/** * Returns a new certification path validator for the specified algorithm * from the specified provider. * * @param algorithm * the algorithm name. * @param provider * the security provider name. * @return a certification path validator for the requested algorithm. * @throws NoSuchAlgorithmException * if the specified security provider cannot provide the * requested algorithm. * @throws NoSuchProviderException * if no provider with the specified name can be found. * @throws NullPointerException * if algorithm is {@code null}. * @throws IllegalArgumentException if {@code provider == null || provider.isEmpty()} */ public static CertPathValidator getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { if (provider == null || provider.isEmpty()) { throw new IllegalArgumentException(); } Provider impProvider = Security.getProvider(provider); if (impProvider == null) { throw new NoSuchProviderException(provider); } return getInstance(algorithm, impProvider); }
CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); X509CertSelector certSelector = new X509CertSelector();
final CertPathValidator pathValidator = CertPathValidator.getInstance( "PKIX" ); pathValidator.validate( cp, params );
X509Certificate certToVerify = ... CertificateFactory cf = CertificateFactory.getInstance("X.509"); CertPath cp = cf.generateCertPath(Arrays .asList(new X509Certificate[] { certToVerify })); TrustAnchor trustAnchor = new TrustAnchor(caCert, null); CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXParameters pkixParams = new PKIXParameters( Collections.singleton(trustAnchor)); pkixParams.setRevocationEnabled(false); cpv.validate(cp, pkixParams);
CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult result = validator.validate(certPath, params);
boolean validateCertificate(Certificate cert) { boolean isValidated; if (cert == null) { return false; } try { KeyStore keyStore = getTrustStore(); PKIXParameters parms = new PKIXParameters(keyStore); parms.setRevocationEnabled(false); CertPathValidator certValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); // PKIX ArrayList<Certificate> start = new ArrayList<>(); start.add(cert); CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_FORMAT); CertPath certPath = certFactory.generateCertPath(start); certValidator.validate(certPath, parms); isValidated = true; } catch (KeyStoreException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | CertificateException | CertPathValidatorException | CryptoException e) { logger.error("Cannot validate certificate. Error is: " + e.getMessage() + "\r\nCertificate" + cert.toString()); isValidated = false; } return isValidated; } // validateCertificate
CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
/** * */ private CertPathValidator getCertPathValidator() throws GeneralSecurityException { if (certValidator == null) { if (certProvider.length() > 0) { certValidator = CertPathValidator.getInstance("PKIX", certProvider); } else { certValidator = CertPathValidator.getInstance("PKIX"); } } return certValidator; }
/** * Returns an instance of PKIX certificate path validator. * @return an instance of PKIX certificate path validator */ public static CertPathValidator createPKIXValidator() { try { return CertPathValidator.getInstance("PKIX"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("FATAL: PKIX validation not supported"); } }
/** * Get the default PKIX CertPath Validator * * @return instance of CertPathValidator */ private static CertPathValidator getCertPathValidator() { try { return CertPathValidator.getInstance(SpiffeProviderConstants.PUBLIC_KEY_INFRASTRUCTURE_ALGORITHM); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } }
/** * Spring init method. * @throws NoSuchProviderException * @throws CertificateException * @throws NoSuchAlgorithmException */ public void init() throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException { if (certificateFactory==null) { log.debug("initializing CertificateFactory"); certificateFactory = CertificateFactory.getInstance(certificateFactoryType, certificateFactoryProv); } validator = CertPathValidator.getInstance(validatorAlgorithm, validatorProv); }
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", new BouncyCastleProvider()); InputStream is = new ByteArrayInputStream(some bytes in an array); CertPath certPath = certificateFactory.generateCertPath(is, "PKCS7"); // Throws Certificate Exception when a cert path cannot be generated CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", new BouncyCastleProvider()); PKIXParameters parameters = new PKIXParameters(KeyTool.getCacertsKeyStore()); PKIXCertPathValidatorResult validatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, parameters); // This will throw a CertPathValidatorException if validation fails
private boolean validateChain(Certificate[] certificates) throws CertificateException, NoSuchAlgorithmException, CertPathValidatorException, InvalidAlgorithmParameterException { CertPath certPath; CertPathValidator certPathValidator; Boolean valid = Boolean.FALSE; CertificateFactory cf = CertificateFactory.getInstance("X.509"); certPath = cf.generateCertPath(Arrays.asList(certificates)); certPathValidator = CertPathValidator.getInstance("PKIX"); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) certPathValidator .validate(certPath, params); if (null != result) { valid = Boolean.TRUE; } return valid; }
CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); certPathValidator.validate(certPath, params);
public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs, Set<TrustAnchor> trustAnchors) throws GeneralSecurityException { CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXParameters params = new PKIXParameters(trustAnchors); params.setRevocationEnabled(false); CertificateFactory cf = CertificateFactory.getInstance("X509"); CertPath path = cf.generateCertPath(certs); return (PKIXCertPathValidatorResult) cpv.validate(path, params); } }
public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs, Set<TrustAnchor> trustAnchors) throws GeneralSecurityException { CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXParameters params = new PKIXParameters(trustAnchors); params.setRevocationEnabled(false); CertificateFactory cf = CertificateFactory.getInstance("X509"); CertPath path = cf.generateCertPath(certs); return (PKIXCertPathValidatorResult) cpv.validate(path, params); } }
public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs, Set<TrustAnchor> trustAnchors) throws GeneralSecurityException { CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXParameters params = new PKIXParameters(trustAnchors); params.setRevocationEnabled(false); CertificateFactory cf = CertificateFactory.getInstance("X509"); CertPath path = cf.generateCertPath(certs); return (PKIXCertPathValidatorResult) cpv.validate(path, params); } }
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); final X509Certificate certificateToCheck = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes)); final KeyStore trustStore = KeyStore.getInstance("JKS"); InputStream keyStoreStream = ... trustStore.load(keyStoreStrem, "your password".toCharArray()); final CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX"); final X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate(certificateToCheck); final CertPathParameters certPathParameters = new PKIXBuilderParameters(trustStore, certSelector); final CertPathBuilderResult certPathBuilderResult = certPathBuilder.build(certPathParameters); final CertPath certPath = certPathBuilderResult.getCertPath(); final CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX"); final PKIXParameters validationParameters = new PKIXParameters(trustStore); validationParameters.setRevocationEnabled(true); // if you want to check CRL final X509CertSelector keyUsageSelector = new X509CertSelector(); keyUsageSelector.setKeyUsage(new boolean[] { true, false, true }); // to check digitalSignature and keyEncipherment bits validationParameters.setTargetCertConstraints(keyUsageSelector); final PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, validationParameters); System.out.println(result);
public static void validateCertificateChain(KeyStore ks, List<X509Certificate> inCerts) { // Initial chain validation, to be enhanced as needed try { X509CertSelector certSelect = new X509CertSelector(); certSelect.setCertificate(inCerts.get(0)); PKIXBuilderParameters pbParams = new PKIXBuilderParameters(ks, certSelect); pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(inCerts))); pbParams.setMaxPathLength(-1); pbParams.setRevocationEnabled(false); CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams); CertPath certPath = buildResult.getCertPath(); CertPathValidator.getInstance("PKIX").validate(certPath, pbParams); } catch (Exception ex) { LOG.warning("Certificate path validation error"); throw new JoseException(ex); } } public static X509Certificate[] toX509CertificateChainArray(List<String> base64EncodedChain) {
public static void validateCertificateChain(KeyStore ks, List<X509Certificate> inCerts) { // Initial chain validation, to be enhanced as needed try { X509CertSelector certSelect = new X509CertSelector(); certSelect.setCertificate(inCerts.get(0)); PKIXBuilderParameters pbParams = new PKIXBuilderParameters(ks, certSelect); pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(inCerts))); pbParams.setMaxPathLength(-1); pbParams.setRevocationEnabled(false); CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams); CertPath certPath = buildResult.getCertPath(); CertPathValidator.getInstance("PKIX").validate(certPath, pbParams); } catch (Exception ex) { LOG.warning("Certificate path validation error"); throw new JoseException(ex); } } public static X509Certificate[] toX509CertificateChainArray(List<String> base64EncodedChain) {