Examples with CertPath java.security.cert.CertPath used on opensource projects

Search in sources :

Example 86 with CertPath

use of java.security.cert.CertPath in project keycloak by keycloak.

the class JavaKeystoreKeyProvider method validateCertificateChain.

/**
 * <p>Validates the giving certificate chain represented by {@code certificates}. If the list of certificates is empty
 * or does not have at least 2 certificates (end-user certificate plus intermediary/root CAs) this method does nothing.
 *
 * <p>It should not be possible to import to keystores invalid chains though. So this is just an additional check
 * that we can reuse later for other purposes when the cert chain is also provided manually, in PEM.
 *
 * @param certificates
 */
private void validateCertificateChain(List<X509Certificate> certificates) throws GeneralSecurityException {
    if (certificates == null || certificates.isEmpty()) {
        return;
    }
    Set<TrustAnchor> anchors = new HashSet<>();
    // consider the last certificate in the chain as the most trusted cert
    anchors.add(new TrustAnchor(certificates.get(certificates.size() - 1), null));
    PKIXParameters params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    CertPath certPath = CertificateFactory.getInstance("X.509").generateCertPath(certificates);
    CertPathValidator validator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
    validator.validate(certPath, params);
}
Also used : CertPathValidator(java.security.cert.CertPathValidator) PKIXParameters(java.security.cert.PKIXParameters) TrustAnchor(java.security.cert.TrustAnchor) CertPath(java.security.cert.CertPath) HashSet(java.util.HashSet)

Aggregations

CertPath (java.security.cert.CertPath)86 X509Certificate (java.security.cert.X509Certificate)36 CertificateFactory (java.security.cert.CertificateFactory)29 Certificate (java.security.cert.Certificate)19 CertPathValidator (java.security.cert.CertPathValidator)18 CertPathValidatorException (java.security.cert.CertPathValidatorException)18 MyCertPath (org.apache.harmony.security.tests.support.cert.MyCertPath)17 CertificateException (java.security.cert.CertificateException)15 ArrayList (java.util.ArrayList)15 PKIXParameters (java.security.cert.PKIXParameters)14 MyFailingCertPath (org.apache.harmony.security.tests.support.cert.MyFailingCertPath)14 TrustAnchor (java.security.cert.TrustAnchor)12 HashSet (java.util.HashSet)12 ByteArrayInputStream (java.io.ByteArrayInputStream)11 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)11 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)10 PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)10 X509CertSelector (java.security.cert.X509CertSelector)10 CertPathBuilder (java.security.cert.CertPathBuilder)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial