Examples of java.security.cert.PKIXBuilderParameters

java.security.cert.PKIXBuilderParameters
Parameters used as input for the PKIX {@code CertPathBuilder}algorithm.
A PKIX {@code CertPathBuilder} uses these parameters to {@link CertPathBuilder#build build} a {@code CertPath} which has beenvalidated according to the PKIX certification path validation algorithm.
To instantiate a {@code PKIXBuilderParameters} object, anapplication must specify one or more most-trusted CAs as defined by the PKIX certification path validation algorithm. The most-trusted CA can be specified using one of two constructors. An application can call {@link #PKIXBuilderParameters(Set,CertSelector) PKIXBuilderParameters(Set, CertSelector)}, specifying a {@code Set} of {@code TrustAnchor} objects, each of whichidentifies a most-trusted CA. Alternatively, an application can call {@link #PKIXBuilderParameters(KeyStore,CertSelector) PKIXBuilderParameters(KeyStore, CertSelector)}, specifying a {@code KeyStore} instance containing trusted certificate entries, eachof which will be considered as a most-trusted CA.
In addition, an application must specify constraints on the target certificate that the {@code CertPathBuilder} will attemptto build a path to. The constraints are specified as a {@code CertSelector} object. These constraints should provide the{@code CertPathBuilder} with enough search criteria to find the targetcertificate. Minimal criteria for an {@code X509Certificate} usuallyinclude the subject name and/or one or more subject alternative names. If enough criteria is not specified, the {@code CertPathBuilder}may throw a {@code CertPathBuilderException}.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize. @see CertPathBuilder @since 1.4 @author Sean Mullan

            fail(getName() + ": not performed (could not create test TrustAnchor set)");
        }
        HashSet originalSet = (HashSet)taSet;
        HashSet originalSetCopy = (HashSet)originalSet.clone();
        // create test object using originalSet 
        PKIXBuilderParameters pp =
            new PKIXBuilderParameters(originalSetCopy, null);
        // modify originalSet
        originalSetCopy.clear();
        // check that test object's internal state
        // has not been affected by the above modification
        Set returnedSet = pp.getTrustAnchors();
        assertEquals(originalSet, returnedSet);
    }

View Full Code Here

     * if the specified <code>Set</code> is null
     */
    public final void testPKIXBuilderParametersSetCertSelector04() throws Exception {
        try {
            // pass null
            new PKIXBuilderParameters((Set)null, null);
            fail("NPE expected");
        } catch (NullPointerException e) {
        }
    }

View Full Code Here

     * (<code>trustAnchors.isEmpty() == true</code>)
     */
    public final void testPKIXBuilderParametersSetCertSelector05() {
        try {
            // use empty set
            new PKIXBuilderParameters(new HashSet(), null);
            fail("InvalidAlgorithmParameterException expected");
        } catch (InvalidAlgorithmParameterException e) {
        }
    }

View Full Code Here


        // add wrong object to valid set
        assertTrue(taSet.add(new Object()));


        try {
            new PKIXBuilderParameters(taSet, null);
            fail("ClassCastException expected");
        } catch (ClassCastException e) {
        }
    }

View Full Code Here

     * if the <code>keystore</code> is <code>null</code>
     */
    public final void testPKIXBuilderParametersKeyStoreCertSelector04() throws Exception {
        try {
            // pass null
            new PKIXBuilderParameters((KeyStore)null, null);
            fail("NPE expected");
        } catch (NullPointerException e) {
        }
    }

View Full Code Here

                    throw new CertificateException(ex);
                }
            }
            X509CertSelector certSelector = new X509CertSelector();
            certSelector.setCertificate(certificate);
            PKIXBuilderParameters parameters;
            CertPathBuilder builder = null;
            CertPathValidator certValidator = null;
            CertPath certPath = null;
            List<Certificate> certChainList = new ArrayList<Certificate>();
            boolean caFound = false;
            Principal certChainIssuer = null;
            int noOfEntriesInTrustStore = 0;
            boolean isIssuerCertMatched = false;
            parameters = new PKIXBuilderParameters(trustStore, certSelector);
            parameters.setRevocationEnabled(revocationCheck);
            Certificate[] certChain = null;
            String certAlias = trustStore.getCertificateAlias(certificate);
            if (certAlias != null) {
                certChain = trustStore.getCertificateChain(certAlias);
            }

View Full Code Here

                                                String crlf, 
                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
            String trustLength = endpoint.getTrustMaxCertLength();
            if(trustLength != null) {
                try {
                    xparams.setMaxPathLength(Integer.parseInt(trustLength));
                } catch(Exception ex) {
                    log.warn("Bad maxCertLength: "+trustLength);
                }
            }

View Full Code Here

            throw new MessagingException("Error during the creation of the certpathbuilder.", e);
        }
        
        X509CertSelector xcs = new X509CertSelector();
        xcs.setCertificate(cert);
        PKIXBuilderParameters params = new PKIXBuilderParameters(trustedStore, xcs);
        params.addCertStore(store);
        params.setRevocationEnabled(false);
        
        try {
            CertPathBuilderResult result = pathBuilder.build(params);
            CertPath path = result.getCertPath();
            return path;

View Full Code Here

    
            X509CertSelector certSelect = new X509CertSelector();
            certSelect.setCertificate(certList.get(0));
            
            // Configure certification path builder parameters
            PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore, certSelect);
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));
    
            // Set maximum certification path length
            pbParams.setMaxPathLength(maxCertPathLength);
    
            // Enable revocation checking
            pbParams.setRevocationEnabled(true);
    
            // Set static Certificate Revocation List
            if (crls != null && !crls.isEmpty()) {
                pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
            }
    
            // Enable On-Line Certificate Status Protocol (OCSP) support
            if (enableOCSP) {
                Security.setProperty("ocsp.enable","true");

View Full Code Here

          trustAnchors.add(new TrustAnchor((X509Certificate) chain[i], null));
        }
      }
    }


    PKIXBuilderParameters pkixParameters = new PKIXBuilderParameters(trustAnchors, selector);
    pkixParameters.setRevocationEnabled(false);


    List<Certificate> list = new ArrayList<Certificate>();


    for (int i = 0; i < chain.length; i++) {
      if ((!localCA) || ((localCA) && (!Certificates.isSelfSigned(chain[i])))) {
        list.add(chain[i]);
      }
    }


    if (!Conditions.isEmpty(list)) {
      CertStore intermediateCertStore = CertStore.getInstance(PKIXCertificateValidator.CERTSTORE_TYPE, new CollectionCertStoreParameters(list), BouncyCastleProviderHelper.PROVIDER_NAME);
      pkixParameters.addCertStore(intermediateCertStore);
    }


    CertPathBuilder builder = CertPathBuilder.getInstance(PKIXCertificateValidator.CERTPATH_TYPE, BouncyCastleProviderHelper.PROVIDER_NAME);
    PKIXCertPathBuilderResult builderResult = (PKIXCertPathBuilderResult) builder.build(pkixParameters);
    CertPathValidator validator = CertPathValidator.getInstance(PKIXCertificateValidator.CERTPATH_TYPE, BouncyCastleProviderHelper.PROVIDER_NAME);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of java.security.cert.PKIXBuilderParameters

br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateValidator

br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateVerifier

BuildOddSel

com.cloudhopper.commons.ssl.CertificateValidator

com.cloudhopper.commons.ssl.SslContextFactory

com.cloudhopper.smpp.ssl.CertificateValidator

com.cloudhopper.smpp.ssl.SslContextFactory

com.facebook.presto.jdbc.internal.jetty.util.security.CertificateValidator

com.facebook.presto.jdbc.internal.jetty.util.ssl.SslContextFactory

com.gitblit.utils.X509Utils

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.