Examples with CertPathValidator java.security.cert.CertPathValidator used on opensource projects

Example 21 with CertPathValidator

use of java.security.cert.CertPathValidator in project robovm by robovm.

the class invalidParams method testCertPathValidator10.

/**
     * Test for <code>getInstance(String algorithm, String provider)</code> method
     * Assertion: returns CertPathValidator object
     */
public void testCertPathValidator10() throws NoSuchAlgorithmException, NoSuchProviderException {
    if (!PKIXSupport) {
        fail(NotSupportMsg);
        return;
    }
    CertPathValidator certPV;
    for (int i = 0; i < invalidValues.length; i++) {
        certPV = CertPathValidator.getInstance(validValues[i], defaultProvider);
        assertEquals("Incorrect algorithm", certPV.getAlgorithm(), validValues[i]);
        assertEquals("Incorrect provider name", certPV.getProvider(), defaultProvider);
    }
}

Example 22 with CertPathValidator

use of java.security.cert.CertPathValidator in project robovm by robovm.

the class CertificateTest method testVerifyMD2_chain.

public void testVerifyMD2_chain() throws Exception {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    // First check with the trust anchor not included in the chain
    CertPath path = certificateFactory.generateCertPath(getCertList(true, false));
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
    PKIXParameters params = createPKIXParams();
    CertPathValidatorResult res = certPathValidator.validate(path, params);
    assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
    PKIXCertPathValidatorResult r = (PKIXCertPathValidatorResult) res;
    assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
    // Now check with the trust anchor included in the chain
    path = certificateFactory.generateCertPath(getCertList(true, true));
    certPathValidator = CertPathValidator.getInstance("PKIX");
    params = createPKIXParams();
    if (StandardNames.IS_RI) {
        res = certPathValidator.validate(path, params);
        assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
        r = (PKIXCertPathValidatorResult) res;
        assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
    } else {
        try {
            certPathValidator.validate(path, params);
            fail();
        } catch (CertPathValidatorException expected) {
        }
    }
}

Example 23 with CertPathValidator

use of java.security.cert.CertPathValidator in project robovm by robovm.

the class CertificateTest method testVerifyMD5_chain.

public void testVerifyMD5_chain() throws Exception {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    // First check with the trust anchor not included in the chain
    CertPath path = certificateFactory.generateCertPath(getCertList(false, false));
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
    PKIXParameters params = createPKIXParams();
    CertPathValidatorResult res = certPathValidator.validate(path, params);
    assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
    PKIXCertPathValidatorResult r = (PKIXCertPathValidatorResult) res;
    assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
    // Now check with the trust anchor included in the chain
    path = certificateFactory.generateCertPath(getCertList(false, true));
    certPathValidator = CertPathValidator.getInstance("PKIX");
    params = createPKIXParams();
    res = certPathValidator.validate(path, params);
    assertTrue("wrong result type", res instanceof PKIXCertPathValidatorResult);
    r = (PKIXCertPathValidatorResult) res;
    assertTrue("Wrong trust anchor returned", params.getTrustAnchors().contains(r.getTrustAnchor()));
}

Example 24 with CertPathValidator

use of java.security.cert.CertPathValidator in project nhin-d by DirectProject.

the class TrustChainValidator method isTrusted.

/**
	 * Indicates if a certificate is considered to be trusted by resolving a valid certificate trust chain with the provided anchors.
	 * @param certificate The certificate to check.
	 * @param anchors A list of trust anchors used to check the trust chain.
	 * @return Returns true if the certificate can find a valid trust chain in the collection of anchors.  False otherwise.
	 */
public boolean isTrusted(X509Certificate certificate, Collection<X509Certificate> anchors) {
    if (certificate == null)
        throw new IllegalArgumentException();
    if (anchors == null || anchors.size() == 0)
        // no anchors... conspiracy theory?  trust no one    
        return false;
    try {
        // check if the certificate is in the list of anchors... this is a valid trust model
        if (isIssuerInAnchors(anchors, certificate))
            return true;
        CertPath certPath = null;
        CertificateFactory factory = CertificateFactory.getInstance("X509");
        List<Certificate> certs = new ArrayList<Certificate>();
        certs.add(certificate);
        // check for intermediates
        if (certResolvers != null) {
            Collection<X509Certificate> intermediatesCerts = resolveIntermediateIssuers(certificate, anchors);
            if (intermediatesCerts != null && intermediatesCerts.size() > 0)
                certs.addAll(intermediatesCerts);
        }
        Set<TrustAnchor> trustAnchorSet = new HashSet<TrustAnchor>();
        for (X509Certificate archor : anchors) trustAnchorSet.add(new TrustAnchor(archor, null));
        PKIXParameters params = new PKIXParameters(trustAnchorSet);
        /*
        	 *  Disable CRL checking in cert path validation for now until a better implementation is put together
        	 */
        params.setRevocationEnabled(false);
        // JCE will only allow OSCP checking when revocation checking is enabled
        // however some implementations will fail if revocation checking is turned on, but the CRL
        // extension does not exist. for compatibility reasons, only turn this on if CRL extension points are defined
        /*
        	params.setRevocationEnabled(CRLRevocationManager.isCRLDispPointDefined(certificate));
	        {
	        	// populate the CRL store from the revocation manager
	        	CRLRevocationManager mgr = CRLRevocationManager.getInstance();
	        	Set<CRL> crls = mgr.getCRLCollection();
	        	
	        	CertStore crlStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls), CryptoExtensions.getJCEProviderName()); 
	        	params.addCertStore(crlStore);
	        }
            */
        certPath = factory.generateCertPath(certs);
        CertPathValidator pathValidator = CertPathValidator.getInstance("PKIX", CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertPathValidator", "PKIX"));
        pathValidator.validate(certPath, params);
        return true;
    } catch (Exception e) {
        LOGGER.warn("Certificate " + certificate.getSubjectX500Principal().getName() + " is not trusted.", e);
    }
    return false;
}

Example 25 with CertPathValidator

use of java.security.cert.CertPathValidator in project zm-mailbox by Zimbra.

the class CertValidationUtil method validateCertificate.

public static void validateCertificate(X509Certificate cert, boolean revocationCheckEnabled, Set<TrustAnchor> trustedCertsSet) throws CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathValidatorException {
    cert.checkValidity();
    if (revocationCheckEnabled) {
        List<X509Certificate> certificates = new ArrayList<X509Certificate>();
        certificates.add(cert);
        CertificateFactory cf;
        CertPath cp;
        cf = CertificateFactory.getInstance("X509");
        cp = cf.generateCertPath(certificates);
        // init PKIX parameters
        PKIXParameters params;
        params = new PKIXParameters(trustedCertsSet);
        params.setRevocationEnabled(revocationCheckEnabled);
        // perform validation
        CertPathValidator cpv;
        cpv = CertPathValidator.getInstance("PKIX");
        PKIXCertPathValidatorResult cpv_result = (PKIXCertPathValidatorResult) cpv.validate(cp, params);
        ZimbraLog.account.debug("Certificate Validation Result %s", cpv_result.toString());
    }
}