/** * {@inheritDoc} */ protected Collection<X509CertSelector> getSignerSelectors() { X509CertSelector digSigSelector = new X509CertSelector(); digSigSelector.setBasicConstraints(-2); digSigSelector.setKeyUsage(new boolean[] {true}); X509CertSelector caSelector = new X509CertSelector(); caSelector.setBasicConstraints(0); return Arrays.asList(digSigSelector, caSelector); }
/** * {@inheritDoc} */ protected Collection<X509CertSelector> getSignerSelectors() { X509CertSelector digSigSelector = new X509CertSelector(); digSigSelector.setBasicConstraints(-2); digSigSelector.setKeyUsage(new boolean[] { true }); X509CertSelector caSelector = new X509CertSelector(); caSelector.setBasicConstraints(0); return Arrays.asList(digSigSelector, caSelector); }
/** * {@inheritDoc} */ protected Collection<X509CertSelector> getIssuerSelectors(byte[] subjectDN) { X509CertSelector caSelector = new X509CertSelector(); caSelector.setBasicConstraints(0); try { caSelector.setSubject(subjectDN); } catch (IOException e) { // shut up } return Arrays.asList(caSelector); }
/** * {@inheritDoc} */ protected Collection<X509CertSelector> getIssuerSelectors(byte[] subjectDN) { X509CertSelector caSelector = new X509CertSelector(); caSelector.setBasicConstraints(0); try { caSelector.setSubject(subjectDN); } catch (IOException e) { // Do nothing } return Arrays.asList(caSelector); }
private static X509Certificate selectIssuerCertificate(CertStore store) { X509CertSelector signingSelector = new X509CertSelector(); boolean[] keyUsage = new boolean[9]; signingSelector.setKeyUsage(keyUsage); signingSelector.setBasicConstraints(0); X509Certificate issuer; try { LOGGER.debug("Selecting certificate with basicConstraints"); Collection<? extends Certificate> certs = store.getCertificates(signingSelector); if (certs.size() > 0) { issuer = (X509Certificate) certs.iterator().next(); } else { throw new RuntimeException("No suitable certificate for verification"); } } catch (CertStoreException e) { throw new RuntimeException(e); } return issuer; }
keyEncSelector.setBasicConstraints(-2); keyEncSelector.setKeyUsage(new boolean[] { digitalSignature, dataEncSelector.setBasicConstraints(-2); dataEncSelector.setKeyUsage(new boolean[] { digitalSignature, caSelector.setBasicConstraints(0);
private static X509Certificate selectMessageVerifier(CertStore store) { X509CertSelector signingSelector = new X509CertSelector(); boolean[] keyUsage = new boolean[9]; keyUsage[DIGITAL_SIGNATURE] = true; signingSelector.setKeyUsage(keyUsage); try { LOGGER.debug("Selecting certificate with digitalSignature keyUsage"); Collection<? extends Certificate> certs = store.getCertificates(signingSelector); if (certs.size() > 0) { return (X509Certificate) certs.iterator().next(); } else { LOGGER.debug("No certificates found. Falling back to CA certificate"); keyUsage = new boolean[9]; signingSelector.setKeyUsage(keyUsage); signingSelector.setBasicConstraints(0); certs = store.getCertificates(signingSelector); if (certs.size() > 0) { return (X509Certificate) certs.iterator().next(); } else { throw new RuntimeException("No suitable certificate for verification"); } } } catch (CertStoreException e) { throw new RuntimeException(e); } }
keyUsage = new boolean[9]; signingSelector.setKeyUsage(keyUsage); signingSelector.setBasicConstraints(0);
/** * {@inheritDoc} */ protected Collection<X509CertSelector> getRecipientSelectors() { X509CertSelector keyEncSelector = new X509CertSelector(); keyEncSelector.setKeyUsage(new boolean[] {false, false, true}); X509CertSelector dataEncSelector = new X509CertSelector(); dataEncSelector.setKeyUsage(new boolean[] {false, false, false, true}); X509CertSelector caSelector = new X509CertSelector(); caSelector.setBasicConstraints(0); return Arrays.asList(keyEncSelector, dataEncSelector, caSelector); } }
selector.setBasicConstraints(-2); selector.setCertificate(certificate);