Examples with X509CertSelector java.security.cert.X509CertSelector used on opensource projects

Search in sources :

Example 6 with X509CertSelector

use of java.security.cert.X509CertSelector in project oxAuth by GluuFederation.

the class PathCertificateVerifier method verifyCertificate.

/**
	 * Attempts to build a certification chain for given certificate to verify
	 * it. Relies on a set of root CA certificates (trust anchors) and a set of
	 * intermediate certificates (to be used as part of the chain).
	 */
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts) throws GeneralSecurityException {
    // Create the selector that specifies the starting certificate
    X509CertSelector selector = new X509CertSelector();
    selector.setBasicConstraints(-2);
    selector.setCertificate(certificate);
    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    for (X509Certificate trustedRootCert : trustedRootCerts) {
        trustAnchors.add(new TrustAnchor(trustedRootCert, null));
    }
    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
    // Turn off default revocation-checking mechanism
    pkixParams.setRevocationEnabled(false);
    // Specify a list of intermediate certificates
    CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
    pkixParams.addCertStore(intermediateCertStore);
    // Build and verify the certification chain
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
    PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);
    // Additional check to Verify cert path
    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
    PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);
    return certPathBuilderResult;
}
Also used : CertPathValidator(java.security.cert.CertPathValidator) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) PKIXCertPathValidatorResult(java.security.cert.PKIXCertPathValidatorResult) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) X509CertSelector(java.security.cert.X509CertSelector) TrustAnchor(java.security.cert.TrustAnchor) CertPathBuilder(java.security.cert.CertPathBuilder) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 7 with X509CertSelector

use of java.security.cert.X509CertSelector in project robovm by robovm.

the class TrustManagerFactoryTest method test_TrustManagerFactory.

private void test_TrustManagerFactory(TrustManagerFactory tmf) throws Exception {
    assertNotNull(tmf);
    assertNotNull(tmf.getAlgorithm());
    assertNotNull(tmf.getProvider());
    // before init
    try {
        tmf.getTrustManagers();
        fail();
    } catch (IllegalStateException expected) {
    }
    // init with null ManagerFactoryParameters
    try {
        tmf.init((ManagerFactoryParameters) null);
        fail();
    } catch (InvalidAlgorithmParameterException expected) {
    }
    // init with useless ManagerFactoryParameters
    try {
        tmf.init(new UselessManagerFactoryParameters());
        fail();
    } catch (InvalidAlgorithmParameterException expected) {
    }
    // init with PKIXParameters ManagerFactoryParameters
    try {
        PKIXParameters pp = new PKIXParameters(getTestKeyStore().keyStore);
        CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pp);
        tmf.init(cptmp);
        fail();
    } catch (InvalidAlgorithmParameterException expected) {
    }
    // init with PKIXBuilderParameters ManagerFactoryParameters
    X509CertSelector xcs = new X509CertSelector();
    PKIXBuilderParameters pbp = new PKIXBuilderParameters(getTestKeyStore().keyStore, xcs);
    CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pbp);
    if (supportsManagerFactoryParameters(tmf.getAlgorithm())) {
        tmf.init(cptmp);
        test_TrustManagerFactory_getTrustManagers(tmf);
    } else {
        try {
            tmf.init(cptmp);
            fail();
        } catch (InvalidAlgorithmParameterException expected) {
        }
    }
    // init with null for default KeyStore
    tmf.init((KeyStore) null);
    test_TrustManagerFactory_getTrustManagers(tmf);
    // init with specific key store
    tmf.init(getTestKeyStore().keyStore);
    test_TrustManagerFactory_getTrustManagers(tmf);
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector)

Example 8 with X509CertSelector

use of java.security.cert.X509CertSelector in project robovm by robovm.

the class X509CertSelectorTest method test_getSerialNumber.

/**
     * java.security.cert.X509CertSelector#getSerialNumber()
     */
public void test_getSerialNumber() {
    BigInteger ser1 = new BigInteger("10000");
    BigInteger ser2 = new BigInteger("10001");
    X509CertSelector selector = new X509CertSelector();
    assertNull("Selector should return null", selector.getSerialNumber());
    selector.setSerialNumber(ser1);
    assertEquals("The returned serial number should be equal to specified", ser1, selector.getSerialNumber());
    assertFalse("The returned serial number should differ", ser2.equals(selector.getSerialNumber()));
}
Also used : BigInteger(java.math.BigInteger) X509CertSelector(java.security.cert.X509CertSelector)

Example 9 with X509CertSelector

use of java.security.cert.X509CertSelector in project robovm by robovm.

the class X509CertSelectorTest method test_getPolicy.

/**
     * java.security.cert.X509CertSelector#getPolicy()
     */
public void test_getPolicy() throws IOException {
    String[] policies1 = new String[] { "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" };
    String[] policies2 = new String[] { "1.3.6.7.3.1" };
    HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1));
    HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2));
    X509CertSelector selector = new X509CertSelector();
    selector.setPolicy(null);
    assertNull(selector.getPolicy());
    selector.setPolicy(p1);
    assertEquals("The returned date should be equal to specified", p1, selector.getPolicy());
    selector.setPolicy(p2);
    assertEquals("The returned date should be equal to specified", p2, selector.getPolicy());
}
Also used : X509CertSelector(java.security.cert.X509CertSelector) ASN1OctetString(org.apache.harmony.security.asn1.ASN1OctetString) HashSet(java.util.HashSet)

Example 10 with X509CertSelector

use of java.security.cert.X509CertSelector in project robovm by robovm.

the class X509CertSelectorTest method test_addPathToNameLintLjava_lang_String.

/**
     * java.security.cert.X509CertSelector#addPathToName(int, String)
     */
public void test_addPathToNameLintLjava_lang_String() {
    // Regression for HARMONY-724
    for (int type = 0; type <= 8; type++) {
        try {
            new X509CertSelector().addPathToName(type, (String) null);
            fail();
        } catch (IOException expected) {
        }
    }
}
Also used : X509CertSelector(java.security.cert.X509CertSelector) IOException(java.io.IOException)

Aggregations

X509CertSelector (java.security.cert.X509CertSelector)151 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)54 X509Certificate (java.security.cert.X509Certificate)41 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)33 IOException (java.io.IOException)23 CertPathBuilder (java.security.cert.CertPathBuilder)22 HashSet (java.util.HashSet)22 TrustAnchor (java.security.cert.TrustAnchor)20 X500Principal (javax.security.auth.x500.X500Principal)20 KeyStore (java.security.KeyStore)18 ArrayList (java.util.ArrayList)18 CertStore (java.security.cert.CertStore)17 CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)15 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)13 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 CertificateException (java.security.cert.CertificateException)11 CertificateFactory (java.security.cert.CertificateFactory)11 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)11 ByteArrayInputStream (java.io.ByteArrayInputStream)10 Date (java.util.Date)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial