Examples with CollectionCertStoreParameters - java.security.cert.CollectionCertStoreParameters

Example 51 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project tomcat70 by apache.

the class JSSESocketFactory method getParameters.

/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params = null;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                log.warn("Bad maxCertLength: " + trustLength);
            }
        }
        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}

Also used : CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathParameters(java.security.cert.CertPathParameters) X509CertSelector(java.security.cert.X509CertSelector) CertStore(java.security.cert.CertStore) CRLException(java.security.cert.CRLException) SocketException(java.net.SocketException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) FileNotFoundException(java.io.FileNotFoundException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CRLException(java.security.cert.CRLException)

Example 52 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project testcases by coheigea.

the class SignatureCRLUnitTest method testCRLRevocation.

@org.junit.Test
public void testCRLRevocation() throws Exception {
    System.setProperty("java.security.debug", "all");
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    // Signing Cert
    InputStream certInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40rev.jks");
    assertNotNull(certInputStream);
    KeyStore certKeyStore = KeyStore.getInstance("JKS");
    certKeyStore.load(certInputStream, "security".toCharArray());
    Certificate[] certs = certKeyStore.getCertificateChain("wss40rev");
    assertNotNull(certs);
    assertEquals(certs.length, 2);
    // List<Certificate> certList = Arrays.asList(certs[0]); // WORKS
    // DOESN'T WORK!
    List<Certificate> certList = Arrays.asList(certs);
    CertPath path = certificateFactory.generateCertPath(certList);
    // CA cert
    InputStream caInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CA.jks");
    assertNotNull(caInputStream);
    KeyStore caKeyStore = KeyStore.getInstance("JKS");
    caKeyStore.load(caInputStream, "security".toCharArray());
    X509Certificate caCert = (X509Certificate) caKeyStore.getCertificate("wss40CA");
    assertNotNull(caCert);
    Set<TrustAnchor> set = new HashSet<TrustAnchor>();
    TrustAnchor anchor = new TrustAnchor(caCert, null);
    set.add(anchor);
    // Load CRL
    InputStream crlInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CACRL.pem");
    assertNotNull(crlInputStream);
    X509CRL crl = (X509CRL) certificateFactory.generateCRL(crlInputStream);
    crlInputStream.close();
    assertNotNull(crl);
    // Construct PKIXParameters
    PKIXParameters param = new PKIXParameters(set);
    param.setRevocationEnabled(true);
    param.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(crl))));
    // Validate the Cert Path
    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
    try {
        validator.validate(path, param);
        fail("Failure expected on a revoked certificate");
    } catch (CertPathValidatorException ex) {
        assertTrue(ex.getMessage().contains("revoked") || ex.getMessage().contains("revocation"));
    }
}

Also used : X509CRL(java.security.cert.X509CRL) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) TrustAnchor(java.security.cert.TrustAnchor) CertificateFactory(java.security.cert.CertificateFactory) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) CertPathValidator(java.security.cert.CertPathValidator) CertPathValidatorException(java.security.cert.CertPathValidatorException) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXParameters(java.security.cert.PKIXParameters) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 53 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project j2objc by google.

the class CollectionCertStoreParametersTest method testCollectionCertStoreParametersCollection03.

/**
 * Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
 * constructor<br>
 */
public final void testCollectionCertStoreParametersCollection03() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    // create using empty collection
    CollectionCertStoreParameters cp = new CollectionCertStoreParameters(certificates);
    // check that the reference is used
    assertTrue("isRefUsed_1", certificates == cp.getCollection());
    // check that collection still empty
    assertTrue("isEmpty", cp.getCollection().isEmpty());
    // modify our collection
    certificates.add(new MyCertificate("TEST", new byte[] { (byte) 1 }));
    certificates.add(new MyCertificate("TEST", new byte[] { (byte) 2 }));
    // check that internal state has been changed accordingly
    assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}

Also used : MyCertificate(org.apache.harmony.security.tests.support.cert.MyCertificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) Vector(java.util.Vector) Certificate(java.security.cert.Certificate) MyCertificate(org.apache.harmony.security.tests.support.cert.MyCertificate)

Example 54 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project j2objc by google.

the class CollectionCertStoreParametersTest method testClone03.

/**
 * Test #3 for <code>clone()</code> method<br>
 */
public final void testClone03() {
    CollectionCertStoreParameters cp1 = new CollectionCertStoreParameters();
    CollectionCertStoreParameters cp2 = (CollectionCertStoreParameters) cp1.clone();
    CollectionCertStoreParameters cp3 = (CollectionCertStoreParameters) cp2.clone();
    // check that all objects hold the same reference
    assertTrue(cp1.getCollection() == cp2.getCollection() && cp3.getCollection() == cp2.getCollection());
}

Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)

Example 55 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project j2objc by google.

the class CollectionCertStoreParametersTest method testToString01.

/**
 * Test #1 for <code>toString()</code> method<br>
 */
public final void testToString01() {
    CollectionCertStoreParameters cp = new CollectionCertStoreParameters();
    String s = cp.toString();
    assertNotNull(s);
}

Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)

Aggregations

CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)66 X509CertSelector (java.security.cert.X509CertSelector)33 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)32 X509Certificate (java.security.cert.X509Certificate)29 CertStore (java.security.cert.CertStore)25 Certificate (java.security.cert.Certificate)21 ArrayList (java.util.ArrayList)18 CertPathBuilder (java.security.cert.CertPathBuilder)17 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)16 HashSet (java.util.HashSet)16 TrustAnchor (java.security.cert.TrustAnchor)15 Vector (java.util.Vector)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 CertStoreParameters (java.security.cert.CertStoreParameters)11 IOException (java.io.IOException)10 MyCertificate (org.apache.harmony.security.tests.support.cert.MyCertificate)10 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)9 KeyStoreException (java.security.KeyStoreException)8 CertPath (java.security.cert.CertPath)8 CertPathBuilderException (java.security.cert.CertPathBuilderException)8