use of xades4j.providers.CannotBuildCertificationPathException in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProvider method validate.
@Override
public ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts) throws CertificateValidationException, UnexpectedJCAException {
PKIXBuilderParameters builderParams;
try {
builderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
} catch (KeyStoreException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore is not initialized", ex);
} catch (InvalidAlgorithmParameterException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore has no trusted certificate entries", ex);
}
PKIXCertPathBuilderResult builderRes;
try {
// - The other certificates from the signature (e.g. from KeyInfo).
if (otherCerts != null) {
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(otherCerts);
CertStore othersCertStore = CertStore.getInstance("Collection", ccsp);
builderParams.addCertStore(othersCertStore);
}
// - The external certificates/CRLs.
for (int i = 0; i < intermCertsAndCrls.length; i++) {
builderParams.addCertStore(intermCertsAndCrls[i]);
}
builderParams.setRevocationEnabled(revocationEnabled);
builderParams.setMaxPathLength(maxPathLength);
builderParams.setDate(validationDate);
builderParams.setSigProvider(this.signatureProvider);
builderRes = (PKIXCertPathBuilderResult) certPathBuilder.build(builderParams);
} catch (CertPathBuilderException ex) {
throw new CannotBuildCertificationPathException(certSelector, ex.getMessage(), ex);
} catch (InvalidAlgorithmParameterException ex) {
// cannot be applied.
throw new CannotSelectCertificateException(certSelector, ex);
} catch (NoSuchAlgorithmException ex) {
// SHOULD NOT be thrown.
throw new UnexpectedJCAException("No provider for Collection CertStore", ex);
}
// The cert path returned by the builder ends in a certificate issued by
// the trust anchor. However, the complete path may be needed for property
// verification.
List<X509Certificate> certPath = (List<X509Certificate>) builderRes.getCertPath().getCertificates();
// - Create a new list since the previous is immutable.
certPath = new ArrayList<X509Certificate>(certPath);
// - Add the trust anchor certificate.
certPath.add(builderRes.getTrustAnchor().getTrustedCert());
if (revocationEnabled) {
return new ValidationData(certPath, getCRLsForCertPath(certPath, validationDate));
}
return new ValidationData(certPath);
}
Aggregations