Examples with TrustAnchor java.security.cert.TrustAnchor used on opensource projects

Search in sources :

Example 66 with TrustAnchor

use of java.security.cert.TrustAnchor in project nhin-d by DirectProject.

the class TrustChainValidator method isTrusted.

/**
	 * Indicates if a certificate is considered to be trusted by resolving a valid certificate trust chain with the provided anchors.
	 * @param certificate The certificate to check.
	 * @param anchors A list of trust anchors used to check the trust chain.
	 * @return Returns true if the certificate can find a valid trust chain in the collection of anchors.  False otherwise.
	 */
public boolean isTrusted(X509Certificate certificate, Collection<X509Certificate> anchors) {
    if (certificate == null)
        throw new IllegalArgumentException();
    if (anchors == null || anchors.size() == 0)
        // no anchors... conspiracy theory?  trust no one    
        return false;
    try {
        // check if the certificate is in the list of anchors... this is a valid trust model
        if (isIssuerInAnchors(anchors, certificate))
            return true;
        CertPath certPath = null;
        CertificateFactory factory = CertificateFactory.getInstance("X509");
        List<Certificate> certs = new ArrayList<Certificate>();
        certs.add(certificate);
        // check for intermediates
        if (certResolvers != null) {
            Collection<X509Certificate> intermediatesCerts = resolveIntermediateIssuers(certificate, anchors);
            if (intermediatesCerts != null && intermediatesCerts.size() > 0)
                certs.addAll(intermediatesCerts);
        }
        Set<TrustAnchor> trustAnchorSet = new HashSet<TrustAnchor>();
        for (X509Certificate archor : anchors) trustAnchorSet.add(new TrustAnchor(archor, null));
        PKIXParameters params = new PKIXParameters(trustAnchorSet);
        /*
        	 *  Disable CRL checking in cert path validation for now until a better implementation is put together
        	 */
        params.setRevocationEnabled(false);
        // JCE will only allow OSCP checking when revocation checking is enabled
        // however some implementations will fail if revocation checking is turned on, but the CRL
        // extension does not exist. for compatibility reasons, only turn this on if CRL extension points are defined
        /*
        	params.setRevocationEnabled(CRLRevocationManager.isCRLDispPointDefined(certificate));
	        {
	        	// populate the CRL store from the revocation manager
	        	CRLRevocationManager mgr = CRLRevocationManager.getInstance();
	        	Set<CRL> crls = mgr.getCRLCollection();
	        	
	        	CertStore crlStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls), CryptoExtensions.getJCEProviderName()); 
	        	params.addCertStore(crlStore);
	        }
            */
        certPath = factory.generateCertPath(certs);
        CertPathValidator pathValidator = CertPathValidator.getInstance("PKIX", CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertPathValidator", "PKIX"));
        pathValidator.validate(certPath, params);
        return true;
    } catch (Exception e) {
        LOGGER.warn("Certificate " + certificate.getSubjectX500Principal().getName() + " is not trusted.", e);
    }
    return false;
}
Also used : ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) CertificateParsingException(java.security.cert.CertificateParsingException) AddressException(javax.mail.internet.AddressException) PolicyProcessException(org.nhindirect.policy.PolicyProcessException) NHINDException(org.nhindirect.stagent.NHINDException) CertPathValidator(java.security.cert.CertPathValidator) PKIXParameters(java.security.cert.PKIXParameters) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Example 67 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class myTrustManagerFactory method test_initLjavax_net_ssl_ManagerFactoryParameters.

/**
     * Test for <code>init(ManagerFactoryParameters params)</code>
     * Assertion:
     * throws InvalidAlgorithmParameterException when params is null
     */
@KnownFailure("ManagerFactoryParameters object is not supported " + "and InvalidAlgorithmParameterException was thrown.")
public void test_initLjavax_net_ssl_ManagerFactoryParameters() throws Exception {
    ManagerFactoryParameters par = null;
    TrustManagerFactory[] trustMF = createTMFac();
    assertNotNull("TrustManagerFactory objects were not created", trustMF);
    for (int i = 0; i < trustMF.length; i++) {
        try {
            trustMF[i].init(par);
            fail("InvalidAlgorithmParameterException must be thrown");
        } catch (InvalidAlgorithmParameterException e) {
        }
    }
    String keyAlg = "DSA";
    String validCaNameRfc2253 = ("CN=Test CA," + "OU=Testing Division," + "O=Test It All," + "L=Test Town," + "ST=Testifornia," + "C=Testland");
    try {
        KeyStore kStore = KeyStore.getInstance(KeyStore.getDefaultType());
        kStore.load(null, null);
        PublicKey pk = new TestKeyPair(keyAlg).getPublic();
        TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, getFullEncoding());
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        trustAnchors.add(ta);
        X509CertSelector xcs = new X509CertSelector();
        PKIXBuilderParameters pkixBP = new PKIXBuilderParameters(trustAnchors, xcs);
        CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pkixBP);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(getDefaultAlgorithm());
        try {
            tmf.init(cptmp);
        } catch (Exception ex) {
            fail(ex + " was thrown for init(ManagerFactoryParameters spec)");
        }
    } catch (Exception e) {
        fail("Unexpected exception for configuration: " + e);
    }
}
Also used : TestKeyPair(org.apache.harmony.security.tests.support.TestKeyPair) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PublicKey(java.security.PublicKey) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) HashSet(java.util.HashSet) KnownFailure(dalvik.annotation.KnownFailure)

Example 68 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class X509CertSelectorTest method buildCertPath.

private CertPath buildCertPath() throws InvalidAlgorithmParameterException {
    PKIXCertPathBuilderResult result = null;
    PKIXBuilderParameters buildParams = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(rootCertificate, null)), theCertSelector);
    try {
        result = (PKIXCertPathBuilderResult) builder.build(buildParams);
    } catch (CertPathBuilderException e) {
        return null;
    }
    return result.getCertPath();
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) TrustAnchor(java.security.cert.TrustAnchor)

Example 69 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class TrustAnchorTest method testGetCAName01.

/**
     * Test #1 for <code>getCAName()</code> method<br>
     *
     * Assertion: returns most trusted CA name as <code>String</code><br>
     * Test preconditions: valid name passed to the constructor<br>
     * Expected: the same name must be returned by the method<br>
     * @throws InvalidKeySpecException
     */
public final void testGetCAName01() throws Exception {
    PublicKey pk = new TestKeyPair(keyAlg).getPublic();
    // sub testcase 1
    TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, null);
    assertEquals("equals1", validCaNameRfc2253, ta.getCAName());
    // sub testcase 2
    X500Principal x500p = new X500Principal(validCaNameRfc2253);
    ta = new TrustAnchor(x500p, pk, null);
    assertEquals("equals2", validCaNameRfc2253, ta.getCAName());
}
Also used : TestKeyPair(org.apache.harmony.security.tests.support.TestKeyPair) PublicKey(java.security.PublicKey) X500Principal(javax.security.auth.x500.X500Principal) TrustAnchor(java.security.cert.TrustAnchor)

Example 70 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class TrustAnchorTest method testTrustAnchorX500PrincipalPublicKeybyteArray03.

/**
     * Test #3 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br>
     * Assertion: nameConstraints cloned by the constructor<br>
     * Test preconditions: modify passed nameConstraints<br>
     * Expected: modification must not change object internal state
     * @throws InvalidKeySpecException
     */
public final void testTrustAnchorX500PrincipalPublicKeybyteArray03() throws Exception {
    PublicKey pk = new TestKeyPair(keyAlg).getPublic();
    byte[] nc = getEncodingPSOnly();
    byte[] ncCopy = nc.clone();
    // sub testcase 5 - nameConstraints can be null
    TrustAnchor ta = new TrustAnchor(new X500Principal(validCaNameRfc2253), pk, ncCopy);
    // modify
    ncCopy[0] = (byte) 0;
    // check that above modification did not change
    // object internal state
    assertTrue(Arrays.equals(nc, ta.getNameConstraints()));
}
Also used : TestKeyPair(org.apache.harmony.security.tests.support.TestKeyPair) PublicKey(java.security.PublicKey) X500Principal(javax.security.auth.x500.X500Principal) TrustAnchor(java.security.cert.TrustAnchor)

Aggregations

TrustAnchor (java.security.cert.TrustAnchor)103 X509Certificate (java.security.cert.X509Certificate)47 PublicKey (java.security.PublicKey)26 HashSet (java.util.HashSet)25 X500Principal (javax.security.auth.x500.X500Principal)23 PKIXParameters (java.security.cert.PKIXParameters)20 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)19 X509CertSelector (java.security.cert.X509CertSelector)18 TestKeyPair (org.apache.harmony.security.tests.support.TestKeyPair)16 CertificateFactory (java.security.cert.CertificateFactory)15 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)14 CertPathValidatorException (java.security.cert.CertPathValidatorException)14 PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)14 ArrayList (java.util.ArrayList)14 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)13 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)13 IOException (java.io.IOException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 CertPathBuilder (java.security.cert.CertPathBuilder)10 CertificateException (java.security.cert.CertificateException)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial