Examples with CertPath java.security.cert.CertPath used on opensource projects

Example 66 with CertPath

use of java.security.cert.CertPath in project jdk8u_jdk by JetBrains.

the class SignatureFile method validateCertChain.

void validateCertChain(List<? extends Certificate> certs) throws Exception {
    int cpLen = 0;
    out: for (; cpLen < certs.size(); cpLen++) {
        for (TrustAnchor ta : pkixParameters.getTrustAnchors()) {
            if (ta.getTrustedCert().equals(certs.get(cpLen))) {
                break out;
            }
        }
    }
    if (cpLen > 0) {
        CertPath cp = certificateFactory.generateCertPath((cpLen == certs.size()) ? certs : certs.subList(0, cpLen));
        validator.validate(cp, pkixParameters);
    }
}

Example 67 with CertPath

use of java.security.cert.CertPath in project jdk8u_jdk by JetBrains.

the class SignatureFileVerifier method getSigners.

/**
     * Given the PKCS7 block and SignerInfo[], create an array of
     * CodeSigner objects. We do this only *once* for a given
     * signature block file.
     */
private CodeSigner[] getSigners(SignerInfo[] infos, PKCS7 block) throws IOException, NoSuchAlgorithmException, SignatureException, CertificateException {
    ArrayList<CodeSigner> signers = null;
    for (int i = 0; i < infos.length; i++) {
        SignerInfo info = infos[i];
        ArrayList<X509Certificate> chain = info.getCertificateChain(block);
        CertPath certChain = certificateFactory.generateCertPath(chain);
        if (signers == null) {
            signers = new ArrayList<>();
        }
        // Append the new code signer
        signers.add(new CodeSigner(certChain, info.getTimestamp()));
        if (debug != null) {
            debug.println("Signature Block Certificate: " + chain.get(0));
        }
    }
    if (signers != null) {
        return signers.toArray(new CodeSigner[signers.size()]);
    } else {
        return null;
    }
}

Example 68 with CertPath

use of java.security.cert.CertPath in project oxAuth by GluuFederation.

the class PathCertificateVerifier method verifyCertificate.

public PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, List<X509Certificate> additionalCerts) {
    try {
        // Check for self-signed certificate
        if (!verifySelfSignedCertificate && isSelfSigned(certificate)) {
            log.error("The certificate is self-signed!");
            return null;
        }
        // Prepare a set of trusted root CA certificates and a set of
        // intermediate certificates
        Set<X509Certificate> trustedRootCerts = new HashSet<X509Certificate>();
        Set<X509Certificate> intermediateCerts = new HashSet<X509Certificate>();
        for (X509Certificate additionalCert : additionalCerts) {
            if (isSelfSigned(additionalCert)) {
                trustedRootCerts.add(additionalCert);
            } else {
                intermediateCerts.add(additionalCert);
            }
        }
        // Attempt to build the certification chain and verify it
        PKIXCertPathBuilderResult certPathBuilderResult = verifyCertificate(certificate, trustedRootCerts, intermediateCerts);
        // Check that first certificate is an EE certificate
        CertPath certPath = certPathBuilderResult.getCertPath();
        List<? extends Certificate> certList = certPath.getCertificates();
        X509Certificate cert = (X509Certificate) certList.get(0);
        if (cert.getBasicConstraints() != -1) {
            log.error("Target certificate is not an EE certificate!");
            return null;
        }
        // The chain is verified. Return it as a result
        return certPathBuilderResult;
    } catch (CertPathBuilderException ex) {
        log.error("Failed to build certificate path", ex);
    } catch (GeneralSecurityException ex) {
        log.error("Failed to build certificate path", ex);
    }
    return null;
}

Example 69 with CertPath

use of java.security.cert.CertPath in project jdk8u_jdk by JetBrains.

the class NoExtensions method doBuild.

private void doBuild(X509Certificate userCert) throws Exception {
    // get the set of trusted CA certificates (only one in this instance)
    HashSet trustAnchors = new HashSet();
    X509Certificate trustedCert = getTrustedCertificate();
    trustAnchors.add(new TrustAnchor(trustedCert, null));
    // put together a CertStore (repository of the certificates and CRLs)
    ArrayList certs = new ArrayList();
    certs.add(trustedCert);
    certs.add(userCert);
    CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
    CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
    // specify the target certificate via a CertSelector
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(userCert);
    // seems to be required
    certSelector.setSubject(userCert.getSubjectDN().getName());
    // build a valid cerificate path
    CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
    PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
    certPathBuilderParams.addCertStore(certStore);
    certPathBuilderParams.setRevocationEnabled(false);
    CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
    // get and show cert path
    CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
}

Example 70 with CertPath

use of java.security.cert.CertPath in project jdk8u_jdk by JetBrains.

the class CertPathEncodingTest method main.

// Runs test of CertPath encoding and decoding.
public static void main(String[] args) throws Exception {
    // Make the CertPath whose encoded form has already been stored
    CertificateFactory certFac = CertificateFactory.getInstance("X509");
    final List<Certificate> certs = new ArrayList<>();
    certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert1.getBytes())));
    certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert2.getBytes())));
    CertPath cp = certFac.generateCertPath(certs);
    // Get the encoded form of the CertPath we made
    byte[] encoded = cp.getEncoded("PKCS7");
    // check if it matches the encoded value
    if (!Arrays.equals(encoded, Base64.getMimeDecoder().decode(pkcs7path.getBytes()))) {
        throw new RuntimeException("PKCS#7 encoding doesn't match stored value");
    }
    // Generate a CertPath from the encoded value and check if it equals
    // the CertPath generated from the certificates
    CertPath decodedCP = certFac.generateCertPath(new ByteArrayInputStream(encoded), "PKCS7");
    if (!decodedCP.equals(cp)) {
        throw new RuntimeException("CertPath decoded from PKCS#7 isn't equal to original");
    }
}