@Override protected PKIXValidationInformationResolver getPKIXResolver(MetadataProvider provider, Set<String> trustedKeys, Set<String> trustedNames) { // Use all available keys if (trustedKeys == null) { trustedKeys = keyManager.getAvailableCredentials(); } // Resolve allowed certificates to build the anchors List<X509Certificate> certificates = new LinkedList<X509Certificate>(); for (String key : trustedKeys) { log.debug("Adding PKIX trust anchor {} for metadata verification of provider {}", key, provider); X509Certificate certificate = keyManager.getCertificate(key); if (certificate != null) { certificates.add(certificate); } else { log.warn("Cannot construct PKIX trust anchor for key with alias {} for provider {}, key isn't included in the keystore", key, provider); } } List<PKIXValidationInformation> info = new LinkedList<PKIXValidationInformation>(); info.add(new BasicPKIXValidationInformation(certificates, null, 4)); return new StaticPKIXValidationInformationResolver(info, trustedNames); }
/** * Method is expected to construct information resolver with all trusted data available for the given provider. * * @return information resolver */ protected PKIXValidationInformationResolver getPKIXResolver() { // Use all available keys if (trustedKeys == null) { trustedKeys = keyManager.getAvailableCredentials(); } // Resolve allowed certificates to build the anchors List<X509Certificate> certificates = new ArrayList<X509Certificate>(trustedKeys.size()); for (String key : trustedKeys) { log.debug("Adding PKIX trust anchor {} for SSL/TLS verification {}", key); certificates.add(keyManager.getCertificate(key)); } List<PKIXValidationInformation> info = new LinkedList<PKIXValidationInformation>(); info.add(new BasicPKIXValidationInformation(certificates, null, 4)); return new StaticPKIXValidationInformationResolver(info, null); }
/** {@inheritDoc} */ protected Object createInstance() throws Exception { Set<String> names = getTrustedNames(); if (names == null) { names = Collections.emptySet(); } StaticPKIXValidationInformationResolver pkixResolver = new StaticPKIXValidationInformationResolver(getPKIXInfo(), names); List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>(); keyInfoProviders.add(new DSAKeyValueProvider()); keyInfoProviders.add(new RSAKeyValueProvider()); keyInfoProviders.add(new InlineX509DataProvider()); KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders); PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver); if (getPKIXValidationOptions() != null) { ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions()); } return engine; } }
/** {@inheritDoc} */ protected Object createInstance() throws Exception { Set<String> names = getTrustedNames(); if (names == null) { names = Collections.emptySet(); } StaticPKIXValidationInformationResolver pkixResolver = new StaticPKIXValidationInformationResolver(getPKIXInfo(), names); PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pkixResolver); if (getPKIXValidationOptions() != null) { ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions()); } return engine; } }