Examples with TrustAnchor java.security.cert.TrustAnchor used on opensource projects

Search in sources :

Example 36 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class TestUtils method getTrustAnchorSet.

/**
     * Creates <code>Set</code> of <code>TrustAnchor</code>s
     * containing single element (self signed test certificate).
     * @return Returns <code>Set</code> of <code>TrustAnchor</code>s
     */
public static Set<TrustAnchor> getTrustAnchorSet() {
    TrustAnchor ta = getTrustAnchor();
    if (ta == null) {
        return null;
    }
    HashSet<TrustAnchor> set = new HashSet<TrustAnchor>();
    if (!set.add(ta)) {
        throw new RuntimeException("Could not create trust anchor set");
    }
    return set;
}
Also used : TrustAnchor(java.security.cert.TrustAnchor) HashSet(java.util.HashSet)

Example 37 with TrustAnchor

use of java.security.cert.TrustAnchor in project jdk8u_jdk by JetBrains.

the class VerifyNameConstraints method createPath.

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);
    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
}
Also used : Set(java.util.Set) PKIXParameters(java.security.cert.PKIXParameters) ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) ArrayList(java.util.ArrayList) List(java.util.List) CertificateFactory(java.security.cert.CertificateFactory)

Example 38 with TrustAnchor

use of java.security.cert.TrustAnchor in project cxf by apache.

the class TrustedAuthorityValidator method isCertificateChainValid.

/**
 * Checks if a certificate is signed by a trusted authority.
 *
 * @param x509Certificate to check
 * @return the validity state of the certificate
 */
boolean isCertificateChainValid(List<X509Certificate> certificates) {
    X509Certificate targetCert = certificates.get(0);
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(targetCert);
    try {
        List<X509Certificate> intermediateCerts = certRepo.getCaCerts();
        List<X509Certificate> trustedAuthorityCerts = certRepo.getTrustedCaCerts();
        Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
        CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
        CertStoreParameters certificateParams = new CollectionCertStoreParameters(certificates);
        PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
        pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
        pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
        pkixParams.setRevocationEnabled(false);
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
        CertPath certPath = builder.build(pkixParams).getCertPath();
        // Now validate the CertPath (including CRL checking)
        if (enableRevocation) {
            List<X509CRL> crls = certRepo.getCRLs();
            if (!crls.isEmpty()) {
                pkixParams.setRevocationEnabled(true);
                CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
                pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
            }
        }
        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
        validator.validate(certPath, pkixParams);
    } catch (InvalidAlgorithmParameterException e) {
        LOG.log(Level.WARNING, "Invalid algorithm parameter by certificate chain validation. " + "It is likely that issuer certificates are not found in XKMS trusted storage. " + e.getMessage(), e);
        return false;
    } catch (NoSuchAlgorithmException e) {
        LOG.log(Level.WARNING, "Unknown algorithm by trust chain validation: " + e.getMessage(), e);
        return false;
    } catch (CertPathBuilderException e) {
        LOG.log(Level.WARNING, "Cannot build certification path: " + e.getMessage(), e);
        return false;
    } catch (CertPathValidatorException e) {
        LOG.log(Level.WARNING, "Cannot vaidate certification path: " + e.getMessage(), e);
        return false;
    }
    return true;
}
Also used : X509CRL(java.security.cert.X509CRL) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathValidator(java.security.cert.CertPathValidator) CertPathValidatorException(java.security.cert.CertPathValidatorException) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) CertPathBuilder(java.security.cert.CertPathBuilder) CertPath(java.security.cert.CertPath)

Example 39 with TrustAnchor

use of java.security.cert.TrustAnchor in project Openfire by igniterealtime.

the class KeystoreTestUtils method testChain.

/**
     * This method will validate a chain of certificates. It is provided as an alternative to the certificate chain
     * validation mechanisms that are under test. This method is intended to be used as a comparative benchmark against
     * other validation methods.
     *
     * The first certificate in the chain is expected to be the end-entity certificate.
     *
     * The last certificate in the chain is expected to be the root CA certificate.
     *
     * @param chain A certificate chain (cannot be null or empty).
     * @return CertPathBuilderResult result of validation.
     * @throws Exception When the chain is not valid.
     */
public CertPathBuilderResult testChain(X509Certificate[] chain) throws Exception {
    // Create the selector that specifies the starting certificate
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(chain[0]);
    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    trustAnchors.add(new TrustAnchor(chain[chain.length - 1], null));
    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
    // Disable CRL checks (this is done manually as additional step)
    pkixParams.setRevocationEnabled(false);
    // Specify a list of intermediate certificates
    Set<java.security.cert.Certificate> intermediateCerts = new HashSet<>();
    for (int i = 1; i < chain.length - 1; i++) {
        intermediateCerts.add(chain[i]);
    }
    CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
    pkixParams.addCertStore(intermediateCertStore);
    // Build and verify the certification chain
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
    return result;
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate)

Example 40 with TrustAnchor

use of java.security.cert.TrustAnchor in project gitblit by gitblit.

the class X509Utils method verifyChain.

/**
	 * Verifies a certificate's chain to ensure that it will function properly.
	 *
	 * @param testCert
	 * @param additionalCerts
	 * @return
	 */
public static PKIXCertPathBuilderResult verifyChain(X509Certificate testCert, X509Certificate... additionalCerts) {
    try {
        // Check for self-signed certificate
        if (isSelfSigned(testCert)) {
            throw new RuntimeException("The certificate is self-signed.  Nothing to verify.");
        }
        // Prepare a set of all certificates
        // chain builder must have all certs, including cert to validate
        // http://stackoverflow.com/a/10788392
        Set<X509Certificate> certs = new HashSet<X509Certificate>();
        certs.add(testCert);
        certs.addAll(Arrays.asList(additionalCerts));
        // Attempt to build the certification chain and verify it
        // Create the selector that specifies the starting certificate
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(testCert);
        // Create the trust anchors (set of root CA certificates)
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        for (X509Certificate cert : additionalCerts) {
            if (isSelfSigned(cert)) {
                trustAnchors.add(new TrustAnchor(cert, null));
            }
        }
        // Configure the PKIX certificate builder
        PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
        pkixParams.setRevocationEnabled(false);
        pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs), BC));
        // Build and verify the certification chain
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BC);
        PKIXCertPathBuilderResult verifiedCertChain = (PKIXCertPathBuilderResult) builder.build(pkixParams);
        // The chain is built and verified
        return verifiedCertChain;
    } catch (CertPathBuilderException e) {
        throw new RuntimeException("Error building certification path: " + testCert.getSubjectX500Principal(), e);
    } catch (Exception e) {
        throw new RuntimeException("Error verifying the certificate: " + testCert.getSubjectX500Principal(), e);
    }
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) X509Certificate(java.security.cert.X509Certificate) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) CertPathBuilder(java.security.cert.CertPathBuilder) HashSet(java.util.HashSet)

Aggregations

TrustAnchor (java.security.cert.TrustAnchor)86 X509Certificate (java.security.cert.X509Certificate)35 PublicKey (java.security.PublicKey)24 X500Principal (javax.security.auth.x500.X500Principal)21 PKIXParameters (java.security.cert.PKIXParameters)17 TestKeyPair (org.apache.harmony.security.tests.support.TestKeyPair)16 HashSet (java.util.HashSet)15 CertificateFactory (java.security.cert.CertificateFactory)14 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)14 PKIXCertPathValidatorResult (java.security.cert.PKIXCertPathValidatorResult)13 X509CertSelector (java.security.cert.X509CertSelector)13 CertPathValidatorException (java.security.cert.CertPathValidatorException)12 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 ArrayList (java.util.ArrayList)11 ByteArrayInputStream (java.io.ByteArrayInputStream)8 CertPath (java.security.cert.CertPath)8 IOException (java.io.IOException)7 CertificateException (java.security.cert.CertificateException)7 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial