResult) res;
    assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
    // Now check with the trust anchor included in the chain
    path = certificateFactory.generateCertPath(getCertList(true, true));
    certPathValidator = CertPathValidator.getInstance("PKIX");
    params = createPKIXParams();
    if (StandardNames.IS_RI) {
        res = certPathValidator.validate(path, params);
        assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
        r = (PKIXCertPathValidatorResult) res;
        assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
    } else {
        try {
            certPathValidator.validate(path, params);
            fail();
        } catch (CertPathValidatorException expected) {
        }
    }
}

Example 57 with CertPath

use of java.security.cert.CertPath in project robovm by robovm.

the class CertificateTest method testVerifyMD5_chain.

public void testVerifyMD5_chain() throws Exception {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    // First check with the trust anchor not included in the chain
    CertPath path = certificateFactory.generateCertPath(getCertList(false, false));
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
    PKIXParameters params = createPKIXParams();
    CertPathValidatorResult res = certPathValidator.validate(path, params);
    assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
    PKIXCertPathValidatorResult r = (PKIXCertPathValidatorResult) res;
    assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
    // Now check with the trust anchor included in the chain
    path = certificateFactory.generateCertPath(getCertList(false, true));
    certPathValidator = CertPathValidator.getInstance("PKIX");
    params = createPKIXParams();
    res = certPathValidator.validate(path, params);
    assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
    r = (PKIXCertPathValidatorResult) res;
    assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
}

Example 58 with CertPath

use of java.security.cert.CertPath in project XobotOS by xamarin.

the class TrustManagerImpl method checkTrusted.

private void checkTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
        throw new IllegalArgumentException("null or zero-length parameter");
    }
    if (err != null) {
        throw new CertificateException(err);
    }
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchors);
    if (newChain.length == 0) {
        // chain was entirely trusted, skip the validator
        return;
    }
    CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
    if (trustAnchors.isEmpty()) {
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
    }
    try {
        PKIXParameters params = new PKIXParameters(trustAnchors);
        params.setRevocationEnabled(false);
        validator.validate(certPath, params);
        // cleanupCertChainAndFindTrustAnchors.  http://b/3404902
        for (int i = 1; i < newChain.length; i++) {
            trustedCertificateIndex.index(newChain[i]);
        }
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateException(e);
    } catch (CertPathValidatorException e) {
        throw new CertificateException(e);
    }
}

Example 59 with CertPath

use of java.security.cert.CertPath in project nhin-d by DirectProject.

the class TrustChainValidator method isTrusted.

/**
	 * Indicates if a certificate is considered to be trusted by resolving a valid certificate trust chain with the provided anchors.
	 * @param certificate The certificate to check.
	 * @param anchors A list of trust anchors used to check the trust chain.
	 * @return Returns true if the certificate can find a valid trust chain in the collection of anchors.  False otherwise.
	 */
public boolean isTrusted(X509Certificate certificate, Collection<X509Certificate> anchors) {
    if (certificate == null)
        throw new IllegalArgumentException();
    if (anchors == null || anchors.size() == 0)
        // no anchors... conspiracy theory?  trust no one    
        return false;
    try {
        // check if the certificate is in the list of anchors... this is a valid trust model
        if (isIssuerInAnchors(anchors, certificate))
            return true;
        CertPath certPath = null;
        CertificateFactory factory = CertificateFactory.getInstance("X509");
        List<Certificate> certs = new ArrayList<Certificate>();
        certs.add(certificate);
        // check for intermediates
        if (certResolvers != null) {
            Collection<X509Certificate> intermediatesCerts = resolveIntermediateIssuers(certificate, anchors);
            if (intermediatesCerts != null && intermediatesCerts.size() > 0)
                certs.addAll(intermediatesCerts);
        }
        Set<TrustAnchor> trustAnchorSet = new HashSet<TrustAnchor>();
        for (X509Certificate archor : anchors) trustAnchorSet.add(new TrustAnchor(archor, null));
        PKIXParameters params = new PKIXParameters(trustAnchorSet);
        /*
        	 *  Disable CRL checking in cert path validation for now until a better implementation is put together
        	 */
        params.setRevocationEnabled(false);
        // JCE will only allow OSCP checking when revocation checking is enabled
        // however some implementations will fail if revocation checking is turned on, but the CRL
        // extension does not exist. for compatibility reasons, only turn this on if CRL extension points are defined
        /*
        	params.setRevocationEnabled(CRLRevocationManager.isCRLDispPointDefined(certificate));
	        {
	        	// populate the CRL store from the revocation manager
	        	CRLRevocationManager mgr = CRLRevocationManager.getInstance();
	        	Set<CRL> crls = mgr.getCRLCollection();
	        	
	        	CertStore crlStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls), CryptoExtensions.getJCEProviderName()); 
	        	params.addCertStore(crlStore);
	        }
            */
        certPath = factory.generateCertPath(certs);
        CertPathValidator pathValidator = CertPathValidator.getInstance("PKIX", CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertPathValidator", "PKIX"));
        pathValidator.validate(certPath, params);
        return true;
    } catch (Exception e) {
        LOGGER.warn("Certificate " + certificate.getSubjectX500Principal().getName() + " is not trusted.", e);
    }
    return false;
}

Example 60 with CertPath

use of java.security.cert.CertPath in project robovm by robovm.

the class CertPathBuilderTest method testCertPathBuilder.

public void testCertPathBuilder() throws Exception {
    CertPathBuilder pathBuilder = CertPathBuilder.getInstance(algorithmName);
    CertPathBuilderResult builderResult = pathBuilder.build(params);
    CertPath path = builderResult.getCertPath();
    assertNotNull("built path is null", path);
    validateCertPath(path);
}