Package java.security.cert

Examples of java.security.cert.CertPathBuilder

499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
        for (Iterator it = holderPKCs.iterator(); it.hasNext();)
        {
            X509CertStoreSelector selector = new X509CertStoreSelector();
            selector.setCertificate((X509Certificate) it.next());
            params.setTargetConstraints(selector);
            CertPathBuilder builder = null;
            try
            {
                builder = CertPathBuilder.getInstance("PKIX", "BC");
            }
            catch (NoSuchProviderException e)
            {
                throw new ExtCertPathValidatorException(
                    "Support class could not be created.", e);
            }
            catch (NoSuchAlgorithmException e)
            {
                throw new ExtCertPathValidatorException(
                    "Support class could not be created.", e);
            }
            try
            {
                result = builder.build(ExtendedPKIXBuilderParameters
                    .getInstance(params));
            }
            catch (CertPathBuilderException e)
            {
                lastException = new ExtCertPathValidatorException(
View Full Code Here
115
116
117
118
119
120
121
122
123
124
125
      Security.setProperty(PKIXCertificateValidator.OSCP_ENABLE_PROPERTY, PKIXCertificateValidator.OSCP_ENABLE_VALUE);
      Security.setProperty(PKIXCertificateValidator.OSCP_URL_PROPERTY, this.ocsp.getUrl());
      Security.setProperty(PKIXCertificateValidator.OSCP_SUBJECT_PROPERTY, ((X509Certificate) this.ocsp.getCertificate()).getSubjectX500Principal().getName());
    }

    CertPathBuilder builder = CertPathBuilder.getInstance(PKIXCertificateValidator.CERTPATH_TYPE);
    PKIXCertPathBuilderResult builderResult = (PKIXCertPathBuilderResult) builder.build(pkixParameters);
    CertPathValidator validator = CertPathValidator.getInstance(PKIXCertificateValidator.CERTPATH_TYPE);
    PKIXCertPathValidatorResult validatorResult = (PKIXCertPathValidatorResult) validator.validate(builderResult.getCertPath(), pkixParameters);
    return validatorResult;
  }
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
93
  CertStoreParameters intermediates = new CollectionCertStoreParameters( imList );
  params.addCertStore( CertStore.getInstance( "Collection", intermediates ) );
 
  params.setRevocationEnabled( false );
 
  CertPathBuilder builder = CertPathBuilder.getInstance( "PKIX" );
  CertPathBuilderResult result = builder.build( params );
  return true;
  }
catch( Exception e )
  {
  return false;
View Full Code Here
115
116
117
118
119
120
121
122
123
124
125
      Security.setProperty(PKIXCertificateVerifier.OSCP_ENABLE_PROPERTY, PKIXCertificateVerifier.OSCP_ENABLE_VALUE);
      Security.setProperty(PKIXCertificateVerifier.OSCP_URL_PROPERTY, this.ocsp.getUrl());
      Security.setProperty(PKIXCertificateVerifier.OSCP_SUBJECT_PROPERTY, ((X509Certificate) this.ocsp.getCertificate()).getSubjectX500Principal().getName());
    }

    CertPathBuilder builder = CertPathBuilder.getInstance(PKIXCertificateVerifier.CERTPATH_TYPE);
    PKIXCertPathBuilderResult builderResult = (PKIXCertPathBuilderResult) builder.build(pkixParameters);
    CertPathValidator validator = CertPathValidator.getInstance(PKIXCertificateVerifier.CERTPATH_TYPE);
    PKIXCertPathValidatorResult validatorResult = (PKIXCertPathValidatorResult) validator.validate(builderResult.getCertPath(), pkixParameters);
    return validatorResult;
  }
View Full Code Here
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
                validKeys.add(defaultCRLSignKey);
                continue;
            }
            try
            {
                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC2");
                selector = new X509CertStoreSelector();
                selector.setCertificate(signingCert);
                ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
                temp.setTargetCertConstraints(selector);
                ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters)ExtendedPKIXBuilderParameters
                    .getInstance(temp);
                /*
                 * if signingCert is placed not higher on the cert path a
                 * dependency loop results. CRL for cert is checked, but
                 * signingCert is needed for checking the CRL which is dependent
                 * on checking cert because it is higher in the cert path and so
                 * signing signingCert transitively. so, revocation is disabled,
                 * forgery attacks of the CRL are detected in this outer loop
                 * for all other it must be enabled to prevent forgery attacks
                 */
                if (certPathCerts.contains(signingCert))
                {
                    params.setRevocationEnabled(false);
                }
                else
                {
                    params.setRevocationEnabled(true);
                }
                List certs = builder.build(params).getCertPath().getCertificates();
                validCerts.add(signingCert);
                validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
            }
            catch (CertPathBuilderException e)
            {
View Full Code Here
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
        for (Iterator it = holderPKCs.iterator(); it.hasNext();)
        {
            X509CertStoreSelector selector = new X509CertStoreSelector();
            selector.setCertificate((X509Certificate) it.next());
            params.setTargetConstraints(selector);
            CertPathBuilder builder = null;
            try
            {
                builder = CertPathBuilder.getInstance("PKIX", "BC2");
            }
            catch (NoSuchProviderException e)
            {
                throw new ExtCertPathValidatorException(
                    "Support class could not be created.", e);
            }
            catch (NoSuchAlgorithmException e)
            {
                throw new ExtCertPathValidatorException(
                    "Support class could not be created.", e);
            }
            try
            {
                result = builder.build(ExtendedPKIXBuilderParameters
                    .getInstance(params));
            }
            catch (CertPathBuilderException e)
            {
                lastException = new ExtCertPathValidatorException(
View Full Code Here
377
378
379
380
381
382
383
384
385
386
387
388
        PKIXBuilderParameters params = null;
        try {
            params = new PKIXBuilderParameters(anchors, target);
            params.setRevocationEnabled(false);
            params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
            builder.build(params);

        } catch (InvalidAlgorithmParameterException e) {
            throw new IllegalArgumentException("Invalid certificate chain", e);
        } catch (CertPathBuilderException e) {
            throw new IllegalArgumentException("Invalid certificate chain", e);
View Full Code Here
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
        for (Iterator it = holderPKCs.iterator(); it.hasNext();)
        {
            X509CertStoreSelector selector = new X509CertStoreSelector();
            selector.setCertificate((X509Certificate) it.next());
            params.setTargetConstraints(selector);
            CertPathBuilder builder = null;
            try
            {
                builder = CertPathBuilder.getInstance("PKIX", "BC");
            }
            catch (NoSuchProviderException e)
            {
                throw new ExtCertPathValidatorException(
                    "Support class could not be created.", e);
            }
            catch (NoSuchAlgorithmException e)
            {
                throw new ExtCertPathValidatorException(
                    "Support class could not be created.", e);
            }
            try
            {
                result = builder
                    .build(ExtendedPKIXBuilderParameters.getInstance(params));
            }
            catch (CertPathBuilderException e)
            {
                lastException = new ExtCertPathValidatorException(
View Full Code Here
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
                    validCerts.add(signingCert);
                    continue;
                }
                try
                {
                    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX",
                        "BC");
                    selector = new X509CertStoreSelector();
                    selector.setCertificate(signingCert);
                    ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
                        .getInstance(paramsPKIX);
                    params.setTargetConstraints(selector);
                    /*
                     * CRL for CA cannot be signed from CA lower in PKI path
                     * (compromised key of upper CA could be used to forge this CA.)
                     * (and we run in an endless loop aside from this.)
                     */
                    // cert is not allowed to appear in PKI path
                    Set excluded = new HashSet();
                    excluded.add(cert);
                    params.setExcludedCerts(excluded);
                    builder.build(params);
                    validCerts.add(signingCert);
                }
                catch (Exception e)
                {
                }
View Full Code Here
390
391
392
393
394
395
396
397
398
399
400
401
        PKIXBuilderParameters params = null;
        try {
            params = new PKIXBuilderParameters(anchors, target);
            params.setRevocationEnabled(false);
            params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
            builder.build(params);

        } catch (InvalidAlgorithmParameterException e) {
            throw new IllegalArgumentException("Invalid certificate chain", e);
        } catch (CertPathBuilderException e) {
            throw new IllegalArgumentException("Invalid certificate chain", e);
View Full Code Here
TOP

Related Classes of java.security.cert.CertPathBuilder

  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateValidator
  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateVerifier
  • BuildOddSel
  • CertUtils
  • com.gitblit.utils.X509Utils
  • com.sun.xml.wss.impl.WssProviderSecurityEnvironment
  • demo.sts.provider.cert.CertificateVerifier
  • GetInstance
  • gnu.java.lang.CPStringBuilder
  • net.jumperz.security.MSecurityUtil
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.