use of java.security.cert.TrustAnchor in project jdk8u_jdk by JetBrains.
the class InvalidParameters method main.
public static void main(String[] args) throws Exception {
TrustAnchor anchor = new TrustAnchor("cn=sean", new TestPublicKey(), null);
PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
// make sure empty Set of anchors throws InvAlgParamExc
try {
PKIXParameters p = new PKIXParameters(Collections.EMPTY_SET);
throw new Exception("should have thrown InvalidAlgorithmParameterExc");
} catch (InvalidAlgorithmParameterException iape) {
}
try {
params.setTrustAnchors(Collections.EMPTY_SET);
throw new Exception("should have thrown InvalidAlgorithmParameterExc");
} catch (InvalidAlgorithmParameterException iape) {
}
// make sure null Set of anchors throws NullPointerException
try {
PKIXParameters p = new PKIXParameters((Set) null);
throw new Exception("should have thrown NullPointerException");
} catch (NullPointerException npe) {
}
try {
params.setTrustAnchors((Set) null);
throw new Exception("should have thrown NullPointerException");
} catch (NullPointerException npe) {
}
// make sure Set of invalid objects throws ClassCastException
try {
PKIXParameters p = new PKIXParameters(Collections.singleton(new String()));
throw new Exception("should have thrown ClassCastException");
} catch (ClassCastException cce) {
}
try {
params.setTrustAnchors(Collections.singleton(new String()));
throw new Exception("should have thrown ClassCastException");
} catch (ClassCastException cce) {
}
}
use of java.security.cert.TrustAnchor in project jdk8u_jdk by JetBrains.
the class NoExtensions method doBuild.
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
// seems to be required
certSelector.setSubject(userCert.getSubjectDN().getName());
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
use of java.security.cert.TrustAnchor in project jdk8u_jdk by JetBrains.
the class BuildOddSel method createParams.
public static void createParams() throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile("sun.cer"), null);
Set anchors = Collections.singleton(anchor);
// Create odd CertSelector
sel = new OddSel();
params = new PKIXBuilderParameters(anchors, sel);
params.setRevocationEnabled(false);
}
use of java.security.cert.TrustAnchor in project qpid-broker-j by apache.
the class AbstractTrustStore method getTrustManagers.
@Override
public final TrustManager[] getTrustManagers() throws GeneralSecurityException {
if (isTrustAnchorValidityEnforced()) {
final Set<Certificate> trustManagerCerts = Sets.newHashSet(getCertificates());
final Set<TrustAnchor> trustAnchors = new HashSet<>();
final Set<Certificate> otherCerts = new HashSet<>();
for (Certificate certs : trustManagerCerts) {
if (certs instanceof X509Certificate && isSelfSigned((X509Certificate) certs)) {
trustAnchors.add(new TrustAnchor((X509Certificate) certs, null));
} else {
otherCerts.add(certs);
}
}
TrustManager[] trustManagers = getTrustManagersInternal();
TrustManager[] wrappedTrustManagers = new TrustManager[trustManagers.length];
for (int i = 0; i < trustManagers.length; i++) {
final TrustManager trustManager = trustManagers[i];
if (trustManager instanceof X509TrustManager) {
wrappedTrustManagers[i] = new TrustAnchorValidatingTrustManager(getName(), (X509TrustManager) trustManager, trustAnchors, otherCerts);
} else {
wrappedTrustManagers[i] = trustManager;
}
}
return wrappedTrustManagers;
} else {
return getTrustManagersInternal();
}
}
use of java.security.cert.TrustAnchor in project testcases by coheigea.
the class SignatureCRLUnitTest method testCRLRevocation.
@org.junit.Test
public void testCRLRevocation() throws Exception {
System.setProperty("java.security.debug", "all");
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
// Signing Cert
InputStream certInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40rev.jks");
assertNotNull(certInputStream);
KeyStore certKeyStore = KeyStore.getInstance("JKS");
certKeyStore.load(certInputStream, "security".toCharArray());
Certificate[] certs = certKeyStore.getCertificateChain("wss40rev");
assertNotNull(certs);
assertEquals(certs.length, 2);
// List<Certificate> certList = Arrays.asList(certs[0]); // WORKS
// DOESN'T WORK!
List<Certificate> certList = Arrays.asList(certs);
CertPath path = certificateFactory.generateCertPath(certList);
// CA cert
InputStream caInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CA.jks");
assertNotNull(caInputStream);
KeyStore caKeyStore = KeyStore.getInstance("JKS");
caKeyStore.load(caInputStream, "security".toCharArray());
X509Certificate caCert = (X509Certificate) caKeyStore.getCertificate("wss40CA");
assertNotNull(caCert);
Set<TrustAnchor> set = new HashSet<TrustAnchor>();
TrustAnchor anchor = new TrustAnchor(caCert, null);
set.add(anchor);
// Load CRL
InputStream crlInputStream = loadInputStream(this.getClass().getClassLoader(), "keys/wss40CACRL.pem");
assertNotNull(crlInputStream);
X509CRL crl = (X509CRL) certificateFactory.generateCRL(crlInputStream);
crlInputStream.close();
assertNotNull(crl);
// Construct PKIXParameters
PKIXParameters param = new PKIXParameters(set);
param.setRevocationEnabled(true);
param.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(crl))));
// Validate the Cert Path
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try {
validator.validate(path, param);
fail("Failure expected on a revoked certificate");
} catch (CertPathValidatorException ex) {
assertTrue(ex.getMessage().contains("revoked") || ex.getMessage().contains("revocation"));
}
}
Aggregations