Example 26 with PKIXParameters
use of java.security.cert.PKIXParameters in project jdk8u_jdk by JetBrains.
the class SignatureFile method loadKeyStore.
void loadKeyStore(String keyStoreName, boolean prompt) {
if (!nullStream && keyStoreName == null) {
keyStoreName = System.getProperty("user.home") + File.separator + ".keystore";
}
try {
certificateFactory = CertificateFactory.getInstance("X.509");
validator = CertPathValidator.getInstance("PKIX");
Set<TrustAnchor> tas = new HashSet<>();
try {
KeyStore caks = KeyStoreUtil.getCacertsKeyStore();
if (caks != null) {
Enumeration<String> aliases = caks.aliases();
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
try {
tas.add(new TrustAnchor((X509Certificate) caks.getCertificate(a), null));
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
}
}
}
} catch (Exception e) {
// Ignore, if cacerts cannot be loaded
}
if (providerName == null) {
store = KeyStore.getInstance(storetype);
} else {
store = KeyStore.getInstance(storetype, providerName);
}
// and on NT call ??
if (token && storepass == null && !protectedPath && !KeyStoreUtil.isWindowsKeyStore(storetype)) {
storepass = getPass(rb.getString("Enter.Passphrase.for.keystore."));
} else if (!token && storepass == null && prompt) {
storepass = getPass(rb.getString("Enter.Passphrase.for.keystore."));
}
try {
if (nullStream) {
store.load(null, storepass);
} else {
keyStoreName = keyStoreName.replace(File.separatorChar, '/');
URL url = null;
try {
url = new URL(keyStoreName);
} catch (java.net.MalformedURLException e) {
// try as file
url = new File(keyStoreName).toURI().toURL();
}
InputStream is = null;
try {
is = url.openStream();
store.load(is, storepass);
} finally {
if (is != null) {
is.close();
}
}
}
Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
try {
X509Certificate c = (X509Certificate) store.getCertificate(a);
// PrivateKeyEntry
if (store.isCertificateEntry(a) || c.getSubjectDN().equals(c.getIssuerDN())) {
tas.add(new TrustAnchor(c, null));
}
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
}
}
} finally {
try {
pkixParameters = new PKIXParameters(tas);
pkixParameters.setRevocationEnabled(false);
} catch (InvalidAlgorithmParameterException ex) {
// Only if tas is empty
}
}
} catch (IOException ioe) {
throw new RuntimeException(rb.getString("keystore.load.") + ioe.getMessage());
} catch (java.security.cert.CertificateException ce) {
throw new RuntimeException(rb.getString("certificate.exception.") + ce.getMessage());
} catch (NoSuchProviderException pe) {
throw new RuntimeException(rb.getString("keystore.load.") + pe.getMessage());
} catch (NoSuchAlgorithmException nsae) {
throw new RuntimeException(rb.getString("keystore.load.") + nsae.getMessage());
} catch (KeyStoreException kse) {
throw new RuntimeException(rb.getString("unable.to.instantiate.keystore.class.") + kse.getMessage());
}
}
Also used :
TrustAnchor(java.security.cert.TrustAnchor)
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
URISyntaxException(java.net.URISyntaxException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
SocketTimeoutException(java.net.SocketTimeoutException)
CertificateException(java.security.cert.CertificateException)
URL(java.net.URL)
PKIXParameters(java.security.cert.PKIXParameters)
Example 27 with PKIXParameters
use of java.security.cert.PKIXParameters in project jdk8u_jdk by JetBrains.
the class InvalidParameters method main.
public static void main(String[] args) throws Exception {
TrustAnchor anchor = new TrustAnchor("cn=sean", new TestPublicKey(), null);
PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
// make sure empty Set of anchors throws InvAlgParamExc
try {
PKIXParameters p = new PKIXParameters(Collections.EMPTY_SET);
throw new Exception("should have thrown InvalidAlgorithmParameterExc");
} catch (InvalidAlgorithmParameterException iape) {
}
try {
params.setTrustAnchors(Collections.EMPTY_SET);
throw new Exception("should have thrown InvalidAlgorithmParameterExc");
} catch (InvalidAlgorithmParameterException iape) {
}
// make sure null Set of anchors throws NullPointerException
try {
PKIXParameters p = new PKIXParameters((Set) null);
throw new Exception("should have thrown NullPointerException");
} catch (NullPointerException npe) {
}
try {
params.setTrustAnchors((Set) null);
throw new Exception("should have thrown NullPointerException");
} catch (NullPointerException npe) {
}
// make sure Set of invalid objects throws ClassCastException
try {
PKIXParameters p = new PKIXParameters(Collections.singleton(new String()));
throw new Exception("should have thrown ClassCastException");
} catch (ClassCastException cce) {
}
try {
params.setTrustAnchors(Collections.singleton(new String()));
throw new Exception("should have thrown ClassCastException");
} catch (ClassCastException cce) {
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PKIXParameters(java.security.cert.PKIXParameters)
TrustAnchor(java.security.cert.TrustAnchor)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
Example 28 with PKIXParameters
use of java.security.cert.PKIXParameters in project zm-mailbox by Zimbra.
the class CertValidationUtil method validateCertificate.
public static void validateCertificate(X509Certificate cert, boolean revocationCheckEnabled, Set<TrustAnchor> trustedCertsSet) throws CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathValidatorException {
cert.checkValidity();
if (revocationCheckEnabled) {
List<X509Certificate> certificates = new ArrayList<X509Certificate>();
certificates.add(cert);
CertificateFactory cf;
CertPath cp;
cf = CertificateFactory.getInstance("X509");
cp = cf.generateCertPath(certificates);
// init PKIX parameters
PKIXParameters params;
params = new PKIXParameters(trustedCertsSet);
params.setRevocationEnabled(revocationCheckEnabled);
// perform validation
CertPathValidator cpv;
cpv = CertPathValidator.getInstance("PKIX");
PKIXCertPathValidatorResult cpv_result = (PKIXCertPathValidatorResult) cpv.validate(cp, params);
ZimbraLog.account.debug("Certificate Validation Result %s", cpv_result.toString());
}
}
Also used :
CertPathValidator(java.security.cert.CertPathValidator)
PKIXParameters(java.security.cert.PKIXParameters)
PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult)
ArrayList(java.util.ArrayList)
CertPath(java.security.cert.CertPath)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
PKIXParameters (java.security.cert.PKIXParameters)28
TrustAnchor (java.security.cert.TrustAnchor)17
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11
X509Certificate (java.security.cert.X509Certificate)11
CertificateFactory (java.security.cert.CertificateFactory)10
ArrayList (java.util.ArrayList)9
CertPath (java.security.cert.CertPath)7
KeyStore (java.security.KeyStore)6
CertPathValidator (java.security.cert.CertPathValidator)6
CertPathValidatorException (java.security.cert.CertPathValidatorException)6
HashSet (java.util.HashSet)6
PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)5
List (java.util.List)5
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)4
X509CertSelector (java.security.cert.X509CertSelector)4
Set (java.util.Set)4
BigInteger (java.math.BigInteger)3
CertPathValidatorResult (java.security.cert.CertPathValidatorResult)3
CertificateException (java.security.cert.CertificateException)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
