Java Code Examples for java.security.cert.CollectionCertStoreParameters

The following are top voted examples for showing how to use java.security.cert.CollectionCertStoreParameters. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: ipack   File: JcaCertStoreBuilder.java   View source code 6 votes vote down vote up
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
 
Example 2
Project: ipack   File: OCSPReq.java   View source code 6 votes vote down vote up
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }
    
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
 
Example 3
Project: ipack   File: BasicOCSPResp.java   View source code 6 votes vote down vote up
/**
 * Return the certificates, if any associated with the response.
 * @param type type of CertStore to create
 * @param provider provider to use
 * @return a CertStore, possibly empty
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
 
Example 4
Project: lams   File: JSSESocketFactory.java   View source code 6 votes vote down vote up
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
Example 5
Project: lazycat   File: JSSESocketFactory.java   View source code 6 votes vote down vote up
/**
 * Return the initialization parameters for the TrustManager. Currently,
 * only the default <code>PKIX</code> is supported.
 *
 * @param algorithm
 *            The algorithm to get parameters for.
 * @param crlf
 *            The path to the CRL file.
 * @param trustStore
 *            The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
	CertPathParameters params = null;
	if ("PKIX".equalsIgnoreCase(algorithm)) {
		PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
		Collection<? extends CRL> crls = getCRLs(crlf);
		CertStoreParameters csp = new CollectionCertStoreParameters(crls);
		CertStore store = CertStore.getInstance("Collection", csp);
		xparams.addCertStore(store);
		xparams.setRevocationEnabled(true);
		String trustLength = endpoint.getTrustMaxCertLength();
		if (trustLength != null) {
			try {
				xparams.setMaxPathLength(Integer.parseInt(trustLength));
			} catch (Exception ex) {
				log.warn("Bad maxCertLength: " + trustLength);
			}
		}

		params = xparams;
	} else {
		throw new CRLException("CRLs not supported for type: " + algorithm);
	}
	return params;
}
 
Example 6
Project: Aki-SSL   File: JcaCertStoreBuilder.java   View source code 6 votes vote down vote up
/**
 * Build the CertStore from the current inputs.
 *
 * @return  a CertStore.
 * @throws GeneralSecurityException
 */
public CertStore build()
    throws GeneralSecurityException
{
    CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);

    if (provider instanceof String)
    {
        return CertStore.getInstance(type, params, (String)provider);
    }

    if (provider instanceof Provider)
    {
        return CertStore.getInstance(type, params, (Provider)provider);
    }

    return CertStore.getInstance(type, params);
}
 
Example 7
Project: Aki-SSL   File: JcaCertStoreBuilder.java   View source code 6 votes vote down vote up
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
 
Example 8
Project: In-the-Box-Fork   File: CollectionCertStoreParametersTest.java   View source code 6 votes vote down vote up
/**
 * Test #2 for <code>CollectionCertStoreParameters</code> constructor<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "CollectionCertStoreParameters",
    args = {}
)
@SuppressWarnings("unchecked")
public final void testCollectionCertStoreParameters02() {
    CollectionCertStoreParameters cp = new CollectionCertStoreParameters();
    Collection c = cp.getCollection();
    assertTrue("isEmpty", c.isEmpty());

    // check that empty collection is immutable
    try {
        // try to modify it
        c.add(new Object());
        fail("empty collection must be immutable");
    } catch (Exception e) {
    }
}
 
Example 9
Project: In-the-Box-Fork   File: CollectionCertStoreParametersTest.java   View source code 6 votes vote down vote up
/**
 * Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
 * constructor<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "CollectionCertStoreParameters",
    args = {java.util.Collection.class}
)
public final void testCollectionCertStoreParametersCollection03() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    // create using empty collection
    CollectionCertStoreParameters cp =
        new CollectionCertStoreParameters(certificates);
    // check that the reference is used
    assertTrue("isRefUsed_1", certificates == cp.getCollection());
    // check that collection still empty
    assertTrue("isEmpty", cp.getCollection().isEmpty());
    // modify our collection
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
    // check that internal state has been changed accordingly
    assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
 
Example 10
Project: In-the-Box-Fork   File: CollectionCertStoreParametersTest.java   View source code 6 votes vote down vote up
/**
 * Test #1 for <code>clone()</code> method<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "clone",
    args = {}
)
public final void testClone01() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)4}));
    CollectionCertStoreParameters cp1 =
        new CollectionCertStoreParameters(certificates);
    CollectionCertStoreParameters cp2 =
        (CollectionCertStoreParameters)cp1.clone();
    // check that that we have new object
    assertTrue(cp1 != cp2);
}
 
Example 11
Project: In-the-Box-Fork   File: CollectionCertStoreParametersTest.java   View source code 6 votes vote down vote up
/**
 * Test #2 for <code>clone()</code> method<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "clone",
    args = {}
)
public final void testClone02() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)4}));
    CollectionCertStoreParameters cp1 =
        new CollectionCertStoreParameters(certificates);
    CollectionCertStoreParameters cp2 =
        (CollectionCertStoreParameters)cp1.clone();
    // check that both objects hold the same reference
    assertTrue(cp1.getCollection() == cp2.getCollection());
}
 
Example 12
Project: In-the-Box-Fork   File: CollectionCertStoreParametersTest.java   View source code 6 votes vote down vote up
/**
 * Test #3 for <code>clone()</code> method<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "clone",
    args = {}
)
public final void testClone03() {
    CollectionCertStoreParameters cp1 =
        new CollectionCertStoreParameters();
    CollectionCertStoreParameters cp2 =
        (CollectionCertStoreParameters)cp1.clone();
    CollectionCertStoreParameters cp3 =
        (CollectionCertStoreParameters)cp2.clone();
    // check that all objects hold the same reference
    assertTrue(cp1.getCollection() == cp2.getCollection() &&
               cp3.getCollection() == cp2.getCollection());
}
 
Example 13
Project: Openfire   File: ClientTrustManager.java   View source code 6 votes vote down vote up
public ClientTrustManager(KeyStore trustTrust) {
    super();
    this.trustStore = trustTrust;

    //Note: A reference of the Collection is used in the CertStore, so we can add CRL's 
    // after creating the CertStore.
    crls = new ArrayList<>();
    CollectionCertStoreParameters params = new CollectionCertStoreParameters(crls);
    
    try {
        crlStore = CertStore.getInstance("Collection", params);
    }
    catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException ex) {
        Log.warn("ClientTrustManager: ",ex);
    }

    loadCRL();
   
}
 
Example 14
Project: cn1   File: CollectionCertStoreParametersTest.java   View source code 6 votes vote down vote up
/**
 * Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
 * constructor<br>
 * Assertion: The Collection is not copied. Instead, a reference is used.
 * This allows the caller to subsequently add or remove Certificates or
 * CRLs from the Collection, thus changing the set of Certificates or CRLs
 * available to the Collection CertStore. The Collection CertStore will
 * not modify the contents of the Collection 
 */
public final void testCollectionCertStoreParametersCollection03() {
    Vector certificates = new Vector();
    // create using empty collection
    CollectionCertStoreParameters cp =
        new CollectionCertStoreParameters(certificates);
    // check that the reference is used 
    assertTrue("isRefUsed_1", certificates == cp.getCollection());
    // check that collection still empty
    assertTrue("isEmpty", cp.getCollection().isEmpty());
    // modify our collection
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
    // check that internal state has been changed accordingly
    assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
 
Example 15
Project: CryptMeme   File: OCSPReq.java   View source code 6 votes vote down vote up
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }
    
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
 
Example 16
Project: CryptMeme   File: BasicOCSPResp.java   View source code 6 votes vote down vote up
/**
 * Return the certificates, if any associated with the response.
 * @param type type of CertStore to create
 * @param provider provider to use
 * @return a CertStore, possibly empty
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
 
Example 17
Project: openjdk-jdk7u-jdk   File: CrlRevocationChecker.java   View source code 6 votes vote down vote up
CrlRevocationChecker(TrustAnchor anchor, PKIXParameters params,
    Collection<X509Certificate> certs, boolean onlyEECert)
    throws CertPathValidatorException {
    mAnchor = anchor;
    mParams = params;
    mStores = new ArrayList<CertStore>(params.getCertStores());
    mSigProvider = params.getSigProvider();
    if (certs != null) {
        try {
            mStores.add(CertStore.getInstance("Collection",
                new CollectionCertStoreParameters(certs)));
        } catch (Exception e) {
            // should never occur but not necessarily fatal, so log it,
            // ignore and continue
            if (debug != null) {
                debug.println("CrlRevocationChecker: " +
                    "error creating Collection CertStore: " + e);
            }
        }
    }
    Date testDate = params.getDate();
    mCurrentTime = (testDate != null ? testDate : new Date());
    mOnlyEECert = onlyEECert;
    init(false);
}
 
Example 18
Project: bc-java   File: SignedMailValidatorTest.java   View source code 6 votes vote down vote up
public void testRevoked() throws Exception
{
    String message = "validator.revoked.eml";
    PKIXParameters params = createDefaultParams();
    List crlList = new ArrayList();
    crlList.add(loadCRL("validator.revoked.crl"));
    CertStore crls = CertStore.getInstance("Collection",new CollectionCertStoreParameters(crlList));
    params.addCertStore(crls);
    params.setRevocationEnabled(true);
    
    SignedMailValidator.ValidationResult result = doTest(message, params);
    
    assertTrue(result.isVerifiedSignature());
    assertFalse(result.isValidSignature());
    
    PKIXCertPathReviewer review = result.getCertPathReview();
    assertFalse(review.isValidCertPath());
    assertContainsMessage(
            review.getErrors(0),
            "CertPathReviewer.certRevoked",
            "The certificate was revoked at Sep 1, 2006 9:30:00 AM GMT. Reason: Key Compromise.");
}
 
Example 19
Project: bc-java   File: OCSPReq.java   View source code 6 votes vote down vote up
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }
    
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
 
Example 20
Project: freeVM   File: CollectionCertStoreParametersTest.java   View source code 6 votes vote down vote up
/**
 * Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
 * constructor<br>
 * Assertion: The Collection is not copied. Instead, a reference is used.
 * This allows the caller to subsequently add or remove Certificates or
 * CRLs from the Collection, thus changing the set of Certificates or CRLs
 * available to the Collection CertStore. The Collection CertStore will
 * not modify the contents of the Collection 
 */
public final void testCollectionCertStoreParametersCollection03() {
    Vector certificates = new Vector();
    // create using empty collection
    CollectionCertStoreParameters cp =
        new CollectionCertStoreParameters(certificates);
    // check that the reference is used 
    assertTrue("isRefUsed_1", certificates == cp.getCollection());
    // check that collection still empty
    assertTrue("isEmpty", cp.getCollection().isEmpty());
    // modify our collection
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
    // check that internal state has been changed accordingly
    assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
 
Example 21
Project: irma_future_id   File: JcaCertStoreBuilder.java   View source code 6 votes vote down vote up
/**
 * Build the CertStore from the current inputs.
 *
 * @return  a CertStore.
 * @throws GeneralSecurityException
 */
public CertStore build()
    throws GeneralSecurityException
{
    CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);

    if (provider instanceof String)
    {
        return CertStore.getInstance(type, params, (String)provider);
    }

    if (provider instanceof Provider)
    {
        return CertStore.getInstance(type, params, (Provider)provider);
    }

    return CertStore.getInstance(type, params);
}
 
Example 22
Project: irma_future_id   File: JcaCertStoreBuilder.java   View source code 6 votes vote down vote up
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
 
Example 23
Project: irma_future_id   File: JcaCertStoreBuilder.java   View source code 6 votes vote down vote up
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
 
Example 24
Project: bc-java   File: JcaCertStoreBuilder.java   View source code 6 votes vote down vote up
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
 
Example 25
Project: bc-java   File: SMIMESignedTest.java   View source code 6 votes vote down vote up
private MimeMultipart generateMultiPartGost(
    MimeBodyPart msg)
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_signGostCert);

    CertStore certs = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(certList), "BC");

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSigner(_signGostKP.getPrivate(), _signGostCert, SMIMESignedGenerator.DIGEST_GOST3411);
    gen.addCertificatesAndCRLs(certs);

    return gen.generate(msg, "BC");
}
 
Example 26
Project: bc-java   File: SMIMESignedTest.java   View source code 6 votes vote down vote up
private MimeBodyPart generateEncapsulatedRsa(String digestOid, MimeBodyPart msg) 
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    CertStore certs = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(certList), "BC");

    ASN1EncodableVector signedAttrs = generateSignedAttributes();

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSigner(_signKP.getPrivate(), _signCert, digestOid, new AttributeTable(signedAttrs), null);
    gen.addCertificatesAndCRLs(certs);

    return gen.generateEncapsulated(msg, "BC");
}
 
Example 27
Project: irma_future_id   File: SMIMESignedTest.java   View source code 6 votes vote down vote up
private MimeMultipart generateMultiPartGost(
    MimeBodyPart msg)
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_signGostCert);

    CertStore certs = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(certList), "BC");

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSigner(_signGostKP.getPrivate(), _signGostCert, SMIMESignedGenerator.DIGEST_GOST3411);
    gen.addCertificatesAndCRLs(certs);

    return gen.generate(msg, "BC");
}
 
Example 28
Project: DroidText   File: OCSPReq.java   View source code 6 votes vote down vote up
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }
    
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
 
Example 29
Project: irma_future_id   File: SignedMailValidatorTest.java   View source code 6 votes vote down vote up
public void testRevoked() throws Exception
{
    String message = "validator.revoked.eml";
    PKIXParameters params = createDefaultParams();
    List crlList = new ArrayList();
    crlList.add(loadCRL("validator.revoked.crl"));
    CertStore crls = CertStore.getInstance("Collection",new CollectionCertStoreParameters(crlList));
    params.addCertStore(crls);
    params.setRevocationEnabled(true);
    
    SignedMailValidator.ValidationResult result = doTest(message, params);
    
    assertTrue(result.isVerifiedSignature());
    assertFalse(result.isValidSignature());
    
    PKIXCertPathReviewer review = result.getCertPathReview();
    assertFalse(review.isValidCertPath());
    assertContainsMessage(
            review.getErrors(0),
            "CertPathReviewer.certRevoked",
            "The certificate was revoked at Sep 1, 2006 9:30:00 AM GMT. Reason: Key Compromise.");
}
 
Example 30
Project: ipack   File: JcaCertStoreBuilder.java   View source code 5 votes vote down vote up
/**
 * Build the CertStore from the current inputs.
 *
 * @return  a CertStore.
 * @throws GeneralSecurityException
 */
public CertStore build()
    throws GeneralSecurityException
{
    CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);

    if (provider instanceof String)
    {
        return CertStore.getInstance(type, params, (String)provider);
    }

    if (provider instanceof Provider)
    {
        return CertStore.getInstance(type, params, (Provider)provider);
    }

    return CertStore.getInstance(type, params);
}
 
Example 31
Project: ipack   File: CertStoreCollectionSpi.java   View source code 5 votes vote down vote up
public CertStoreCollectionSpi(CertStoreParameters params)
    throws InvalidAlgorithmParameterException
{
    super(params);

    if (!(params instanceof CollectionCertStoreParameters))
    {
        throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.CertStoreCollectionSpi: parameter must be a CollectionCertStoreParameters object\n" +  params.toString());
    }

    this.params = (CollectionCertStoreParameters)params;
}
 
Example 32
Project: tomcat7   File: JSSESocketFactory.java   View source code 5 votes vote down vote up
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
Example 33
Project: lams   File: CertPathPKIXTrustEvaluator.java   View source code 5 votes vote down vote up
/**
 * Creates the certificate store that will be used during validation.
 * 
 * @param validationInfo PKIX validation information
 * @param untrustedCredential credential to be validated
 * 
 * @return certificate store used during validation
 * 
 * @throws GeneralSecurityException thrown if the certificate store can not be created from the cert and CRL
 *             material
 */
protected CertStore buildCertStore(PKIXValidationInformation validationInfo, X509Credential untrustedCredential)
        throws GeneralSecurityException {

    log.trace("Creating cert store to use during path validation");

    log.trace("Adding entity certificate chain to cert store");
    List<Object> storeMaterial = new ArrayList<Object>(untrustedCredential.getEntityCertificateChain());
    if (log.isTraceEnabled()) {
        for (X509Certificate cert : untrustedCredential.getEntityCertificateChain()) {
            log.trace(String.format("Added X509Certificate from entity cert chain to cert store "
                    + "with subject name '%s' issued by '%s' with serial number '%s'",
                    x500DNHandler.getName(cert.getSubjectX500Principal()),
                    x500DNHandler.getName(cert.getIssuerX500Principal()),
                    cert.getSerialNumber().toString()));
        }
    }
    
    Date now = new Date();
    
    if (validationInfo.getCRLs() != null && !validationInfo.getCRLs().isEmpty()) {
        log.trace("Processing CRL's from PKIX info set");
        addCRLsToStoreMaterial(storeMaterial, validationInfo.getCRLs(), now);
    }        
    
    if (untrustedCredential.getCRLs() != null && !untrustedCredential.getCRLs().isEmpty() 
            && options.isProcessCredentialCRLs()) {
        log.trace("Processing CRL's from untrusted credential");
        addCRLsToStoreMaterial(storeMaterial, untrustedCredential.getCRLs(), now);
    }        
    
    return CertStore.getInstance("Collection", new CollectionCertStoreParameters(storeMaterial));
}
 
Example 34
Project: lams   File: JSSESocketFactory.java   View source code 5 votes vote down vote up
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = (String)attributes.get("trustMaxCertLength");
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
Example 35
Project: apache-tomcat-7.0.73-with-comment   File: JSSESocketFactory.java   View source code 5 votes vote down vote up
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
Example 36
Project: jdk8u-jdk   File: NoExtensions.java   View source code 5 votes vote down vote up
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
 
Example 37
Project: jdk8u-jdk   File: BuildEEBasicConstraints.java   View source code 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
 
Example 38
Project: jdk8u-jdk   File: CertUtils.java   View source code 5 votes vote down vote up
/**
 * Read a bunch of certs from files and create a CertStore from them.
 *
 * @param relPath relative path containing certs (must end in
 *    file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @return the <code>CertStore</code> created
 * @throws Exception on error
 */
public static CertStore createStore(String relPath, String [] fileNames)
    throws Exception {
    Set<X509Certificate> certs = new HashSet<X509Certificate>();
    for (int i = 0; i < fileNames.length; i++) {
        certs.add(getCertFromFile(relPath + fileNames[i]));
    }
    return CertStore.getInstance("Collection",
        new CollectionCertStoreParameters(certs));
}
 
Example 39
Project: jdk8u-jdk   File: CertUtils.java   View source code 5 votes vote down vote up
/**
 * Read a bunch of CRLs from files and create a CertStore from them.
 *
 * @param relPath relative path containing CRLs (must end in file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @return the <code>CertStore</code> created
 * @throws Exception on error
 */
public static CertStore createCRLStore(String relPath, String [] fileNames)
    throws Exception {
    Set<X509CRL> crls = new HashSet<X509CRL>();
    for (int i = 0; i < fileNames.length; i++) {
        crls.add(getCRLFromFile(relPath + fileNames[i]));
    }
    return CertStore.getInstance("Collection",
        new CollectionCertStoreParameters(crls));
}
 
Example 40
Project: openjdk-jdk10   File: NoExtensions.java   View source code 5 votes vote down vote up
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }