Search in sources :

Example 91 with TrustAnchor

use of java.security.cert.TrustAnchor in project jdk8u_jdk by JetBrains.

the class InvalidParameters method main.

public static void main(String[] args) throws Exception {
    TrustAnchor anchor = new TrustAnchor("cn=sean", new TestPublicKey(), null);
    PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
    // make sure empty Set of anchors throws InvAlgParamExc
    try {
        PKIXParameters p = new PKIXParameters(Collections.EMPTY_SET);
        throw new Exception("should have thrown InvalidAlgorithmParameterExc");
    } catch (InvalidAlgorithmParameterException iape) {
    }
    try {
        params.setTrustAnchors(Collections.EMPTY_SET);
        throw new Exception("should have thrown InvalidAlgorithmParameterExc");
    } catch (InvalidAlgorithmParameterException iape) {
    }
    // make sure null Set of anchors throws NullPointerException
    try {
        PKIXParameters p = new PKIXParameters((Set) null);
        throw new Exception("should have thrown NullPointerException");
    } catch (NullPointerException npe) {
    }
    try {
        params.setTrustAnchors((Set) null);
        throw new Exception("should have thrown NullPointerException");
    } catch (NullPointerException npe) {
    }
    // make sure Set of invalid objects throws ClassCastException
    try {
        PKIXParameters p = new PKIXParameters(Collections.singleton(new String()));
        throw new Exception("should have thrown ClassCastException");
    } catch (ClassCastException cce) {
    }
    try {
        params.setTrustAnchors(Collections.singleton(new String()));
        throw new Exception("should have thrown ClassCastException");
    } catch (ClassCastException cce) {
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) TrustAnchor(java.security.cert.TrustAnchor) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)

Example 92 with TrustAnchor

use of java.security.cert.TrustAnchor in project jdk8u_jdk by JetBrains.

the class NoExtensions method doBuild.

private void doBuild(X509Certificate userCert) throws Exception {
    // get the set of trusted CA certificates (only one in this instance)
    HashSet trustAnchors = new HashSet();
    X509Certificate trustedCert = getTrustedCertificate();
    trustAnchors.add(new TrustAnchor(trustedCert, null));
    // put together a CertStore (repository of the certificates and CRLs)
    ArrayList certs = new ArrayList();
    certs.add(trustedCert);
    certs.add(userCert);
    CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
    CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
    // specify the target certificate via a CertSelector
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(userCert);
    // seems to be required
    certSelector.setSubject(userCert.getSubjectDN().getName());
    // build a valid cerificate path
    CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
    PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
    certPathBuilderParams.addCertStore(certStore);
    certPathBuilderParams.setRevocationEnabled(false);
    CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
    // get and show cert path
    CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) CertPathBuilder(java.security.cert.CertPathBuilder) CertPath(java.security.cert.CertPath) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 93 with TrustAnchor

use of java.security.cert.TrustAnchor in project jdk8u_jdk by JetBrains.

the class BuildOddSel method createParams.

public static void createParams() throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile("sun.cer"), null);
    Set anchors = Collections.singleton(anchor);
    // Create odd CertSelector
    sel = new OddSel();
    params = new PKIXBuilderParameters(anchors, sel);
    params.setRevocationEnabled(false);
}
Also used : Set(java.util.Set) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) TrustAnchor(java.security.cert.TrustAnchor)

Example 94 with TrustAnchor

use of java.security.cert.TrustAnchor in project qpid-broker-j by apache.

the class AbstractTrustStore method getTrustManagers.

@Override
public final TrustManager[] getTrustManagers() throws GeneralSecurityException {
    if (isTrustAnchorValidityEnforced()) {
        final Set<Certificate> trustManagerCerts = Sets.newHashSet(getCertificates());
        final Set<TrustAnchor> trustAnchors = new HashSet<>();
        final Set<Certificate> otherCerts = new HashSet<>();
        for (Certificate certs : trustManagerCerts) {
            if (certs instanceof X509Certificate && isSelfSigned((X509Certificate) certs)) {
                trustAnchors.add(new TrustAnchor((X509Certificate) certs, null));
            } else {
                otherCerts.add(certs);
            }
        }
        TrustManager[] trustManagers = getTrustManagersInternal();
        TrustManager[] wrappedTrustManagers = new TrustManager[trustManagers.length];
        for (int i = 0; i < trustManagers.length; i++) {
            final TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                wrappedTrustManagers[i] = new TrustAnchorValidatingTrustManager(getName(), (X509TrustManager) trustManager, trustAnchors, otherCerts);
            } else {
                wrappedTrustManagers[i] = trustManager;
            }
        }
        return wrappedTrustManagers;
    } else {
        return getTrustManagersInternal();
    }
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustAnchor(java.security.cert.TrustAnchor) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 95 with TrustAnchor

use of java.security.cert.TrustAnchor in project testcases by coheigea.

the class SignatureCRLUnitTest method testCRLRevocation.

@org.junit.Test
public void testCRLRevocation() throws Exception {
    System.setProperty("java.security.debug", "all");
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    // Signing Cert
    InputStream certInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40rev.jks");
    assertNotNull(certInputStream);
    KeyStore certKeyStore = KeyStore.getInstance("JKS");
    certKeyStore.load(certInputStream, "security".toCharArray());
    Certificate[] certs = certKeyStore.getCertificateChain("wss40rev");
    assertNotNull(certs);
    assertEquals(certs.length, 2);
    // List<Certificate> certList = Arrays.asList(certs[0]); // WORKS
    // DOESN'T WORK!
    List<Certificate> certList = Arrays.asList(certs);
    CertPath path = certificateFactory.generateCertPath(certList);
    // CA cert
    InputStream caInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CA.jks");
    assertNotNull(caInputStream);
    KeyStore caKeyStore = KeyStore.getInstance("JKS");
    caKeyStore.load(caInputStream, "security".toCharArray());
    X509Certificate caCert = (X509Certificate) caKeyStore.getCertificate("wss40CA");
    assertNotNull(caCert);
    Set<TrustAnchor> set = new HashSet<TrustAnchor>();
    TrustAnchor anchor = new TrustAnchor(caCert, null);
    set.add(anchor);
    // Load CRL
    InputStream crlInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CACRL.pem");
    assertNotNull(crlInputStream);
    X509CRL crl = (X509CRL) certificateFactory.generateCRL(crlInputStream);
    crlInputStream.close();
    assertNotNull(crl);
    // Construct PKIXParameters
    PKIXParameters param = new PKIXParameters(set);
    param.setRevocationEnabled(true);
    param.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(crl))));
    // Validate the Cert Path
    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
    try {
        validator.validate(path, param);
        fail("Failure expected on a revoked certificate");
    } catch (CertPathValidatorException ex) {
        assertTrue(ex.getMessage().contains("revoked") || ex.getMessage().contains("revocation"));
    }
}
Also used : X509CRL(java.security.cert.X509CRL) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) TrustAnchor(java.security.cert.TrustAnchor) CertificateFactory(java.security.cert.CertificateFactory) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) CertPathValidator(java.security.cert.CertPathValidator) CertPathValidatorException(java.security.cert.CertPathValidatorException) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXParameters(java.security.cert.PKIXParameters) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) HashSet(java.util.HashSet)

Aggregations

TrustAnchor (java.security.cert.TrustAnchor)103 X509Certificate (java.security.cert.X509Certificate)47 PublicKey (java.security.PublicKey)26 HashSet (java.util.HashSet)25 X500Principal (javax.security.auth.x500.X500Principal)23 PKIXParameters (java.security.cert.PKIXParameters)20 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)19 X509CertSelector (java.security.cert.X509CertSelector)18 TestKeyPair (org.apache.harmony.security.tests.support.TestKeyPair)16 CertificateFactory (java.security.cert.CertificateFactory)15 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)14 CertPathValidatorException (java.security.cert.CertPathValidatorException)14 PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)14 ArrayList (java.util.ArrayList)14 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)13 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)13 IOException (java.io.IOException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 CertPathBuilder (java.security.cert.CertPathBuilder)10 CertificateException (java.security.cert.CertificateException)10