Example 16 with PKIXCertPathBuilderResult
use of java.security.cert.PKIXCertPathBuilderResult in project oxAuth by GluuFederation.
the class PathCertificateVerifier method verifyCertificate.
public PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, List<X509Certificate> additionalCerts) {
try {
// Check for self-signed certificate
if (!verifySelfSignedCertificate && isSelfSigned(certificate)) {
log.error("The certificate is self-signed!");
return null;
}
// Prepare a set of trusted root CA certificates and a set of
// intermediate certificates
Set<X509Certificate> trustedRootCerts = new HashSet<X509Certificate>();
Set<X509Certificate> intermediateCerts = new HashSet<X509Certificate>();
for (X509Certificate additionalCert : additionalCerts) {
if (isSelfSigned(additionalCert)) {
trustedRootCerts.add(additionalCert);
} else {
intermediateCerts.add(additionalCert);
}
}
// Attempt to build the certification chain and verify it
PKIXCertPathBuilderResult certPathBuilderResult = verifyCertificate(certificate, trustedRootCerts, intermediateCerts);
// Check that first certificate is an EE certificate
CertPath certPath = certPathBuilderResult.getCertPath();
List<? extends Certificate> certList = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
log.error("Target certificate is not an EE certificate!");
return null;
}
// The chain is verified. Return it as a result
return certPathBuilderResult;
} catch (CertPathBuilderException ex) {
log.error("Failed to build certificate path", ex);
} catch (GeneralSecurityException ex) {
log.error("Failed to build certificate path", ex);
}
return null;
}
Also used :
CertPathBuilderException(java.security.cert.CertPathBuilderException)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPath(java.security.cert.CertPath)
X509Certificate(java.security.cert.X509Certificate)
HashSet(java.util.HashSet)
Example 17 with PKIXCertPathBuilderResult
use of java.security.cert.PKIXCertPathBuilderResult in project oxAuth by GluuFederation.
the class PathCertificateVerifier method validate.
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.CHAIN, CertificateValidity.UNKNOWN);
try {
ArrayList<X509Certificate> chains = new ArrayList<X509Certificate>();
chains.add(certificate);
chains.addAll(issuers);
Principal subjectX500Principal = certificate.getSubjectX500Principal();
PKIXCertPathBuilderResult certPathResult = verifyCertificate(certificate, chains);
if (certPathResult == null) {
log.warn("Chain status is not valid for '" + subjectX500Principal + "'");
status.setValidity(CertificateValidity.INVALID);
return status;
}
log.debug("Chain status is valid for '" + subjectX500Principal + "'");
status.setValidity(CertificateValidity.VALID);
} catch (Exception ex) {
log.error("OCSP exception: ", ex);
}
return status;
}
Also used :
ValidationStatus(org.xdi.oxauth.cert.validation.model.ValidationStatus)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
Principal(java.security.Principal)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
GeneralSecurityException(java.security.GeneralSecurityException)
SignatureException(java.security.SignatureException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
NoSuchProviderException(java.security.NoSuchProviderException)
Aggregations
PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)17
TrustAnchor (java.security.cert.TrustAnchor)12
X509Certificate (java.security.cert.X509Certificate)8
MyCertPath (org.apache.harmony.security.tests.support.cert.MyCertPath)7
CertPathBuilderException (java.security.cert.CertPathBuilderException)6
CertPathBuilderResult (java.security.cert.CertPathBuilderResult)6
HashSet (java.util.HashSet)6
CertPath (java.security.cert.CertPath)5
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)5
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)4
X509CertSelector (java.security.cert.X509CertSelector)4
CertPathBuilder (java.security.cert.CertPathBuilder)3
CertPathValidator (java.security.cert.CertPathValidator)3
CertStore (java.security.cert.CertStore)3
PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)3
GeneralSecurityException (java.security.GeneralSecurityException)2
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2
InvalidKeyException (java.security.InvalidKeyException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
SignatureException (java.security.SignatureException)2
