java.security.cert.PKIXParameters Java Examples
The following examples show how to use
java.security.cert.PKIXParameters.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ValWithAnchorByName.java From openjdk-jdk9 with GNU General Public License v2.0 | 7 votes |
private static void runTest(CertificateFactory cf, List<X509Certificate> certList, TrustAnchor anchor) throws Exception { CertPath path = cf.generateCertPath(certList); CertPathValidator validator = CertPathValidator.getInstance("PKIX"); System.out.println(anchor); // Attach the OCSP responses to a PKIXParameters object PKIXRevocationChecker pkrev = (PKIXRevocationChecker)validator.getRevocationChecker(); Map<X509Certificate, byte[]> responseMap = new HashMap<>(); responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP)); responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP)); pkrev.setOcspResponses(responseMap); PKIXParameters params = new PKIXParameters(Collections.singleton(anchor)); params.addCertPathChecker(pkrev); params.setDate(EVAL_DATE); validator.validate(path, params); }
Example #2
Source File: ValidateNC.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { X509Certificate anchorCert = getCertFromFile(certs[0]); byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30"); if (nameConstraints != null) { DerInputStream in = new DerInputStream(nameConstraints); nameConstraints = in.getOctetString(); } TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #3
Source File: ValidateTargetConstraints.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #4
Source File: ValidateTargetConstraints.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #5
Source File: ValidateTargetConstraints.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #6
Source File: ExtendedPKIXBuilderParameters.java From RipplePower with Apache License 2.0 | 6 votes |
/** * Returns an instance of <code>ExtendedPKIXParameters</code> which can be * safely casted to <code>ExtendedPKIXBuilderParameters</code>. * <p> * This method can be used to get a copy from other * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>, * and <code>ExtendedPKIXParameters</code> instances. * * @param pkixParams The PKIX parameters to create a copy of. * @return An <code>ExtendedPKIXBuilderParameters</code> instance. */ public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) { ExtendedPKIXBuilderParameters params; try { params = new ExtendedPKIXBuilderParameters(pkixParams .getTrustAnchors(), X509CertStoreSelector .getInstance((X509CertSelector) pkixParams .getTargetCertConstraints())); } catch (Exception e) { // cannot happen throw new RuntimeException(e.getMessage()); } params.setParams(pkixParams); return params; }
Example #7
Source File: GenericX509TrustManager.java From Android-Application-ZJB with Apache License 2.0 | 6 votes |
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { this.mOriginalX509TrustManager.checkServerTrusted(chain, authType); } catch (CertificateException e1) { try { X509Certificate[] ex = this.reorderCertificateChain(chain); CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertificateFactory factory = CertificateFactory.getInstance("X509"); CertPath certPath = factory.generateCertPath(Arrays.asList(ex)); PKIXParameters params = new PKIXParameters(this.mTrustStore); params.setRevocationEnabled(false); validator.validate(certPath, params); } catch (Exception e) { throw e1; } } }
Example #8
Source File: ValidateTargetConstraints.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #9
Source File: ValidateNC.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { X509Certificate anchorCert = getCertFromFile(certs[0]); byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30"); if (nameConstraints != null) { DerInputStream in = new DerInputStream(nameConstraints); nameConstraints = in.getOctetString(); } TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #10
Source File: CachedCertPathValidator.java From incubator-retired-wave with Apache License 2.0 | 6 votes |
private void validateNoCache(List<? extends X509Certificate> certs) throws SignatureException { try { CertPathValidator validator = CertPathValidator.getInstance( VALIDATOR_TYPE); PKIXParameters params = new PKIXParameters(trustRoots); params.addCertPathChecker(WAVE_OID_CHECKER); params.setDate(timeSource.now()); // turn off default revocation-checking mechanism params.setRevocationEnabled(false); // TODO: add a way for clients to add certificate revocation checks, // perhaps by letting them pass in PKIXCertPathCheckers. This can also be // useful to check for Wave-specific certificate extensions. CertificateFactory certFactory = CertificateFactory.getInstance( CERTIFICATE_TYPE); CertPath certPath = certFactory.generateCertPath(certs); validator.validate(certPath, params); } catch (GeneralSecurityException e) { throw new SignatureException("Certificate validation failure", e); } }
Example #11
Source File: ExportControlled.java From FoxTelem with GNU General Public License v3.0 | 6 votes |
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate, String hostName) throws CertificateException { this.origTm = tm; this.verifyServerCert = verifyServerCertificate; this.hostName = hostName; if (verifyServerCertificate) { try { Set<TrustAnchor> anch = Arrays.stream(tm.getAcceptedIssuers()).map(c -> new TrustAnchor(c, null)).collect(Collectors.toSet()); this.validatorParams = new PKIXParameters(anch); this.validatorParams.setRevocationEnabled(false); this.validator = CertPathValidator.getInstance("PKIX"); this.certFactory = CertificateFactory.getInstance("X.509"); } catch (Exception e) { throw new CertificateException(e); } } }
Example #12
Source File: ValidateNC.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { X509Certificate anchorCert = getCertFromFile(certs[0]); byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30"); if (nameConstraints != null) { DerInputStream in = new DerInputStream(nameConstraints); nameConstraints = in.getOctetString(); } TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #13
Source File: PKIXCRLUtil.java From RipplePower with Apache License 2.0 | 6 votes |
public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX) throws AnnotatedException { Set completeSet = new HashSet(); // get complete CRL(s) try { completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); } catch (AnnotatedException e) { throw new AnnotatedException("Exception obtaining complete CRLs.", e); } return completeSet; }
Example #14
Source File: ValidateNC.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { X509Certificate anchorCert = getCertFromFile(certs[0]); byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30"); if (nameConstraints != null) { DerInputStream in = new DerInputStream(nameConstraints); nameConstraints = in.getOctetString(); } TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #15
Source File: ValidateTargetConstraints.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #16
Source File: ExtendedPKIXBuilderParameters.java From ripple-lib-java with ISC License | 6 votes |
/** * Returns an instance of <code>ExtendedPKIXParameters</code> which can be * safely casted to <code>ExtendedPKIXBuilderParameters</code>. * <p> * This method can be used to get a copy from other * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>, * and <code>ExtendedPKIXParameters</code> instances. * * @param pkixParams The PKIX parameters to create a copy of. * @return An <code>ExtendedPKIXBuilderParameters</code> instance. */ public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) { ExtendedPKIXBuilderParameters params; try { params = new ExtendedPKIXBuilderParameters(pkixParams .getTrustAnchors(), X509CertStoreSelector .getInstance((X509CertSelector) pkixParams .getTargetCertConstraints())); } catch (Exception e) { // cannot happen throw new RuntimeException(e.getMessage()); } params.setParams(pkixParams); return params; }
Example #17
Source File: PKIXCRLUtil.java From ripple-lib-java with ISC License | 6 votes |
public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX) throws AnnotatedException { Set completeSet = new HashSet(); // get complete CRL(s) try { completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); } catch (AnnotatedException e) { throw new AnnotatedException("Exception obtaining complete CRLs.", e); } return completeSet; }
Example #18
Source File: ValidateNC.java From hottub with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { X509Certificate anchorCert = getCertFromFile(certs[0]); byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30"); if (nameConstraints != null) { DerInputStream in = new DerInputStream(nameConstraints); nameConstraints = in.getOctetString(); } TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #19
Source File: ValidateTargetConstraints.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #20
Source File: JKSValidator.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 6 votes |
/** * */ private CertPathParameters getCertPathParameters(KeyStore keystore) throws GeneralSecurityException { HashSet<TrustAnchor> tas = new HashSet<TrustAnchor>(); for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements(); ) { String name = e.nextElement(); Certificate c = keystore.getCertificate(name); if (c != null) { if (trustKeys || keystore.isCertificateEntry(name)) { tas.add(new TrustAnchor((X509Certificate)c, null)); } } } PKIXParameters p = new PKIXParameters(tas); // NYI! Handle CRLs p.setRevocationEnabled(false); if (validationDate != null) { p.setDate(validationDate); } return p; }
Example #21
Source File: ValidateNC.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { X509Certificate anchorCert = getCertFromFile(certs[0]); byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30"); if (nameConstraints != null) { DerInputStream in = new DerInputStream(nameConstraints); nameConstraints = in.getOctetString(); } TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #22
Source File: CachedCertPathValidator.java From swellrt with Apache License 2.0 | 6 votes |
private void validateNoCache(List<? extends X509Certificate> certs) throws SignatureException { try { CertPathValidator validator = CertPathValidator.getInstance( VALIDATOR_TYPE); PKIXParameters params = new PKIXParameters(trustRoots); params.addCertPathChecker(WAVE_OID_CHECKER); params.setDate(timeSource.now()); // turn off default revocation-checking mechanism params.setRevocationEnabled(false); // TODO: add a way for clients to add certificate revocation checks, // perhaps by letting them pass in PKIXCertPathCheckers. This can also be // useful to check for Wave-specific certificate extensions. CertificateFactory certFactory = CertificateFactory.getInstance( CERTIFICATE_TYPE); CertPath certPath = certFactory.generateCertPath(certs); validator.validate(certPath, params); } catch (GeneralSecurityException e) { throw new SignatureException("Certificate validation failure", e); } }
Example #23
Source File: ExportControlled.java From r-course with MIT License | 6 votes |
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException { this.origTm = tm; this.verifyServerCert = verifyServerCertificate; if (verifyServerCertificate) { try { Set<TrustAnchor> anch = new HashSet<TrustAnchor>(); for (X509Certificate cert : tm.getAcceptedIssuers()) { anch.add(new TrustAnchor(cert, null)); } this.validatorParams = new PKIXParameters(anch); this.validatorParams.setRevocationEnabled(false); this.validator = CertPathValidator.getInstance("PKIX"); this.certFactory = CertificateFactory.getInstance("X.509"); } catch (Exception e) { throw new CertificateException(e); } } }
Example #24
Source File: ValidateNC.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { X509Certificate anchorCert = getCertFromFile(certs[0]); byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30"); if (nameConstraints != null) { DerInputStream in = new DerInputStream(nameConstraints); nameConstraints = in.getOctetString(); } TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #25
Source File: ValidateTargetConstraints.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #26
Source File: ValidateTargetConstraints.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); X509CertSelector sel = new X509CertSelector(); sel.setSerialNumber(new BigInteger("1427")); params.setTargetCertConstraints(sel); }
Example #27
Source File: VerifyNameConstraints.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #28
Source File: PKIXExtendedParameters.java From ripple-lib-java with ISC License | 5 votes |
public Builder(PKIXParameters baseParameters) { this.baseParameters = (PKIXParameters)baseParameters.clone(); CertSelector constraints = baseParameters.getTargetCertConstraints(); if (constraints != null) { this.targetConstraints = new PKIXCertStoreSelector.Builder(constraints).build(); } Date checkDate = baseParameters.getDate(); this.date = (checkDate == null) ? new Date() : checkDate; this.revocationEnabled = baseParameters.isRevocationEnabled(); this.trustAnchors = baseParameters.getTrustAnchors(); }
Example #29
Source File: VerifyNameConstraints.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }
Example #30
Source File: VerifyNameConstraints.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
public static void createPath(String[] certs) throws Exception { TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); List list = new ArrayList(); for (int i = 1; i < certs.length; i++) { list.add(0, getCertFromFile(certs[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); path = cf.generateCertPath(list); Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); }