Search in sources :

Example 66 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project gitblit by gitblit.

the class X509Utils method verifyChain.

/**
 * Verifies a certificate's chain to ensure that it will function properly.
 *
 * @param testCert
 * @param additionalCerts
 * @return
 */
public static PKIXCertPathBuilderResult verifyChain(X509Certificate testCert, X509Certificate... additionalCerts) {
    try {
        // Check for self-signed certificate
        if (isSelfSigned(testCert)) {
            throw new RuntimeException("The certificate is self-signed.  Nothing to verify.");
        }
        // Prepare a set of all certificates
        // chain builder must have all certs, including cert to validate
        // http://stackoverflow.com/a/10788392
        Set<X509Certificate> certs = new HashSet<X509Certificate>();
        certs.add(testCert);
        certs.addAll(Arrays.asList(additionalCerts));
        // Attempt to build the certification chain and verify it
        // Create the selector that specifies the starting certificate
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(testCert);
        // Create the trust anchors (set of root CA certificates)
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        for (X509Certificate cert : additionalCerts) {
            if (isSelfSigned(cert)) {
                trustAnchors.add(new TrustAnchor(cert, null));
            }
        }
        // Configure the PKIX certificate builder
        PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
        pkixParams.setRevocationEnabled(false);
        pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs), BC));
        // Build and verify the certification chain
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BC);
        PKIXCertPathBuilderResult verifiedCertChain = (PKIXCertPathBuilderResult) builder.build(pkixParams);
        // The chain is built and verified
        return verifiedCertChain;
    } catch (CertPathBuilderException e) {
        throw new RuntimeException("Error building certification path: " + testCert.getSubjectX500Principal(), e);
    } catch (Exception e) {
        throw new RuntimeException("Error verifying the certificate: " + testCert.getSubjectX500Principal(), e);
    }
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) X509Certificate(java.security.cert.X509Certificate) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) CertPathBuilder(java.security.cert.CertPathBuilder) HashSet(java.util.HashSet)

Aggregations

CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)66 X509CertSelector (java.security.cert.X509CertSelector)33 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)32 X509Certificate (java.security.cert.X509Certificate)29 CertStore (java.security.cert.CertStore)25 Certificate (java.security.cert.Certificate)21 ArrayList (java.util.ArrayList)18 CertPathBuilder (java.security.cert.CertPathBuilder)17 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)16 HashSet (java.util.HashSet)16 TrustAnchor (java.security.cert.TrustAnchor)15 Vector (java.util.Vector)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 CertStoreParameters (java.security.cert.CertStoreParameters)11 IOException (java.io.IOException)10 MyCertificate (org.apache.harmony.security.tests.support.cert.MyCertificate)10 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)9 KeyStoreException (java.security.KeyStoreException)8 CertPath (java.security.cert.CertPath)8 CertPathBuilderException (java.security.cert.CertPathBuilderException)8