Examples with PKIXCertPathValidatorResult - java.security.cert.PKIXCertPathValidatorResult

Example 21 with PKIXCertPathValidatorResult

use of java.security.cert.PKIXCertPathValidatorResult in project robovm by robovm.

the class PKIXCertPathValidatorResultTest method testPKIXCertPathValidatorResult04.

/**
     * Test #4 for <code>PKIXCertPathValidatorResult(TrustAnchor,
     * PolicyNode, PublicKey)</code> constructor<br>
     * Assertion: <code>PolicyNode</code>can be <code>null</code>
     */
public final void testPKIXCertPathValidatorResult04() throws Exception {
    TrustAnchor ta = TestUtils.getTrustAnchor();
    if (ta == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor)");
    }
    new PKIXCertPathValidatorResult(ta, null, testPublicKey);
}

Also used : PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) TrustAnchor(java.security.cert.TrustAnchor)

Example 22 with PKIXCertPathValidatorResult

use of java.security.cert.PKIXCertPathValidatorResult in project robovm by robovm.

the class PKIXCertPathValidatorResultTest method testClone.

/**
     * Test for <code>clone()</code> method<br>
     * Assertion: returns a copy of this object
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeySpecException
     */
public final void testClone() throws Exception {
    TrustAnchor ta = TestUtils.getTrustAnchor();
    if (ta == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor)");
    }
    PKIXCertPathValidatorResult vr1 = new PKIXCertPathValidatorResult(ta, TestUtils.getPolicyTree(), testPublicKey);
    PKIXCertPathValidatorResult vr2 = (PKIXCertPathValidatorResult) vr1.clone();
    // check that method makes shallow copy
    assertNotSame("notSame", vr1, vr2);
    assertSame("trustAncor", vr1.getTrustAnchor(), vr2.getTrustAnchor());
    assertSame("policyTree", vr1.getPolicyTree(), vr2.getPolicyTree());
    assertSame("publicKey", vr1.getPublicKey(), vr2.getPublicKey());
    // Regression for HARMONY-2786.
    byte[] encoding = { 0x01 };
    MyPKIXCertPathBuilderResult my = new MyPKIXCertPathBuilderResult(ta, TestUtils.getPolicyTree(), testPublicKey, encoding);
    MyPKIXCertPathBuilderResult myClone = (MyPKIXCertPathBuilderResult) my.clone();
    assertSame(my.getPolicyTree(), myClone.getPolicyTree());
    assertSame(my.getPublicKey(), myClone.getPublicKey());
    assertSame(my.getTrustAnchor(), myClone.getTrustAnchor());
    assertSame(my.enc, myClone.enc);
}

Also used : PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) TrustAnchor(java.security.cert.TrustAnchor)

Example 23 with PKIXCertPathValidatorResult

use of java.security.cert.PKIXCertPathValidatorResult in project Spark by igniterealtime.

the class SparkExceptionsTrustManager method validatePath.

/**
 * Validate certificate path. As it is exception, no checks against revocation or time validity are done but path
 * still have to be validated in order to find connection between certificate presented by server and root CA in
 * KeyStore
 *
 * @throws NoSuchAlgorithmException
 * @throws KeyStoreException
 * @throws InvalidAlgorithmParameterException
 * @throws CertPathValidatorException
 * @throws CertPathBuilderException
 * @throws CertificateException
 */
private void validatePath(X509Certificate[] chain) throws NoSuchAlgorithmException, KeyStoreException, InvalidAlgorithmParameterException, CertPathValidatorException, CertPathBuilderException, CertificateException {
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
    CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(chain[chain.length - 1]);
    // checks against time validity aren't done here as it exceptions list
    certSelector.setCertificateValid(null);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(allStore, certSelector);
    // no checks against revocation as it is exception
    parameters.setRevocationEnabled(false);
    CertPathBuilderResult pathResult = certPathBuilder.build(parameters);
    CertPath certPath = pathResult.getCertPath();
    PKIXCertPathValidatorResult validationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, parameters);
    X509Certificate trustedCert = validationResult.getTrustAnchor().getTrustedCert();
    if (trustedCert == null) {
        throw new CertificateException("Certificate path failed");
    } else {
        Log.debug("ClientTrustManager: Trusted CA: " + trustedCert.getSubjectDN());
    }
}

Also used : CertPathValidator(java.security.cert.CertPathValidator) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) X509CertSelector(java.security.cert.X509CertSelector) CertificateException(java.security.cert.CertificateException) CertPathBuilder(java.security.cert.CertPathBuilder) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate)

Example 24 with PKIXCertPathValidatorResult

use of java.security.cert.PKIXCertPathValidatorResult in project zm-mailbox by Zimbra.

the class CertValidationUtil method validateCertificate.

public static void validateCertificate(X509Certificate cert, boolean revocationCheckEnabled, Set<TrustAnchor> trustedCertsSet) throws CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathValidatorException {
    cert.checkValidity();
    if (revocationCheckEnabled) {
        List<X509Certificate> certificates = new ArrayList<X509Certificate>();
        certificates.add(cert);
        CertificateFactory cf;
        CertPath cp;
        cf = CertificateFactory.getInstance("X509");
        cp = cf.generateCertPath(certificates);
        // init PKIX parameters
        PKIXParameters params;
        params = new PKIXParameters(trustedCertsSet);
        params.setRevocationEnabled(revocationCheckEnabled);
        // perform validation
        CertPathValidator cpv;
        cpv = CertPathValidator.getInstance("PKIX");
        PKIXCertPathValidatorResult cpv_result = (PKIXCertPathValidatorResult) cpv.validate(cp, params);
        ZimbraLog.account.debug("Certificate Validation Result %s", cpv_result.toString());
    }
}

Also used : CertPathValidator(java.security.cert.CertPathValidator) PKIXParameters(java.security.cert.PKIXParameters) PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) ArrayList(java.util.ArrayList) CertPath(java.security.cert.CertPath) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate)

Aggregations

PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)24 TrustAnchor (java.security.cert.TrustAnchor)14 X509Certificate (java.security.cert.X509Certificate)11 CertPath (java.security.cert.CertPath)10 CertPathValidator (java.security.cert.CertPathValidator)10 HashSet (java.util.HashSet)7 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6 CertPathValidatorException (java.security.cert.CertPathValidatorException)6 PKIXParameters (java.security.cert.PKIXParameters)6 CertPathBuilder (java.security.cert.CertPathBuilder)5 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)5 CertificateFactory (java.security.cert.CertificateFactory)5 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)5 X509CertSelector (java.security.cert.X509CertSelector)5 PublicKey (java.security.PublicKey)4 CertificateException (java.security.cert.CertificateException)4 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)4 ArrayList (java.util.ArrayList)4 Iterator (java.util.Iterator)4 CertPathBuilderException (java.security.cert.CertPathBuilderException)3