Example 11 with CertPathBuilderResult
use of java.security.cert.CertPathBuilderResult in project MonjaDB by Kanatoko.
the class MSecurityUtil method isValidChain.
//--------------------------------------------------------------------------------
public static boolean isValidChain(List chain) {
//root, im, leaf�̏��Ԃ�chain�ł��邱�Ƃ�����
if (chain.size() < 2) {
return false;
}
try {
X509Certificate root = null;
X509Certificate leaf = null;
List imList = new ArrayList();
for (int i = 0; i < chain.size(); ++i) {
if (i == 0) {
//root
root = (X509Certificate) chain.get(i);
} else if (i == chain.size() - 1) {
leaf = (X509Certificate) chain.get(i);
} else {
imList.add(chain.get(i));
}
}
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
ks.setCertificateEntry("root", root);
X509CertSelector target = new X509CertSelector();
target.setCertificate(leaf);
PKIXBuilderParameters params = new PKIXBuilderParameters(ks, target);
CertStoreParameters intermediates = new CollectionCertStoreParameters(imList);
params.addCertStore(CertStore.getInstance("Collection", intermediates));
params.setRevocationEnabled(false);
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
CertPathBuilderResult result = builder.build(params);
return true;
} catch (Exception e) {
return false;
}
}
Also used :
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
CertStoreParameters(java.security.cert.CertStoreParameters)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
X509CertSelector(java.security.cert.X509CertSelector)
CertPathBuilder(java.security.cert.CertPathBuilder)
X509Certificate(java.security.cert.X509Certificate)
CertificateException(java.security.cert.CertificateException)
Example 12 with CertPathBuilderResult
use of java.security.cert.CertPathBuilderResult in project jetty.project by eclipse.
the class CertificateValidator method validate.
public void validate(Certificate[] certChain) throws CertificateException {
try {
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
for (Certificate item : certChain) {
if (item == null)
continue;
if (!(item instanceof X509Certificate)) {
throw new IllegalStateException("Invalid certificate type in chain");
}
certList.add((X509Certificate) item);
}
if (certList.isEmpty()) {
throw new IllegalStateException("Invalid certificate chain");
}
X509CertSelector certSelect = new X509CertSelector();
certSelect.setCertificate(certList.get(0));
// Configure certification path builder parameters
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(_trustStore, certSelect);
pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));
// Set maximum certification path length
pbParams.setMaxPathLength(_maxCertPathLength);
// Enable revocation checking
pbParams.setRevocationEnabled(true);
// Set static Certificate Revocation List
if (_crls != null && !_crls.isEmpty()) {
pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(_crls)));
}
// Enable On-Line Certificate Status Protocol (OCSP) support
if (_enableOCSP) {
Security.setProperty("ocsp.enable", "true");
}
// Enable Certificate Revocation List Distribution Points (CRLDP) support
if (_enableCRLDP) {
System.setProperty("com.sun.security.enableCRLDP", "true");
}
// Build certification path
CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);
// Validate certification path
CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(), pbParams);
} catch (GeneralSecurityException gse) {
LOG.debug(gse);
throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse);
}
}
Also used :
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
X509CertSelector(java.security.cert.X509CertSelector)
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 13 with CertPathBuilderResult
use of java.security.cert.CertPathBuilderResult in project robovm by robovm.
the class PKIXCertPathBuilderSpi method engineBuild.
/**
* Build and validate a CertPath using the given parameter.
*
* @param params PKIXBuilderParameters object containing all information to
* build the CertPath
*/
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException {
if (!(params instanceof PKIXBuilderParameters) && !(params instanceof ExtendedPKIXBuilderParameters)) {
throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + ExtendedPKIXBuilderParameters.class.getName() + ".");
}
ExtendedPKIXBuilderParameters pkixParams = null;
if (params instanceof ExtendedPKIXBuilderParameters) {
pkixParams = (ExtendedPKIXBuilderParameters) params;
} else {
pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance((PKIXBuilderParameters) params);
}
Collection targets;
Iterator targetIter;
List certPathList = new ArrayList();
X509Certificate cert;
// search target certificates
Selector certSelect = pkixParams.getTargetConstraints();
if (!(certSelect instanceof X509CertStoreSelector)) {
throw new CertPathBuilderException("TargetConstraints must be an instance of " + X509CertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class.");
}
try {
targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getStores());
targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector) certSelect, pkixParams.getCertStores()));
} catch (AnnotatedException e) {
throw new ExtCertPathBuilderException("Error finding target certificate.", e);
}
if (targets.isEmpty()) {
throw new CertPathBuilderException("No certificate found matching targetContraints.");
}
CertPathBuilderResult result = null;
// check all potential target certificates
targetIter = targets.iterator();
while (targetIter.hasNext() && result == null) {
cert = (X509Certificate) targetIter.next();
result = build(cert, pkixParams, certPathList);
}
if (result == null && certPathException != null) {
if (certPathException instanceof AnnotatedException) {
throw new CertPathBuilderException(certPathException.getMessage(), certPathException.getCause());
}
throw new CertPathBuilderException("Possible certificate chain could not be validated.", certPathException);
}
if (result == null && certPathException == null) {
throw new CertPathBuilderException("Unable to find certificate chain.");
}
return result;
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters)
ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
Iterator(java.util.Iterator)
ExtCertPathBuilderException(org.bouncycastle.jce.exception.ExtCertPathBuilderException)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
Selector(org.bouncycastle.util.Selector)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
Example 14 with CertPathBuilderResult
use of java.security.cert.CertPathBuilderResult in project robovm by robovm.
the class CertPathBuilderSpiTest method testCertPathBuilderSpi01.
/**
* Test for <code>CertPathBuilderSpi</code> constructor Assertion:
* constructs CertPathBuilderSpi
*/
public void testCertPathBuilderSpi01() throws CertPathBuilderException, InvalidAlgorithmParameterException {
CertPathBuilderSpi certPathBuilder = new MyCertPathBuilderSpi();
CertPathParameters cpp = null;
try {
certPathBuilder.engineBuild(cpp);
fail("CertPathBuilderException must be thrown");
} catch (CertPathBuilderException e) {
}
CertPathBuilderResult cpbResult = certPathBuilder.engineBuild(cpp);
assertNull("Not null CertPathBuilderResult", cpbResult);
}
Also used :
MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi)
CertPathBuilderSpi(java.security.cert.CertPathBuilderSpi)
MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
CertPathParameters(java.security.cert.CertPathParameters)
Example 15 with CertPathBuilderResult
use of java.security.cert.CertPathBuilderResult in project robovm by robovm.
the class CertPathBuilderTest method testCertPathBuilder.
public void testCertPathBuilder() throws Exception {
CertPathBuilder pathBuilder = CertPathBuilder.getInstance(algorithmName);
CertPathBuilderResult builderResult = pathBuilder.build(params);
CertPath path = builderResult.getCertPath();
assertNotNull("built path is null", path);
validateCertPath(path);
}
Also used :
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
CertPathBuilder(java.security.cert.CertPathBuilder)
CertPath(java.security.cert.CertPath)
Aggregations
CertPathBuilderResult (java.security.cert.CertPathBuilderResult)19
X509Certificate (java.security.cert.X509Certificate)9
CertPathBuilder (java.security.cert.CertPathBuilder)8
PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)8
CertPath (java.security.cert.CertPath)7
CertPathBuilderException (java.security.cert.CertPathBuilderException)7
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)7
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6
ArrayList (java.util.ArrayList)6
TrustAnchor (java.security.cert.TrustAnchor)5
X509CertSelector (java.security.cert.X509CertSelector)5
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)4
Collection (java.util.Collection)4
Iterator (java.util.Iterator)4
MyCertPath (org.apache.harmony.security.tests.support.cert.MyCertPath)4
ExtCertPathBuilderException (org.bouncycastle.jce.exception.ExtCertPathBuilderException)4
CertPathValidator (java.security.cert.CertPathValidator)3
CertificateException (java.security.cert.CertificateException)3
CertificateFactory (java.security.cert.CertificateFactory)3
PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)3
