Examples with CertPath java.security.cert.CertPath used on opensource projects

Search in sources :

Example 71 with CertPath

use of java.security.cert.CertPath in project oxTrust by GluuFederation.

the class SSLService method loadCertificatesAsPkiPathEncoded.

private static X509Certificate[] loadCertificatesAsPkiPathEncoded(InputStream is) throws Exception {
    try {
        CertificateFactory cf = getCertificateFactoryInstance();
        CertPath certPath = cf.generateCertPath(is, PKI_PATH_ENCODING);
        List<? extends Certificate> certs = certPath.getCertificates();
        ArrayList<X509Certificate> loadedCerts = new ArrayList<X509Certificate>();
        for (Iterator<? extends Certificate> itr = certs.iterator(); itr.hasNext(); ) {
            X509Certificate cert = (X509Certificate) itr.next();
            if (cert != null) {
                loadedCerts.add(cert);
            }
        }
        return loadedCerts.toArray(new X509Certificate[loadedCerts.size()]);
    } finally {
        IOUtils.closeQuietly(is);
    }
}
Also used : ArrayList(java.util.ArrayList) CertPath(java.security.cert.CertPath) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate)

Example 72 with CertPath

use of java.security.cert.CertPath in project Spark by igniterealtime.

the class SparkExceptionsTrustManager method validatePath.

/**
 * Validate certificate path. As it is exception, no checks against revocation or time validity are done but path
 * still have to be validated in order to find connection between certificate presented by server and root CA in
 * KeyStore
 *
 * @throws NoSuchAlgorithmException
 * @throws KeyStoreException
 * @throws InvalidAlgorithmParameterException
 * @throws CertPathValidatorException
 * @throws CertPathBuilderException
 * @throws CertificateException
 */
private void validatePath(X509Certificate[] chain) throws NoSuchAlgorithmException, KeyStoreException, InvalidAlgorithmParameterException, CertPathValidatorException, CertPathBuilderException, CertificateException {
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
    CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(chain[chain.length - 1]);
    // checks against time validity aren't done here as it exceptions list
    certSelector.setCertificateValid(null);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(allStore, certSelector);
    // no checks against revocation as it is exception
    parameters.setRevocationEnabled(false);
    CertPathBuilderResult pathResult = certPathBuilder.build(parameters);
    CertPath certPath = pathResult.getCertPath();
    PKIXCertPathValidatorResult validationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, parameters);
    X509Certificate trustedCert = validationResult.getTrustAnchor().getTrustedCert();
    if (trustedCert == null) {
        throw new CertificateException("Certificate path failed");
    } else {
        Log.debug("ClientTrustManager: Trusted CA: " + trustedCert.getSubjectDN());
    }
}
Also used : CertPathValidator(java.security.cert.CertPathValidator) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) X509CertSelector(java.security.cert.X509CertSelector) CertificateException(java.security.cert.CertificateException) CertPathBuilder(java.security.cert.CertPathBuilder) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate)

Example 73 with CertPath

use of java.security.cert.CertPath in project testcases by coheigea.

the class SignatureCRLUnitTest method testCRLRevocation.

@org.junit.Test
public void testCRLRevocation() throws Exception {
    System.setProperty("java.security.debug", "all");
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    // Signing Cert
    InputStream certInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40rev.jks");
    assertNotNull(certInputStream);
    KeyStore certKeyStore = KeyStore.getInstance("JKS");
    certKeyStore.load(certInputStream, "security".toCharArray());
    Certificate[] certs = certKeyStore.getCertificateChain("wss40rev");
    assertNotNull(certs);
    assertEquals(certs.length, 2);
    // List<Certificate> certList = Arrays.asList(certs[0]); // WORKS
    // DOESN'T WORK!
    List<Certificate> certList = Arrays.asList(certs);
    CertPath path = certificateFactory.generateCertPath(certList);
    // CA cert
    InputStream caInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CA.jks");
    assertNotNull(caInputStream);
    KeyStore caKeyStore = KeyStore.getInstance("JKS");
    caKeyStore.load(caInputStream, "security".toCharArray());
    X509Certificate caCert = (X509Certificate) caKeyStore.getCertificate("wss40CA");
    assertNotNull(caCert);
    Set<TrustAnchor> set = new HashSet<TrustAnchor>();
    TrustAnchor anchor = new TrustAnchor(caCert, null);
    set.add(anchor);
    // Load CRL
    InputStream crlInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CACRL.pem");
    assertNotNull(crlInputStream);
    X509CRL crl = (X509CRL) certificateFactory.generateCRL(crlInputStream);
    crlInputStream.close();
    assertNotNull(crl);
    // Construct PKIXParameters
    PKIXParameters param = new PKIXParameters(set);
    param.setRevocationEnabled(true);
    param.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(crl))));
    // Validate the Cert Path
    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
    try {
        validator.validate(path, param);
        fail("Failure expected on a revoked certificate");
    } catch (CertPathValidatorException ex) {
        assertTrue(ex.getMessage().contains("revoked") || ex.getMessage().contains("revocation"));
    }
}
Also used : X509CRL(java.security.cert.X509CRL) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) TrustAnchor(java.security.cert.TrustAnchor) CertificateFactory(java.security.cert.CertificateFactory) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) CertPathValidator(java.security.cert.CertPathValidator) CertPathValidatorException(java.security.cert.CertPathValidatorException) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXParameters(java.security.cert.PKIXParameters) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 74 with CertPath

use of java.security.cert.CertPath in project candlepin by candlepin.

the class SSLCertTest method validCertificateShouldPassVerification.

@SuppressWarnings("serial")
@Test
public void validCertificateShouldPassVerification() throws Exception {
    CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
    CertPath cp = certificateFactory.generateCertPath(new LinkedList<Certificate>() {

        {
            add(certificatePath);
        }
    });
    // PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)
    cpv.validate(cp, PKIXparams);
    assertEquals("CN=Robert Paulson, OU=org unit, O=org, L=Halifax, ST=NS, C=CA", certificatePath.getSubjectDN().getName());
}
Also used : CertPathValidator(java.security.cert.CertPathValidator) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 75 with CertPath

use of java.security.cert.CertPath in project candlepin by candlepin.

the class SSLCertTest method invalidCertificateShouldFailVerification.

@SuppressWarnings("serial")
@Test(expected = CertPathValidatorException.class)
public void invalidCertificateShouldFailVerification() throws Exception {
    CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
    CertPath cp = certificateFactory.generateCertPath(new LinkedList<Certificate>() {

        {
            add(selfSignedCertificate);
        }
    });
    // PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)
    cpv.validate(cp, PKIXparams);
}
Also used : CertPathValidator(java.security.cert.CertPathValidator) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Aggregations

CertPath (java.security.cert.CertPath)86 X509Certificate (java.security.cert.X509Certificate)36 CertificateFactory (java.security.cert.CertificateFactory)29 Certificate (java.security.cert.Certificate)19 CertPathValidator (java.security.cert.CertPathValidator)18 CertPathValidatorException (java.security.cert.CertPathValidatorException)18 MyCertPath (org.apache.harmony.security.tests.support.cert.MyCertPath)17 CertificateException (java.security.cert.CertificateException)15 ArrayList (java.util.ArrayList)15 PKIXParameters (java.security.cert.PKIXParameters)14 MyFailingCertPath (org.apache.harmony.security.tests.support.cert.MyFailingCertPath)14 TrustAnchor (java.security.cert.TrustAnchor)12 HashSet (java.util.HashSet)12 ByteArrayInputStream (java.io.ByteArrayInputStream)11 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)11 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)10 PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)10 X509CertSelector (java.security.cert.X509CertSelector)10 CertPathBuilder (java.security.cert.CertPathBuilder)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial