Search in sources :

Example 6 with CertStoreParameters

use of java.security.cert.CertStoreParameters in project robovm by robovm.

the class LDAPCertStoreParametersTest method testLDAPCertStoreParametersStringint01.

/**
     * Test #1 for <code>LDAPCertStoreParameters(String, int)</code> constructor<br>
     * Assertion: Creates an instance of <code>LDAPCertStoreParameters</code>
     * with the specified parameter values
     */
public final void testLDAPCertStoreParametersStringint01() {
    CertStoreParameters cp = new LDAPCertStoreParameters("myhost", 1098);
    assertTrue("isLDAPCertStoreParameters", cp instanceof LDAPCertStoreParameters);
}
Also used : CertStoreParameters(java.security.cert.CertStoreParameters) LDAPCertStoreParameters(java.security.cert.LDAPCertStoreParameters) LDAPCertStoreParameters(java.security.cert.LDAPCertStoreParameters)

Example 7 with CertStoreParameters

use of java.security.cert.CertStoreParameters in project robovm by robovm.

the class LDAPCertStoreParametersTest method testLDAPCertStoreParametersString01.

/**
     * Test #1 for <code>LDAPCertStoreParameters(String)</code> constructor<br>
     * Assertion: Creates an instance of <code>LDAPCertStoreParameters</code>
     * with the specified server name and a default port of 389
     */
public final void testLDAPCertStoreParametersString01() {
    CertStoreParameters cp = new LDAPCertStoreParameters("myhost");
    assertTrue("isLDAPCertStoreParameters", cp instanceof LDAPCertStoreParameters);
}
Also used : CertStoreParameters(java.security.cert.CertStoreParameters) LDAPCertStoreParameters(java.security.cert.LDAPCertStoreParameters) LDAPCertStoreParameters(java.security.cert.LDAPCertStoreParameters)

Example 8 with CertStoreParameters

use of java.security.cert.CertStoreParameters in project robovm by robovm.

the class CertPathBuilderTestPKIX method getCertPathParameters.

@Override
public CertPathParameters getCertPathParameters() throws Exception {
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate selfSignedcertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes()));
    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);
    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(certList);
    CertStore certStore = CertStore.getInstance("Collection", storeParams);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore, targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);
    return parameters;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ByteArrayInputStream(java.io.ByteArrayInputStream) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) ArrayList(java.util.ArrayList) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 9 with CertStoreParameters

use of java.security.cert.CertStoreParameters in project robovm by robovm.

the class CertPathValidatorTestPKIX method setUp.

@Override
protected void setUp() throws Exception {
    super.setUp();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate selfSignedcertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes()));
    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);
    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(certList);
    CertStore certStore = CertStore.getInstance("Collection", storeParams);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore, targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);
    CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
    CertPathBuilderResult builderResult = pathBuilder.build(parameters);
    certPath = builderResult.getCertPath();
    params = new PKIXParameters(keyStore);
    params.setRevocationEnabled(false);
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) ArrayList(java.util.ArrayList) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ByteArrayInputStream(java.io.ByteArrayInputStream) PKIXParameters(java.security.cert.PKIXParameters) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 10 with CertStoreParameters

use of java.security.cert.CertStoreParameters in project cxf by apache.

the class TrustedAuthorityValidator method isCertificateChainValid.

/**
 * Checks if a certificate is signed by a trusted authority.
 *
 * @param x509Certificate to check
 * @return the validity state of the certificate
 */
boolean isCertificateChainValid(List<X509Certificate> certificates) {
    X509Certificate targetCert = certificates.get(0);
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(targetCert);
    try {
        List<X509Certificate> intermediateCerts = certRepo.getCaCerts();
        List<X509Certificate> trustedAuthorityCerts = certRepo.getTrustedCaCerts();
        Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
        CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
        CertStoreParameters certificateParams = new CollectionCertStoreParameters(certificates);
        PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
        pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
        pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
        pkixParams.setRevocationEnabled(false);
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
        CertPath certPath = builder.build(pkixParams).getCertPath();
        // Now validate the CertPath (including CRL checking)
        if (enableRevocation) {
            List<X509CRL> crls = certRepo.getCRLs();
            if (!crls.isEmpty()) {
                pkixParams.setRevocationEnabled(true);
                CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
                pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
            }
        }
        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
        validator.validate(certPath, pkixParams);
    } catch (InvalidAlgorithmParameterException e) {
        LOG.log(Level.WARNING, "Invalid algorithm parameter by certificate chain validation. " + "It is likely that issuer certificates are not found in XKMS trusted storage. " + e.getMessage(), e);
        return false;
    } catch (NoSuchAlgorithmException e) {
        LOG.log(Level.WARNING, "Unknown algorithm by trust chain validation: " + e.getMessage(), e);
        return false;
    } catch (CertPathBuilderException e) {
        LOG.log(Level.WARNING, "Cannot build certification path: " + e.getMessage(), e);
        return false;
    } catch (CertPathValidatorException e) {
        LOG.log(Level.WARNING, "Cannot vaidate certification path: " + e.getMessage(), e);
        return false;
    }
    return true;
}
Also used : X509CRL(java.security.cert.X509CRL) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathValidator(java.security.cert.CertPathValidator) CertPathValidatorException(java.security.cert.CertPathValidatorException) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) CertPathBuilder(java.security.cert.CertPathBuilder) CertPath(java.security.cert.CertPath)

Aggregations

CertStoreParameters (java.security.cert.CertStoreParameters)13 CertStore (java.security.cert.CertStore)7 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)7 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)6 X509CertSelector (java.security.cert.X509CertSelector)6 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 X509Certificate (java.security.cert.X509Certificate)4 CertPathBuilder (java.security.cert.CertPathBuilder)3 LDAPCertStoreParameters (java.security.cert.LDAPCertStoreParameters)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 KeyStore (java.security.KeyStore)2 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)2 Certificate (java.security.cert.Certificate)2 CertificateException (java.security.cert.CertificateException)2 CertificateFactory (java.security.cert.CertificateFactory)2 ArrayList (java.util.ArrayList)2 IOException (java.io.IOException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 CRLException (java.security.cert.CRLException)1