Examples with CertPathBuilder java.security.cert.CertPathBuilder used on opensource projects

Search in sources :

Example 6 with CertPathBuilder

use of java.security.cert.CertPathBuilder in project oxAuth by GluuFederation.

the class PathCertificateVerifier method verifyCertificate.

/**
	 * Attempts to build a certification chain for given certificate to verify
	 * it. Relies on a set of root CA certificates (trust anchors) and a set of
	 * intermediate certificates (to be used as part of the chain).
	 */
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts) throws GeneralSecurityException {
    // Create the selector that specifies the starting certificate
    X509CertSelector selector = new X509CertSelector();
    selector.setBasicConstraints(-2);
    selector.setCertificate(certificate);
    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    for (X509Certificate trustedRootCert : trustedRootCerts) {
        trustAnchors.add(new TrustAnchor(trustedRootCert, null));
    }
    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
    // Turn off default revocation-checking mechanism
    pkixParams.setRevocationEnabled(false);
    // Specify a list of intermediate certificates
    CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
    pkixParams.addCertStore(intermediateCertStore);
    // Build and verify the certification chain
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
    PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);
    // Additional check to Verify cert path
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
    PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);
    return certPathBuilderResult;
}
Also used : CertPathValidator(java.security.cert.CertPathValidator) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 7 with CertPathBuilder

use of java.security.cert.CertPathBuilder in project robovm by robovm.

the class CertPathBuilder2Test method testGetInstance02.

/**
     * Test for <code>getInstance(String algorithm, String provider)</code> method
     * Assertions:
     * throws NullPointerException when algorithm is null
     * throws NoSuchAlgorithmException when algorithm  is not correct
     * throws IllegalArgumentException when provider is null or empty;
     * throws NoSuchProviderException when provider is available;
     * returns CertPathBuilder object
     */
public void testGetInstance02() throws NoSuchAlgorithmException, NoSuchProviderException, IllegalArgumentException, InvalidAlgorithmParameterException, CertPathBuilderException {
    try {
        CertPathBuilder.getInstance(null, mProv.getName());
        fail("NullPointerException or NoSuchAlgorithmException must be thrown when algorithm is null");
    } catch (NullPointerException e) {
    } catch (NoSuchAlgorithmException e) {
    }
    for (int i = 0; i < invalidValues.length; i++) {
        try {
            CertPathBuilder.getInstance(invalidValues[i], mProv.getName());
            fail("NoSuchAlgorithmException must be thrown (type: ".concat(invalidValues[i]).concat(")"));
        } catch (NoSuchAlgorithmException e) {
        }
    }
    String prov = null;
    for (int i = 0; i < validValues.length; i++) {
        try {
            CertPathBuilder.getInstance(validValues[i], prov);
            fail("IllegalArgumentException must be thrown when provider is null (type: ".concat(validValues[i]).concat(")"));
        } catch (IllegalArgumentException e) {
        }
        try {
            CertPathBuilder.getInstance(validValues[i], "");
            fail("IllegalArgumentException must be thrown when provider is empty (type: ".concat(validValues[i]).concat(")"));
        } catch (IllegalArgumentException e) {
        }
    }
    for (int i = 0; i < validValues.length; i++) {
        for (int j = 1; j < invalidValues.length; j++) {
            try {
                CertPathBuilder.getInstance(validValues[i], invalidValues[j]);
                fail("NoSuchProviderException must be thrown (type: ".concat(validValues[i]).concat(" provider: ").concat(invalidValues[j]).concat(")"));
            } catch (NoSuchProviderException e) {
            }
        }
    }
    CertPathBuilder cerPB;
    for (int i = 0; i < validValues.length; i++) {
        cerPB = CertPathBuilder.getInstance(validValues[i], mProv.getName());
        assertEquals("Incorrect type", cerPB.getAlgorithm(), validValues[i]);
        assertEquals("Incorrect provider", cerPB.getProvider().getName(), mProv.getName());
        checkResult(cerPB);
    }
}
Also used : NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertPathBuilder(java.security.cert.CertPathBuilder) NoSuchProviderException(java.security.NoSuchProviderException)

Example 8 with CertPathBuilder

use of java.security.cert.CertPathBuilder in project robovm by robovm.

the class CertPathBuilder2Test method testGetInstance01.

/**
     * Test for <code>getInstance(String algorithm)</code> method
     * Assertions:
     * throws
     * throws NullPointerException when algorithm is null
     * throws NoSuchAlgorithmException when algorithm  is not correct
     * returns CertPathBuilder object
     */
public void testGetInstance01() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertPathBuilderException {
    try {
        CertPathBuilder.getInstance(null);
        fail("NullPointerException or NoSuchAlgorithmException must be thrown when algorithm is null");
    } catch (NullPointerException e) {
    } catch (NoSuchAlgorithmException e) {
    }
    for (int i = 0; i < invalidValues.length; i++) {
        try {
            CertPathBuilder.getInstance(invalidValues[i]);
            fail("NoSuchAlgorithmException must be thrown (type: ".concat(invalidValues[i]).concat(")"));
        } catch (NoSuchAlgorithmException e) {
        }
    }
    CertPathBuilder cerPB;
    for (int i = 0; i < validValues.length; i++) {
        cerPB = CertPathBuilder.getInstance(validValues[i]);
        assertEquals("Incorrect type", cerPB.getAlgorithm(), validValues[i]);
        assertEquals("Incorrect provider", cerPB.getProvider(), mProv);
        checkResult(cerPB);
    }
}
Also used : NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertPathBuilder(java.security.cert.CertPathBuilder)

Example 9 with CertPathBuilder

use of java.security.cert.CertPathBuilder in project robovm by robovm.

the class myCertPathBuilder method testCertPathBuilder12.

/**
     * Test for
     * <code>CertPathBuilder</code> constructor
     * Assertion: returns CertPathBuilder object
     */
public void testCertPathBuilder12() throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertPathBuilderException {
    if (!PKIXSupport) {
        fail(NotSupportMsg);
        return;
    }
    CertPathBuilderSpi spi = new MyCertPathBuilderSpi();
    CertPathBuilder certPB = new myCertPathBuilder(spi, defaultProvider, defaultType);
    assertEquals("Incorrect algorithm", certPB.getAlgorithm(), defaultType);
    assertEquals("Incorrect provider", certPB.getProvider(), defaultProvider);
    try {
        certPB.build(null);
        fail("CertPathBuilderException must be thrown ");
    } catch (CertPathBuilderException e) {
    }
    certPB = new myCertPathBuilder(null, null, null);
    assertNull("Incorrect algorithm", certPB.getAlgorithm());
    assertNull("Incorrect provider", certPB.getProvider());
    try {
        certPB.build(null);
        fail("NullPointerException must be thrown ");
    } catch (NullPointerException e) {
    }
}
Also used : MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderSpi(java.security.cert.CertPathBuilderSpi) MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderException(java.security.cert.CertPathBuilderException) CertPathBuilder(java.security.cert.CertPathBuilder)

Example 10 with CertPathBuilder

use of java.security.cert.CertPathBuilder in project robovm by robovm.

the class myCertPathBuilder method testBuild.

// Test passed on RI
@KnownFailure(value = "expired certificate bug 2322662")
public void testBuild() throws Exception {
    TestUtils.initCertPathSSCertChain();
    CertPathParameters params = TestUtils.getCertPathParameters();
    CertPathBuilder builder = TestUtils.getCertPathBuilder();
    try {
        CertPathBuilderResult result = builder.build(params);
        assertNotNull("builder result is null", result);
        CertPath certPath = result.getCertPath();
        assertNotNull("certpath of builder result is null", certPath);
    } catch (InvalidAlgorithmParameterException e) {
        fail("unexpected Exception: " + e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) CertPathParameters(java.security.cert.CertPathParameters) CertPathBuilder(java.security.cert.CertPathBuilder) CertPath(java.security.cert.CertPath) KnownFailure(dalvik.annotation.KnownFailure)

Aggregations

CertPathBuilder (java.security.cert.CertPathBuilder)36 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)20 X509CertSelector (java.security.cert.X509CertSelector)20 X509Certificate (java.security.cert.X509Certificate)19 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)15 HashSet (java.util.HashSet)14 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 CertPathBuilderException (java.security.cert.CertPathBuilderException)10 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)10 TrustAnchor (java.security.cert.TrustAnchor)10 ArrayList (java.util.ArrayList)9 CertPath (java.security.cert.CertPath)8 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)7 NoSuchProviderException (java.security.NoSuchProviderException)7 CertPathValidator (java.security.cert.CertPathValidator)7 CertStore (java.security.cert.CertStore)7 GeneralSecurityException (java.security.GeneralSecurityException)6 Certificate (java.security.cert.Certificate)6 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)6 IOException (java.io.IOException)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial