use of java.security.cert.PKIXCertPathValidatorResult in project XobotOS by xamarin.
the class PKIXCertPathBuilderSpi method build.
protected CertPathBuilderResult build(X509Certificate tbvCert, ExtendedPKIXBuilderParameters pkixParams, List tbvPath) {
// PKI graph.
if (tbvPath.contains(tbvCert)) {
return null;
}
// chain.
if (pkixParams.getExcludedCerts().contains(tbvCert)) {
return null;
}
// test if certificate path exceeds maximum length
if (pkixParams.getMaxPathLength() != -1) {
if (tbvPath.size() - 1 > pkixParams.getMaxPathLength()) {
return null;
}
}
tbvPath.add(tbvCert);
CertificateFactory cFact;
CertPathValidator validator;
CertPathBuilderResult builderResult = null;
try {
cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
} catch (Exception e) {
// cannot happen
throw new RuntimeException("Exception creating support classes.");
}
try {
// check whether the issuer of <tbvCert> is a TrustAnchor
if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(), pkixParams.getSigProvider()) != null) {
// exception message from possibly later tried certification
// chains
CertPath certPath = null;
PKIXCertPathValidatorResult result = null;
try {
certPath = cFact.generateCertPath(tbvPath);
} catch (Exception e) {
throw new AnnotatedException("Certification path could not be constructed from certificate list.", e);
}
try {
result = (PKIXCertPathValidatorResult) validator.validate(certPath, pkixParams);
} catch (Exception e) {
throw new AnnotatedException("Certification path could not be validated.", e);
}
return new PKIXCertPathBuilderResult(certPath, result.getTrustAnchor(), result.getPolicyTree(), result.getPublicKey());
} else {
// add additional X.509 stores from locations in certificate
try {
CertPathValidatorUtilities.addAdditionalStoresFromAltNames(tbvCert, pkixParams);
} catch (CertificateParsingException e) {
throw new AnnotatedException("No additiontal X.509 stores can be added from certificate locations.", e);
}
Collection issuers = new HashSet();
// of the stores
try {
issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams));
} catch (AnnotatedException e) {
throw new AnnotatedException("Cannot find issuer certificate for certificate in certification path.", e);
}
if (issuers.isEmpty()) {
throw new AnnotatedException("No issuer certificate for certificate in certification path found.");
}
Iterator it = issuers.iterator();
while (it.hasNext() && builderResult == null) {
X509Certificate issuer = (X509Certificate) it.next();
builderResult = build(issuer, pkixParams, tbvPath);
}
}
} catch (AnnotatedException e) {
certPathException = e;
}
if (builderResult == null) {
tbvPath.remove(tbvCert);
}
return builderResult;
}
use of java.security.cert.PKIXCertPathValidatorResult in project oxAuth by GluuFederation.
the class PathCertificateVerifier method verifyCertificate.
/**
* Attempts to build a certification chain for given certificate to verify
* it. Relies on a set of root CA certificates (trust anchors) and a set of
* intermediate certificates (to be used as part of the chain).
*/
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts) throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setBasicConstraints(-2);
selector.setCertificate(certificate);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Turn off default revocation-checking mechanism
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);
// Additional check to Verify cert path
CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);
return certPathBuilderResult;
}
use of java.security.cert.PKIXCertPathValidatorResult in project robovm by robovm.
the class PKIXCertPathValidatorResultTest method testPKIXCertPathValidatorResult01.
//
// Tests
//
/**
* Test #1 for <code>PKIXCertPathValidatorResult(TrustAnchor,
* PolicyNode, PublicKey)</code> constructor<br>
* Assertion: creates an instance of
* <code>PKIXCertPathValidatorResult</code>
*
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
public final void testPKIXCertPathValidatorResult01() throws InvalidKeySpecException, NoSuchAlgorithmException {
TrustAnchor ta = TestUtils.getTrustAnchor();
if (ta == null) {
fail(getName() + ": not performed (could not create test TrustAnchor)");
}
new PKIXCertPathValidatorResult(ta, TestUtils.getPolicyTree(), testPublicKey);
}
use of java.security.cert.PKIXCertPathValidatorResult in project robovm by robovm.
the class PKIXCertPathValidatorResultTest method testGetPolicyTree01.
/**
* Test for <code>getPolicyTree()</code> method<br>
* Assertion: returns the root node of the valid
* policy tree or <code>null</code> if there are
* no valid policies
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
public final void testGetPolicyTree01() throws Exception {
TrustAnchor ta = TestUtils.getTrustAnchor();
if (ta == null) {
fail(getName() + ": not performed (could not create test TrustAnchor)");
}
// valid policy tree case;
PolicyNode pn = TestUtils.getPolicyTree();
PKIXCertPathValidatorResult vr = new PKIXCertPathValidatorResult(ta, pn, testPublicKey);
// must return the same reference passed
// as a parameter to the constructor
assertSame(pn, vr.getPolicyTree());
}
use of java.security.cert.PKIXCertPathValidatorResult in project robovm by robovm.
the class PKIXCertPathValidatorResultTest method testToString01.
/**
* Test #1 for <code>toString()</code> method<br>
* Assertion: Returns a formatted string describing this object
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
public final void testToString01() throws Exception {
TrustAnchor ta = TestUtils.getTrustAnchor();
if (ta == null) {
fail(getName() + ": not performed (could not create test TrustAnchor)");
}
PKIXCertPathValidatorResult vr = new PKIXCertPathValidatorResult(ta, TestUtils.getPolicyTree(), testPublicKey);
assertNotNull(vr.toString());
}
Aggregations