use of java.security.cert.TrustAnchor in project candlepin by candlepin.
the class SSLCertTest method setUp.
@Before
public void setUp() throws Exception {
certificateFactory = CertificateFactory.getInstance("X.509");
certificatePath = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("certchain.crt"));
selfSignedCertificate = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("selfsigned.crt"));
caCertificate = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("ca.crt"));
TrustAnchor anchor = new TrustAnchor(caCertificate, null);
PKIXparams = new PKIXParameters(Collections.singleton(anchor));
PKIXparams.setRevocationEnabled(false);
}
use of java.security.cert.TrustAnchor in project ovirt-engine by oVirt.
the class CertificateChain method keyStoreToTrustAnchors.
/**
* Returns trust anchors out of key store.
* @param keystore KeyStore to use.
* @return TrustAnchor
*/
public static Set<TrustAnchor> keyStoreToTrustAnchors(KeyStore keystore) throws KeyStoreException {
Set<TrustAnchor> ret = new HashSet<>();
for (String alias : Collections.list(keystore.aliases())) {
try {
KeyStore.Entry entry = keystore.getEntry(alias, null);
if (entry instanceof KeyStore.TrustedCertificateEntry) {
Certificate c = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
if (c instanceof X509Certificate) {
c.verify(c.getPublicKey());
ret.add(new TrustAnchor((X509Certificate) c, null));
}
}
} catch (Exception e) {
// ignore
}
}
return ret;
}
use of java.security.cert.TrustAnchor in project mule by mulesoft.
the class CrlFile method configFor.
@Override
public ManagerFactoryParameters configFor(KeyStore trustStore, Set<TrustAnchor> defaultTrustAnchors) {
checkArgument(path != null, "tls:crl-file requires the 'path' attribute");
checkArgument(trustStore != null, "tls:crl-file requires a trust store");
try {
Set<TrustAnchor> trustAnchors = getTrustAnchorsFromKeyStore(trustStore);
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustAnchors, new X509CertSelector());
// Make sure revocation checking is enabled (com.sun.net.ssl.checkRevocation)
pbParams.setRevocationEnabled(true);
Collection<? extends CRL> crls = loadCRL(path);
if (crls != null && !crls.isEmpty()) {
pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
}
return new CertPathTrustManagerParameters(pbParams);
} catch (IOException | GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
use of java.security.cert.TrustAnchor in project scdl by passy.
the class SystemKeyStore method getPkixParameters.
private PKIXParameters getPkixParameters() {
try {
final KeyStore trustStore = this.getTrustStore();
final Set<TrustAnchor> trusted = new HashSet<TrustAnchor>();
for (final Enumeration<String> aliases = trustStore.aliases(); aliases.hasMoreElements(); ) {
final String alias = aliases.nextElement();
final X509Certificate cert = (X509Certificate) trustStore.getCertificate(alias);
if (cert != null) {
trusted.add(new TrustAnchor(cert, null));
}
}
final PKIXParameters parameters = new PKIXParameters(trusted);
parameters.setRevocationEnabled(false);
return parameters;
} catch (final InvalidAlgorithmParameterException e) {
throw new AssertionError(e);
} catch (final KeyStoreException e) {
throw new AssertionError(e);
}
}
use of java.security.cert.TrustAnchor in project Openfire by igniterealtime.
the class KeystoreTestUtils method testChain.
/**
* This method will validate a chain of certificates. It is provided as an alternative to the certificate chain
* validation mechanisms that are under test. This method is intended to be used as a comparative benchmark against
* other validation methods.
*
* The first certificate in the chain is expected to be the end-entity certificate.
*
* The last certificate in the chain is expected to be the root CA certificate.
*
* @param chain A certificate chain (cannot be null or empty).
* @return CertPathBuilderResult result of validation.
* @throws Exception When the chain is not valid.
*/
public CertPathBuilderResult testChain(X509Certificate[] chain) throws Exception {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(chain[0]);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
trustAnchors.add(new TrustAnchor(chain[chain.length - 1], null));
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
Set<java.security.cert.Certificate> intermediateCerts = new HashSet<>();
for (int i = 1; i < chain.length - 1; i++) {
intermediateCerts.add(chain[i]);
}
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
return result;
}
Aggregations