Search in sources :

Example 1 with CannotBuildCertificationPathException

use of xades4j.providers.CannotBuildCertificationPathException in project xades4j by luisgoncalves.

the class PKIXCertificateValidationProvider method validate.

@Override
public ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts) throws CertificateValidationException, UnexpectedJCAException {
    PKIXBuilderParameters builderParams;
    try {
        builderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
    } catch (KeyStoreException ex) {
        throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore is not initialized", ex);
    } catch (InvalidAlgorithmParameterException ex) {
        throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore has no trusted certificate entries", ex);
    }
    PKIXCertPathBuilderResult builderRes;
    try {
        // - The other certificates from the signature (e.g. from KeyInfo).
        if (otherCerts != null) {
            CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(otherCerts);
            CertStore othersCertStore = CertStore.getInstance("Collection", ccsp);
            builderParams.addCertStore(othersCertStore);
        }
        // - The external certificates/CRLs.
        for (int i = 0; i < intermCertsAndCrls.length; i++) {
            builderParams.addCertStore(intermCertsAndCrls[i]);
        }
        builderParams.setRevocationEnabled(revocationEnabled);
        builderParams.setMaxPathLength(maxPathLength);
        builderParams.setDate(validationDate);
        builderParams.setSigProvider(this.signatureProvider);
        builderRes = (PKIXCertPathBuilderResult) certPathBuilder.build(builderParams);
    } catch (CertPathBuilderException ex) {
        throw new CannotBuildCertificationPathException(certSelector, ex.getMessage(), ex);
    } catch (InvalidAlgorithmParameterException ex) {
        // cannot be applied.
        throw new CannotSelectCertificateException(certSelector, ex);
    } catch (NoSuchAlgorithmException ex) {
        // SHOULD NOT be thrown.
        throw new UnexpectedJCAException("No provider for Collection CertStore", ex);
    }
    // The cert path returned by the builder ends in a certificate issued by
    // the trust anchor. However, the complete path may be needed for property
    // verification.
    List<X509Certificate> certPath = (List<X509Certificate>) builderRes.getCertPath().getCertificates();
    // - Create a new list since the previous is immutable.
    certPath = new ArrayList<X509Certificate>(certPath);
    // - Add the trust anchor certificate.
    certPath.add(builderRes.getTrustAnchor().getTrustedCert());
    if (revocationEnabled) {
        return new ValidationData(certPath, getCRLsForCertPath(certPath, validationDate));
    }
    return new ValidationData(certPath);
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) ValidationData(xades4j.providers.ValidationData) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) UnexpectedJCAException(xades4j.verification.UnexpectedJCAException) CannotSelectCertificateException(xades4j.providers.CannotSelectCertificateException) ArrayList(java.util.ArrayList) List(java.util.List) CertStore(java.security.cert.CertStore) CannotBuildCertificationPathException(xades4j.providers.CannotBuildCertificationPathException)

Aggregations

InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 CertPathBuilderException (java.security.cert.CertPathBuilderException)1 CertStore (java.security.cert.CertStore)1 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)1 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)1 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 CannotBuildCertificationPathException (xades4j.providers.CannotBuildCertificationPathException)1 CannotSelectCertificateException (xades4j.providers.CannotSelectCertificateException)1 ValidationData (xades4j.providers.ValidationData)1 UnexpectedJCAException (xades4j.verification.UnexpectedJCAException)1