Examples with CollectionCertStoreParameters java.security.cert.CollectionCertStoreParameters used on opensource projects

Search in sources :

Example 61 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project qpid-broker-j by apache.

the class AbstractTrustStore method getParameters.

private CertPathParameters getParameters(KeyStore trustStore) {
    try {
        final PKIXBuilderParameters parameters = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        parameters.setRevocationEnabled(_certificateRevocationCheckEnabled);
        if (_certificateRevocationCheckEnabled) {
            if (_certificateRevocationListUrl != null) {
                parameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs())));
            }
            final PKIXRevocationChecker revocationChecker = (PKIXRevocationChecker) CertPathBuilder.getInstance(TrustManagerFactory.getDefaultAlgorithm()).getRevocationChecker();
            final Set<PKIXRevocationChecker.Option> options = new HashSet<>();
            if (_certificateRevocationCheckOfOnlyEndEntityCertificates) {
                options.add(PKIXRevocationChecker.Option.ONLY_END_ENTITY);
            }
            if (_certificateRevocationCheckWithPreferringCertificateRevocationList) {
                options.add(PKIXRevocationChecker.Option.PREFER_CRLS);
            }
            if (_certificateRevocationCheckWithNoFallback) {
                options.add(PKIXRevocationChecker.Option.NO_FALLBACK);
            }
            if (_certificateRevocationCheckWithIgnoringSoftFailures) {
                options.add(PKIXRevocationChecker.Option.SOFT_FAIL);
            }
            revocationChecker.setOptions(options);
            parameters.addCertPathChecker(revocationChecker);
        }
        return parameters;
    } catch (NoSuchAlgorithmException | KeyStoreException | InvalidAlgorithmParameterException e) {
        throw new IllegalConfigurationException("Cannot create trust manager factory parameters for truststore '" + getName() + "' :" + e, e);
    }
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXRevocationChecker(java.security.cert.PKIXRevocationChecker) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) X509CertSelector(java.security.cert.X509CertSelector) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) HashSet(java.util.HashSet)

Example 62 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project qpid-broker-j by apache.

the class TrustAnchorValidatingTrustManager method getPkixCertPathBuilderResult.

private PKIXCertPathBuilderResult getPkixCertPathBuilderResult(final X509Certificate[] x509Certificates, final Set<TrustAnchor> trustAnchors, final Set<Certificate> otherCerts) throws GeneralSecurityException {
    Set<Certificate> storeCerts = new HashSet<>();
    storeCerts.addAll(otherCerts);
    Iterator<X509Certificate> iterator = Arrays.asList(x509Certificates).iterator();
    if (!iterator.hasNext()) {
        throw new IllegalArgumentException("Peer certificate not found");
    }
    final X509Certificate peerCertificate = iterator.next();
    while (iterator.hasNext()) {
        X509Certificate intermediate = iterator.next();
        storeCerts.add(intermediate);
    }
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(peerCertificate);
    // IBM JDK seems to require that the peer's certficate exists in the Collection too
    storeCerts.add(peerCertificate);
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
    pkixParams.setRevocationEnabled(false);
    CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(storeCerts));
    pkixParams.addCertStore(intermediateCertStore);
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    return (PKIXCertPathBuilderResult) builder.build(pkixParams);
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) X509CertSelector(java.security.cert.X509CertSelector) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 63 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project mule by mulesoft.

the class CrlFile method configFor.

@Override
public ManagerFactoryParameters configFor(KeyStore trustStore, Set<TrustAnchor> defaultTrustAnchors) {
    checkArgument(path != null, "tls:crl-file requires the 'path' attribute");
    checkArgument(trustStore != null, "tls:crl-file requires a trust store");
    try {
        Set<TrustAnchor> trustAnchors = getTrustAnchorsFromKeyStore(trustStore);
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustAnchors, new X509CertSelector());
        // Make sure revocation checking is enabled (com.sun.net.ssl.checkRevocation)
        pbParams.setRevocationEnabled(true);
        Collection<? extends CRL> crls = loadCRL(path);
        if (crls != null && !crls.isEmpty()) {
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
        }
        return new CertPathTrustManagerParameters(pbParams);
    } catch (IOException | GeneralSecurityException e) {
        throw new RuntimeException(e);
    }
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) GeneralSecurityException(java.security.GeneralSecurityException) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) IOException(java.io.IOException)

Example 64 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project Openfire by igniterealtime.

the class KeystoreTestUtils method testChain.

/**
 * This method will validate a chain of certificates. It is provided as an alternative to the certificate chain
 * validation mechanisms that are under test. This method is intended to be used as a comparative benchmark against
 * other validation methods.
 *
 * The first certificate in the chain is expected to be the end-entity certificate.
 *
 * The last certificate in the chain is expected to be the root CA certificate.
 *
 * @param chain A certificate chain (cannot be null or empty).
 * @return CertPathBuilderResult result of validation.
 * @throws Exception When the chain is not valid.
 */
public CertPathBuilderResult testChain(X509Certificate[] chain) throws Exception {
    // Create the selector that specifies the starting certificate
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(chain[0]);
    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    trustAnchors.add(new TrustAnchor(chain[chain.length - 1], null));
    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
    // Disable CRL checks (this is done manually as additional step)
    pkixParams.setRevocationEnabled(false);
    // Specify a list of intermediate certificates
    Set<java.security.cert.Certificate> intermediateCerts = new HashSet<>();
    for (int i = 1; i < chain.length - 1; i++) {
        intermediateCerts.add(chain[i]);
    }
    CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
    pkixParams.addCertStore(intermediateCertStore);
    // Build and verify the certification chain
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
    return result;
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate)

Example 65 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project neo4j by neo4j.

the class SslPolicyLoader method createTrustManagerFactory.

private static TrustManagerFactory createTrustManagerFactory(boolean trustAll, Collection<X509CRL> crls, KeyStore trustStore) throws Exception {
    if (trustAll) {
        return InsecureTrustManagerFactory.INSTANCE;
    }
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    if (!crls.isEmpty()) {
        PKIXBuilderParameters pkixParamsBuilder = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        pkixParamsBuilder.setRevocationEnabled(true);
        pkixParamsBuilder.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
        trustManagerFactory.init(new CertPathTrustManagerParameters(pkixParamsBuilder));
    } else {
        trustManagerFactory.init(trustStore);
    }
    return trustManagerFactory;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) InsecureTrustManagerFactory(io.netty.handler.ssl.util.InsecureTrustManagerFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector)

Aggregations

CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)66 X509CertSelector (java.security.cert.X509CertSelector)33 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)32 X509Certificate (java.security.cert.X509Certificate)29 CertStore (java.security.cert.CertStore)25 Certificate (java.security.cert.Certificate)21 ArrayList (java.util.ArrayList)18 CertPathBuilder (java.security.cert.CertPathBuilder)17 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)16 HashSet (java.util.HashSet)16 TrustAnchor (java.security.cert.TrustAnchor)15 Vector (java.util.Vector)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 CertStoreParameters (java.security.cert.CertStoreParameters)11 IOException (java.io.IOException)10 MyCertificate (org.apache.harmony.security.tests.support.cert.MyCertificate)10 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)9 KeyStoreException (java.security.KeyStoreException)8 CertPath (java.security.cert.CertPath)8 CertPathBuilderException (java.security.cert.CertPathBuilderException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial