use of java.security.cert.PKIXBuilderParameters in project cloudstack by apache.
the class CertServiceImpl method validateChain.
private void validateChain(final List<Certificate> chain, final Certificate cert) {
final List<Certificate> certs = new ArrayList<Certificate>();
final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
// adding for self signed certs
certs.add(cert);
certs.addAll(chain);
for (final Certificate c : certs) {
if (!(c instanceof X509Certificate)) {
throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate");
}
final X509Certificate xCert = (X509Certificate) c;
anchors.add(new TrustAnchor(xCert, null));
}
final X509CertSelector target = new X509CertSelector();
target.setCertificate((X509Certificate) cert);
PKIXBuilderParameters params = null;
try {
params = new PKIXBuilderParameters(anchors, target);
params.setRevocationEnabled(false);
params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
builder.build(params);
} catch (final InvalidAlgorithmParameterException | CertPathBuilderException | NoSuchAlgorithmException e) {
throw new IllegalStateException("Invalid certificate chain", e);
} catch (final NoSuchProviderException e) {
throw new CloudRuntimeException("No provider for certificate validation", e);
}
}
use of java.security.cert.PKIXBuilderParameters in project jdk8u_jdk by JetBrains.
the class ValidateNC method main.
public static void main(String[] args) throws Exception {
String[] certs = { "sun2labs2.cer", "labs2isrg2.cer" };
createPath(certs);
try {
validate(path, params);
throw new Exception("CertPathValidator should have thrown an " + "InvalidAlgorithmParameterException");
} catch (InvalidAlgorithmParameterException iape) {
// success!
}
try {
X509CertSelector sel = new X509CertSelector();
sel.setSubject("cn=sean");
PKIXBuilderParameters bparams = new PKIXBuilderParameters(anchors, sel);
build(bparams);
throw new Exception("CertPathBuilder should have thrown an " + "InvalidAlgorithmParameterException");
} catch (InvalidAlgorithmParameterException iape) {
// success!
}
}
use of java.security.cert.PKIXBuilderParameters in project jdk8u_jdk by JetBrains.
the class NoExtensions method doBuild.
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
// seems to be required
certSelector.setSubject(userCert.getSubjectDN().getName());
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
use of java.security.cert.PKIXBuilderParameters in project jdk8u_jdk by JetBrains.
the class BuildOddSel method createParams.
public static void createParams() throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile("sun.cer"), null);
Set anchors = Collections.singleton(anchor);
// Create odd CertSelector
sel = new OddSel();
params = new PKIXBuilderParameters(anchors, sel);
params.setRevocationEnabled(false);
}
use of java.security.cert.PKIXBuilderParameters in project Spark by igniterealtime.
the class SparkExceptionsTrustManager method validatePath.
/**
* Validate certificate path. As it is exception, no checks against revocation or time validity are done but path
* still have to be validated in order to find connection between certificate presented by server and root CA in
* KeyStore
*
* @throws NoSuchAlgorithmException
* @throws KeyStoreException
* @throws InvalidAlgorithmParameterException
* @throws CertPathValidatorException
* @throws CertPathBuilderException
* @throws CertificateException
*/
private void validatePath(X509Certificate[] chain) throws NoSuchAlgorithmException, KeyStoreException, InvalidAlgorithmParameterException, CertPathValidatorException, CertPathBuilderException, CertificateException {
CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(chain[chain.length - 1]);
// checks against time validity aren't done here as it exceptions list
certSelector.setCertificateValid(null);
PKIXBuilderParameters parameters = new PKIXBuilderParameters(allStore, certSelector);
// no checks against revocation as it is exception
parameters.setRevocationEnabled(false);
CertPathBuilderResult pathResult = certPathBuilder.build(parameters);
CertPath certPath = pathResult.getCertPath();
PKIXCertPathValidatorResult validationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, parameters);
X509Certificate trustedCert = validationResult.getTrustAnchor().getTrustedCert();
if (trustedCert == null) {
throw new CertificateException("Certificate path failed");
} else {
Log.debug("ClientTrustManager: Trusted CA: " + trustedCert.getSubjectDN());
}
}
Aggregations