java.security.cert.X509CertSelector Java Examples
The following examples show how to use
java.security.cert.X509CertSelector.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ForwardBuilder.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an X509CertSelector for matching on the authority key
* identifier, or null if not applicable.
*/
private X509CertSelector getSelector(X509CertImpl previousCert)
throws IOException {
if (previousCert != null) {
AuthorityKeyIdentifierExtension akidExt =
previousCert.getAuthorityKeyIdentifierExtension();
if (akidExt != null) {
byte[] skid = akidExt.getEncodedKeyIdentifier();
if (skid != null) {
X509CertSelector selector = new X509CertSelector();
selector.setSubjectKeyIdentifier(skid);
return selector;
}
}
}
return null;
}
Example #2
| Source File: ForwardBuilder.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an X509CertSelector for matching on the authority key
* identifier, or null if not applicable.
*/
private X509CertSelector getSelector(X509CertImpl previousCert)
throws IOException {
if (previousCert != null) {
AuthorityKeyIdentifierExtension akidExt =
previousCert.getAuthorityKeyIdentifierExtension();
if (akidExt != null) {
byte[] skid = akidExt.getEncodedKeyIdentifier();
if (skid != null) {
X509CertSelector selector = new X509CertSelector();
selector.setSubjectKeyIdentifier(skid);
return selector;
}
}
}
return null;
}
Example #3
| Source File: X509LDAPCertStoreSpi.java From RipplePower with Apache License 2.0 | 6 votes |
|
private Set getCACertificates(X509CertSelector xselector)
throws CertStoreException
{
String[] attrs = {params.getCACertificateAttribute()};
String attrName = params.getLdapCACertificateAttributeName();
String subjectAttributeName = params
.getCACertificateSubjectAttributeName();
Set set = certSubjectSerialSearch(xselector, attrs, attrName,
subjectAttributeName);
if (set.isEmpty())
{
set.addAll(search(null, "*", attrs));
}
return set;
}
Example #4
| Source File: PKIXCertificateValidationProviderTest.java From xades4j with GNU Lesser General Public License v3.0 | 6 votes |
|
@Test
public void testValidateNist() throws Exception
{
System.out.println("validateNist");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
ks.load(fis, "password".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 4);
assertEquals(result.getCrls().size(), 3);
}
Example #5
| Source File: ForwardBuilder.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an X509CertSelector for matching on the authority key
* identifier, or null if not applicable.
*/
private X509CertSelector getSelector(X509CertImpl previousCert)
throws IOException {
if (previousCert != null) {
AuthorityKeyIdentifierExtension akidExt =
previousCert.getAuthorityKeyIdentifierExtension();
if (akidExt != null) {
byte[] skid = akidExt.getEncodedKeyIdentifier();
if (skid != null) {
X509CertSelector selector = new X509CertSelector();
selector.setSubjectKeyIdentifier(skid);
return selector;
}
}
}
return null;
}
Example #6
| Source File: TrustServiceStatusListSignatureVerifier.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private static void dumpTsloStore() {
if (LOG.isDebugEnabled()) {
try {
LOG.debug("Content of TSLO store");
Collection<? extends Certificate> tsloCerts = tsloStore.getCertificates(new X509CertSelector());
Iterator i$ = tsloCerts.iterator();
while(i$.hasNext()) {
Certificate tsloCert = (Certificate)i$.next();
X509Certificate x509 = (X509Certificate)tsloCert;
LOG.debug(" - " + x509.getSubjectX500Principal().getName("RFC1779"));
}
} catch (Exception var4) {
LOG.debug("Unable to print content of TSLO Store", var4);
}
}
}
Example #7
| Source File: TrustServiceStatusListSignatureVerifier.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private static void dumpTsloStore() {
if (LOG.isDebugEnabled()) {
try {
LOG.debug("Content of TSLO store");
Collection<? extends Certificate> tsloCerts = tsloStore.getCertificates(new X509CertSelector());
Iterator i$ = tsloCerts.iterator();
while(i$.hasNext()) {
Certificate tsloCert = (Certificate)i$.next();
X509Certificate x509 = (X509Certificate)tsloCert;
LOG.debug(" - " + x509.getSubjectX500Principal().getName("RFC1779"));
}
} catch (Exception var4) {
LOG.debug("Unable to print content of TSLO Store", var4);
}
}
}
Example #8
| Source File: ValidateTargetConstraints.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
Example #9
| Source File: X509CertSelectorTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
private void testPrivateKeyValid() throws IOException, CertificateException {
System.out.println("X.509 Certificate Match on privateKeyValid");
// bad match
X509CertSelector selector = new X509CertSelector();
Calendar cal = Calendar.getInstance();
cal.set(1968, 12, 31);
selector.setPrivateKeyValid(cal.getTime());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
byte[] encoded = in.getOctetString();
PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
selector.setPrivateKeyValid(validDate);
checkMatch(selector, cert, true);
}
Example #10
| Source File: TrustServiceStatusListSignatureVerifier.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private static void dumpTsloStore() {
if (LOG.isDebugEnabled()) {
try {
LOG.debug("Content of TSLO store");
Collection<? extends Certificate> tsloCerts = tsloStore.getCertificates(new X509CertSelector());
Iterator i$ = tsloCerts.iterator();
while(i$.hasNext()) {
Certificate tsloCert = (Certificate)i$.next();
X509Certificate x509 = (X509Certificate)tsloCert;
LOG.debug(" - " + x509.getSubjectX500Principal().getName("RFC1779"));
}
} catch (Exception var4) {
LOG.debug("Unable to print content of TSLO Store", var4);
}
}
}
Example #11
| Source File: ForwardBuilder.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an X509CertSelector for matching on the authority key
* identifier, or null if not applicable.
*/
private X509CertSelector getSelector(X509CertImpl previousCert)
throws IOException {
if (previousCert != null) {
AuthorityKeyIdentifierExtension akidExt =
previousCert.getAuthorityKeyIdentifierExtension();
if (akidExt != null) {
byte[] skid = akidExt.getEncodedKeyIdentifier();
if (skid != null) {
X509CertSelector selector = new X509CertSelector();
selector.setSubjectKeyIdentifier(skid);
return selector;
}
}
}
return null;
}
Example #12
| Source File: X509CertSelectorTest.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
private void testPrivateKeyValid() throws IOException, CertificateException {
System.out.println("X.509 Certificate Match on privateKeyValid");
// bad match
X509CertSelector selector = new X509CertSelector();
Calendar cal = Calendar.getInstance();
cal.set(1968, 12, 31);
selector.setPrivateKeyValid(cal.getTime());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
byte[] encoded = in.getOctetString();
PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
selector.setPrivateKeyValid(validDate);
checkMatch(selector, cert, true);
}
Example #13
| Source File: ExtendedPKIXBuilderParameters.java From RipplePower with Apache License 2.0 | 6 votes |
|
/**
* Returns an instance of <code>ExtendedPKIXParameters</code> which can be
* safely casted to <code>ExtendedPKIXBuilderParameters</code>.
* <p>
* This method can be used to get a copy from other
* <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>,
* and <code>ExtendedPKIXParameters</code> instances.
*
* @param pkixParams The PKIX parameters to create a copy of.
* @return An <code>ExtendedPKIXBuilderParameters</code> instance.
*/
public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
{
ExtendedPKIXBuilderParameters params;
try
{
params = new ExtendedPKIXBuilderParameters(pkixParams
.getTrustAnchors(), X509CertStoreSelector
.getInstance((X509CertSelector) pkixParams
.getTargetCertConstraints()));
}
catch (Exception e)
{
// cannot happen
throw new RuntimeException(e.getMessage());
}
params.setParams(pkixParams);
return params;
}
Example #14
| Source File: X509CertSelectorTest.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
private void testSubjectAltName() throws IOException {
System.out.println("X.509 Certificate Match on subjectAltName");
// bad match
X509CertSelector selector = new X509CertSelector();
GeneralNameInterface dnsName = new DNSName("foo.com");
DerOutputStream tmp = new DerOutputStream();
dnsName.encode(tmp);
selector.addSubjectAlternativeName(2, tmp.toByteArray());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
byte[] encoded = in.getOctetString();
SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralName name = (GeneralName) names.get(0);
selector.setSubjectAlternativeNames(null);
DerOutputStream tmp2 = new DerOutputStream();
name.getName().encode(tmp2);
selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
checkMatch(selector, cert, true);
// good match 2 (matches at least one)
selector.setMatchAllSubjectAltNames(false);
selector.addSubjectAlternativeName(2, "foo.com");
checkMatch(selector, cert, true);
}
Example #15
| Source File: TrustServiceStatusListSignatureVerifier.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private static boolean match(X509CertSelector selector) throws TechnicalConnectorException {
try {
return !tsloStore.getCertificates(selector).isEmpty();
} catch (CertStoreException var2) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var2, new Object[]{"Unable to select certificates."});
}
}
Example #16
| Source File: X509CertSelectorTest.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
private void testKeyUsage() {
System.out.println("X.509 Certificate Match on keyUsage");
// bad match
X509CertSelector selector = new X509CertSelector();
boolean[] keyUsage = { true, false, true, false, true, false, true, false };
selector.setKeyUsage(keyUsage);
System.out.println("Selector = " + selector.toString());
checkMatch(selector, cert, false);
// good match
selector.setKeyUsage(cert.getKeyUsage());
System.out.println("Selector = " + selector.toString());
checkMatch(selector, cert, true);
}
Example #17
| Source File: TrustServiceStatusListSignatureVerifier.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private static boolean match(X509CertSelector selector) throws TechnicalConnectorException {
try {
return !tsloStore.getCertificates(selector).isEmpty();
} catch (CertStoreException var2) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var2, new Object[]{"Unable to select certificates."});
}
}
Example #18
| Source File: X509CertSelectorTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
private void testBasicConstraints() {
System.out.println("X.509 Certificate Match on basic constraints");
// bad match
X509CertSelector selector = new X509CertSelector();
int mpl = cert.getBasicConstraints();
selector.setBasicConstraints(0);
checkMatch(selector, cert, false);
// good match
selector.setBasicConstraints(mpl);
checkMatch(selector, cert, true);
}
Example #19
| Source File: LDAPCertStoreHelper.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
@Override
public X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String ldapDN)
throws IOException
{
return new LDAPCertStore.LDAPCertSelector(selector, certSubject, ldapDN);
}
Example #20
| Source File: X509CertSelectorTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
private void testSubjectPublicKey() throws IOException, GeneralSecurityException {
System.out.println("X.509 Certificate Match on subject public key");
// bad match
X509CertSelector selector = new X509CertSelector();
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(
Base64.getMimeDecoder().decode(testKey.getBytes()));
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
PublicKey pubKey = keyFactory.generatePublic(keySpec);
selector.setSubjectPublicKey(pubKey);
checkMatch(selector, cert, false);
// good match
selector.setSubjectPublicKey(cert.getPublicKey());
checkMatch(selector, cert, true);
}
Example #21
| Source File: X509CertSelectorTest.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
private void testKeyUsage() {
System.out.println("X.509 Certificate Match on keyUsage");
// bad match
X509CertSelector selector = new X509CertSelector();
boolean[] keyUsage = { true, false, true, false, true, false, true, false };
selector.setKeyUsage(keyUsage);
System.out.println("Selector = " + selector.toString());
checkMatch(selector, cert, false);
// good match
selector.setKeyUsage(cert.getKeyUsage());
System.out.println("Selector = " + selector.toString());
checkMatch(selector, cert, true);
}
Example #22
| Source File: SSLServerCertStoreHelper.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
@Override
public X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String ldapDN)
throws IOException
{
throw new UnsupportedOperationException();
}
Example #23
| Source File: ValidationDataFromCertValidationProvider.java From xades4j with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public ValidationData getValidationData(
List<X509Certificate> certChainFragment) throws ValidationDataException
{
try
{
X509CertSelector cs = new X509CertSelector();
cs.setCertificate(certChainFragment.get(0));
return this.certificateValidationProvider.validate(cs, new Date(), certChainFragment);
} catch (XAdES4jException ex)
{
throw new ValidationDataException("Cannot validate certificate to obtain validation data", ex);
}
}
Example #24
| Source File: X509CertSelectorTest.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
private void testAuthorityKeyIdentifier() throws IOException {
System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
// bad match
X509CertSelector selector = new X509CertSelector();
byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
selector.setAuthorityKeyIdentifier(a.getExtensionValue());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
byte[] encoded = in.getOctetString();
selector.setAuthorityKeyIdentifier(encoded);
checkMatch(selector, cert, true);
}
Example #25
| Source File: X509CertSelectorTest.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
private void testKeyUsage() {
System.out.println("X.509 Certificate Match on keyUsage");
// bad match
X509CertSelector selector = new X509CertSelector();
boolean[] keyUsage = { true, false, true, false, true, false, true, false };
selector.setKeyUsage(keyUsage);
System.out.println("Selector = " + selector.toString());
checkMatch(selector, cert, false);
// good match
selector.setKeyUsage(cert.getKeyUsage());
System.out.println("Selector = " + selector.toString());
checkMatch(selector, cert, true);
}
Example #26
| Source File: LDAPCertStoreHelper.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
@Override
public X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String ldapDN)
throws IOException
{
return new LDAPCertStore.LDAPCertSelector(selector, certSubject, ldapDN);
}
Example #27
| Source File: X509CertSelectorTest.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
private void testSerialNumber() {
System.out.println("X.509 Certificate Match on serialNumber");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSerialNumber(new BigInteger("999999999"));
checkMatch(selector, cert, false);
// good match
selector.setSerialNumber(cert.getSerialNumber());
checkMatch(selector, cert, true);
}
Example #28
| Source File: LDAPCertStoreHelper.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
@Override
public X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String ldapDN)
throws IOException
{
return new LDAPCertStore.LDAPCertSelector(selector, certSubject, ldapDN);
}
Example #29
| Source File: X509CertStoreSelector.java From RipplePower with Apache License 2.0 | 5 votes |
|
/**
* Returns an instance of this from a <code>X509CertSelector</code>.
*
* @param selector A <code>X509CertSelector</code> instance.
* @return An instance of an <code>X509CertStoreSelector</code>.
* @exception IllegalArgumentException if selector is null or creation fails.
*/
public static X509CertStoreSelector getInstance(X509CertSelector selector)
{
if (selector == null)
{
throw new IllegalArgumentException("cannot create from null selector");
}
X509CertStoreSelector cs = new X509CertStoreSelector();
cs.setAuthorityKeyIdentifier(selector.getAuthorityKeyIdentifier());
cs.setBasicConstraints(selector.getBasicConstraints());
cs.setCertificate(selector.getCertificate());
cs.setCertificateValid(selector.getCertificateValid());
cs.setMatchAllSubjectAltNames(selector.getMatchAllSubjectAltNames());
try
{
cs.setPathToNames(selector.getPathToNames());
cs.setExtendedKeyUsage(selector.getExtendedKeyUsage());
cs.setNameConstraints(selector.getNameConstraints());
cs.setPolicy(selector.getPolicy());
cs.setSubjectPublicKeyAlgID(selector.getSubjectPublicKeyAlgID());
cs.setSubjectAlternativeNames(selector.getSubjectAlternativeNames());
}
catch (IOException e)
{
throw new IllegalArgumentException("error in passed in selector: " + e);
}
cs.setIssuer(selector.getIssuer());
cs.setKeyUsage(selector.getKeyUsage());
cs.setPrivateKeyValid(selector.getPrivateKeyValid());
cs.setSerialNumber(selector.getSerialNumber());
cs.setSubject(selector.getSubject());
cs.setSubjectKeyIdentifier(selector.getSubjectKeyIdentifier());
cs.setSubjectPublicKey(selector.getSubjectPublicKey());
return cs;
}
Example #30
| Source File: X509CertSelectorTest.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
private void testSubject() throws IOException {
System.out.println("X.509 Certificate Match on subject");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSubject("ou=bogus,ou=east,o=sun,c=us");
checkMatch(selector, cert, false);
// good match
selector.setSubject(cert.getSubjectX500Principal().getName("RFC2253"));
checkMatch(selector, cert, true);
}
