Examples with CertPath java.security.cert.CertPath used on opensource projects

Example 41 with CertPath

use of java.security.cert.CertPath in project XobotOS by xamarin.

the class TrustManagerImpl method checkTrusted.

private void checkTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
        throw new IllegalArgumentException("null or zero-length parameter");
    }
    if (err != null) {
        throw new CertificateException(err);
    }
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchors);
    if (newChain.length == 0) {
        // chain was entirely trusted, skip the validator
        return;
    }
    CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
    if (trustAnchors.isEmpty()) {
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
    }
    try {
        PKIXParameters params = new PKIXParameters(trustAnchors);
        params.setRevocationEnabled(false);
        validator.validate(certPath, params);
        // cleanupCertChainAndFindTrustAnchors.  http://b/3404902
        for (int i = 1; i < newChain.length; i++) {
            trustedCertificateIndex.index(newChain[i]);
        }
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateException(e);
    } catch (CertPathValidatorException e) {
        throw new CertificateException(e);
    }
}

Example 42 with CertPath

use of java.security.cert.CertPath in project nhin-d by DirectProject.

the class TrustChainValidator method isTrusted.

/**
	 * Indicates if a certificate is considered to be trusted by resolving a valid certificate trust chain with the provided anchors.
	 * @param certificate The certificate to check.
	 * @param anchors A list of trust anchors used to check the trust chain.
	 * @return Returns true if the certificate can find a valid trust chain in the collection of anchors.  False otherwise.
	 */
public boolean isTrusted(X509Certificate certificate, Collection<X509Certificate> anchors) {
    if (certificate == null)
        throw new IllegalArgumentException();
    if (anchors == null || anchors.size() == 0)
        // no anchors... conspiracy theory?  trust no one    
        return false;
    try {
        // check if the certificate is in the list of anchors... this is a valid trust model
        if (isIssuerInAnchors(anchors, certificate))
            return true;
        CertPath certPath = null;
        CertificateFactory factory = CertificateFactory.getInstance("X509");
        List<Certificate> certs = new ArrayList<Certificate>();
        certs.add(certificate);
        // check for intermediates
        if (certResolvers != null) {
            Collection<X509Certificate> intermediatesCerts = resolveIntermediateIssuers(certificate, anchors);
            if (intermediatesCerts != null && intermediatesCerts.size() > 0)
                certs.addAll(intermediatesCerts);
        }
        Set<TrustAnchor> trustAnchorSet = new HashSet<TrustAnchor>();
        for (X509Certificate archor : anchors) trustAnchorSet.add(new TrustAnchor(archor, null));
        PKIXParameters params = new PKIXParameters(trustAnchorSet);
        /*
        	 *  Disable CRL checking in cert path validation for now until a better implementation is put together
        	 */
        params.setRevocationEnabled(false);
        // JCE will only allow OSCP checking when revocation checking is enabled
        // however some implementations will fail if revocation checking is turned on, but the CRL
        // extension does not exist. for compatibility reasons, only turn this on if CRL extension points are defined
        /*
        	params.setRevocationEnabled(CRLRevocationManager.isCRLDispPointDefined(certificate));
	        {
	        	// populate the CRL store from the revocation manager
	        	CRLRevocationManager mgr = CRLRevocationManager.getInstance();
	        	Set<CRL> crls = mgr.getCRLCollection();
	        	
	        	CertStore crlStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls), CryptoExtensions.getJCEProviderName()); 
	        	params.addCertStore(crlStore);
	        }
            */
        certPath = factory.generateCertPath(certs);
        CertPathValidator pathValidator = CertPathValidator.getInstance("PKIX", CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertPathValidator", "PKIX"));
        pathValidator.validate(certPath, params);
        return true;
    } catch (Exception e) {
        LOGGER.warn("Certificate " + certificate.getSubjectX500Principal().getName() + " is not trusted.", e);
    }
    return false;
}

Example 43 with CertPath

use of java.security.cert.CertPath in project robovm by robovm.

the class CertPathBuilderTest method testCertPathBuilder.

public void testCertPathBuilder() throws Exception {
    CertPathBuilder pathBuilder = CertPathBuilder.getInstance(algorithmName);
    CertPathBuilderResult builderResult = pathBuilder.build(params);
    CertPath path = builderResult.getCertPath();
    assertNotNull("built path is null", path);
    validateCertPath(path);
}

Example 44 with CertPath

use of java.security.cert.CertPath in project robovm by robovm.

the class CertPathTest method testHashCode.

/**
     * Test for <code>hashCode()</code> method<br>
     * Assertion: returns hash of the <code>Certificate</code> instance
     */
public final void testHashCode() {
    CertPath cp1 = new MyCertPath(testEncoding);
    CertPath cp2 = new MyCertPath(testEncoding);
    CertPath cp3 = new MyCertPath(testEncoding1);
    assertTrue(cp1.hashCode() == cp2.hashCode());
    assertTrue(cp1.hashCode() != cp3.hashCode());
}

Example 45 with CertPath

use of java.security.cert.CertPath in project robovm by robovm.

the class CertPathTest method testCertPath.

//
// Tests
//
/**
     * Test for <code>CertPath(String type)</code> method<br>
     * Assertion: returns hash of the <code>Certificate</code> instance
     */
public final void testCertPath() {
    try {
        CertPath cp1 = new MyCertPath(testEncoding);
        assertEquals("MyEncoding", cp1.getType());
        assertTrue(Arrays.equals(testEncoding, cp1.getEncoded()));
    } catch (CertificateEncodingException e) {
        fail("Unexpected CertificateEncodingException " + e.getMessage());
    }
    try {
        CertPath cp1 = new MyCertPath(null);
    } catch (Exception e) {
        fail("Unexpected exception " + e.getMessage());
    }
}