Examples with PKIXBuilderParameters java.security.cert.PKIXBuilderParameters used on opensource projects

Search in sources :

Example 56 with PKIXBuilderParameters

use of java.security.cert.PKIXBuilderParameters in project Payara by payara.

the class JSSE14SocketFactory method getParameters.

/**
 * Return the initialization parameters for the TrustManager. Currently, only the default <code>PKIX</code> is
 * supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 *
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = (String) attributes.get("trustMaxCertLength");
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                logger.warning("Bad maxCertLength: " + trustLength);
            }
        }
        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}
Also used : CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) Collection(java.util.Collection) CertPathParameters(java.security.cert.CertPathParameters) X509CertSelector(java.security.cert.X509CertSelector) CertStore(java.security.cert.CertStore) CRLException(java.security.cert.CRLException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) CRLException(java.security.cert.CRLException)

Example 57 with PKIXBuilderParameters

use of java.security.cert.PKIXBuilderParameters in project cxf by apache.

the class TLSParameterJaxBUtils method getTrustManagers.

public static TrustManager[] getTrustManagers(TrustManagersType tmc, boolean enableRevocation) throws GeneralSecurityException, IOException {
    final KeyStore keyStore = tmc.isSetKeyStore() ? getKeyStore(tmc.getKeyStore(), true) : (tmc.isSetCertStore() ? getKeyStore(tmc.getCertStore()) : null);
    String alg = tmc.isSetFactoryAlgorithm() ? tmc.getFactoryAlgorithm() : TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory fac = tmc.isSetProvider() ? TrustManagerFactory.getInstance(alg, tmc.getProvider()) : TrustManagerFactory.getInstance(alg);
    if (enableRevocation) {
        PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        param.setRevocationEnabled(true);
        fac.init(new CertPathTrustManagerParameters(param));
    } else {
        fac.init(keyStore);
    }
    return fac.getTrustManagers();
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore)

Example 58 with PKIXBuilderParameters

use of java.security.cert.PKIXBuilderParameters in project qpid-broker-j by apache.

the class AbstractTrustStore method getParameters.

private CertPathParameters getParameters(KeyStore trustStore) {
    try {
        final PKIXBuilderParameters parameters = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        parameters.setRevocationEnabled(_certificateRevocationCheckEnabled);
        if (_certificateRevocationCheckEnabled) {
            if (_certificateRevocationListUrl != null) {
                parameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs())));
            }
            final PKIXRevocationChecker revocationChecker = (PKIXRevocationChecker) CertPathBuilder.getInstance(TrustManagerFactory.getDefaultAlgorithm()).getRevocationChecker();
            final Set<PKIXRevocationChecker.Option> options = new HashSet<>();
            if (_certificateRevocationCheckOfOnlyEndEntityCertificates) {
                options.add(PKIXRevocationChecker.Option.ONLY_END_ENTITY);
            }
            if (_certificateRevocationCheckWithPreferringCertificateRevocationList) {
                options.add(PKIXRevocationChecker.Option.PREFER_CRLS);
            }
            if (_certificateRevocationCheckWithNoFallback) {
                options.add(PKIXRevocationChecker.Option.NO_FALLBACK);
            }
            if (_certificateRevocationCheckWithIgnoringSoftFailures) {
                options.add(PKIXRevocationChecker.Option.SOFT_FAIL);
            }
            revocationChecker.setOptions(options);
            parameters.addCertPathChecker(revocationChecker);
        }
        return parameters;
    } catch (NoSuchAlgorithmException | KeyStoreException | InvalidAlgorithmParameterException e) {
        throw new IllegalConfigurationException("Cannot create trust manager factory parameters for truststore '" + getName() + "' :" + e, e);
    }
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXRevocationChecker(java.security.cert.PKIXRevocationChecker) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) X509CertSelector(java.security.cert.X509CertSelector) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) HashSet(java.util.HashSet)

Example 59 with PKIXBuilderParameters

use of java.security.cert.PKIXBuilderParameters in project qpid-broker-j by apache.

the class TrustAnchorValidatingTrustManager method getPkixCertPathBuilderResult.

private PKIXCertPathBuilderResult getPkixCertPathBuilderResult(final X509Certificate[] x509Certificates, final Set<TrustAnchor> trustAnchors, final Set<Certificate> otherCerts) throws GeneralSecurityException {
    Set<Certificate> storeCerts = new HashSet<>();
    storeCerts.addAll(otherCerts);
    Iterator<X509Certificate> iterator = Arrays.asList(x509Certificates).iterator();
    if (!iterator.hasNext()) {
        throw new IllegalArgumentException("Peer certificate not found");
    }
    final X509Certificate peerCertificate = iterator.next();
    while (iterator.hasNext()) {
        X509Certificate intermediate = iterator.next();
        storeCerts.add(intermediate);
    }
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(peerCertificate);
    // IBM JDK seems to require that the peer's certficate exists in the Collection too
    storeCerts.add(peerCertificate);
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
    pkixParams.setRevocationEnabled(false);
    CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(storeCerts));
    pkixParams.addCertStore(intermediateCertStore);
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    return (PKIXCertPathBuilderResult) builder.build(pkixParams);
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) X509CertSelector(java.security.cert.X509CertSelector) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 60 with PKIXBuilderParameters

use of java.security.cert.PKIXBuilderParameters in project mule by mulesoft.

the class StandardRevocationCheck method configFor.

@Override
public ManagerFactoryParameters configFor(KeyStore trustStore, Set<TrustAnchor> defaultTrustAnchors) {
    try {
        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
        PKIXRevocationChecker rc = (PKIXRevocationChecker) cpb.getRevocationChecker();
        Set<PKIXRevocationChecker.Option> options = new HashSet<>();
        if (onlyEndEntities) {
            options.add(PKIXRevocationChecker.Option.ONLY_END_ENTITY);
        }
        if (preferCrls) {
            options.add(PKIXRevocationChecker.Option.PREFER_CRLS);
        }
        if (noFallback) {
            options.add(PKIXRevocationChecker.Option.NO_FALLBACK);
        }
        if (softFail) {
            options.add(PKIXRevocationChecker.Option.SOFT_FAIL);
        }
        rc.setOptions(options);
        PKIXBuilderParameters pkixParams;
        if (trustStore != null) {
            pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        } else {
            pkixParams = new PKIXBuilderParameters(defaultTrustAnchors, new X509CertSelector());
        }
        pkixParams.addCertPathChecker(rc);
        return new CertPathTrustManagerParameters(pkixParams);
    } catch (GeneralSecurityException e) {
        throw new RuntimeException(e);
    }
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) GeneralSecurityException(java.security.GeneralSecurityException) PKIXRevocationChecker(java.security.cert.PKIXRevocationChecker) X509CertSelector(java.security.cert.X509CertSelector) CertPathBuilder(java.security.cert.CertPathBuilder) HashSet(java.util.HashSet)

Aggregations

PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)66 X509CertSelector (java.security.cert.X509CertSelector)55 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)33 X509Certificate (java.security.cert.X509Certificate)29 CertPathBuilder (java.security.cert.CertPathBuilder)23 TrustAnchor (java.security.cert.TrustAnchor)21 HashSet (java.util.HashSet)19 KeyStore (java.security.KeyStore)17 CertStore (java.security.cert.CertStore)17 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)16 CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)15 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)13 ArrayList (java.util.ArrayList)13 CertPathBuilderException (java.security.cert.CertPathBuilderException)12 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)11 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)11 IOException (java.io.IOException)10 CertPath (java.security.cert.CertPath)10 CertificateException (java.security.cert.CertificateException)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial