Java Code Examples for java.security.cert.CertPath#getCertificates()
The following examples show how to use
java.security.cert.CertPath#getCertificates() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 6 votes |
|
protected static int prepareNextCertH1(
CertPath certPath,
int index,
int explicitPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (1)
//
if (explicitPolicy != 0)
{
return explicitPolicy - 1;
}
}
return explicitPolicy;
}
Example 2
| Source File: RFC3280CertPathUtilities.java From RipplePower with Apache License 2.0 | 6 votes |
|
protected static void prepareNextCertN(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
{
throw new ExtCertPathValidatorException(
"Issuer certificate keyusage extension is critical and does not permit key signing.", null,
certPath, index);
}
}
Example 3
| Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 6 votes |
|
protected static int prepareNextCertH3(
CertPath certPath,
int index,
int inhibitAnyPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (3)
//
if (inhibitAnyPolicy != 0)
{
return inhibitAnyPolicy - 1;
}
}
return inhibitAnyPolicy;
}
Example 4
| Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 6 votes |
|
protected static int prepareNextCertH2(
CertPath certPath,
int index,
int policyMapping)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (2)
//
if (policyMapping != 0)
{
return policyMapping - 1;
}
}
return policyMapping;
}
Example 5
| Source File: X509CertUtil.java From keystore-explorer with GNU General Public License v3.0 | 6 votes |
|
private static X509Certificate[] loadCertificatesPkiPath(InputStream is) throws CryptoException {
try {
CertificateFactory cf = CertificateFactory.getInstance(X509_CERT_TYPE, BOUNCY_CASTLE.jce());
CertPath certPath = cf.generateCertPath(is, PKI_PATH_ENCODING);
List<? extends Certificate> certs = certPath.getCertificates();
ArrayList<X509Certificate> loadedCerts = new ArrayList<>();
for (Iterator<? extends Certificate> itr = certs.iterator(); itr.hasNext();) {
X509Certificate cert = (X509Certificate) itr.next();
if (cert != null) {
loadedCerts.add(cert);
}
}
return loadedCerts.toArray(new X509Certificate[loadedCerts.size()]);
} catch (CertificateException | NoSuchProviderException e) {
throw new CryptoException(res.getString("NoLoadPkiPath.exception.message"), e);
} finally {
IOUtils.closeQuietly(is);
}
}
Example 6
| Source File: RFC3280CertPathUtilities.java From RipplePower with Apache License 2.0 | 6 votes |
|
protected static int prepareNextCertH3(
CertPath certPath,
int index,
int inhibitAnyPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (3)
//
if (inhibitAnyPolicy != 0)
{
return inhibitAnyPolicy - 1;
}
}
return inhibitAnyPolicy;
}
Example 7
| Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 6 votes |
|
protected static void prepareNextCertN(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
{
throw new ExtCertPathValidatorException(
"Issuer certificate keyusage extension is critical and does not permit key signing.", null,
certPath, index);
}
}
Example 8
| Source File: BuildEEBasicConstraints.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
Example 9
| Source File: CertificateFactory1Test.java From j2objc with Apache License 2.0 | 5 votes |
|
/**
* Test for <code>generateCertPath(List certificates)</code> method
* Assertion: returns empty CertPath if certificates is empty
*/
public void testCertificateFactory15() throws CertificateException {
if (!X509Support) {
fail(NotSupportMsg);
return;
}
CertificateFactory[] certFs = initCertFs();
assertNotNull("CertificateFactory objects were not created", certFs);
List<Certificate> list = new Vector<Certificate>();
for (int i = 0; i < certFs.length; i++) {
CertPath cp = certFs[i].generateCertPath(list);
List<? extends Certificate> list1 = cp.getCertificates();
assertTrue("List should be empty", list1.isEmpty());
}
}
Example 10
| Source File: BuildEEBasicConstraints.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
Example 11
| Source File: BuildEEBasicConstraints.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
Example 12
| Source File: BuildEEBasicConstraints.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
Example 13
| Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 5 votes |
|
protected static PKIXPolicyNode processCertE(
CertPath certPath,
int index,
PKIXPolicyNode validPolicyTree)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (e)
//
ASN1Sequence certPolicies = null;
try
{
certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
}
catch (AnnotatedException e)
{
throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.",
e, certPath, index);
}
if (certPolicies == null)
{
validPolicyTree = null;
}
return validPolicyTree;
}
Example 14
| Source File: BuildEEBasicConstraints.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
Example 15
| Source File: RFC3280CertPathUtilities.java From RipplePower with Apache License 2.0 | 5 votes |
|
protected static void prepareNextCertK(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (k)
//
BasicConstraints bc = null;
try
{
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
}
catch (Exception e)
{
throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath,
index);
}
if (bc != null)
{
if (!(bc.isCA()))
{
throw new CertPathValidatorException("Not a CA certificate");
}
}
else
{
throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
}
}
Example 16
| Source File: CertPathSerializer.java From webauthn4j with Apache License 2.0 | 5 votes |
|
/**
* {@inheritDoc}
*/
@Override
public void serialize(CertPath value, JsonGenerator gen, SerializerProvider provider) throws IOException {
try {
gen.writeStartArray();
for (Certificate certificate : value.getCertificates()) {
gen.writeBinary(certificate.getEncoded());
}
gen.writeEndArray();
} catch (CertificateEncodingException e) {
throw new UnexpectedCheckedException(e);
}
}
Example 17
| Source File: BuildEEBasicConstraints.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
Example 18
| Source File: RFC3280CertPathUtilities.java From RipplePower with Apache License 2.0 | 5 votes |
|
protected static void wrapupCertF(
CertPath certPath,
int index,
List pathCheckers,
Set criticalExtensions)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
Iterator tmpIter;
tmpIter = pathCheckers.iterator();
while (tmpIter.hasNext())
{
try
{
((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions);
}
catch (CertPathValidatorException e)
{
throw new ExtCertPathValidatorException("Additional certificate path checker failed.", e, certPath,
index);
}
}
if (!criticalExtensions.isEmpty())
{
throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + criticalExtensions, null, certPath,
index);
}
}
Example 19
| Source File: PKIXCertPathReviewer.java From RipplePower with Apache License 2.0 | 4 votes |
|
/**
* Initializes the PKIXCertPathReviewer with the given {@link CertPath} and {@link PKIXParameters} params
* @param certPath the {@link CertPath} to validate
* @param params the {@link PKIXParameters} to use
* @throws CertPathReviewerException if the certPath is empty
* @throws IllegalStateException if the {@link PKIXCertPathReviewer} is already initialized
*/
public void init(CertPath certPath, PKIXParameters params)
throws CertPathReviewerException
{
if (initialized)
{
throw new IllegalStateException("object is already initialized!");
}
initialized = true;
// check input parameters
if (certPath == null)
{
throw new NullPointerException("certPath was null");
}
this.certPath = certPath;
certs = certPath.getCertificates();
n = certs.size();
if (certs.isEmpty())
{
throw new CertPathReviewerException(
new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.emptyCertPath"));
}
pkixParams = (PKIXParameters) params.clone();
// 6.1.1 - Inputs
// a) done
// b)
validDate = getValidDate(pkixParams);
// c) part of pkixParams
// d) done at the beginning of checkSignatures
// e) f) g) part of pkixParams
// initialize output parameters
notifications = null;
errors = null;
trustAnchor = null;
subjectPublicKey = null;
policyTree = null;
}
Example 20
| Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 4 votes |
|
protected static void prepareNextCertA(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
//
// (a) check the policy mappings
//
ASN1Sequence pm = null;
try
{
pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
RFC3280CertPathUtilities.POLICY_MAPPINGS));
}
catch (AnnotatedException ex)
{
throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath,
index);
}
if (pm != null)
{
ASN1Sequence mappings = pm;
for (int j = 0; j < mappings.size(); j++)
{
ASN1ObjectIdentifier issuerDomainPolicy = null;
ASN1ObjectIdentifier subjectDomainPolicy = null;
try
{
ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
issuerDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(0));
subjectDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(1));
}
catch (Exception e)
{
throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.",
e, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId()))
{
throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId()))
{
throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
}
}
}
}
