/** * */ private CertPathParameters getCertPathParameters(KeyStore keystore) throws GeneralSecurityException { HashSet<TrustAnchor> tas = new HashSet<TrustAnchor>(); for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements(); ) { String name = e.nextElement(); Certificate c = keystore.getCertificate(name); if (c != null) { if (trustKeys || keystore.isCertificateEntry(name)) { tas.add(new TrustAnchor((X509Certificate)c, null)); } } } PKIXParameters p = new PKIXParameters(tas); // NYI! Handle CRLs p.setRevocationEnabled(false); if (validationDate != null) { p.setDate(validationDate); } return p; }
param.setRevocationEnabled(false); param.addCertStore(store); param.setDate(new Date());
param.setRevocationEnabled(false); param.addCertStore(store); param.setDate(new Date());
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate((X509Certificate) myKeyStore.getCertificate("mykey")); PKIXBuilderParameters cpp = new PKIXBuilderParameters(trustAnchors, certSelector); cpp.addCertStore(cs); cpp.setRevocationEnabled(true); cpp.setMaxPathLength(6); cpp.setDate(new Date()); CertPathBuilderResult a = cpb.build(cpp); CertPath certPath = a.getCertPath();
private void validateNoCache(List<? extends X509Certificate> certs) throws SignatureException { try { CertPathValidator validator = CertPathValidator.getInstance( VALIDATOR_TYPE); PKIXParameters params = new PKIXParameters(trustRoots); params.addCertPathChecker(WAVE_OID_CHECKER); params.setDate(timeSource.now()); // turn off default revocation-checking mechanism params.setRevocationEnabled(false); // TODO: add a way for clients to add certificate revocation checks, // perhaps by letting them pass in PKIXCertPathCheckers. This can also be // useful to check for Wave-specific certificate extensions. CertificateFactory certFactory = CertificateFactory.getInstance( CERTIFICATE_TYPE); CertPath certPath = certFactory.generateCertPath(certs); validator.validate(certPath, params); } catch (GeneralSecurityException e) { throw new SignatureException("Certificate validation failure", e); } }
baseOfBase.setDate(new Date()); baseOfBase.addCertStore(crlStore); CertStore certStore;
params.setDate(new Date(dateTimeProvider.getCurrentDateTime().getMillis())); if (crlManager!=null) { Collection<CRL> crlCollection = crlManager.getCRLCollection(certificateChain);
public ProvX509TrustManager(Provider pkixProvider, PKIXParameters baseParameters) throws InvalidAlgorithmParameterException { this.pkixProvider = pkixProvider; this.trustAnchors = baseParameters.getTrustAnchors(); if (baseParameters instanceof PKIXBuilderParameters) { this.baseParameters = baseParameters; } else { this.baseParameters = new PKIXBuilderParameters(baseParameters.getTrustAnchors(), baseParameters.getTargetCertConstraints()); this.baseParameters.setCertStores(baseParameters.getCertStores()); this.baseParameters.setRevocationEnabled(baseParameters.isRevocationEnabled()); this.baseParameters.setCertPathCheckers(baseParameters.getCertPathCheckers()); this.baseParameters.setDate(baseParameters.getDate()); this.baseParameters.setAnyPolicyInhibited(baseParameters.isAnyPolicyInhibited()); this.baseParameters.setPolicyMappingInhibited(baseParameters.isPolicyMappingInhibited()); this.baseParameters.setExplicitPolicyRequired(baseParameters.isExplicitPolicyRequired()); } }