java.security.cert.CertPath Java Examples
The following examples show how to use
java.security.cert.CertPath.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 6 votes |
protected static void processCertF( CertPath certPath, int index, PKIXPolicyNode validPolicyTree, int explicitPolicy) throws CertPathValidatorException { // // (f) // if (explicitPolicy <= 0 && validPolicyTree == null) { throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath, index); } }
Example #2
Source File: X509CertUtil.java From keystore-explorer with GNU General Public License v3.0 | 6 votes |
/** * PKCS #7 encode a number of certificates. * * @return The encoding * @param certs * The certificates * @throws CryptoException * If there was a problem encoding the certificates */ public static byte[] getCertsEncodedPkcs7(X509Certificate[] certs) throws CryptoException { try { ArrayList<Certificate> encodedCerts = new ArrayList<>(); Collections.addAll(encodedCerts, certs); CertificateFactory cf = CertificateFactory.getInstance(X509_CERT_TYPE, BOUNCY_CASTLE.jce()); CertPath cp = cf.generateCertPath(encodedCerts); return cp.getEncoded(PKCS7_ENCODING); } catch (CertificateException | NoSuchProviderException e) { throw new CryptoException(res.getString("NoPkcs7Encode.exception.message"), e); } }
Example #3
Source File: CertPathSerializerTest.java From webauthn4j with Apache License 2.0 | 6 votes |
@Test void test() throws CertificateException { //Given Certificate cert1 = TestAttestationUtil.loadFirefoxSWTokenAttestationCertificate(); Certificate cert2 = TestAttestationUtil.loadFirefoxSWTokenAttestationCertificate(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); CertPath certPath = certificateFactory.generateCertPath(Arrays.asList(cert1, cert2)); byte[] result = cborConverter.writeValueAsBytes(certPath); //When CertPath restored = cborConverter.readValue(result, CertPath.class); //Then assertThat(restored.getCertificates().toArray()).containsExactly(cert1, cert2); }
Example #4
Source File: CertificateFactory3Test.java From j2objc with Apache License 2.0 | 6 votes |
/** * Test for <code>generateCertPath(List certificates)</code> method * Assertion: returns CertPath with 1 Certificate */ public void testGenerateCertPath01() throws Exception { CertificateFactory[] certFs = initCertFs(); assertNotNull("CertificateFactory objects were not created", certFs); // create list of certificates with one certificate Certificate cert = certFs[0] .generateCertificate(new ByteArrayInputStream(TestUtils .getEncodedX509Certificate())); List<Certificate> list = new Vector<Certificate>(); list.add(cert); for (int i = 0; i < certFs.length; i++) { CertPath certPath = null; certPath = certFs[i].generateCertPath(list); assertEquals(cert.getType(), certPath.getType()); List<? extends Certificate> list1 = certPath.getCertificates(); assertFalse("Result list is empty", list1.isEmpty()); Iterator<? extends Certificate> it = list1.iterator(); assertEquals("Incorrect Certificate in CertPath", cert, it.next()); } }
Example #5
Source File: CertPathEncodingTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
public static void main(String[] args) throws Exception { // Make the CertPath whose encoded form has already been stored CertificateFactory certFac = CertificateFactory.getInstance("X509"); final List<Certificate> certs = new ArrayList<>(); certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert1.getBytes()))); certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert2.getBytes()))); CertPath cp = certFac.generateCertPath(certs); // Get the encoded form of the CertPath we made byte[] encoded = cp.getEncoded("PKCS7"); // check if it matches the encoded value if (!Arrays.equals(encoded, Base64.getMimeDecoder().decode(pkcs7path.getBytes()))) { throw new RuntimeException("PKCS#7 encoding doesn't match stored value"); } // Generate a CertPath from the encoded value and check if it equals // the CertPath generated from the certificates CertPath decodedCP = certFac.generateCertPath(new ByteArrayInputStream(encoded), "PKCS7"); if (!decodedCP.equals(cp)) { throw new RuntimeException("CertPath decoded from PKCS#7 isn't equal to original"); } }
Example #6
Source File: RFC3280CertPathUtilities.java From ripple-lib-java with ISC License | 6 votes |
protected static int prepareNextCertL( CertPath certPath, int index, int maxPathLength) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); // // (l) // if (!CertPathValidatorUtilities.isSelfIssued(cert)) { if (maxPathLength <= 0) { throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, index); } return maxPathLength - 1; } return maxPathLength; }
Example #7
Source File: JarSigner.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
/** * Creates a {@code JarSigner.Builder} object with a private key and * a certification path. * * @param privateKey the private key of the signer. * @param certPath the certification path of the signer. * @throws IllegalArgumentException if {@code certPath} is empty, or * the {@code privateKey} algorithm does not match the algorithm * of the {@code PublicKey} in the end entity certificate * (the first certificate in {@code certPath}). */ public Builder(PrivateKey privateKey, CertPath certPath) { List<? extends Certificate> certs = certPath.getCertificates(); if (certs.isEmpty()) { throw new IllegalArgumentException("certPath cannot be empty"); } if (!privateKey.getAlgorithm().equals (certs.get(0).getPublicKey().getAlgorithm())) { throw new IllegalArgumentException ("private key algorithm does not match " + "algorithm of public key in end entity " + "certificate (the 1st in certPath)"); } this.privateKey = privateKey; try { this.certChain = certs.toArray(new X509Certificate[certs.size()]); } catch (ArrayStoreException ase) { // Wrong type, not X509Certificate. throw new IllegalArgumentException( "Entry does not contain X509Certificate"); } }
Example #8
Source File: RFC3280CertPathUtilities.java From RipplePower with Apache License 2.0 | 6 votes |
protected static int prepareNextCertH2( CertPath certPath, int index, int policyMapping) { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); // // (h) // if (!CertPathValidatorUtilities.isSelfIssued(cert)) { // // (2) // if (policyMapping != 0) { return policyMapping - 1; } } return policyMapping; }
Example #9
Source File: ServerCrypto.java From carbon-identity with Apache License 2.0 | 6 votes |
@Override /** * @see org.apache.ws.security.components.crypto.Crypto#getX509Certificates(byte[], boolean) */ public X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws WSSecurityException { InputStream in = new ByteArrayInputStream(data); CertPath path; try { path = getCertificateFactory().generateCertPath(in); } catch (CertificateException e) { throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "parseError"); } List l = path.getCertificates(); X509Certificate[] certs = new X509Certificate[l.size()]; Iterator iterator = l.iterator(); for (int i = 0; i < l.size(); i++) { certs[reverse ? (l.size() - 1 - i) : i] = (X509Certificate) iterator.next(); } return certs; }
Example #10
Source File: CertPathReviewerException.java From ripple-lib-java with ISC License | 6 votes |
public CertPathReviewerException( ErrorBundle errorMessage, Throwable throwable, CertPath certPath, int index) { super(errorMessage, throwable); if (certPath == null || index == -1) { throw new IllegalArgumentException(); } if (index < -1 || (certPath != null && index >= certPath.getCertificates().size())) { throw new IndexOutOfBoundsException(); } this.certPath = certPath; this.index = index; }
Example #11
Source File: CertificateFactory.java From RipplePower with Apache License 2.0 | 6 votes |
public CertPath engineGenerateCertPath( List certificates) throws CertificateException { Iterator iter = certificates.iterator(); Object obj; while (iter.hasNext()) { obj = iter.next(); if (obj != null) { if (!(obj instanceof X509Certificate)) { throw new CertificateException("list contains non X509Certificate object while creating CertPath\n" + obj.toString()); } } } return new PKIXCertPath(certificates); }
Example #12
Source File: RFC3280CertPathUtilities.java From RipplePower with Apache License 2.0 | 6 votes |
protected static int prepareNextCertL( CertPath certPath, int index, int maxPathLength) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); // // (l) // if (!CertPathValidatorUtilities.isSelfIssued(cert)) { if (maxPathLength <= 0) { throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, index); } return maxPathLength - 1; } return maxPathLength; }
Example #13
Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
void validateCertChain(List<? extends Certificate> certs) throws Exception { int cpLen = 0; out: for (; cpLen<certs.size(); cpLen++) { for (TrustAnchor ta: pkixParameters.getTrustAnchors()) { if (ta.getTrustedCert().equals(certs.get(cpLen))) { break out; } } } if (cpLen > 0) { CertPath cp = certificateFactory.generateCertPath( (cpLen == certs.size())? certs: certs.subList(0, cpLen)); validator.validate(cp, pkixParameters); } }
Example #14
Source File: SignatureFileVerifier.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
/** * Given the PKCS7 block and SignerInfo[], create an array of * CodeSigner objects. We do this only *once* for a given * signature block file. */ private CodeSigner[] getSigners(SignerInfo[] infos, PKCS7 block) throws IOException, NoSuchAlgorithmException, SignatureException, CertificateException { ArrayList<CodeSigner> signers = null; for (int i = 0; i < infos.length; i++) { SignerInfo info = infos[i]; ArrayList<X509Certificate> chain = info.getCertificateChain(block); CertPath certChain = certificateFactory.generateCertPath(chain); if (signers == null) { signers = new ArrayList<>(); } // Append the new code signer. If timestamp is invalid, this // jar will be treated as unsigned. signers.add(new CodeSigner(certChain, info.getTimestamp())); if (debug != null) { debug.println("Signature Block Certificate: " + chain.get(0)); } } if (signers != null) { return signers.toArray(new CodeSigner[signers.size()]); } else { return null; } }
Example #15
Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
void validateCertChain(List<? extends Certificate> certs) throws Exception { int cpLen = 0; out: for (; cpLen<certs.size(); cpLen++) { for (TrustAnchor ta: pkixParameters.getTrustAnchors()) { if (ta.getTrustedCert().equals(certs.get(cpLen))) { break out; } } } if (cpLen > 0) { CertPath cp = certificateFactory.generateCertPath( (cpLen == certs.size())? certs: certs.subList(0, cpLen)); validator.validate(cp, pkixParameters); } }
Example #16
Source File: AbstractExtendedCredential.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
public CertPath getCertPath() throws TechnicalConnectorException { try { return CF.generateCertPath(Arrays.asList(this.getCertificateChain())); } catch (CertificateException var2) { throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_IOEXCEPTION, var2, new Object[0]); } }
Example #17
Source File: NoExtensions.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
private void doBuild(X509Certificate userCert) throws Exception { // get the set of trusted CA certificates (only one in this instance) HashSet trustAnchors = new HashSet(); X509Certificate trustedCert = getTrustedCertificate(); trustAnchors.add(new TrustAnchor(trustedCert, null)); // put together a CertStore (repository of the certificates and CRLs) ArrayList certs = new ArrayList(); certs.add(trustedCert); certs.add(userCert); CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs); CertStore certStore = CertStore.getInstance("Collection", certStoreParams); // specify the target certificate via a CertSelector X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate(userCert); certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required // build a valid cerificate path CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN"); PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector); certPathBuilderParams.addCertStore(certStore); certPathBuilderParams.setRevocationEnabled(false); CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams); // get and show cert path CertPath certPath = result.getCertPath(); // System.out.println(certPath.toString()); }
Example #18
Source File: Timestamp.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
/** * Constructs a Timestamp. * * @param timestamp is the timestamp's date and time. It must not be null. * @param signerCertPath is the TSA's certificate path. It must not be null. * @throws NullPointerException if timestamp or signerCertPath is null. */ public Timestamp(Date timestamp, CertPath signerCertPath) { if (timestamp == null || signerCertPath == null) { throw new NullPointerException(); } this.timestamp = new Date(timestamp.getTime()); // clone this.signerCertPath = signerCertPath; }
Example #19
Source File: CertUtils.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
/** * Read a bunch of certs from files and create a CertPath from them. * * @param relPath relative path containing certs (must end in * file.separator) * @param fileNames an array of <code>String</code>s that are file names * @throws Exception on error */ public static CertPath buildPath(String relPath, String [] fileNames) throws Exception { List<X509Certificate> list = new ArrayList<X509Certificate>(); for (int i = 0; i < fileNames.length; i++) { list.add(0, getCertFromFile(relPath + fileNames[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); return(cf.generateCertPath(list)); }
Example #20
Source File: Main.java From hottub with GNU General Public License v2.0 | 5 votes |
void validateCertChain(List<? extends Certificate> certs) throws Exception { int cpLen = 0; out: for (; cpLen<certs.size(); cpLen++) { for (TrustAnchor ta: pkixParameters.getTrustAnchors()) { if (ta.getTrustedCert().equals(certs.get(cpLen))) { break out; } } } if (cpLen > 0) { CertPath cp = certificateFactory.generateCertPath( (cpLen == certs.size())? certs: certs.subList(0, cpLen)); validator.validate(cp, pkixParameters); } }
Example #21
Source File: BuildEEBasicConstraints.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer"); TrustAnchor anchor = new TrustAnchor (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null); X509CertSelector sel = new X509CertSelector(); sel.setBasicConstraints(-2); PKIXBuilderParameters params = new PKIXBuilderParameters (Collections.singleton(anchor), sel); params.setRevocationEnabled(false); X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer"); X509Certificate caCert = CertUtils.getCertFromFile("ca.cer"); ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>(); certs.add(caCert); certs.add(eeCert); CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(certs); CertStore cs = CertStore.getInstance("Collection", ccsp); params.addCertStore(cs); PKIXCertPathBuilderResult res = CertUtils.build(params); CertPath cp = res.getCertPath(); // check that first certificate is an EE cert List<? extends Certificate> certList = cp.getCertificates(); X509Certificate cert = (X509Certificate) certList.get(0); if (cert.getBasicConstraints() != -1) { throw new Exception("Target certificate is not an EE certificate"); } }
Example #22
Source File: BuildEEBasicConstraints.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer"); TrustAnchor anchor = new TrustAnchor (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null); X509CertSelector sel = new X509CertSelector(); sel.setBasicConstraints(-2); PKIXBuilderParameters params = new PKIXBuilderParameters (Collections.singleton(anchor), sel); params.setRevocationEnabled(false); X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer"); X509Certificate caCert = CertUtils.getCertFromFile("ca.cer"); ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>(); certs.add(caCert); certs.add(eeCert); CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(certs); CertStore cs = CertStore.getInstance("Collection", ccsp); params.addCertStore(cs); PKIXCertPathBuilderResult res = CertUtils.build(params); CertPath cp = res.getCertPath(); // check that first certificate is an EE cert List<? extends Certificate> certList = cp.getCertificates(); X509Certificate cert = (X509Certificate) certList.get(0); if (cert.getBasicConstraints() != -1) { throw new Exception("Target certificate is not an EE certificate"); } }
Example #23
Source File: CertUtils.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
/** * Read a bunch of certs from files and create a CertPath from them. * * @param relPath relative path containing certs (must end in * file.separator) * @param fileNames an array of <code>String</code>s that are file names * @throws Exception on error */ public static CertPath buildPath(String relPath, String [] fileNames) throws Exception { List<X509Certificate> list = new ArrayList<X509Certificate>(); for (int i = 0; i < fileNames.length; i++) { list.add(0, getCertFromFile(relPath + fileNames[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); return(cf.generateCertPath(list)); }
Example #24
Source File: NoExtensions.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
private void doBuild(X509Certificate userCert) throws Exception { // get the set of trusted CA certificates (only one in this instance) HashSet trustAnchors = new HashSet(); X509Certificate trustedCert = getTrustedCertificate(); trustAnchors.add(new TrustAnchor(trustedCert, null)); // put together a CertStore (repository of the certificates and CRLs) ArrayList certs = new ArrayList(); certs.add(trustedCert); certs.add(userCert); CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs); CertStore certStore = CertStore.getInstance("Collection", certStoreParams); // specify the target certificate via a CertSelector X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate(userCert); certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required // build a valid cerificate path CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN"); PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector); certPathBuilderParams.addCertStore(certStore); certPathBuilderParams.setRevocationEnabled(false); CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams); // get and show cert path CertPath certPath = result.getCertPath(); // System.out.println(certPath.toString()); }
Example #25
Source File: CertUtils.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
/** * Read a bunch of certs from files and create a CertPath from them. * * @param relPath relative path containing certs (must end in * file.separator) * @param fileNames an array of <code>String</code>s that are file names * @throws Exception on error */ public static CertPath buildPath(String relPath, String [] fileNames) throws Exception { List<X509Certificate> list = new ArrayList<X509Certificate>(); for (int i = 0; i < fileNames.length; i++) { list.add(0, getCertFromFile(relPath + fileNames[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); return(cf.generateCertPath(list)); }
Example #26
Source File: CertUtils.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
/** * Read a bunch of certs from files and create a CertPath from them. * * @param relPath relative path containing certs (must end in * file.separator) * @param fileNames an array of <code>String</code>s that are file names * @throws Exception on error */ public static CertPath buildPath(String relPath, String [] fileNames) throws Exception { List<X509Certificate> list = new ArrayList<X509Certificate>(); for (int i = 0; i < fileNames.length; i++) { list.add(0, getCertFromFile(relPath + fileNames[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); return(cf.generateCertPath(list)); }
Example #27
Source File: Main.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
void validateCertChain(List<? extends Certificate> certs) throws Exception { int cpLen = 0; out: for (; cpLen<certs.size(); cpLen++) { for (TrustAnchor ta: pkixParameters.getTrustAnchors()) { if (ta.getTrustedCert().equals(certs.get(cpLen))) { break out; } } } if (cpLen > 0) { CertPath cp = certificateFactory.generateCertPath( (cpLen == certs.size())? certs: certs.subList(0, cpLen)); validator.validate(cp, pkixParameters); } }
Example #28
Source File: RFC3280CertPathUtilities.java From RipplePower with Apache License 2.0 | 5 votes |
protected static int prepareNextCertJ( CertPath certPath, int index, int inhibitAnyPolicy) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); // // (j) // ASN1Integer iap = null; try { iap = ASN1Integer.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.INHIBIT_ANY_POLICY)); } catch (Exception e) { throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e, certPath, index); } if (iap != null) { int _inhibitAnyPolicy = iap.getValue().intValue(); if (_inhibitAnyPolicy < inhibitAnyPolicy) { return _inhibitAnyPolicy; } } return inhibitAnyPolicy; }
Example #29
Source File: Timestamp.java From Bytecoder with Apache License 2.0 | 5 votes |
/** * Constructs a Timestamp. * * @param timestamp is the timestamp's date and time. It must not be null. * @param signerCertPath is the TSA's certificate path. It must not be null. * @throws NullPointerException if timestamp or signerCertPath is null. */ public Timestamp(Date timestamp, CertPath signerCertPath) { if (timestamp == null || signerCertPath == null) { throw new NullPointerException(); } this.timestamp = new Date(timestamp.getTime()); // clone this.signerCertPath = signerCertPath; }
Example #30
Source File: CertUtils.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
/** * Read a bunch of certs from files and create a CertPath from them. * * @param relPath relative path containing certs (must end in * file.separator) * @param fileNames an array of <code>String</code>s that are file names * @throws Exception on error */ public static CertPath buildPath(String relPath, String [] fileNames) throws Exception { List<X509Certificate> list = new ArrayList<X509Certificate>(); for (int i = 0; i < fileNames.length; i++) { list.add(0, getCertFromFile(relPath + fileNames[i])); } CertificateFactory cf = CertificateFactory.getInstance("X509"); return(cf.generateCertPath(list)); }