Java Code Examples for java.security.cert.CertStore#getCertificates()

The following examples show how to use java.security.cert.CertStore#getCertificates() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: MultiCertStoreSpi.java    From RipplePower with Apache License 2.0 6 votes vote down vote up 
public Collection engineGetCertificates(CertSelector certSelector)
    throws CertStoreException
{
    boolean searchAllStores = params.getSearchAllStores();
    Iterator iter = params.getCertStores().iterator();
    List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;

    while (iter.hasNext())
    {
        CertStore store = (CertStore)iter.next();
        Collection certs = store.getCertificates(certSelector);

        if (searchAllStores)
        {
            allCerts.addAll(certs);
        }
        else if (!certs.isEmpty())
        {
            return certs;
        }
    }

    return allCerts;
}
Example 2
Source File: PKIXCertStoreSelector.java    From RipplePower with Apache License 2.0 6 votes vote down vote up 
public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore)
    throws CertStoreException
{
    return certStore.getCertificates(new CertSelector()
    {
        public boolean match(Certificate certificate)
        {
            return (selector == null) ? true : selector.match(certificate);
        }

        public Object clone()
        {
            return this;
        }
    });
}
Example 3
Source File: MultiCertStoreSpi.java    From ripple-lib-java with ISC License 6 votes vote down vote up 
public Collection engineGetCertificates(CertSelector certSelector)
    throws CertStoreException
{
    boolean searchAllStores = params.getSearchAllStores();
    Iterator iter = params.getCertStores().iterator();
    List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;

    while (iter.hasNext())
    {
        CertStore store = (CertStore)iter.next();
        Collection certs = store.getCertificates(certSelector);

        if (searchAllStores)
        {
            allCerts.addAll(certs);
        }
        else if (!certs.isEmpty())
        {
            return certs;
        }
    }

    return allCerts;
}
Example 4
Source File: PKIXCertStoreSelector.java    From ripple-lib-java with ISC License 6 votes vote down vote up 
public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore)
    throws CertStoreException
{
    return certStore.getCertificates(new CertSelector()
    {
        public boolean match(Certificate certificate)
        {
            return (selector == null) ? true : selector.match(certificate);
        }

        public Object clone()
        {
            return this;
        }
    });
}
Example 5
Source File: KeyStoreHolder.java    From james-project with Apache License 2.0 4 votes vote down vote up 
/**
 * Verifies the signature of a SMIME message.
 * 
 * It checks also if the signer's certificate is trusted using the loaded
 * keystore as trusted certificate store.
 * 
 * @param signed
 *            the signed mail to check.
 * @return a list of SMIMESignerInfo which keeps the data of each mail
 *         signer.
 * @throws Exception
 * @throws MessagingException
 */
public List<SMIMESignerInfo> verifySignatures(SMIMESigned signed) throws Exception {

    CertStore certs = new JcaCertStoreBuilder()
        .addCertificates(signed.getCertificates())
        .addCRLs(signed.getCRLs())
        .build();
    SignerInformationStore siginfo = signed.getSignerInfos();
    Collection<SignerInformation> sigCol = siginfo.getSigners();
    List<SMIMESignerInfo> result = new ArrayList<>(sigCol.size());
    // I iterate over the signer collection 
    // checking if the signatures put
    // on the message are valid.
    for (SignerInformation info: sigCol) {
        // I get the signer's certificate
        X509CertificateHolderSelector x509CertificateHolderSelector = new X509CertificateHolderSelector(info.getSID().getSubjectKeyIdentifier());
        X509CertSelector certSelector = new JcaX509CertSelectorConverter().getCertSelector(x509CertificateHolderSelector);
        @SuppressWarnings("unchecked")
        Collection<X509Certificate> certCollection = (Collection<X509Certificate>) certs.getCertificates(certSelector);
        if (!certCollection.isEmpty()) {
            X509Certificate signerCert = certCollection.iterator().next();
            // The issuer's certifcate is searched in the list of trusted certificate.
            CertPath path = verifyCertificate(signerCert, certs, keyStore);

            try {
                // if the signature is valid the SMIMESignedInfo is 
                // created using "true" as last argument. If it is  
                // invalid an exception is thrown by the "verify" method
                // and the SMIMESignerInfo is created with "false".
                //
                // The second argument "path" is not null if the 
                // certificate can be trusted (it can be connected 
                // by a chain of trust to a trusted certificate), null
                // otherwise.
                if (info.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signerCert))) {
                    result.add(new SMIMESignerInfo(signerCert, path, true));
                }
            } catch (Exception e) { 
                result.add(new SMIMESignerInfo(signerCert,path, false)); 
            }
        }
    }
    return result;
}