Examples with CertPathParameters - java.security.cert.CertPathParameters

Example 11 with CertPathParameters

use of java.security.cert.CertPathParameters in project tomcat70 by apache.

the class JSSESocketFactory method getParameters.

/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params = null;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                log.warn("Bad maxCertLength: " + trustLength);
            }
        }
        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}

Also used : CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathParameters(java.security.cert.CertPathParameters) X509CertSelector(java.security.cert.X509CertSelector) CertStore(java.security.cert.CertStore) CRLException(java.security.cert.CRLException) SocketException(java.net.SocketException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) FileNotFoundException(java.io.FileNotFoundException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CRLException(java.security.cert.CRLException)

Example 12 with CertPathParameters

use of java.security.cert.CertPathParameters in project j2objc by google.

the class CertPathBuilderSpiTest method testCertPathBuilderSpi01.

/**
 * Test for <code>CertPathBuilderSpi</code> constructor Assertion:
 * constructs CertPathBuilderSpi
 */
public void testCertPathBuilderSpi01() throws CertPathBuilderException, InvalidAlgorithmParameterException {
    CertPathBuilderSpi certPathBuilder = new MyCertPathBuilderSpi();
    CertPathParameters cpp = null;
    try {
        certPathBuilder.engineBuild(cpp);
        fail("CertPathBuilderException must be thrown");
    } catch (CertPathBuilderException e) {
    }
    CertPathBuilderResult cpbResult = certPathBuilder.engineBuild(cpp);
    assertNull("Not null CertPathBuilderResult", cpbResult);
}

Also used : MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderSpi(java.security.cert.CertPathBuilderSpi) MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderException(java.security.cert.CertPathBuilderException) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) CertPathParameters(java.security.cert.CertPathParameters)

Example 13 with CertPathParameters

use of java.security.cert.CertPathParameters in project Payara by payara.

the class JSSE14SocketFactory method getParameters.

/**
 * Return the initialization parameters for the TrustManager. Currently, only the default <code>PKIX</code> is
 * supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 *
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = (String) attributes.get("trustMaxCertLength");
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                logger.warning("Bad maxCertLength: " + trustLength);
            }
        }
        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}

Also used : CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) Collection(java.util.Collection) CertPathParameters(java.security.cert.CertPathParameters) X509CertSelector(java.security.cert.X509CertSelector) CertStore(java.security.cert.CertStore) CRLException(java.security.cert.CRLException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) CRLException(java.security.cert.CRLException)

Example 14 with CertPathParameters

use of java.security.cert.CertPathParameters in project tomcat by apache.

the class SSLUtilBase method getTrustManagers.

@Override
public TrustManager[] getTrustManagers() throws Exception {
    String className = sslHostConfig.getTrustManagerClassName();
    if (className != null && className.length() > 0) {
        ClassLoader classLoader = getClass().getClassLoader();
        Class<?> clazz = classLoader.loadClass(className);
        if (!(TrustManager.class.isAssignableFrom(clazz))) {
            throw new InstantiationException(sm.getString("sslUtilBase.invalidTrustManagerClassName", className));
        }
        Object trustManagerObject = clazz.getConstructor().newInstance();
        TrustManager trustManager = (TrustManager) trustManagerObject;
        return new TrustManager[] { trustManager };
    }
    TrustManager[] tms = null;
    KeyStore trustStore = sslHostConfig.getTruststore();
    if (trustStore != null) {
        checkTrustStoreEntries(trustStore);
        String algorithm = sslHostConfig.getTruststoreAlgorithm();
        String crlf = sslHostConfig.getCertificateRevocationListFile();
        boolean revocationEnabled = sslHostConfig.getRevocationEnabled();
        if ("PKIX".equalsIgnoreCase(algorithm)) {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            CertPathParameters params = getParameters(crlf, trustStore, revocationEnabled);
            ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
            tmf.init(mfp);
            tms = tmf.getTrustManagers();
        } else {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            tmf.init(trustStore);
            tms = tmf.getTrustManagers();
            if (crlf != null && crlf.length() > 0) {
                throw new CRLException(sm.getString("sslUtilBase.noCrlSupport", algorithm));
            }
            // Only warn if the attribute has been explicitly configured
            if (sslHostConfig.isCertificateVerificationDepthConfigured()) {
                log.warn(sm.getString("sslUtilBase.noVerificationDepth", algorithm));
            }
        }
    }
    return tms;
}

Also used : CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters) KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CRLException(java.security.cert.CRLException) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)

Aggregations

CertPathParameters (java.security.cert.CertPathParameters)14 CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)6 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4 KeyStore (java.security.KeyStore)4 CRLException (java.security.cert.CRLException)4 ManagerFactoryParameters (javax.net.ssl.ManagerFactoryParameters)4 TrustManager (javax.net.ssl.TrustManager)4 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)4 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)3 IOException (java.io.IOException)2 CertPath (java.security.cert.CertPath)2 CertPathBuilderException (java.security.cert.CertPathBuilderException)2 CertPathBuilderSpi (java.security.cert.CertPathBuilderSpi)2 CertPathValidator (java.security.cert.CertPathValidator)2 CertPathValidatorException (java.security.cert.CertPathValidatorException)2 CertStore (java.security.cert.CertStore)2 CertStoreParameters (java.security.cert.CertStoreParameters)2 CertificateException (java.security.cert.CertificateException)2 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)2 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)2