Examples with CollectionCertStoreParameters java.security.cert.CollectionCertStoreParameters used on opensource projects

Search in sources :

Example 11 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project robovm by robovm.

the class CertPathValidatorTestPKIX method setUp.

@Override
protected void setUp() throws Exception {
    super.setUp();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate selfSignedcertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes()));
    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);
    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(certList);
    CertStore certStore = CertStore.getInstance("Collection", storeParams);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore, targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);
    CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
    CertPathBuilderResult builderResult = pathBuilder.build(parameters);
    certPath = builderResult.getCertPath();
    params = new PKIXParameters(keyStore);
    params.setRevocationEnabled(false);
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) ArrayList(java.util.ArrayList) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ByteArrayInputStream(java.io.ByteArrayInputStream) PKIXParameters(java.security.cert.PKIXParameters) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 12 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project robovm by robovm.

the class TestUtils method getCollectionCertStoresList.

/**
     * Creates <code>List</code> of <code>CollectionCertStores</code>
     *
     * @return The list created
     *
     * @throws InvalidAlgorithmParameterException
     * @throws NoSuchAlgorithmException
     */
public static List<CertStore> getCollectionCertStoresList() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
    CertStore cs = CertStore.getInstance("Collection", new CollectionCertStoreParameters());
    ArrayList<CertStore> l = new ArrayList<CertStore>();
    if (!l.add(cs)) {
        throw new RuntimeException("Could not create cert stores list");
    }
    return l;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ArrayList(java.util.ArrayList) CertStore(java.security.cert.CertStore)

Example 13 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project cxf by apache.

the class KeyManagementUtils method validateCertificateChain.

public static void validateCertificateChain(KeyStore ks, List<X509Certificate> inCerts) {
    // Initial chain validation, to be enhanced as needed
    try {
        X509CertSelector certSelect = new X509CertSelector();
        certSelect.setCertificate(inCerts.get(0));
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(ks, certSelect);
        pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(inCerts)));
        pbParams.setMaxPathLength(-1);
        pbParams.setRevocationEnabled(false);
        CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);
        CertPath certPath = buildResult.getCertPath();
        CertPathValidator.getInstance("PKIX").validate(certPath, pbParams);
    } catch (Exception ex) {
        LOG.warning("Certificate path validation error");
        throw new JoseException(ex);
    }
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) X509CertSelector(java.security.cert.X509CertSelector) CertPath(java.security.cert.CertPath) KeyStoreException(java.security.KeyStoreException) JwkException(org.apache.cxf.rs.security.jose.jwk.JwkException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Base64Exception(org.apache.cxf.common.util.Base64Exception) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 14 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project Payara by payara.

the class BaseContainerCallbackHandler method processCertStore.

private void processCertStore(CertStoreCallback certStoreCallback) {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "JMAC: In CertStoreCallback Processor");
    }
    KeyStore certStore = sslUtils.getMergedTrustStore();
    if (certStore == null) {
        // should never happen
        certStoreCallback.setCertStore(null);
    }
    List<Certificate> list = new ArrayList<Certificate>();
    CollectionCertStoreParameters ccsp;
    try {
        if (certStore != null) {
            Enumeration enu = certStore.aliases();
            while (enu.hasMoreElements()) {
                String alias = (String) enu.nextElement();
                if (certStore.isCertificateEntry(alias)) {
                    try {
                        Certificate cert = certStore.getCertificate(alias);
                        list.add(cert);
                    } catch (KeyStoreException kse) {
                        // ignore and move to next
                        if (_logger.isLoggable(Level.FINE)) {
                            _logger.log(Level.FINE, "JMAC: Cannot retrieve" + "certificate for alias " + alias);
                        }
                    }
                }
            }
        }
        ccsp = new CollectionCertStoreParameters(list);
        CertStore certstore = CertStore.getInstance("Collection", ccsp);
        certStoreCallback.setCertStore(certstore);
    } catch (KeyStoreException kse) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC:  Cannot determine truststore aliases", kse);
        }
    } catch (InvalidAlgorithmParameterException iape) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC:  Cannot instantiate CertStore", iape);
        }
    } catch (NoSuchAlgorithmException nsape) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC:  Cannot instantiate CertStore", nsape);
        }
    }
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) Enumeration(java.util.Enumeration) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) ArrayList(java.util.ArrayList) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStore(java.security.KeyStore) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 15 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project Spark by igniterealtime.

the class SparkTrustManager method loadCRL.

public Collection<X509CRL> loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertStoreException, CRLException, CertificateException {
    // for each certificate in chain
    for (X509Certificate cert : chain) {
        if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) {
            ASN1Primitive primitive = JcaX509ExtensionUtils.parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
            // extract distribution point extension
            CRLDistPoint distPoint = CRLDistPoint.getInstance(primitive);
            DistributionPoint[] dp = distPoint.getDistributionPoints();
            // each distribution point extension can hold number of distribution points
            for (DistributionPoint d : dp) {
                DistributionPointName dpName = d.getDistributionPoint();
                // Look for URIs in fullName
                if (dpName != null && dpName.getType() == DistributionPointName.FULL_NAME) {
                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    // Look for an URI
                    for (GeneralName genName : genNames) {
                        // extract url
                        URL url = new URL(genName.getName().toString());
                        try {
                            // download from Internet to the collection
                            crlCollection.add(downloadCRL(url));
                        } catch (CertificateException | CRLException e) {
                            throw new CRLException("Couldn't download CRL");
                        }
                    }
                }
            }
        } else {
            Log.warning("Certificate " + cert.getSubjectX500Principal().getName().toString() + " have no CRLs");
        }
        // parameters for cert store is collection type, using collection with crl create parameters
        CollectionCertStoreParameters params = new CollectionCertStoreParameters(crlCollection);
        // this parameters are next used for creation of certificate store with crls
        crlStore = CertStore.getInstance("Collection", params);
    }
    return crlCollection;
}
Also used : DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) URL(java.net.URL) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLException(java.security.cert.CRLException)

Aggregations

CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)64 X509CertSelector (java.security.cert.X509CertSelector)31 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)30 X509Certificate (java.security.cert.X509Certificate)27 CertStore (java.security.cert.CertStore)23 Certificate (java.security.cert.Certificate)21 ArrayList (java.util.ArrayList)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15 CertPathBuilder (java.security.cert.CertPathBuilder)15 HashSet (java.util.HashSet)14 TrustAnchor (java.security.cert.TrustAnchor)13 Vector (java.util.Vector)12 CertStoreParameters (java.security.cert.CertStoreParameters)11 IOException (java.io.IOException)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10 MyCertificate (org.apache.harmony.security.tests.support.cert.MyCertificate)10 KeyStoreException (java.security.KeyStoreException)8 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)8 CertPath (java.security.cert.CertPath)7 CertPathBuilderException (java.security.cert.CertPathBuilderException)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial