final CertStore cs = CertStore.getInstance( "Collection", new CollectionCertStoreParameters( allCerts ) ); final X509CertSelector selector = new X509CertSelector(); selector.setCertificate( first ); final PKIXBuilderParameters params = new PKIXBuilderParameters( store, selector ); params.addCertStore( cs ); params.setDate( new Date() ); params.setRevocationEnabled( false ); final CertPathBuilder pathBuilder = CertPathBuilder.getInstance( CertPathBuilder.getDefaultType() ); final CertPath cp = pathBuilder.build( params ).getCertPath();
X509CertSelector filter = new X509CertSelector(); filter.setSubject(responderSubjectName.getName()); Iterator i = certStore.getCertificates(filter).iterator(); if (i.hasNext()) { responderCert = (X509Certificate) i.next();
/** * Is the certificate revoked? * * @since 0.9.25 */ public static boolean isRevoked(CertStore store, Certificate cert) { try { for (CRL crl : store.getCRLs(null)) { if (crl.isRevoked(cert)) return true; } } catch (GeneralSecurityException gse) {} return false; }
PKIXBuilderParameters pkixParamsBuilder = new PKIXBuilderParameters( trustStore, new X509CertSelector() ); pkixParamsBuilder.setRevocationEnabled( true ); pkixParamsBuilder.addCertStore( CertStore.getInstance( "Collection", new CollectionCertStoreParameters( crls ) ) );
/* Givens. */ InputStream trustStoreInput = ... char[] password = ... List<X509Certificate> chain = ... Collection<X509CRL> crls = ... /* Construct a valid path. */ KeyStore anchors = KeyStore.getInstance(KeyStore.getDefaultType()); anchors.load(trustStoreInput, password); X509CertSelector target = new X509CertSelector(); target.setCertificate(chain.get(0)); PKIXBuilderParameters params = new PKIXBuilderParameters(anchors, target); CertStoreParameters intermediates = new CollectionCertStoreParameters(chain) params.addCertStore(CertStore.getInstance("Collection", intermediates)); CertStoreParameters revoked = new CollectionCertStoreParameters(crls); params.addCertStore(CertStore.getInstance("Collection", revoked)); CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); /* * If build() returns successfully, the certificate is valid. More details * about the valid path can be obtained through the PKIXBuilderResult. * If no valid path can be found, a CertPathBuilderException is thrown. */ PKIXBuilderResult r = (PKIXBuilderResult) builder.build(params);
final CertStore certificates = CertStore.getInstance( "Collection", new CollectionCertStoreParameters( Arrays.asList( chain ) ) ); final PKIXBuilderParameters parameters = new PKIXBuilderParameters( trustAnchors, selector ); parameters.setDate( validPointInTime ); parameters.addCertStore( certificates ); try pathBuilder = CertPathBuilder.getInstance( "PKIX", "BC" ); pathBuilder = CertPathBuilder.getInstance( "PKIX" ); final CertPathBuilderResult result = pathBuilder.build( parameters ); return result.getCertPath();
X509CertSelector certSelector = new X509CertSelector(); certSelector.setSubject(x509certificate.getSubjectX500Principal()); PKIXParameters params = new PKIXBuilderParameters(store,certSelector); CertStore cstore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(icert1, icert2 /*, other certs... */))); params.addCertStore(cstore); CertPathBuilder cpb = CertPathBuilder.getInstance(CertPathBuilder.getDefaultType()); CertPath certPath = cpb.build(params).getCertPath();
protected void validatePath(X509Certificate[] x509Certificates) throws CertificateException { try { CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(x509Certificates)), pkixProvider); CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", pkixProvider); X509CertSelector constraints = (X509CertSelector)baseParameters.getTargetCertConstraints().clone(); constraints.setCertificate(x509Certificates[0]); PKIXBuilderParameters param = (PKIXBuilderParameters)baseParameters.clone(); param.addCertStore(certStore); param.setTargetCertConstraints(constraints); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)pathBuilder.build(param); } catch (GeneralSecurityException e) { throw new CertificateException("unable to process certificates: " + e.getMessage(), e); } } }
throw new IllegalArgumentException("provider == null || provider.isEmpty()"); Provider impProvider = Security.getProvider(provider); if (impProvider == null) { throw new NoSuchProviderException(provider); return getInstance(type, params, impProvider);
Security.addProvider(new BouncyCastleProvider()); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = certStore.getCertificates(signer.getSID()); Iterator certIt = certCollection.iterator(); X509Certificate cert = (X509Certificate) certIt.next();
public ClientTrustManager(KeyStore trustTrust) { super(); this.trustStore = trustTrust; //Note: A reference of the Collection is used in the CertStore, so we can add CRL's // after creating the CertStore. crls = new ArrayList<>(); CollectionCertStoreParameters params = new CollectionCertStoreParameters(crls); try { crlStore = CertStore.getInstance("Collection", params); } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException ex) { Log.warn("ClientTrustManager: ",ex); } loadCRL(); }
private static X509Certificate selectIssuerCertificate(CertStore store) { X509CertSelector signingSelector = new X509CertSelector(); boolean[] keyUsage = new boolean[9]; signingSelector.setKeyUsage(keyUsage); signingSelector.setBasicConstraints(0); X509Certificate issuer; try { LOGGER.debug("Selecting certificate with basicConstraints"); Collection<? extends Certificate> certs = store.getCertificates(signingSelector); if (certs.size() > 0) { issuer = (X509Certificate) certs.iterator().next(); } else { throw new RuntimeException("No suitable certificate for verification"); } } catch (CertStoreException e) { throw new RuntimeException(e); } return issuer; }
public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore) throws CertStoreException { return certStore.getCertificates(new CertSelector() { public boolean match(Certificate certificate) { return (selector == null) ? true : selector.match(certificate); } public Object clone() { return this; } }); } }
return new CertStore((CertStoreSpi) spi, provider, type, params); } catch (NoSuchAlgorithmException e) { Throwable th = e.getCause();
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath, trustStorePassword); boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable")); PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); if (crlPath != null) { pkixParams.setRevocationEnabled(true); Collection<? extends CRL> crlList = loadCRL(crlPath); if (crlList != null) { pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
KeyStore trustAnchors = getTrustAnchors(); X509CertSelector target = new X509CertSelector(); target.setCertificate(signerCertificate); PKIXBuilderParameters params = new PKIXBuilderParameters(anchors, target); CertStoreParameters additionalCerts = new CollectionCertStoreParameters(allOtherCerts) params.addCertStore(CertStore.getInstance("Collection", additionalCerts)); CertStoreParameters revocationObjects = new CollectionCertStoreParameters(allCRLs); params.addCertStore(CertStore.getInstance("Collection", revocationObjects)); CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); PKIXCertPathBuilderResult r = (PKIXCertPathBuilderResult) builder.build(params); /* if the build method returns without exception, the certificate chain is valid */
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(crls); try { CertStore store = CertStore.getInstance("Collection", ccsp); return store; } catch (GeneralSecurityException gse) {
private static X509Certificate selectMessageVerifier(CertStore store) { X509CertSelector signingSelector = new X509CertSelector(); boolean[] keyUsage = new boolean[9]; keyUsage[DIGITAL_SIGNATURE] = true; signingSelector.setKeyUsage(keyUsage); try { LOGGER.debug("Selecting certificate with digitalSignature keyUsage"); Collection<? extends Certificate> certs = store.getCertificates(signingSelector); if (certs.size() > 0) { return (X509Certificate) certs.iterator().next(); } else { LOGGER.debug("No certificates found. Falling back to CA certificate"); keyUsage = new boolean[9]; signingSelector.setKeyUsage(keyUsage); signingSelector.setBasicConstraints(0); certs = store.getCertificates(signingSelector); if (certs.size() > 0) { return (X509Certificate) certs.iterator().next(); } else { throw new RuntimeException("No suitable certificate for verification"); } } } catch (CertStoreException e) { throw new RuntimeException(e); } }
public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore) throws CertStoreException { return certStore.getCertificates(new SelectorClone(selector)); }
return new CertStore((CertStoreSpi) sap.spi, sap.provider, type, params); } catch (NoSuchAlgorithmException e) { Throwable th = e.getCause();