Java Code Examples for java.security.cert.TrustAnchor#getCA()
The following examples show how to use
java.security.cert.TrustAnchor#getCA() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: OCSPResponse.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
if (anchor == null && issuerCert == null) {
throw new NullPointerException("TrustAnchor and issuerCert " +
"cannot be null");
}
this.anchor = anchor;
if (issuerCert != null) {
name = issuerCert.getSubjectX500Principal();
pubKey = issuerCert.getPublicKey();
certificate = issuerCert;
} else {
name = anchor.getCA();
pubKey = anchor.getCAPublicKey();
certificate = anchor.getTrustedCert();
}
}
Example 2
| Source File: OCSPResponse.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
if (anchor == null && issuerCert == null) {
throw new NullPointerException("TrustAnchor and issuerCert " +
"cannot be null");
}
this.anchor = anchor;
if (issuerCert != null) {
name = issuerCert.getSubjectX500Principal();
pubKey = issuerCert.getPublicKey();
certificate = issuerCert;
} else {
name = anchor.getCA();
pubKey = anchor.getCAPublicKey();
certificate = anchor.getTrustedCert();
}
}
Example 3
| Source File: OCSPResponse.java From Bytecoder with Apache License 2.0 | 6 votes |
|
IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
if (anchor == null && issuerCert == null) {
throw new NullPointerException("TrustAnchor and issuerCert " +
"cannot be null");
}
this.anchor = anchor;
if (issuerCert != null) {
name = issuerCert.getSubjectX500Principal();
pubKey = issuerCert.getPublicKey();
certificate = issuerCert;
} else {
name = anchor.getCA();
pubKey = anchor.getCAPublicKey();
certificate = anchor.getTrustedCert();
}
}
Example 4
| Source File: CertPathPKIXTrustEvaluator.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Log information from the constructed cert path at level debug.
*
* @param buildResult the PKIX cert path builder result containing the cert path and trust anchor
* @param targetCert the cert untrusted certificate that was being evaluated
*/
private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) {
log.debug("Built valid PKIX cert path");
log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal()));
for (Certificate cert : buildResult.getCertPath().getCertificates()) {
log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert)
.getSubjectX500Principal()));
}
TrustAnchor ta = buildResult.getTrustAnchor();
if (ta.getTrustedCert() != null) {
log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal()));
} else if (ta.getCA() != null) {
log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA()));
} else {
log.debug("TrustAnchor: {}", ta.getCAName());
}
}
Example 5
| Source File: OCSPResponse.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
if (anchor == null && issuerCert == null) {
throw new NullPointerException("TrustAnchor and issuerCert " +
"cannot be null");
}
this.anchor = anchor;
if (issuerCert != null) {
name = issuerCert.getSubjectX500Principal();
pubKey = issuerCert.getPublicKey();
certificate = issuerCert;
} else {
name = anchor.getCA();
pubKey = anchor.getCAPublicKey();
certificate = anchor.getTrustedCert();
}
}
Example 6
| Source File: BasicChecker.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor that initializes the input parameters.
*
* @param anchor the anchor selected to validate the target certificate
* @param testDate the time for which the validity of the certificate
* should be determined
* @param sigProvider the name of the signature provider
* @param sigOnly true if only signature checking is to be done;
* if false, all checks are done
*/
BasicChecker(TrustAnchor anchor, Date date, String sigProvider,
boolean sigOnly) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
this.caName = anchor.getTrustedCert().getSubjectX500Principal();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
this.caName = anchor.getCA();
}
this.date = date;
this.sigProvider = sigProvider;
this.sigOnly = sigOnly;
this.prevPubKey = trustedPubKey;
}
Example 7
| Source File: BasicChecker.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor that initializes the input parameters.
*
* @param anchor the anchor selected to validate the target certificate
* @param testDate the time for which the validity of the certificate
* should be determined
* @param sigProvider the name of the signature provider
* @param sigOnly true if only signature checking is to be done;
* if false, all checks are done
*/
BasicChecker(TrustAnchor anchor, Date date, String sigProvider,
boolean sigOnly) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
this.caName = anchor.getTrustedCert().getSubjectX500Principal();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
this.caName = anchor.getCA();
}
this.date = date;
this.sigProvider = sigProvider;
this.sigOnly = sigOnly;
this.prevPubKey = trustedPubKey;
}
Example 8
| Source File: TrustedCertificateIndex.java From cwac-netsecurity with Apache License 2.0 | 5 votes |
|
public void index(TrustAnchor anchor) {
X500Principal subject;
X509Certificate cert = anchor.getTrustedCert();
if (cert != null) {
subject = cert.getSubjectX500Principal();
} else {
subject = anchor.getCA();
}
synchronized (subjectToTrustAnchors) {
List<TrustAnchor> anchors = subjectToTrustAnchors.get(subject);
if (anchors == null) {
anchors = new ArrayList<TrustAnchor>(1);
subjectToTrustAnchors.put(subject, anchors);
} else {
// Avoid indexing the same certificate multiple times
if (cert != null) {
for (TrustAnchor entry : anchors) {
if (cert.equals(entry.getTrustedCert())) {
return;
}
}
}
}
anchors.add(anchor);
}
}
Example 9
| Source File: BasicChecker.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor that initializes the input parameters.
*
* @param anchor the anchor selected to validate the target certificate
* @param testDate the time for which the validity of the certificate
* should be determined
* @param sigProvider the name of the signature provider
* @param sigOnly true if only signature checking is to be done;
* if false, all checks are done
*/
BasicChecker(TrustAnchor anchor, Date date, String sigProvider,
boolean sigOnly) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
this.caName = anchor.getTrustedCert().getSubjectX500Principal();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
this.caName = anchor.getCA();
}
this.date = date;
this.sigProvider = sigProvider;
this.sigOnly = sigOnly;
this.prevPubKey = trustedPubKey;
}
Example 10
| Source File: BasicChecker.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor that initializes the input parameters.
*
* @param anchor the anchor selected to validate the target certificate
* @param testDate the time for which the validity of the certificate
* should be determined
* @param sigProvider the name of the signature provider
* @param sigOnly true if only signature checking is to be done;
* if false, all checks are done
*/
BasicChecker(TrustAnchor anchor, Date date, String sigProvider,
boolean sigOnly) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
this.caName = anchor.getTrustedCert().getSubjectX500Principal();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
this.caName = anchor.getCA();
}
this.date = date;
this.sigProvider = sigProvider;
this.sigOnly = sigOnly;
this.prevPubKey = trustedPubKey;
}
Example 11
| Source File: BasicChecker.java From Bytecoder with Apache License 2.0 | 5 votes |
|
/**
* Constructor that initializes the input parameters.
*
* @param anchor the anchor selected to validate the target certificate
* @param testDate the time for which the validity of the certificate
* should be determined
* @param sigProvider the name of the signature provider
* @param sigOnly true if only signature checking is to be done;
* if false, all checks are done
*/
BasicChecker(TrustAnchor anchor, Date date, String sigProvider,
boolean sigOnly) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
this.caName = anchor.getTrustedCert().getSubjectX500Principal();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
this.caName = anchor.getCA();
}
this.date = date;
this.sigProvider = sigProvider;
this.sigOnly = sigOnly;
this.prevPubKey = trustedPubKey;
}
Example 12
| Source File: BasicChecker.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor that initializes the input parameters.
*
* @param anchor the anchor selected to validate the target certificate
* @param testDate the time for which the validity of the certificate
* should be determined
* @param sigProvider the name of the signature provider
* @param sigOnly true if only signature checking is to be done;
* if false, all checks are done
*/
BasicChecker(TrustAnchor anchor, Date date, String sigProvider,
boolean sigOnly) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
this.caName = anchor.getTrustedCert().getSubjectX500Principal();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
this.caName = anchor.getCA();
}
this.date = date;
this.sigProvider = sigProvider;
this.sigOnly = sigOnly;
this.prevPubKey = trustedPubKey;
}
Example 13
| Source File: BasicChecker.java From j2objc with Apache License 2.0 | 5 votes |
|
/**
* Constructor that initializes the input parameters.
*
* @param anchor the anchor selected to validate the target certificate
* @param testDate the time for which the validity of the certificate
* should be determined
* @param sigProvider the name of the signature provider
* @param sigOnly true if only signature checking is to be done;
* if false, all checks are done
*/
BasicChecker(TrustAnchor anchor, Date date, String sigProvider,
boolean sigOnly) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
this.caName = anchor.getTrustedCert().getSubjectX500Principal();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
this.caName = anchor.getCA();
}
this.date = date;
this.sigProvider = sigProvider;
this.sigOnly = sigOnly;
this.prevPubKey = trustedPubKey;
}
Example 14
| Source File: ForwardBuilder.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Verifies whether the input certificate completes the path.
* Checks the cert against each trust anchor that was specified, in order,
* and returns true as soon as it finds a valid anchor.
* Returns true if the cert matches a trust anchor specified as a
* certificate or if the cert verifies with a trust anchor that
* was specified as a trusted {pubkey, caname} pair. Returns false if none
* of the trust anchors are valid for this cert.
*
* @param cert the certificate to test
* @return a boolean value indicating whether the cert completes the path.
*/
@Override
boolean isPathCompleted(X509Certificate cert) {
for (TrustAnchor anchor : trustAnchors) {
if (anchor.getTrustedCert() != null) {
if (cert.equals(anchor.getTrustedCert())) {
this.trustAnchor = anchor;
return true;
} else {
continue;
}
}
X500Principal principal = anchor.getCA();
PublicKey publicKey = anchor.getCAPublicKey();
if (principal != null && publicKey != null &&
principal.equals(cert.getSubjectX500Principal())) {
if (publicKey.equals(cert.getPublicKey())) {
// the cert itself is a trust anchor
this.trustAnchor = anchor;
return true;
}
// else, it is a self-issued certificate of the anchor
}
// Check subject/issuer name chaining
if (principal == null ||
!principal.equals(cert.getIssuerX500Principal())) {
continue;
}
// skip anchor if it contains a DSA key with no DSA params
if (PKIX.isDSAPublicKeyWithoutParams(publicKey)) {
continue;
}
/*
* Check signature
*/
try {
cert.verify(publicKey, buildParams.sigProvider());
} catch (InvalidKeyException ike) {
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() invalid "
+ "DSA key found");
}
continue;
} catch (GeneralSecurityException e){
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() " +
"unexpected exception");
e.printStackTrace();
}
continue;
}
this.trustAnchor = anchor;
return true;
}
return false;
}
Example 15
| Source File: ReverseState.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
/**
* Update the state with the specified trust anchor.
*
* @param anchor the most-trusted CA
* @param buildParams builder parameters
*/
public void updateState(TrustAnchor anchor, BuilderParams buildParams)
throws CertificateException, IOException, CertPathValidatorException
{
trustAnchor = anchor;
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
updateState(trustedCert);
} else {
X500Principal caName = anchor.getCA();
updateState(anchor.getCAPublicKey(), caName);
}
// The user specified AlgorithmChecker and RevocationChecker may not be
// able to set the trust anchor until now.
boolean revCheckerAdded = false;
for (PKIXCertPathChecker checker : userCheckers) {
if (checker instanceof AlgorithmChecker) {
((AlgorithmChecker)checker).trySetTrustAnchor(anchor);
} else if (checker instanceof PKIXRevocationChecker) {
if (revCheckerAdded) {
throw new CertPathValidatorException(
"Only one PKIXRevocationChecker can be specified");
}
// if it's our own, initialize it
if (checker instanceof RevocationChecker) {
((RevocationChecker)checker).init(anchor, buildParams);
}
((PKIXRevocationChecker)checker).init(false);
revCheckerAdded = true;
}
}
// only create a RevocationChecker if revocation is enabled and
// a PKIXRevocationChecker has not already been added
if (buildParams.revocationEnabled() && !revCheckerAdded) {
revChecker = new RevocationChecker(anchor, buildParams);
revChecker.init(false);
}
init = false;
}
Example 16
| Source File: ReverseState.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Update the state with the specified trust anchor.
*
* @param anchor the most-trusted CA
* @param buildParams builder parameters
*/
public void updateState(TrustAnchor anchor, BuilderParams buildParams)
throws CertificateException, IOException, CertPathValidatorException
{
trustAnchor = anchor;
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
updateState(trustedCert);
} else {
X500Principal caName = anchor.getCA();
updateState(anchor.getCAPublicKey(), caName);
}
// The user specified AlgorithmChecker and RevocationChecker may not be
// able to set the trust anchor until now.
boolean revCheckerAdded = false;
for (PKIXCertPathChecker checker : userCheckers) {
if (checker instanceof AlgorithmChecker) {
((AlgorithmChecker)checker).trySetTrustAnchor(anchor);
} else if (checker instanceof PKIXRevocationChecker) {
if (revCheckerAdded) {
throw new CertPathValidatorException(
"Only one PKIXRevocationChecker can be specified");
}
// if it's our own, initialize it
if (checker instanceof RevocationChecker) {
((RevocationChecker)checker).init(anchor, buildParams);
}
((PKIXRevocationChecker)checker).init(false);
revCheckerAdded = true;
}
}
// only create a RevocationChecker if revocation is enabled and
// a PKIXRevocationChecker has not already been added
if (buildParams.revocationEnabled() && !revCheckerAdded) {
revChecker = new RevocationChecker(anchor, buildParams);
revChecker.init(false);
}
init = false;
}
Example 17
| Source File: ForwardBuilder.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
|
/**
* Verifies whether the input certificate completes the path.
* Checks the cert against each trust anchor that was specified, in order,
* and returns true as soon as it finds a valid anchor.
* Returns true if the cert matches a trust anchor specified as a
* certificate or if the cert verifies with a trust anchor that
* was specified as a trusted {pubkey, caname} pair. Returns false if none
* of the trust anchors are valid for this cert.
*
* @param cert the certificate to test
* @return a boolean value indicating whether the cert completes the path.
*/
@Override
boolean isPathCompleted(X509Certificate cert) {
for (TrustAnchor anchor : trustAnchors) {
if (anchor.getTrustedCert() != null) {
if (cert.equals(anchor.getTrustedCert())) {
this.trustAnchor = anchor;
return true;
} else {
continue;
}
}
X500Principal principal = anchor.getCA();
PublicKey publicKey = anchor.getCAPublicKey();
if (principal != null && publicKey != null &&
principal.equals(cert.getSubjectX500Principal())) {
if (publicKey.equals(cert.getPublicKey())) {
// the cert itself is a trust anchor
this.trustAnchor = anchor;
return true;
}
// else, it is a self-issued certificate of the anchor
}
// Check subject/issuer name chaining
if (principal == null ||
!principal.equals(cert.getIssuerX500Principal())) {
continue;
}
// skip anchor if it contains a DSA key with no DSA params
if (PKIX.isDSAPublicKeyWithoutParams(publicKey)) {
continue;
}
/*
* Check signature
*/
try {
cert.verify(publicKey, buildParams.sigProvider());
} catch (InvalidKeyException ike) {
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() invalid "
+ "DSA key found");
}
continue;
} catch (GeneralSecurityException e){
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() " +
"unexpected exception");
e.printStackTrace();
}
continue;
}
this.trustAnchor = anchor;
return true;
}
return false;
}
Example 18
| Source File: ForwardBuilder.java From j2objc with Apache License 2.0 | 4 votes |
|
/**
* Verifies whether the input certificate completes the path.
* Checks the cert against each trust anchor that was specified, in order,
* and returns true as soon as it finds a valid anchor.
* Returns true if the cert matches a trust anchor specified as a
* certificate or if the cert verifies with a trust anchor that
* was specified as a trusted {pubkey, caname} pair. Returns false if none
* of the trust anchors are valid for this cert.
*
* @param cert the certificate to test
* @return a boolean value indicating whether the cert completes the path.
*/
@Override
boolean isPathCompleted(X509Certificate cert) {
for (TrustAnchor anchor : trustAnchors) {
if (anchor.getTrustedCert() != null) {
if (cert.equals(anchor.getTrustedCert())) {
this.trustAnchor = anchor;
return true;
} else {
continue;
}
}
X500Principal principal = anchor.getCA();
PublicKey publicKey = anchor.getCAPublicKey();
if (principal != null && publicKey != null &&
principal.equals(cert.getSubjectX500Principal())) {
if (publicKey.equals(cert.getPublicKey())) {
// the cert itself is a trust anchor
this.trustAnchor = anchor;
return true;
}
// else, it is a self-issued certificate of the anchor
}
// Check subject/issuer name chaining
if (principal == null ||
!principal.equals(cert.getIssuerX500Principal())) {
continue;
}
// skip anchor if it contains a DSA key with no DSA params
if (PKIX.isDSAPublicKeyWithoutParams(publicKey)) {
continue;
}
/*
* Check signature
*/
try {
if (buildParams.sigProvider() != null) {
cert.verify(publicKey, buildParams.sigProvider());
} else {
cert.verify(publicKey);
}
} catch (InvalidKeyException ike) {
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() invalid "
+ "DSA key found");
}
continue;
} catch (GeneralSecurityException e){
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() " +
"unexpected exception");
e.printStackTrace();
}
continue;
}
this.trustAnchor = anchor;
return true;
}
return false;
}
Example 19
| Source File: ReverseState.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Update the state with the specified trust anchor.
*
* @param anchor the most-trusted CA
* @param buildParams builder parameters
*/
public void updateState(TrustAnchor anchor, BuilderParams buildParams)
throws CertificateException, IOException, CertPathValidatorException
{
trustAnchor = anchor;
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
updateState(trustedCert);
} else {
X500Principal caName = anchor.getCA();
updateState(anchor.getCAPublicKey(), caName);
}
// The user specified AlgorithmChecker and RevocationChecker may not be
// able to set the trust anchor until now.
boolean revCheckerAdded = false;
for (PKIXCertPathChecker checker : userCheckers) {
if (checker instanceof AlgorithmChecker) {
((AlgorithmChecker)checker).trySetTrustAnchor(anchor);
} else if (checker instanceof PKIXRevocationChecker) {
if (revCheckerAdded) {
throw new CertPathValidatorException(
"Only one PKIXRevocationChecker can be specified");
}
// if it's our own, initialize it
if (checker instanceof RevocationChecker) {
((RevocationChecker)checker).init(anchor, buildParams);
}
((PKIXRevocationChecker)checker).init(false);
revCheckerAdded = true;
}
}
// only create a RevocationChecker if revocation is enabled and
// a PKIXRevocationChecker has not already been added
if (buildParams.revocationEnabled() && !revCheckerAdded) {
revChecker = new RevocationChecker(anchor, buildParams);
revChecker.init(false);
}
init = false;
}
Example 20
| Source File: ForwardBuilder.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Verifies whether the input certificate completes the path.
* Checks the cert against each trust anchor that was specified, in order,
* and returns true as soon as it finds a valid anchor.
* Returns true if the cert matches a trust anchor specified as a
* certificate or if the cert verifies with a trust anchor that
* was specified as a trusted {pubkey, caname} pair. Returns false if none
* of the trust anchors are valid for this cert.
*
* @param cert the certificate to test
* @return a boolean value indicating whether the cert completes the path.
*/
@Override
boolean isPathCompleted(X509Certificate cert) {
for (TrustAnchor anchor : trustAnchors) {
if (anchor.getTrustedCert() != null) {
if (cert.equals(anchor.getTrustedCert())) {
this.trustAnchor = anchor;
return true;
} else {
continue;
}
}
X500Principal principal = anchor.getCA();
PublicKey publicKey = anchor.getCAPublicKey();
if (principal != null && publicKey != null &&
principal.equals(cert.getSubjectX500Principal())) {
if (publicKey.equals(cert.getPublicKey())) {
// the cert itself is a trust anchor
this.trustAnchor = anchor;
return true;
}
// else, it is a self-issued certificate of the anchor
}
// Check subject/issuer name chaining
if (principal == null ||
!principal.equals(cert.getIssuerX500Principal())) {
continue;
}
// skip anchor if it contains a DSA key with no DSA params
if (PKIX.isDSAPublicKeyWithoutParams(publicKey)) {
continue;
}
/*
* Check signature
*/
try {
cert.verify(publicKey, buildParams.sigProvider());
} catch (InvalidKeyException ike) {
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() invalid "
+ "DSA key found");
}
continue;
} catch (GeneralSecurityException e){
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() " +
"unexpected exception");
e.printStackTrace();
}
continue;
}
this.trustAnchor = anchor;
return true;
}
return false;
}
