Search in sources :

Example 41 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project robovm by robovm.

the class CollectionCertStoreParametersTest method testGetCollection01.

/**
     * Test #1 for <code>getCollection()</code> method<br>
     */
public final void testGetCollection01() {
    CollectionCertStoreParameters cp = new CollectionCertStoreParameters();
    assertNotNull(cp.getCollection());
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)

Example 42 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project robovm by robovm.

the class TestUtils method initCertPathSSCertChain.

public static void initCertPathSSCertChain() throws CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
    // create certificates and CRLs
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream bi = new ByteArrayInputStream(rootCert.getBytes());
    rootCertificateSS = (X509Certificate) cf.generateCertificate(bi);
    bi = new ByteArrayInputStream(endCert.getBytes());
    endCertificate = (X509Certificate) cf.generateCertificate(bi);
    BigInteger revokedSerialNumber = BigInteger.valueOf(1);
    crl = new MyCRL("X.509");
    //        X509CRL rootCRL = X509CRL;
    //        X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
    //                .getPrivate(), revokedSerialNumber);
    // create CertStore to support path building
    List<Object> list = new ArrayList<Object>();
    list.add(rootCertificateSS);
    list.add(endCertificate);
    CollectionCertStoreParameters params = new CollectionCertStoreParameters(list);
    store = CertStore.getInstance("Collection", params);
    theCertSelector = new X509CertSelector();
    theCertSelector.setCertificate(endCertificate);
    theCertSelector.setIssuer(endCertificate.getIssuerX500Principal().getEncoded());
    // build the path
    builder = CertPathBuilder.getInstance("PKIX");
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ByteArrayInputStream(java.io.ByteArrayInputStream) ArrayList(java.util.ArrayList) BigInteger(java.math.BigInteger) X509CertSelector(java.security.cert.X509CertSelector) CertificateFactory(java.security.cert.CertificateFactory)

Example 43 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project nhin-d by DirectProject.

the class SMIMECryptographerImpl method createSignatureEntity.

protected MimeMultipart createSignatureEntity(byte[] entity, Collection<X509Certificate> signingCertificates) {
    MimeMultipart retVal = null;
    try {
        final MimeBodyPart signedContent = new MimeBodyPart(new ByteArrayInputStream(entity));
        final ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
        final SMIMECapabilityVector caps = new SMIMECapabilityVector();
        caps.addCapability(SMIMECapability.dES_EDE3_CBC);
        caps.addCapability(SMIMECapability.rC2_CBC, 128);
        caps.addCapability(SMIMECapability.dES_CBC);
        caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
        caps.addCapability(x509CertificateObjectsIdent);
        signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
        final List<X509Certificate> certList = new ArrayList<X509Certificate>();
        final DirectSignedDataGenerator generator = sigFactory.createInstance();
        for (X509Certificate signer : signingCertificates) {
            if (signer instanceof X509CertificateEx) {
                generator.addSigner(((X509CertificateEx) signer).getPrivateKey(), signer, this.m_digestAlgorithm.getOID(), createAttributeTable(signedAttrs), null);
                certList.add(signer);
            }
        }
        final CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertStore", "Collection"));
        generator.addCertificatesAndCRLs(certsAndcrls);
        final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
        final CMSSignedData signedData = generator.generate(content);
        final String header = "signed; protocol=\"application/pkcs7-signature\"; micalg=" + CryptoAlgorithmsHelper.toDigestAlgorithmMicalg(this.m_digestAlgorithm);
        //String encodedSig = Base64.encodeBase64String(signedData.getEncoded());
        final String encodedSig = StringUtils.newStringUtf8(Base64.encodeBase64(signedData.getEncoded(), true));
        retVal = new MimeMultipart(header.toString());
        final MimeBodyPart sig = new MimeBodyPart(new InternetHeaders(), encodedSig.getBytes("ASCII"));
        sig.addHeader("Content-Type", "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data");
        sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\"");
        sig.addHeader("Content-Description", "S/MIME Cryptographic Signature");
        sig.addHeader("Content-Transfer-Encoding", "base64");
        retVal.addBodyPart(signedContent);
        retVal.addBodyPart(sig);
    } catch (MessagingException e) {
        throw new MimeException(MimeError.InvalidMimeEntity, e);
    } catch (IOException e) {
        throw new SignatureException(SignatureError.InvalidMultipartSigned, e);
    } catch (Exception e) {
        throw new NHINDException(MimeError.Unexpected, e);
    }
    return retVal;
}
Also used : InternetHeaders(javax.mail.internet.InternetHeaders) MessagingException(javax.mail.MessagingException) ArrayList(java.util.ArrayList) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) CMSSignedData(org.bouncycastle.cms.CMSSignedData) NHINDException(org.nhindirect.stagent.NHINDException) X509Certificate(java.security.cert.X509Certificate) MessagingException(javax.mail.MessagingException) MimeException(org.nhindirect.stagent.mail.MimeException) NHINDException(org.nhindirect.stagent.NHINDException) ParseException(javax.mail.internet.ParseException) IOException(java.io.IOException) SignatureValidationException(org.nhindirect.stagent.SignatureValidationException) CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) MimeMultipart(javax.mail.internet.MimeMultipart) ByteArrayInputStream(java.io.ByteArrayInputStream) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) MimeException(org.nhindirect.stagent.mail.MimeException) MimeBodyPart(javax.mail.internet.MimeBodyPart) DirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.DirectSignedDataGenerator) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) CertStore(java.security.cert.CertStore)

Example 44 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project cloudstack by apache.

the class CertServiceImpl method validateChain.

private void validateChain(final List<Certificate> chain, final Certificate cert) {
    final List<Certificate> certs = new ArrayList<Certificate>();
    final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
    // adding for self signed certs
    certs.add(cert);
    certs.addAll(chain);
    for (final Certificate c : certs) {
        if (!(c instanceof X509Certificate)) {
            throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate");
        }
        final X509Certificate xCert = (X509Certificate) c;
        anchors.add(new TrustAnchor(xCert, null));
    }
    final X509CertSelector target = new X509CertSelector();
    target.setCertificate((X509Certificate) cert);
    PKIXBuilderParameters params = null;
    try {
        params = new PKIXBuilderParameters(anchors, target);
        params.setRevocationEnabled(false);
        params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
        final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
        builder.build(params);
    } catch (final InvalidAlgorithmParameterException | CertPathBuilderException | NoSuchAlgorithmException e) {
        throw new IllegalStateException("Invalid certificate chain", e);
    } catch (final NoSuchProviderException e) {
        throw new CloudRuntimeException("No provider for certificate validation", e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) CertPathBuilder(java.security.cert.CertPathBuilder) NoSuchProviderException(java.security.NoSuchProviderException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 45 with CollectionCertStoreParameters

use of java.security.cert.CollectionCertStoreParameters in project jdk8u_jdk by JetBrains.

the class NoExtensions method doBuild.

private void doBuild(X509Certificate userCert) throws Exception {
    // get the set of trusted CA certificates (only one in this instance)
    HashSet trustAnchors = new HashSet();
    X509Certificate trustedCert = getTrustedCertificate();
    trustAnchors.add(new TrustAnchor(trustedCert, null));
    // put together a CertStore (repository of the certificates and CRLs)
    ArrayList certs = new ArrayList();
    certs.add(trustedCert);
    certs.add(userCert);
    CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
    CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
    // specify the target certificate via a CertSelector
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(userCert);
    // seems to be required
    certSelector.setSubject(userCert.getSubjectDN().getName());
    // build a valid cerificate path
    CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
    PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
    certPathBuilderParams.addCertStore(certStore);
    certPathBuilderParams.setRevocationEnabled(false);
    CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
    // get and show cert path
    CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) CertPathBuilder(java.security.cert.CertPathBuilder) CertPath(java.security.cert.CertPath) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Aggregations

CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)64 X509CertSelector (java.security.cert.X509CertSelector)31 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)30 X509Certificate (java.security.cert.X509Certificate)27 CertStore (java.security.cert.CertStore)23 Certificate (java.security.cert.Certificate)21 ArrayList (java.util.ArrayList)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15 CertPathBuilder (java.security.cert.CertPathBuilder)15 HashSet (java.util.HashSet)14 TrustAnchor (java.security.cert.TrustAnchor)13 Vector (java.util.Vector)12 CertStoreParameters (java.security.cert.CertStoreParameters)11 IOException (java.io.IOException)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10 MyCertificate (org.apache.harmony.security.tests.support.cert.MyCertificate)10 KeyStoreException (java.security.KeyStoreException)8 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)8 CertPath (java.security.cert.CertPath)7 CertPathBuilderException (java.security.cert.CertPathBuilderException)7