Search in sources :

Example 21 with PKIXParameters

use of java.security.cert.PKIXParameters in project XobotOS by xamarin.

the class PKIXCertPathValidatorSpi method engineValidate.

// END android-added
public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException {
    if (!(params instanceof PKIXParameters)) {
        throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() + " instance.");
    }
    ExtendedPKIXParameters paramsPKIX;
    if (params instanceof ExtendedPKIXParameters) {
        paramsPKIX = (ExtendedPKIXParameters) params;
    } else {
        paramsPKIX = ExtendedPKIXParameters.getInstance((PKIXParameters) params);
    }
    if (paramsPKIX.getTrustAnchors() == null) {
        throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for certification path validation.");
    }
    //
    // 6.1.1 - inputs
    //
    //
    // (a)
    //
    List certs = certPath.getCertificates();
    int n = certs.size();
    if (certs.isEmpty()) {
        throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
    }
    // BEGIN android-added
    {
        X509Certificate cert = (X509Certificate) certs.get(0);
        if (cert != null) {
            BigInteger serial = cert.getSerialNumber();
            if (serial != null && SERIAL_BLACKLIST.contains(serial)) {
                // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
                String message = "Certificate revocation of serial 0x" + serial.toString(16);
                System.out.println(message);
                AnnotatedException e = new AnnotatedException(message);
                throw new CertPathValidatorException(e.getMessage(), e, certPath, 0);
            }
        }
    }
    // END android-added
    //
    // (b)
    //
    // Date validDate = CertPathValidatorUtilities.getValidDate(paramsPKIX);
    //
    // (c)
    //
    Set userInitialPolicySet = paramsPKIX.getInitialPolicies();
    //
    // (d)
    // 
    TrustAnchor trust;
    try {
        trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1), paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
    } catch (AnnotatedException e) {
        throw new CertPathValidatorException(e.getMessage(), e, certPath, certs.size() - 1);
    }
    if (trust == null) {
        throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
    }
    //
    // (e), (f), (g) are part of the paramsPKIX object.
    //
    Iterator certIter;
    int index = 0;
    int i;
    // Certificate for each interation of the validation loop
    // Signature information for each iteration of the validation loop
    //
    // 6.1.2 - setup
    //
    //
    // (a)
    //
    List[] policyNodes = new ArrayList[n + 1];
    for (int j = 0; j < policyNodes.length; j++) {
        policyNodes[j] = new ArrayList();
    }
    Set policySet = new HashSet();
    policySet.add(RFC3280CertPathUtilities.ANY_POLICY);
    PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(), RFC3280CertPathUtilities.ANY_POLICY, false);
    policyNodes[0].add(validPolicyTree);
    //
    // (b) and (c)
    //
    PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator();
    // (d)
    //
    int explicitPolicy;
    Set acceptablePolicies = new HashSet();
    if (paramsPKIX.isExplicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        explicitPolicy = n + 1;
    }
    //
    // (e)
    //
    int inhibitAnyPolicy;
    if (paramsPKIX.isAnyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = n + 1;
    }
    //
    // (f)
    //
    int policyMapping;
    if (paramsPKIX.isPolicyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = n + 1;
    }
    //
    // (g), (h), (i), (j)
    //
    PublicKey workingPublicKey;
    X500Principal workingIssuerName;
    X509Certificate sign = trust.getTrustedCert();
    try {
        if (sign != null) {
            workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
            workingPublicKey = sign.getPublicKey();
        } else {
            workingIssuerName = new X500Principal(trust.getCAName());
            workingPublicKey = trust.getCAPublicKey();
        }
    } catch (IllegalArgumentException ex) {
        throw new ExtCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", ex, certPath, -1);
    }
    AlgorithmIdentifier workingAlgId = null;
    try {
        workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey);
    } catch (CertPathValidatorException e) {
        throw new ExtCertPathValidatorException("Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);
    }
    DERObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getObjectId();
    DEREncodable workingPublicKeyParameters = workingAlgId.getParameters();
    //
    // (k)
    //
    int maxPathLength = n;
    if (paramsPKIX.getTargetConstraints() != null && !paramsPKIX.getTargetConstraints().match((X509Certificate) certs.get(0))) {
        throw new ExtCertPathValidatorException("Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
    }
    // 
    // initialize CertPathChecker's
    //
    List pathCheckers = paramsPKIX.getCertPathCheckers();
    certIter = pathCheckers.iterator();
    while (certIter.hasNext()) {
        ((PKIXCertPathChecker) certIter.next()).init(false);
    }
    X509Certificate cert = null;
    for (index = certs.size() - 1; index >= 0; index--) {
        // BEGIN android-added
        if (isPublicKeyBlackListed(workingPublicKey)) {
            // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
            String message = "Certificate revocation of public key " + workingPublicKey;
            System.out.println(message);
            AnnotatedException e = new AnnotatedException(message);
            throw new CertPathValidatorException(e.getMessage(), e, certPath, index);
        }
        // END android-added
        // try
        // {
        //
        // i as defined in the algorithm description
        //
        i = n - index;
        //
        // set certificate to be checked in this round
        // sign and workingPublicKey and workingIssuerName are set
        // at the end of the for loop and initialized the
        // first time from the TrustAnchor
        //
        cert = (X509Certificate) certs.get(index);
        boolean verificationAlreadyPerformed = (index == certs.size() - 1);
        //
        // 6.1.3
        //
        RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey, verificationAlreadyPerformed, workingIssuerName, sign);
        RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
        validPolicyTree = RFC3280CertPathUtilities.processCertD(certPath, index, acceptablePolicies, validPolicyTree, policyNodes, inhibitAnyPolicy);
        validPolicyTree = RFC3280CertPathUtilities.processCertE(certPath, index, validPolicyTree);
        RFC3280CertPathUtilities.processCertF(certPath, index, validPolicyTree, explicitPolicy);
        if (i != n) {
            if (cert != null && cert.getVersion() == 1) {
                throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, index);
            }
            RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
            validPolicyTree = RFC3280CertPathUtilities.prepareCertB(certPath, index, policyNodes, validPolicyTree, policyMapping);
            RFC3280CertPathUtilities.prepareNextCertG(certPath, index, nameConstraintValidator);
            // (h)
            explicitPolicy = RFC3280CertPathUtilities.prepareNextCertH1(certPath, index, explicitPolicy);
            policyMapping = RFC3280CertPathUtilities.prepareNextCertH2(certPath, index, policyMapping);
            inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertH3(certPath, index, inhibitAnyPolicy);
            //
            // (i)
            //
            explicitPolicy = RFC3280CertPathUtilities.prepareNextCertI1(certPath, index, explicitPolicy);
            policyMapping = RFC3280CertPathUtilities.prepareNextCertI2(certPath, index, policyMapping);
            // (j)
            inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
            // (k)
            RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
            // (l)
            maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
            // (m)
            maxPathLength = RFC3280CertPathUtilities.prepareNextCertM(certPath, index, maxPathLength);
            // (n)
            RFC3280CertPathUtilities.prepareNextCertN(certPath, index);
            Set criticalExtensions = cert.getCriticalExtensionOIDs();
            if (criticalExtensions != null) {
                criticalExtensions = new HashSet(criticalExtensions);
                // these extensions are handled by the algorithm
                criticalExtensions.remove(RFC3280CertPathUtilities.KEY_USAGE);
                criticalExtensions.remove(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
                criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_MAPPINGS);
                criticalExtensions.remove(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY);
                criticalExtensions.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
                criticalExtensions.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
                criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_CONSTRAINTS);
                criticalExtensions.remove(RFC3280CertPathUtilities.BASIC_CONSTRAINTS);
                criticalExtensions.remove(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME);
                criticalExtensions.remove(RFC3280CertPathUtilities.NAME_CONSTRAINTS);
            } else {
                criticalExtensions = new HashSet();
            }
            // (o)
            RFC3280CertPathUtilities.prepareNextCertO(certPath, index, criticalExtensions, pathCheckers);
            // set signing certificate for next round
            sign = cert;
            // (c)
            workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
            // (d)
            try {
                workingPublicKey = CertPathValidatorUtilities.getNextWorkingKey(certPath.getCertificates(), index);
            } catch (CertPathValidatorException e) {
                throw new CertPathValidatorException("Next working key could not be retrieved.", e, certPath, index);
            }
            workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey);
            // (f)
            workingPublicKeyAlgorithm = workingAlgId.getObjectId();
            // (e)
            workingPublicKeyParameters = workingAlgId.getParameters();
        }
    }
    //
    // 6.1.5 Wrap-up procedure
    //
    explicitPolicy = RFC3280CertPathUtilities.wrapupCertA(explicitPolicy, cert);
    explicitPolicy = RFC3280CertPathUtilities.wrapupCertB(certPath, index + 1, explicitPolicy);
    //
    // (c) (d) and (e) are already done
    //
    //
    // (f)
    //
    Set criticalExtensions = cert.getCriticalExtensionOIDs();
    if (criticalExtensions != null) {
        criticalExtensions = new HashSet(criticalExtensions);
        // these extensions are handled by the algorithm
        criticalExtensions.remove(RFC3280CertPathUtilities.KEY_USAGE);
        criticalExtensions.remove(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
        criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_MAPPINGS);
        criticalExtensions.remove(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY);
        criticalExtensions.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
        criticalExtensions.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
        criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_CONSTRAINTS);
        criticalExtensions.remove(RFC3280CertPathUtilities.BASIC_CONSTRAINTS);
        criticalExtensions.remove(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME);
        criticalExtensions.remove(RFC3280CertPathUtilities.NAME_CONSTRAINTS);
        criticalExtensions.remove(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS);
    } else {
        criticalExtensions = new HashSet();
    }
    RFC3280CertPathUtilities.wrapupCertF(certPath, index + 1, pathCheckers, criticalExtensions);
    PKIXPolicyNode intersection = RFC3280CertPathUtilities.wrapupCertG(certPath, paramsPKIX, userInitialPolicySet, index + 1, policyNodes, validPolicyTree, acceptablePolicies);
    if ((explicitPolicy > 0) || (intersection != null)) {
        return new PKIXCertPathValidatorResult(trust, intersection, cert.getPublicKey());
    }
    throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, index);
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) ArrayList(java.util.ArrayList) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters) PKIXParameters(java.security.cert.PKIXParameters) PKIXCertPathChecker(java.security.cert.PKIXCertPathChecker) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PublicKey(java.security.PublicKey) TrustAnchor(java.security.cert.TrustAnchor) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters) PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) DEREncodable(org.bouncycastle.asn1.DEREncodable) BigInteger(java.math.BigInteger) X500Principal(javax.security.auth.x500.X500Principal)

Example 22 with PKIXParameters

use of java.security.cert.PKIXParameters in project XobotOS by xamarin.

the class TrustManagerImpl method checkTrusted.

private void checkTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
        throw new IllegalArgumentException("null or zero-length parameter");
    }
    if (err != null) {
        throw new CertificateException(err);
    }
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchors);
    if (newChain.length == 0) {
        // chain was entirely trusted, skip the validator
        return;
    }
    CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
    if (trustAnchors.isEmpty()) {
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
    }
    try {
        PKIXParameters params = new PKIXParameters(trustAnchors);
        params.setRevocationEnabled(false);
        validator.validate(certPath, params);
        // cleanupCertChainAndFindTrustAnchors.  http://b/3404902
        for (int i = 1; i < newChain.length; i++) {
            trustedCertificateIndex.index(newChain[i]);
        }
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateException(e);
    } catch (CertPathValidatorException e) {
        throw new CertificateException(e);
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) CertificateException(java.security.cert.CertificateException) TrustAnchor(java.security.cert.TrustAnchor) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 23 with PKIXParameters

use of java.security.cert.PKIXParameters in project nhin-d by DirectProject.

the class TrustChainValidator method isTrusted.

/**
	 * Indicates if a certificate is considered to be trusted by resolving a valid certificate trust chain with the provided anchors.
	 * @param certificate The certificate to check.
	 * @param anchors A list of trust anchors used to check the trust chain.
	 * @return Returns true if the certificate can find a valid trust chain in the collection of anchors.  False otherwise.
	 */
public boolean isTrusted(X509Certificate certificate, Collection<X509Certificate> anchors) {
    if (certificate == null)
        throw new IllegalArgumentException();
    if (anchors == null || anchors.size() == 0)
        // no anchors... conspiracy theory?  trust no one    
        return false;
    try {
        // check if the certificate is in the list of anchors... this is a valid trust model
        if (isIssuerInAnchors(anchors, certificate))
            return true;
        CertPath certPath = null;
        CertificateFactory factory = CertificateFactory.getInstance("X509");
        List<Certificate> certs = new ArrayList<Certificate>();
        certs.add(certificate);
        // check for intermediates
        if (certResolvers != null) {
            Collection<X509Certificate> intermediatesCerts = resolveIntermediateIssuers(certificate, anchors);
            if (intermediatesCerts != null && intermediatesCerts.size() > 0)
                certs.addAll(intermediatesCerts);
        }
        Set<TrustAnchor> trustAnchorSet = new HashSet<TrustAnchor>();
        for (X509Certificate archor : anchors) trustAnchorSet.add(new TrustAnchor(archor, null));
        PKIXParameters params = new PKIXParameters(trustAnchorSet);
        /*
        	 *  Disable CRL checking in cert path validation for now until a better implementation is put together
        	 */
        params.setRevocationEnabled(false);
        // JCE will only allow OSCP checking when revocation checking is enabled
        // however some implementations will fail if revocation checking is turned on, but the CRL
        // extension does not exist. for compatibility reasons, only turn this on if CRL extension points are defined
        /*
        	params.setRevocationEnabled(CRLRevocationManager.isCRLDispPointDefined(certificate));
	        {
	        	// populate the CRL store from the revocation manager
	        	CRLRevocationManager mgr = CRLRevocationManager.getInstance();
	        	Set<CRL> crls = mgr.getCRLCollection();
	        	
	        	CertStore crlStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls), CryptoExtensions.getJCEProviderName()); 
	        	params.addCertStore(crlStore);
	        }
            */
        certPath = factory.generateCertPath(certs);
        CertPathValidator pathValidator = CertPathValidator.getInstance("PKIX", CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertPathValidator", "PKIX"));
        pathValidator.validate(certPath, params);
        return true;
    } catch (Exception e) {
        LOGGER.warn("Certificate " + certificate.getSubjectX500Principal().getName() + " is not trusted.", e);
    }
    return false;
}
Also used : ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) CertificateParsingException(java.security.cert.CertificateParsingException) AddressException(javax.mail.internet.AddressException) PolicyProcessException(org.nhindirect.policy.PolicyProcessException) NHINDException(org.nhindirect.stagent.NHINDException) CertPathValidator(java.security.cert.CertPathValidator) PKIXParameters(java.security.cert.PKIXParameters) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 24 with PKIXParameters

use of java.security.cert.PKIXParameters in project robovm by robovm.

the class CertPathValidator2Test method testValidate.

public void testValidate() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
    MyCertPath mCP = new MyCertPath(new byte[0]);
    CertPathParameters params = new PKIXParameters(TestUtils.getTrustAnchorSet());
    CertPathValidator certPV = CertPathValidator.getInstance(defaultAlg);
    try {
        certPV.validate(mCP, params);
    } catch (InvalidAlgorithmParameterException e) {
        fail("unexpected exception: " + e);
    } catch (CertPathValidatorException e) {
        fail("unexpected exception: " + e);
    }
    try {
        certPV.validate(null, params);
        fail("NullPointerException must be thrown");
    } catch (InvalidAlgorithmParameterException e) {
        fail("unexpected exception: " + e);
    } catch (CertPathValidatorException e) {
    // ok
    }
    try {
        certPV.validate(mCP, null);
        fail("InvalidAlgorithmParameterException must be thrown");
    } catch (InvalidAlgorithmParameterException e) {
    // ok
    } catch (CertPathValidatorException e) {
        fail("unexpected exception");
    }
}
Also used : MyCertPath(org.apache.harmony.security.tests.support.cert.MyCertPath) CertPathValidator(java.security.cert.CertPathValidator) CertPathValidatorException(java.security.cert.CertPathValidatorException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) CertPathParameters(java.security.cert.CertPathParameters)

Example 25 with PKIXParameters

use of java.security.cert.PKIXParameters in project robovm by robovm.

the class CertPathValidator3Test method testValidate01.

/**
     * Test for <code>validate(CertPath certpath, CertPathParameters params)</code> method
     * Assertion: throws InvalidAlgorithmParameterException
     * when params is instance of PKIXParameters and
     * certpath is not X.509 type
     *
     */
public void testValidate01() throws InvalidAlgorithmParameterException, CertPathValidatorException {
    if (!PKIXSupport) {
        fail(NotSupportMsg);
        return;
    }
    MyCertPath mCP = new MyCertPath(new byte[0]);
    CertPathParameters params = new PKIXParameters(TestUtils.getTrustAnchorSet());
    CertPathValidator[] certPV = createCPVs();
    assertNotNull("CertPathValidator objects were not created", certPV);
    for (int i = 0; i < certPV.length; i++) {
        try {
            certPV[i].validate(mCP, null);
            fail("InvalidAlgorithmParameterException must be thrown");
        } catch (InvalidAlgorithmParameterException e) {
        }
        try {
            certPV[i].validate(null, params);
            fail("NullPointerException must be thrown");
        } catch (NullPointerException e) {
        }
    }
}
Also used : MyCertPath(org.apache.harmony.security.tests.support.cert.MyCertPath) CertPathValidator(java.security.cert.CertPathValidator) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) CertPathParameters(java.security.cert.CertPathParameters)

Aggregations

PKIXParameters (java.security.cert.PKIXParameters)28 TrustAnchor (java.security.cert.TrustAnchor)17 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 X509Certificate (java.security.cert.X509Certificate)11 CertificateFactory (java.security.cert.CertificateFactory)10 ArrayList (java.util.ArrayList)9 CertPath (java.security.cert.CertPath)7 KeyStore (java.security.KeyStore)6 CertPathValidator (java.security.cert.CertPathValidator)6 CertPathValidatorException (java.security.cert.CertPathValidatorException)6 HashSet (java.util.HashSet)6 PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)5 List (java.util.List)5 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)4 X509CertSelector (java.security.cert.X509CertSelector)4 Set (java.util.Set)4 BigInteger (java.math.BigInteger)3 CertPathValidatorResult (java.security.cert.CertPathValidatorResult)3 CertificateException (java.security.cert.CertificateException)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2