Package java.security.cert

Examples of java.security.cert.CertPathBuilder

41
42
43
44
45
46
47
48
public class GetInstance {

    public static void main(String[] argv) throws Exception {
        Provider stubProvider = new StubProvider();
        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX", stubProvider);
        System.out.println("Test passed.");
    }
View Full Code Here
130
131
132
133
134
135
136
137
138
     * @param params PKIXBuilderParameters to use in building
     * @throws Exception on error
     */
    public static void build(PKIXBuilderParameters params)
        throws Exception {
        CertPathBuilder builder =
            CertPathBuilder.getInstance("PKIX");
        CertPathBuilderResult cpbr = builder.build(params);
    }
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
View Full Code Here
210
211
212
213
214
215
216
217
218
     * @param params PKIXBuilderParameters to use in validation
     * @throws Exception on error
     */
    public static PKIXCertPathBuilderResult build(PKIXBuilderParameters params)
        throws Exception {
        CertPathBuilder builder =
            CertPathBuilder.getInstance("PKIX");
        return (PKIXCertPathBuilderResult) builder.build(params);
    }
View Full Code Here
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
        }

        // disable the revocation checking
        builderParam.setRevocationEnabled(false);

        CertPathBuilder cpBuilder;
        try {
            if (certProvider == null) {
                cpBuilder = CertPathBuilder.getInstance(strPKIX);
            } else {
                cpBuilder = CertPathBuilder.getInstance(strPKIX, certProvider);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new NoSuchAlgorithmException("The algorithm " + strPKIX
                    + " is not available.", e);
        } catch (NoSuchProviderException e) {
            throw (NoSuchProviderException) new NoSuchProviderException(
                    "The certProvider " + certProvider
                            + " is not found in the environment.").initCause(e);
        }

        CertPathBuilderResult bldResult = null;
        try {
            // the actual building of the certificate chain is done here
            bldResult = cpBuilder.build(builderParam);
        } catch (CertPathBuilderException e) {
            throw new CertPathBuilderException(strFailed, e);
        } catch (InvalidAlgorithmParameterException e) {
            throw new KeytoolException(strFailed + strNoSelfSigned, e);
        }
View Full Code Here
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
        }

        // disable the revocation checking
        builderParam.setRevocationEnabled(false);

        CertPathBuilder cpBuilder;
        try {
            if (certProvider == null) {
                cpBuilder = CertPathBuilder.getInstance(strPKIX);
            } else {
                cpBuilder = CertPathBuilder.getInstance(strPKIX, certProvider);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new NoSuchAlgorithmException("The algorithm " + strPKIX
                    + " is not available.", e);
        } catch (NoSuchProviderException e) {
            throw (NoSuchProviderException) new NoSuchProviderException(
                    "The certProvider " + certProvider
                            + " is not found in the environment.").initCause(e);
        }

        CertPathBuilderResult bldResult = null;
        try {
            // the actual building of the certificate chain is done here
            bldResult = cpBuilder.build(builderParam);
        } catch (CertPathBuilderException e) {
            throw new CertPathBuilderException(strFailed, e);
        } catch (InvalidAlgorithmParameterException e) {
            throw new KeytoolException(strFailed + strNoSelfSigned, e);
        }
View Full Code Here
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
        }

        // disable the revocation checking
        builderParam.setRevocationEnabled(false);

        CertPathBuilder cpBuilder;
        try {
            if (certProvider == null) {
                cpBuilder = CertPathBuilder.getInstance(strPKIX);
            } else {
                cpBuilder = CertPathBuilder.getInstance(strPKIX, certProvider);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new NoSuchAlgorithmException("The algorithm " + strPKIX
                    + " is not available.", e);
        } catch (NoSuchProviderException e) {
            throw (NoSuchProviderException) new NoSuchProviderException(
                    "The certProvider " + certProvider
                            + " is not found in the environment.").initCause(e);
        }

        CertPathBuilderResult bldResult = null;
        try {
            // the actual building of the certificate chain is done here
            bldResult = cpBuilder.build(builderParam);
        } catch (CertPathBuilderException e) {
            throw new CertPathBuilderException(strFailed, e);
        } catch (InvalidAlgorithmParameterException e) {
            throw new KeytoolException(strFailed + strNoSelfSigned, e);
        }
View Full Code Here
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
    private static CertPath verifyCertificate(X509Certificate cert, CertStore store, KeyStore trustedStore)
        throws InvalidAlgorithmParameterException, KeyStoreException, MessagingException, CertPathBuilderException {
       
        if (cert == null || store == null || trustedStore == null) throw new IllegalArgumentException("cert == "+cert+", store == "+store+", trustedStore == "+trustedStore);
       
        CertPathBuilder pathBuilder;
       
        // I create the CertPathBuilder object. It will be used to find a
        // certification path that starts from the signer's certificate and
        // leads to a trusted root certificate.
        try {
            pathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
        } catch (Exception e) {
            throw new MessagingException("Error during the creation of the certpathbuilder.", e);
        }
       
        X509CertSelector xcs = new X509CertSelector();
        xcs.setCertificate(cert);
        PKIXBuilderParameters params = new PKIXBuilderParameters(trustedStore, xcs);
        params.addCertStore(store);
        params.setRevocationEnabled(false);
       
        try {
            CertPathBuilderResult result = pathBuilder.build(params);
            CertPath path = result.getCertPath();
            return path;
        } catch (CertPathBuilderException e) {
            // A certification path is not found, so null is returned.
            return null;
View Full Code Here
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
    private static CertPath verifyCertificate(X509Certificate cert, CertStore store, KeyStore trustedStore)
        throws InvalidAlgorithmParameterException, KeyStoreException, MessagingException, CertPathBuilderException {
       
        if (cert == null || store == null || trustedStore == null) throw new IllegalArgumentException("cert == "+cert+", store == "+store+", trustedStore == "+trustedStore);
       
        CertPathBuilder pathBuilder;
       
        // I create the CertPathBuilder object. It will be used to find a
        // certification path that starts from the signer's certificate and
        // leads to a trusted root certificate.
        try {
            pathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
        } catch (Exception e) {
            throw new MessagingException("Error during the creation of the certpathbuilder.", e);
        }
       
        X509CertSelector xcs = new X509CertSelector();
        xcs.setCertificate(cert);
        PKIXBuilderParameters params = new PKIXBuilderParameters(trustedStore, xcs);
        params.addCertStore(store);
        params.setRevocationEnabled(false);
       
        try {
            CertPathBuilderResult result = pathBuilder.build(params);
            CertPath path = result.getCertPath();
            return path;
        } catch (CertPathBuilderException e) {
            // A certification path is not found, so null is returned.
            return null;
View Full Code Here
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
                validKeys.add(defaultCRLSignKey);
                continue;
            }
            try
            {
                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
                selector = new X509CertStoreSelector();
                selector.setCertificate(signingCert);
                ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
                temp.setTargetCertConstraints(selector);
                ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters)ExtendedPKIXBuilderParameters
                    .getInstance(temp);
                /*
                 * if signingCert is placed not higher on the cert path a
                 * dependency loop results. CRL for cert is checked, but
                 * signingCert is needed for checking the CRL which is dependent
                 * on checking cert because it is higher in the cert path and so
                 * signing signingCert transitively. so, revocation is disabled,
                 * forgery attacks of the CRL are detected in this outer loop
                 * for all other it must be enabled to prevent forgery attacks
                 */
                if (certPathCerts.contains(signingCert))
                {
                    params.setRevocationEnabled(false);
                }
                else
                {
                    params.setRevocationEnabled(true);
                }
                List certs = builder.build(params).getCertPath().getCertificates();
                validCerts.add(signingCert);
                validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
            }
            catch (CertPathBuilderException e)
            {
View Full Code Here
TOP

Related Classes of java.security.cert.CertPathBuilder

  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateValidator
  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateVerifier
  • BuildOddSel
  • CertUtils
  • com.gitblit.utils.X509Utils
  • com.sun.xml.wss.impl.WssProviderSecurityEnvironment
  • demo.sts.provider.cert.CertificateVerifier
  • GetInstance
  • gnu.java.lang.CPStringBuilder
  • net.jumperz.security.MSecurityUtil
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.