Search in sources :

Example 46 with X509CertSelector

use of java.security.cert.X509CertSelector in project robovm by robovm.

the class X509CertSelectorTest method testMatchIpv6SubjectAlternativeName.

public void testMatchIpv6SubjectAlternativeName() throws Exception {
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setMatchAllSubjectAltNames(false);
    certSelector.addSubjectAlternativeName(GeneralName.iPAddress, "::1");
    byte[] match = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 };
    assertTrue(certSelector.match(newCertWithSubjectAltNameIpAddress(match)));
    byte[] noMatch = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2 };
    assertFalse(certSelector.match(newCertWithSubjectAltNameIpAddress(noMatch)));
}
Also used : X509CertSelector(java.security.cert.X509CertSelector)

Example 47 with X509CertSelector

use of java.security.cert.X509CertSelector in project robovm by robovm.

the class CertPathBuilderTestPKIX method getCertPathParameters.

@Override
public CertPathParameters getCertPathParameters() throws Exception {
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate selfSignedcertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes()));
    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);
    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(certList);
    CertStore certStore = CertStore.getInstance("Collection", storeParams);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore, targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);
    return parameters;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ByteArrayInputStream(java.io.ByteArrayInputStream) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) ArrayList(java.util.ArrayList) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 48 with X509CertSelector

use of java.security.cert.X509CertSelector in project robovm by robovm.

the class CertPathValidatorTestPKIX method setUp.

@Override
protected void setUp() throws Exception {
    super.setUp();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate selfSignedcertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes()));
    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);
    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(certList);
    CertStore certStore = CertStore.getInstance("Collection", storeParams);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore, targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);
    CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
    CertPathBuilderResult builderResult = pathBuilder.build(parameters);
    certPath = builderResult.getCertPath();
    params = new PKIXParameters(keyStore);
    params.setRevocationEnabled(false);
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) ArrayList(java.util.ArrayList) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ByteArrayInputStream(java.io.ByteArrayInputStream) PKIXParameters(java.security.cert.PKIXParameters) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 49 with X509CertSelector

use of java.security.cert.X509CertSelector in project jdk8u_jdk by JetBrains.

the class URICertStore method engineGetCertificates.

/**
     * Returns a <code>Collection</code> of <code>X509Certificate</code>s that
     * match the specified selector. If no <code>X509Certificate</code>s
     * match the selector, an empty <code>Collection</code> will be returned.
     *
     * @param selector a <code>CertSelector</code> used to select which
     *  <code>X509Certificate</code>s should be returned. Specify
     *  <code>null</code> to return all <code>X509Certificate</code>s.
     * @return a <code>Collection</code> of <code>X509Certificate</code>s that
     *         match the specified selector
     * @throws CertStoreException if an exception occurs
     */
@Override
@SuppressWarnings("unchecked")
public synchronized Collection<X509Certificate> engineGetCertificates(CertSelector selector) throws CertStoreException {
    // avoid LDAP DN matching issues (see LDAPCertSelector for more info)
    if (ldap) {
        X509CertSelector xsel = (X509CertSelector) selector;
        try {
            xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath);
        } catch (IOException ioe) {
            throw new CertStoreException(ioe);
        }
        // Safe cast since xsel is an X509 certificate selector.
        return (Collection<X509Certificate>) ldapCertStore.getCertificates(xsel);
    }
    // Return the Certificates for this entry. It returns the cached value
    // if it is still current and fetches the Certificates otherwise.
    // For the caching details, see the top of this class.
    long time = System.currentTimeMillis();
    if (time - lastChecked < CHECK_INTERVAL) {
        if (debug != null) {
            debug.println("Returning certificates from cache");
        }
        return getMatchingCerts(certs, selector);
    }
    lastChecked = time;
    try {
        URLConnection connection = uri.toURL().openConnection();
        if (lastModified != 0) {
            connection.setIfModifiedSince(lastModified);
        }
        long oldLastModified = lastModified;
        try (InputStream in = connection.getInputStream()) {
            lastModified = connection.getLastModified();
            if (oldLastModified != 0) {
                if (oldLastModified == lastModified) {
                    if (debug != null) {
                        debug.println("Not modified, using cached copy");
                    }
                    return getMatchingCerts(certs, selector);
                } else if (connection instanceof HttpURLConnection) {
                    // some proxy servers omit last modified
                    HttpURLConnection hconn = (HttpURLConnection) connection;
                    if (hconn.getResponseCode() == HttpURLConnection.HTTP_NOT_MODIFIED) {
                        if (debug != null) {
                            debug.println("Not modified, using cached copy");
                        }
                        return getMatchingCerts(certs, selector);
                    }
                }
            }
            if (debug != null) {
                debug.println("Downloading new certificates...");
            }
            // Safe cast since factory is an X.509 certificate factory
            certs = (Collection<X509Certificate>) factory.generateCertificates(in);
        }
        return getMatchingCerts(certs, selector);
    } catch (IOException | CertificateException e) {
        if (debug != null) {
            debug.println("Exception fetching certificates:");
            e.printStackTrace();
        }
    }
    // exception, forget previous values
    lastModified = 0;
    certs = Collections.emptySet();
    return certs;
}
Also used : HttpURLConnection(java.net.HttpURLConnection) CertStoreException(java.security.cert.CertStoreException) InputStream(java.io.InputStream) Collection(java.util.Collection) X509CertSelector(java.security.cert.X509CertSelector) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) HttpURLConnection(java.net.HttpURLConnection) URLConnection(java.net.URLConnection) X509Certificate(java.security.cert.X509Certificate)

Example 50 with X509CertSelector

use of java.security.cert.X509CertSelector in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testIssuer.

// Tests matching on the issuer name contained in the certificate.
private void testIssuer() throws IOException {
    System.out.println("X.509 Certificate Match on issuer");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    selector.setIssuer("ou=bogus,ou=east,o=sun,c=us");
    checkMatch(selector, cert, false);
    // good match
    selector.setIssuer((cert.getIssuerX500Principal()).getName("RFC2253"));
    checkMatch(selector, cert, true);
}
Also used : X509CertSelector(java.security.cert.X509CertSelector)

Aggregations

X509CertSelector (java.security.cert.X509CertSelector)116 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)29 X509Certificate (java.security.cert.X509Certificate)23 IOException (java.io.IOException)18 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)17 X500Principal (javax.security.auth.x500.X500Principal)16 ArrayList (java.util.ArrayList)14 TrustAnchor (java.security.cert.TrustAnchor)13 CertificateFactory (java.security.cert.CertificateFactory)11 HashSet (java.util.HashSet)11 ByteArrayInputStream (java.io.ByteArrayInputStream)10 KeyStore (java.security.KeyStore)10 CertPathBuilder (java.security.cert.CertPathBuilder)10 CertStore (java.security.cert.CertStore)10 PublicKey (java.security.PublicKey)9 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)8 CertificateException (java.security.cert.CertificateException)8 ASN1OctetString (org.apache.harmony.security.asn1.ASN1OctetString)8 BigInteger (java.math.BigInteger)7 Date (java.util.Date)7