Search in sources :

Example 96 with TrustAnchor

use of java.security.cert.TrustAnchor in project candlepin by candlepin.

the class SSLCertTest method setUp.

@Before
public void setUp() throws Exception {
    certificateFactory = CertificateFactory.getInstance("X.509");
    certificatePath = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("certchain.crt"));
    selfSignedCertificate = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("selfsigned.crt"));
    caCertificate = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("ca.crt"));
    TrustAnchor anchor = new TrustAnchor(caCertificate, null);
    PKIXparams = new PKIXParameters(Collections.singleton(anchor));
    PKIXparams.setRevocationEnabled(false);
}
Also used : PKIXParameters(java.security.cert.PKIXParameters) TrustAnchor(java.security.cert.TrustAnchor) Before(org.junit.Before)

Example 97 with TrustAnchor

use of java.security.cert.TrustAnchor in project ovirt-engine by oVirt.

the class CertificateChain method keyStoreToTrustAnchors.

/**
 * Returns trust anchors out of key store.
 * @param keystore KeyStore to use.
 * @return TrustAnchor
 */
public static Set<TrustAnchor> keyStoreToTrustAnchors(KeyStore keystore) throws KeyStoreException {
    Set<TrustAnchor> ret = new HashSet<>();
    for (String alias : Collections.list(keystore.aliases())) {
        try {
            KeyStore.Entry entry = keystore.getEntry(alias, null);
            if (entry instanceof KeyStore.TrustedCertificateEntry) {
                Certificate c = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
                if (c instanceof X509Certificate) {
                    c.verify(c.getPublicKey());
                    ret.add(new TrustAnchor((X509Certificate) c, null));
                }
            }
        } catch (Exception e) {
        // ignore
        }
    }
    return ret;
}
Also used : TrustAnchor(java.security.cert.TrustAnchor) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) KeyStoreException(java.security.KeyStoreException) CertPathBuilderException(java.security.cert.CertPathBuilderException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 98 with TrustAnchor

use of java.security.cert.TrustAnchor in project mule by mulesoft.

the class CrlFile method configFor.

@Override
public ManagerFactoryParameters configFor(KeyStore trustStore, Set<TrustAnchor> defaultTrustAnchors) {
    checkArgument(path != null, "tls:crl-file requires the 'path' attribute");
    checkArgument(trustStore != null, "tls:crl-file requires a trust store");
    try {
        Set<TrustAnchor> trustAnchors = getTrustAnchorsFromKeyStore(trustStore);
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustAnchors, new X509CertSelector());
        // Make sure revocation checking is enabled (com.sun.net.ssl.checkRevocation)
        pbParams.setRevocationEnabled(true);
        Collection<? extends CRL> crls = loadCRL(path);
        if (crls != null && !crls.isEmpty()) {
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
        }
        return new CertPathTrustManagerParameters(pbParams);
    } catch (IOException | GeneralSecurityException e) {
        throw new RuntimeException(e);
    }
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) GeneralSecurityException(java.security.GeneralSecurityException) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) IOException(java.io.IOException)

Example 99 with TrustAnchor

use of java.security.cert.TrustAnchor in project scdl by passy.

the class SystemKeyStore method getPkixParameters.

private PKIXParameters getPkixParameters() {
    try {
        final KeyStore trustStore = this.getTrustStore();
        final Set<TrustAnchor> trusted = new HashSet<TrustAnchor>();
        for (final Enumeration<String> aliases = trustStore.aliases(); aliases.hasMoreElements(); ) {
            final String alias = aliases.nextElement();
            final X509Certificate cert = (X509Certificate) trustStore.getCertificate(alias);
            if (cert != null) {
                trusted.add(new TrustAnchor(cert, null));
            }
        }
        final PKIXParameters parameters = new PKIXParameters(trusted);
        parameters.setRevocationEnabled(false);
        return parameters;
    } catch (final InvalidAlgorithmParameterException e) {
        throw new AssertionError(e);
    } catch (final KeyStoreException e) {
        throw new AssertionError(e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) TrustAnchor(java.security.cert.TrustAnchor) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 100 with TrustAnchor

use of java.security.cert.TrustAnchor in project Openfire by igniterealtime.

the class KeystoreTestUtils method testChain.

/**
 * This method will validate a chain of certificates. It is provided as an alternative to the certificate chain
 * validation mechanisms that are under test. This method is intended to be used as a comparative benchmark against
 * other validation methods.
 *
 * The first certificate in the chain is expected to be the end-entity certificate.
 *
 * The last certificate in the chain is expected to be the root CA certificate.
 *
 * @param chain A certificate chain (cannot be null or empty).
 * @return CertPathBuilderResult result of validation.
 * @throws Exception When the chain is not valid.
 */
public CertPathBuilderResult testChain(X509Certificate[] chain) throws Exception {
    // Create the selector that specifies the starting certificate
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(chain[0]);
    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    trustAnchors.add(new TrustAnchor(chain[chain.length - 1], null));
    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
    // Disable CRL checks (this is done manually as additional step)
    pkixParams.setRevocationEnabled(false);
    // Specify a list of intermediate certificates
    Set<java.security.cert.Certificate> intermediateCerts = new HashSet<>();
    for (int i = 1; i < chain.length - 1; i++) {
        intermediateCerts.add(chain[i]);
    }
    CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
    pkixParams.addCertStore(intermediateCertStore);
    // Build and verify the certification chain
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
    return result;
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate)

Aggregations

TrustAnchor (java.security.cert.TrustAnchor)103 X509Certificate (java.security.cert.X509Certificate)47 PublicKey (java.security.PublicKey)26 HashSet (java.util.HashSet)25 X500Principal (javax.security.auth.x500.X500Principal)23 PKIXParameters (java.security.cert.PKIXParameters)20 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)19 X509CertSelector (java.security.cert.X509CertSelector)18 TestKeyPair (org.apache.harmony.security.tests.support.TestKeyPair)16 CertificateFactory (java.security.cert.CertificateFactory)15 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)14 CertPathValidatorException (java.security.cert.CertPathValidatorException)14 PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)14 ArrayList (java.util.ArrayList)14 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)13 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)13 IOException (java.io.IOException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 CertPathBuilder (java.security.cert.CertPathBuilder)10 CertificateException (java.security.cert.CertificateException)10