/** * Deserializes a {@code CertPath} from a serialized {@code CertPathRep} * object. * * @return the deserialized {@code CertPath}. * @throws ObjectStreamException * if deserialization fails. */ protected Object readResolve() throws ObjectStreamException { try { CertificateFactory cf = CertificateFactory.getInstance(type); return cf.generateCertPath(new ByteArrayInputStream(data)); } catch (Throwable t) { throw new NotSerializableException("Could not resolve cert path: " + t); } } }
private void addCodeSigner(ArrayList<CodeSigner> asigners, List<Certificate> list) { CertPath certPath = null; if (!isFactoryChecked) { try { factory = CertificateFactory.getInstance("X.509"); } catch (CertificateException ex) { // do nothing } finally { isFactoryChecked = true; } } if (factory == null) { return; } try { certPath = factory.generateCertPath(list); } catch (CertificateException ex) { // do nothing } if (certPath != null) { asigners.add(new CodeSigner(certPath, null)); } } }
/** * Decode the next element from the given DER decoder as an X.509 certificate chain. * * @param decoder the DER decoder * @return the X.509 certificate chain * @throws ASN1Exception if the next element from the given decoder is not an X.509 * certificate chain or if an error occurs while decoding the X.509 certificate chain */ public static X509Certificate[] decodeX509CertificateChain(final DERDecoder decoder) throws ASN1Exception { if (decoder.peekType() != SET_TYPE) { throw saslEntity.asnUnexpectedTag(); } byte[] certChain = decoder.drainElement(); try { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); certChain[0] = SEQUENCE_TYPE; // CertificateFactory#generateCertPath requires a DER SEQUE CertPath certPath = certFactory.generateCertPath(new ByteArrayInputStream(certChain)); List<? extends Certificate> certs = certPath.getCertificates(); return certs.toArray(new X509Certificate[certs.size()]); } catch (CertificateException e) { throw new ASN1Exception(e); } }
@Override public void engineSetKeyEntry(String alias, byte[] keystoreBytes, Certificate[] chain) throws KeyStoreException { try { List<ModificationItem> items = new LinkedList<>(); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(keyAttribute, keystoreBytes))); CertificateFactory certFactory = CertificateFactory.getInstance(certificateType); CertPath certPath = certFactory.generateCertPath(Arrays.asList(chain)); BasicAttribute chainAttr = new BasicAttribute(certificateChainAttribute, certPath.getEncoded(certificateChainEncoding)); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, chainAttr)); BasicAttribute certificateAttr = new BasicAttribute(certificateAttribute, chain[0].getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, certificateAttr)); storeAttributes(alias, items); } catch (CertificateException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } }
certList.add(cf.generateCertificate(in)); CertPath certPath = cf.generateCertPath(certList);
boolean validateCertificate(Certificate cert) { boolean isValidated; if (cert == null) { return false; } try { KeyStore keyStore = getTrustStore(); PKIXParameters parms = new PKIXParameters(keyStore); parms.setRevocationEnabled(false); CertPathValidator certValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); // PKIX ArrayList<Certificate> start = new ArrayList<>(); start.add(cert); CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_FORMAT); CertPath certPath = certFactory.generateCertPath(start); certValidator.validate(certPath, parms); isValidated = true; } catch (KeyStoreException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | CertificateException | CertPathValidatorException | CryptoException e) { logger.error("Cannot validate certificate. Error is: " + e.getMessage() + "\r\nCertificate" + cert.toString()); isValidated = false; } return isValidated; } // validateCertificate
public static CertPath getCertificateChain(List<X509Certificate> certs) throws CertificateException, NoSuchProviderException { CertificateFactory cf = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); return cf.generateCertPath(certs); } }
public static CertPath getCertificateChain(InputStream is) throws CertificateException, NoSuchProviderException { CertificateFactory cf = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); return cf.generateCertPath(is, "PKCS7"); }
/** * Deserializes a {@code CertPath} from a serialized {@code CertPathRep} * object. * * @return the deserialized {@code CertPath}. * @throws ObjectStreamException * if deserialization fails. */ protected Object readResolve() throws ObjectStreamException { try { CertificateFactory cf = CertificateFactory.getInstance(type); return cf.generateCertPath(new ByteArrayInputStream(data)); } catch (Throwable t) { throw new NotSerializableException("Could not resolve cert path: " + t); } } }
private static byte[] encodeCerts(Certificate[] certs) { if (certs == null) { return Bytes.EMPTY_BYTES; } try { return CertificateFactory.getInstance("X509"). generateCertPath(Arrays.asList(certs)).getEncoded("PKCS7"); } catch (GeneralSecurityException e) { return Bytes.EMPTY_BYTES; } }
X509Certificate newCert = certGen.generateX509Certificate(privateKey, "BC"); //============================= List chain = new ArrayList(); chain.add(newCert); //------------------------------------------------- // create the CertPath with old BouncyCastle CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); CertPath path = fact.generateCertPath(chain); result = Base64Utils.base64Encode(path.getEncoded("PKCS7"));
@Override public void checkServerTrusted(X509Certificate[] toBeVerified, String authType) throws CertificateException { if (verify) { if (toBeVerified == null || toBeVerified.length == 0) throw new IllegalArgumentException("null or empty chain"); if (authType == null || authType.isEmpty()) throw new IllegalArgumentException("no authentication type"); List<X509Certificate> asList = Arrays.asList(toBeVerified); CertPath path = cf.generateCertPath(asList); try { validator.validate(path, parameter); } catch (CertPathValidatorException | InvalidAlgorithmParameterException e) { throw new CertificateException(e); } } }
/** * Converts specified list of certificates into a certificate path, using * default X.509 certificate factory. * * @param certs certificates to turn into a certificate path * @return newly created certificate path */ public static CertPath convertToCertPath(X509Certificate[] certs) { try { return getX509CertFactory().generateCertPath(Arrays.asList(certs)); } catch (CertificateException e) { throw new RuntimeException("FATAL: X509 cert path construction failed"); } }
/** * Creates a new instance from a <em>PkiPath</em> encoded certificate chain. * * @param encodedPath The encoded chain. * @return The certificate chain. * @throws IllegalArgumentException if the given byte array does cannot be parsed into an X.509 certificate chain. */ public static X509CertPath fromBytes(final byte[] encodedPath) { try { CertificateFactory factory = CertificateFactory.getInstance(TYPE_X509); CertPath certPath = factory.generateCertPath(new ByteArrayInputStream(encodedPath), "PkiPath"); return new X509CertPath(certPath); } catch (CertificateException e) { throw new IllegalArgumentException("byte array does not contain X.509 certificate path"); } }
private Subject createSubject() throws IOException { try { Certificate[] chain = engine.getSession().getPeerCertificates(); CertPath certPath = cf.generateCertPath(asList(chain)); return new Subject(false, Collections.<Principal>emptySet(), singleton(certPath), emptySet()); } catch (SSLPeerUnverifiedException e) { throw new IOException("Failed to establish identity of SSL peer: " + e.getMessage(), e); } catch (CertificateException e) { throw new IOException("Certificate failure: " + e.getMessage(), e); } } }
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", new BouncyCastleProvider()); InputStream is = new ByteArrayInputStream(some bytes in an array); CertPath certPath = certificateFactory.generateCertPath(is, "PKCS7"); // Throws Certificate Exception when a cert path cannot be generated CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", new BouncyCastleProvider()); PKIXParameters parameters = new PKIXParameters(KeyTool.getCacertsKeyStore()); PKIXCertPathValidatorResult validatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, parameters); // This will throw a CertPathValidatorException if validation fails
/** * @return ASN.1 DER encoded on Base64, for X.509 certificate * */ public static String encodeX509CertChainToBase64(Certificate[] aCertificationChain) throws CertificateException { List<Certificate> certList = Arrays.asList(aCertificationChain); CertificateFactory certFactory = CertificateFactory.getInstance(X509_CERTIFICATE_TYPE); CertPath certPath = certFactory.generateCertPath(certList); byte[] certPathEncoded = certPath.getEncoded(CERTIFICATION_CHAIN_ENCODING); String base64encodedCertChain = Base64Utils.base64Encode(certPathEncoded); return base64encodedCertChain; }
public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs, Set<TrustAnchor> trustAnchors) throws GeneralSecurityException { CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXParameters params = new PKIXParameters(trustAnchors); params.setRevocationEnabled(false); CertificateFactory cf = CertificateFactory.getInstance("X509"); CertPath path = cf.generateCertPath(certs); return (PKIXCertPathValidatorResult) cpv.validate(path, params); } }
public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs, Set<TrustAnchor> trustAnchors) throws GeneralSecurityException { CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXParameters params = new PKIXParameters(trustAnchors); params.setRevocationEnabled(false); CertificateFactory cf = CertificateFactory.getInstance("X509"); CertPath path = cf.generateCertPath(certs); return (PKIXCertPathValidatorResult) cpv.validate(path, params); } }
public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs, Set<TrustAnchor> trustAnchors) throws GeneralSecurityException { CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXParameters params = new PKIXParameters(trustAnchors); params.setRevocationEnabled(false); CertificateFactory cf = CertificateFactory.getInstance("X509"); CertPath path = cf.generateCertPath(certs); return (PKIXCertPathValidatorResult) cpv.validate(path, params); } }