java.security.cert.CertPath Java Examples

The following examples show how to use java.security.cert.CertPath. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RFC3280CertPathUtilities.java    From ripple-lib-java with ISC License 6 votes vote down vote up
protected static void processCertF(
    CertPath certPath,
    int index,
    PKIXPolicyNode validPolicyTree,
    int explicitPolicy)
    throws CertPathValidatorException
{
    //
    // (f)
    //
    if (explicitPolicy <= 0 && validPolicyTree == null)
    {
        throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath,
            index);
    }
}
 
Example #2
Source File: X509CertUtil.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up
/**
 * PKCS #7 encode a number of certificates.
 *
 * @return The encoding
 * @param certs
 *            The certificates
 * @throws CryptoException
 *             If there was a problem encoding the certificates
 */
public static byte[] getCertsEncodedPkcs7(X509Certificate[] certs) throws CryptoException {
	try {
		ArrayList<Certificate> encodedCerts = new ArrayList<>();

		Collections.addAll(encodedCerts, certs);

		CertificateFactory cf = CertificateFactory.getInstance(X509_CERT_TYPE, BOUNCY_CASTLE.jce());

		CertPath cp = cf.generateCertPath(encodedCerts);

		return cp.getEncoded(PKCS7_ENCODING);
	} catch (CertificateException | NoSuchProviderException e) {
		throw new CryptoException(res.getString("NoPkcs7Encode.exception.message"), e);
	}
}
 
Example #3
Source File: CertPathSerializerTest.java    From webauthn4j with Apache License 2.0 6 votes vote down vote up
@Test
void test() throws CertificateException {

    //Given
    Certificate cert1 = TestAttestationUtil.loadFirefoxSWTokenAttestationCertificate();
    Certificate cert2 = TestAttestationUtil.loadFirefoxSWTokenAttestationCertificate();

    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    CertPath certPath = certificateFactory.generateCertPath(Arrays.asList(cert1, cert2));

    byte[] result = cborConverter.writeValueAsBytes(certPath);

    //When
    CertPath restored = cborConverter.readValue(result, CertPath.class);

    //Then
    assertThat(restored.getCertificates().toArray()).containsExactly(cert1, cert2);
}
 
Example #4
Source File: CertificateFactory3Test.java    From j2objc with Apache License 2.0 6 votes vote down vote up
/**
 * Test for <code>generateCertPath(List certificates)</code> method
 * Assertion: returns CertPath with 1 Certificate
 */
public void testGenerateCertPath01() throws Exception {
    CertificateFactory[] certFs = initCertFs();
    assertNotNull("CertificateFactory objects were not created", certFs);
    // create list of certificates with one certificate
    Certificate cert = certFs[0]
            .generateCertificate(new ByteArrayInputStream(TestUtils
                    .getEncodedX509Certificate()));
    List<Certificate> list = new Vector<Certificate>();
    list.add(cert);
    for (int i = 0; i < certFs.length; i++) {
        CertPath certPath = null;
        certPath = certFs[i].generateCertPath(list);
        assertEquals(cert.getType(), certPath.getType());
        List<? extends Certificate> list1 = certPath.getCertificates();
        assertFalse("Result list is empty", list1.isEmpty());
        Iterator<? extends Certificate> it = list1.iterator();
        assertEquals("Incorrect Certificate in CertPath", cert, it.next());
    }
}
 
Example #5
Source File: CertPathEncodingTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Make the CertPath whose encoded form has already been stored
    CertificateFactory certFac = CertificateFactory.getInstance("X509");

    final List<Certificate> certs = new ArrayList<>();
    certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert1.getBytes())));
    certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert2.getBytes())));

    CertPath cp = certFac.generateCertPath(certs);

    // Get the encoded form of the CertPath we made
    byte[] encoded = cp.getEncoded("PKCS7");

    // check if it matches the encoded value
    if (!Arrays.equals(encoded, Base64.getMimeDecoder().decode(pkcs7path.getBytes()))) {
        throw new RuntimeException("PKCS#7 encoding doesn't match stored value");
    }

    // Generate a CertPath from the encoded value and check if it equals
    // the CertPath generated from the certificates
    CertPath decodedCP = certFac.generateCertPath(new ByteArrayInputStream(encoded), "PKCS7");
    if (!decodedCP.equals(cp)) {
        throw new RuntimeException("CertPath decoded from PKCS#7 isn't equal to original");
    }
}
 
Example #6
Source File: RFC3280CertPathUtilities.java    From ripple-lib-java with ISC License 6 votes vote down vote up
protected static int prepareNextCertL(
    CertPath certPath,
    int index,
    int maxPathLength)
    throws CertPathValidatorException
{
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate)certs.get(index);
    //
    // (l)
    //
    if (!CertPathValidatorUtilities.isSelfIssued(cert))
    {
        if (maxPathLength <= 0)
        {
            throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, index);
        }

        return maxPathLength - 1;
    }
    return maxPathLength;
}
 
Example #7
Source File: JarSigner.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates a {@code JarSigner.Builder} object with a private key and
 * a certification path.
 *
 * @param privateKey the private key of the signer.
 * @param certPath the certification path of the signer.
 * @throws IllegalArgumentException if {@code certPath} is empty, or
 *      the {@code privateKey} algorithm does not match the algorithm
 *      of the {@code PublicKey} in the end entity certificate
 *      (the first certificate in {@code certPath}).
 */
public Builder(PrivateKey privateKey, CertPath certPath) {
    List<? extends Certificate> certs = certPath.getCertificates();
    if (certs.isEmpty()) {
        throw new IllegalArgumentException("certPath cannot be empty");
    }
    if (!privateKey.getAlgorithm().equals
            (certs.get(0).getPublicKey().getAlgorithm())) {
        throw new IllegalArgumentException
                ("private key algorithm does not match " +
                        "algorithm of public key in end entity " +
                        "certificate (the 1st in certPath)");
    }
    this.privateKey = privateKey;
    try {
        this.certChain = certs.toArray(new X509Certificate[certs.size()]);
    } catch (ArrayStoreException ase) {
        // Wrong type, not X509Certificate.
        throw new IllegalArgumentException(
                "Entry does not contain X509Certificate");
    }
}
 
Example #8
Source File: RFC3280CertPathUtilities.java    From RipplePower with Apache License 2.0 6 votes vote down vote up
protected static int prepareNextCertH2(
    CertPath certPath,
    int index,
    int policyMapping)
{
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate)certs.get(index);
    //
    // (h)
    //
    if (!CertPathValidatorUtilities.isSelfIssued(cert))
    {
        //
        // (2)
        //
        if (policyMapping != 0)
        {
            return policyMapping - 1;
        }
    }
    return policyMapping;
}
 
Example #9
Source File: ServerCrypto.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
/**
 * @see org.apache.ws.security.components.crypto.Crypto#getX509Certificates(byte[], boolean)
 */
public X509Certificate[] getX509Certificates(byte[] data, boolean reverse)
        throws WSSecurityException {
    InputStream in = new ByteArrayInputStream(data);
    CertPath path;
    try {
        path = getCertificateFactory().generateCertPath(in);
    } catch (CertificateException e) {
        throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
                "parseError");
    }
    List l = path.getCertificates();
    X509Certificate[] certs = new X509Certificate[l.size()];
    Iterator iterator = l.iterator();
    for (int i = 0; i < l.size(); i++) {
        certs[reverse ? (l.size() - 1 - i) : i] = (X509Certificate) iterator.next();
    }
    return certs;
}
 
Example #10
Source File: CertPathReviewerException.java    From ripple-lib-java with ISC License 6 votes vote down vote up
public CertPathReviewerException(
        ErrorBundle errorMessage, 
        Throwable throwable,
        CertPath certPath,
        int index)
{
    super(errorMessage, throwable);
    if (certPath == null || index == -1)
    {
        throw new IllegalArgumentException();
    }
    if (index < -1 || (certPath != null && index >= certPath.getCertificates().size()))
    {
        throw new IndexOutOfBoundsException();
    }
    this.certPath = certPath;
    this.index = index;
}
 
Example #11
Source File: CertificateFactory.java    From RipplePower with Apache License 2.0 6 votes vote down vote up
public CertPath engineGenerateCertPath(
    List certificates)
    throws CertificateException
{
    Iterator iter = certificates.iterator();
    Object obj;
    while (iter.hasNext())
    {
        obj = iter.next();
        if (obj != null)
        {
            if (!(obj instanceof X509Certificate))
            {
                throw new CertificateException("list contains non X509Certificate object while creating CertPath\n" + obj.toString());
            }
        }
    }
    return new PKIXCertPath(certificates);
}
 
Example #12
Source File: RFC3280CertPathUtilities.java    From RipplePower with Apache License 2.0 6 votes vote down vote up
protected static int prepareNextCertL(
    CertPath certPath,
    int index,
    int maxPathLength)
    throws CertPathValidatorException
{
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate)certs.get(index);
    //
    // (l)
    //
    if (!CertPathValidatorUtilities.isSelfIssued(cert))
    {
        if (maxPathLength <= 0)
        {
            throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, index);
        }

        return maxPathLength - 1;
    }
    return maxPathLength;
}
 
Example #13
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
void validateCertChain(List<? extends Certificate> certs) throws Exception {
    int cpLen = 0;
    out: for (; cpLen<certs.size(); cpLen++) {
        for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
            if (ta.getTrustedCert().equals(certs.get(cpLen))) {
                break out;
            }
        }
    }
    if (cpLen > 0) {
        CertPath cp = certificateFactory.generateCertPath(
                (cpLen == certs.size())? certs: certs.subList(0, cpLen));
        validator.validate(cp, pkixParameters);
    }
}
 
Example #14
Source File: SignatureFileVerifier.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Given the PKCS7 block and SignerInfo[], create an array of
 * CodeSigner objects. We do this only *once* for a given
 * signature block file.
 */
private CodeSigner[] getSigners(SignerInfo[] infos, PKCS7 block)
    throws IOException, NoSuchAlgorithmException, SignatureException,
        CertificateException {

    ArrayList<CodeSigner> signers = null;

    for (int i = 0; i < infos.length; i++) {

        SignerInfo info = infos[i];
        ArrayList<X509Certificate> chain = info.getCertificateChain(block);
        CertPath certChain = certificateFactory.generateCertPath(chain);
        if (signers == null) {
            signers = new ArrayList<>();
        }
        // Append the new code signer. If timestamp is invalid, this
        // jar will be treated as unsigned.
        signers.add(new CodeSigner(certChain, info.getTimestamp()));

        if (debug != null) {
            debug.println("Signature Block Certificate: " +
                chain.get(0));
        }
    }

    if (signers != null) {
        return signers.toArray(new CodeSigner[signers.size()]);
    } else {
        return null;
    }
}
 
Example #15
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
void validateCertChain(List<? extends Certificate> certs) throws Exception {
    int cpLen = 0;
    out: for (; cpLen<certs.size(); cpLen++) {
        for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
            if (ta.getTrustedCert().equals(certs.get(cpLen))) {
                break out;
            }
        }
    }
    if (cpLen > 0) {
        CertPath cp = certificateFactory.generateCertPath(
                (cpLen == certs.size())? certs: certs.subList(0, cpLen));
        validator.validate(cp, pkixParameters);
    }
}
 
Example #16
Source File: AbstractExtendedCredential.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
public CertPath getCertPath() throws TechnicalConnectorException {
   try {
      return CF.generateCertPath(Arrays.asList(this.getCertificateChain()));
   } catch (CertificateException var2) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_IOEXCEPTION, var2, new Object[0]);
   }
}
 
Example #17
Source File: NoExtensions.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
 
Example #18
Source File: Timestamp.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructs a Timestamp.
 *
 * @param timestamp is the timestamp's date and time. It must not be null.
 * @param signerCertPath is the TSA's certificate path. It must not be null.
 * @throws NullPointerException if timestamp or signerCertPath is null.
 */
public Timestamp(Date timestamp, CertPath signerCertPath) {
    if (timestamp == null || signerCertPath == null) {
        throw new NullPointerException();
    }
    this.timestamp = new Date(timestamp.getTime()); // clone
    this.signerCertPath = signerCertPath;
}
 
Example #19
Source File: CertUtils.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Read a bunch of certs from files and create a CertPath from them.
 *
 * @param relPath relative path containing certs (must end in
 *    file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @throws Exception on error
 */
public static CertPath buildPath(String relPath, String [] fileNames)
    throws Exception {
    List<X509Certificate> list = new ArrayList<X509Certificate>();
    for (int i = 0; i < fileNames.length; i++) {
        list.add(0, getCertFromFile(relPath + fileNames[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    return(cf.generateCertPath(list));
}
 
Example #20
Source File: Main.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
void validateCertChain(List<? extends Certificate> certs) throws Exception {
    int cpLen = 0;
    out: for (; cpLen<certs.size(); cpLen++) {
        for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
            if (ta.getTrustedCert().equals(certs.get(cpLen))) {
                break out;
            }
        }
    }
    if (cpLen > 0) {
        CertPath cp = certificateFactory.generateCertPath(
                (cpLen == certs.size())? certs: certs.subList(0, cpLen));
        validator.validate(cp, pkixParameters);
    }
}
 
Example #21
Source File: BuildEEBasicConstraints.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
 
Example #22
Source File: BuildEEBasicConstraints.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
 
Example #23
Source File: CertUtils.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Read a bunch of certs from files and create a CertPath from them.
 *
 * @param relPath relative path containing certs (must end in
 *    file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @throws Exception on error
 */
public static CertPath buildPath(String relPath, String [] fileNames)
    throws Exception {
    List<X509Certificate> list = new ArrayList<X509Certificate>();
    for (int i = 0; i < fileNames.length; i++) {
        list.add(0, getCertFromFile(relPath + fileNames[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    return(cf.generateCertPath(list));
}
 
Example #24
Source File: NoExtensions.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
 
Example #25
Source File: CertUtils.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Read a bunch of certs from files and create a CertPath from them.
 *
 * @param relPath relative path containing certs (must end in
 *    file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @throws Exception on error
 */
public static CertPath buildPath(String relPath, String [] fileNames)
    throws Exception {
    List<X509Certificate> list = new ArrayList<X509Certificate>();
    for (int i = 0; i < fileNames.length; i++) {
        list.add(0, getCertFromFile(relPath + fileNames[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    return(cf.generateCertPath(list));
}
 
Example #26
Source File: CertUtils.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Read a bunch of certs from files and create a CertPath from them.
 *
 * @param relPath relative path containing certs (must end in
 *    file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @throws Exception on error
 */
public static CertPath buildPath(String relPath, String [] fileNames)
    throws Exception {
    List<X509Certificate> list = new ArrayList<X509Certificate>();
    for (int i = 0; i < fileNames.length; i++) {
        list.add(0, getCertFromFile(relPath + fileNames[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    return(cf.generateCertPath(list));
}
 
Example #27
Source File: Main.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
void validateCertChain(List<? extends Certificate> certs) throws Exception {
    int cpLen = 0;
    out: for (; cpLen<certs.size(); cpLen++) {
        for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
            if (ta.getTrustedCert().equals(certs.get(cpLen))) {
                break out;
            }
        }
    }
    if (cpLen > 0) {
        CertPath cp = certificateFactory.generateCertPath(
                (cpLen == certs.size())? certs: certs.subList(0, cpLen));
        validator.validate(cp, pkixParameters);
    }
}
 
Example #28
Source File: RFC3280CertPathUtilities.java    From RipplePower with Apache License 2.0 5 votes vote down vote up
protected static int prepareNextCertJ(
    CertPath certPath,
    int index,
    int inhibitAnyPolicy)
    throws CertPathValidatorException
{
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate)certs.get(index);
    //
    // (j)
    //
    ASN1Integer iap = null;
    try
    {
        iap = ASN1Integer.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
            RFC3280CertPathUtilities.INHIBIT_ANY_POLICY));
    }
    catch (Exception e)
    {
        throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e, certPath,
            index);
    }

    if (iap != null)
    {
        int _inhibitAnyPolicy = iap.getValue().intValue();

        if (_inhibitAnyPolicy < inhibitAnyPolicy)
        {
            return _inhibitAnyPolicy;
        }
    }
    return inhibitAnyPolicy;
}
 
Example #29
Source File: Timestamp.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Constructs a Timestamp.
 *
 * @param timestamp is the timestamp's date and time. It must not be null.
 * @param signerCertPath is the TSA's certificate path. It must not be null.
 * @throws NullPointerException if timestamp or signerCertPath is null.
 */
public Timestamp(Date timestamp, CertPath signerCertPath) {
    if (timestamp == null || signerCertPath == null) {
        throw new NullPointerException();
    }
    this.timestamp = new Date(timestamp.getTime()); // clone
    this.signerCertPath = signerCertPath;
}
 
Example #30
Source File: CertUtils.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Read a bunch of certs from files and create a CertPath from them.
 *
 * @param relPath relative path containing certs (must end in
 *    file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @throws Exception on error
 */
public static CertPath buildPath(String relPath, String [] fileNames)
    throws Exception {
    List<X509Certificate> list = new ArrayList<X509Certificate>();
    for (int i = 0; i < fileNames.length; i++) {
        list.add(0, getCertFromFile(relPath + fileNames[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    return(cf.generateCertPath(list));
}