Examples with CollectionCertStoreParameters java.security.cert.CollectionCertStoreParameters used on opensource projects

Search in sources :

Example 26 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project j2objc by google.

the class CollectionCertStoreParametersTest method testClone01.

/**
 * Test #1 for <code>clone()</code> method<br>
 */
public final void testClone01() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    certificates.add(new MyCertificate("TEST", new byte[] { (byte) 4 }));
    CollectionCertStoreParameters cp1 = new CollectionCertStoreParameters(certificates);
    CollectionCertStoreParameters cp2 = (CollectionCertStoreParameters) cp1.clone();
    // check that that we have new object
    assertTrue(cp1 != cp2);
}
Also used : MyCertificate(org.apache.harmony.security.tests.support.cert.MyCertificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) Vector(java.util.Vector) Certificate(java.security.cert.Certificate) MyCertificate(org.apache.harmony.security.tests.support.cert.MyCertificate)

Example 27 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project cloudstack by apache.

the class CertServiceImpl method validateChain.

private void validateChain(final List<Certificate> chain, final Certificate cert, boolean revocationEnabled) {
    final List<Certificate> certs = new ArrayList<Certificate>();
    final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
    // adding for self signed certs
    certs.add(cert);
    certs.addAll(chain);
    for (final Certificate c : certs) {
        if (!(c instanceof X509Certificate)) {
            throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate");
        }
        final X509Certificate xCert = (X509Certificate) c;
        anchors.add(new TrustAnchor(xCert, null));
    }
    final X509CertSelector target = new X509CertSelector();
    target.setCertificate((X509Certificate) cert);
    PKIXBuilderParameters params = null;
    try {
        params = new PKIXBuilderParameters(anchors, target);
        params.setRevocationEnabled(revocationEnabled);
        params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
        final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
        builder.build(params);
    } catch (final InvalidAlgorithmParameterException | CertPathBuilderException | NoSuchAlgorithmException e) {
        throw new IllegalStateException("Invalid certificate chain", e);
    } catch (final NoSuchProviderException e) {
        throw new CloudRuntimeException("No provider for certificate validation", e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) CertPathBuilder(java.security.cert.CertPathBuilder) NoSuchProviderException(java.security.NoSuchProviderException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 28 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project tomcat by apache.

the class SSLUtilBase method getParameters.

/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @param revocationEnabled Should the JSSE provider perform revocation
 *                          checks? Ignored if {@code crlf} is non-null.
 *                          Configuration of revocation checks are expected
 *                          to be via proprietary JSSE provider methods.
 * @return The parameters including the CRLs and TrustStore.
 * @throws Exception An error occurred
 */
protected CertPathParameters getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled) throws Exception {
    PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
    if (crlf != null && crlf.length() > 0) {
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
    } else {
        xparams.setRevocationEnabled(revocationEnabled);
    }
    xparams.setMaxPathLength(sslHostConfig.getCertificateVerificationDepth());
    return xparams;
}
Also used : CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) CertStore(java.security.cert.CertStore)

Example 29 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project open-ecard by ecsec.

the class SignatureVerifier method validatePath.

private PKIXCertPathBuilderResult validatePath(X509Certificate cert, Collection<X509Certificate> intermediateCerts, @Nullable Date checkDate) throws NoSuchAlgorithmException, KeyStoreException, InvalidAlgorithmParameterException, CertPathBuilderException {
    // enable downloading of missing certificates based on the AIA extension
    try {
        System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
    } catch (SecurityException ex) {
        LOG.warn("Failed to enable AIA evaluation. Skipping downloads of missing certificates.");
    }
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    // configure path building
    X509CertSelector target = new X509CertSelector();
    target.setCertificate(cert);
    PKIXBuilderParameters params = new PKIXBuilderParameters(trustStore, target);
    CertStoreParameters intermediates = new CollectionCertStoreParameters(intermediateCerts);
    params.addCertStore(CertStore.getInstance("Collection", intermediates));
    params.setDate(checkDate);
    params.setRevocationEnabled(false);
    if (ChipGatewayProperties.isRevocationCheck()) {
        PKIXRevocationChecker revChecker = (PKIXRevocationChecker) builder.getRevocationChecker();
        Set<PKIXRevocationChecker.Option> revOpts = new HashSet<>();
        // revOpts.add(PKIXRevocationChecker.Option.ONLY_END_ENTITY);
        revChecker.setOptions(revOpts);
        params.setCertPathCheckers(null);
        params.addCertPathChecker(revChecker);
    }
    // try to build the path
    PKIXCertPathBuilderResult r = (PKIXCertPathBuilderResult) builder.build(params);
    return r;
}
Also used : CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) PKIXRevocationChecker(java.security.cert.PKIXRevocationChecker) X509CertSelector(java.security.cert.X509CertSelector) CertPathBuilder(java.security.cert.CertPathBuilder) HashSet(java.util.HashSet)

Example 30 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project cosmic by MissionCriticalCloud.

the class CertServiceImpl method validateChain.

private void validateChain(final List<Certificate> chain, final Certificate cert) {
    final List<Certificate> certs = new ArrayList<>();
    final Set<TrustAnchor> anchors = new HashSet<>();
    // adding for self signed certs
    certs.add(cert);
    certs.addAll(chain);
    for (final Certificate c : certs) {
        if (!(c instanceof X509Certificate)) {
            throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate");
        }
        final X509Certificate xCert = (X509Certificate) c;
        final Principal subject = xCert.getSubjectDN();
        final Principal issuer = xCert.getIssuerDN();
        anchors.add(new TrustAnchor(xCert, null));
    }
    final X509CertSelector target = new X509CertSelector();
    target.setCertificate((X509Certificate) cert);
    PKIXBuilderParameters params = null;
    try {
        params = new PKIXBuilderParameters(anchors, target);
        params.setRevocationEnabled(false);
        params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
        final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
        builder.build(params);
    } catch (final InvalidAlgorithmParameterException e) {
        throw new IllegalArgumentException("Invalid certificate chain", e);
    } catch (final CertPathBuilderException e) {
        throw new IllegalArgumentException("Invalid certificate chain", e);
    } catch (final NoSuchAlgorithmException e) {
        throw new IllegalArgumentException("Invalid certificate chain", e);
    } catch (final NoSuchProviderException e) {
        throw new CloudRuntimeException("No provider for certificate validation", e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) CertPathBuilder(java.security.cert.CertPathBuilder) NoSuchProviderException(java.security.NoSuchProviderException) Principal(java.security.Principal) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Aggregations

CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)64 X509CertSelector (java.security.cert.X509CertSelector)31 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)30 X509Certificate (java.security.cert.X509Certificate)27 CertStore (java.security.cert.CertStore)23 Certificate (java.security.cert.Certificate)21 ArrayList (java.util.ArrayList)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15 CertPathBuilder (java.security.cert.CertPathBuilder)15 HashSet (java.util.HashSet)14 TrustAnchor (java.security.cert.TrustAnchor)13 Vector (java.util.Vector)12 CertStoreParameters (java.security.cert.CertStoreParameters)11 IOException (java.io.IOException)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10 MyCertificate (org.apache.harmony.security.tests.support.cert.MyCertificate)10 KeyStoreException (java.security.KeyStoreException)8 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)8 CertPath (java.security.cert.CertPath)7 CertPathBuilderException (java.security.cert.CertPathBuilderException)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial