Package java.security.cert

Examples of java.security.cert.CertPath


      serverSubject));
      List certPaths =
    SubjectCredentials.getCertificateChains(serverSubject);
      if (certPaths != null) {
    for (int i = certPaths.size(); --i >= 0; ) {
        CertPath chain = (CertPath) certPaths.get(i);
        X509Certificate firstCert = firstX509Cert(chain);
        X500Principal p = firstCert.getSubjectX500Principal();
        if (progress.containsKey(p)) {
      try {
          checkValidity(chain, null);
View Full Code Here


            //validating path
            List<Certificate> certchain = new ArrayList<Certificate>();
            certchain.addAll(cACertChain);
            certchain.add(verCert);
            CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);

            Set<TrustAnchor> trust = new HashSet<TrustAnchor>();
            trust.add(new TrustAnchor(rootCert, null));

            CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
View Full Code Here

          params.setDate( new Date() );

          // Create the validator and validate the path
          CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType(), "BC");
          CertificateFactory fact = CertTools.getCertificateFactory();
          CertPath certpath = fact.generateCertPath(calist);

          CertPathValidatorResult result = certPathValidator.validate(certpath, params);

          // Get the certificates validate in the path
          PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult)result;
          returnval.addAll(certpath.getCertificates());

          // Get the CA used to validate this path
          TrustAnchor ta = pkixResult.getTrustAnchor();
          X509Certificate cert = ta.getTrustedCert();
          returnval.add(cert);
View Full Code Here

        cpbParams.setRevocationEnabled(false);

        // Build path
        PKIXCertPathBuilderResult cpbResult =
            (PKIXCertPathBuilderResult) cpb.build(cpbParams);
        CertPath certPath = cpbResult.getCertPath();

        // Validate path
        final CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
        final PKIXParameters params = new PKIXParameters(anchors);
        params.setSigProvider("BC");
        params.setRevocationEnabled(false);
//                X509CertSelector targetCertConstraints = new X509CertSelector();
//                targetCertConstraints.setKeyUsage(keyUsage)
//                params.setTargetCertConstraints(targetCertConstraints);

        PKIXCertPathValidatorResult result =
            (PKIXCertPathValidatorResult) cpv.validate(certPath, params);
//                PolicyNode policyTree = result.getPolicyTree();
//                PublicKey subjectPublicKey = result.getPublicKey();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Found trust anchor: " + result.getTrustAnchor());
        }

        List<X509Certificate> signerChain = new ArrayList<X509Certificate>();

        for (Certificate cert : certPath.getCertificates()) {
            signerChain.add((X509Certificate) cert);
        }
        if (signerChain.size() > 0) {
            signerChain.add(result.getTrustAnchor().getTrustedCert());
        }
View Full Code Here

              //validating path
              List certchain = new ArrayList();
              certchain.addAll(cACertChain);
              certchain.add(verCert);
              CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);

              Set trust = new HashSet();
              trust.add(new TrustAnchor(rootCert, null));

              CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
View Full Code Here

      certificateResponse = new String(Base64.encode(responseData.getResponseData(), false));
            try {
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                String pkcs7 = PEM_PKCS7_BEGIN + "\n" + new String(Base64.encode(responseData.getResponseData(), true)) + "\n" + PEM_PKCS7_END + "\n";
                log.debug("pkcs7="+pkcs7);
              CertPath certPath = cf.generateCertPath(new ByteArrayInputStream(responseData.getResponseData()), "PKCS7");
              List<? extends Certificate> certList = certPath.getCertificates();
              Certificate caCert = certList.get(certList.size()-1);
              String caCertificate = new String(Base64.encode(caCert.getEncoded(), false));
        resource = new ByteArrayResource(caCertificate.getBytes());
        mimeType = "application/x-x509-ca-cert";
            } catch (CertificateException e) {
View Full Code Here

      
       //validating path
       List certchain = new ArrayList();
       certchain.addAll(cACertChain);
       certchain.add(usercert);
       CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);
      
       Set trust = new HashSet();
       trust.add(new TrustAnchor(rootCert, null));
      
       CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
View Full Code Here

                    ArrayList<Certificate> certList = new ArrayList<Certificate>();
                      certList.add(cert);
                      certList.addAll(caSession.getCA(Admin.getInternalAdmin(), CertTools.getIssuerDN(cert).hashCode()).getCertificateChain());
                      // Create large certificate-only PKCS7
                      CertificateFactory cf = CertificateFactory.getInstance("X.509");
                      CertPath certPath = cf.generateCertPath(new ByteArrayInputStream(CertTools.getPEMFromCerts(certList)));
                      result = certPath.getEncoded("PKCS7");
              } else
              return new CertificateRequestResponse(submessage.getRequestId(), false, MSG_UNSUPPORTED_RESPONSE_TYPE, null, null);
              }
              break;
            case CertificateRequestRequest.REQUEST_TYPE_CRMF:
              // Extract request in a format that EJBCA can process
          CertReqMessages certReqMessages = CertReqMessages.getInstance(new ASN1InputStream(submessage.getRequestData()).readObject());
          PKIMessage msg = new PKIMessage(new PKIHeader(
              new DERInteger(2), new GeneralName(new X509Name("CN=unused")), new GeneralName(new X509Name("CN=unused"))),
              new PKIBody(certReqMessages, 2)); // [2] CertReqMessages --Certification Request
              CrmfRequestMessage crmfReq = new CrmfRequestMessage(msg, null, true, null);
              crmfReq.setUsername(submessage.getUsername());
              crmfReq.setPassword(submessage.getPassword());
              // Request and extract certificate from response
              IResponseMessage response = signSession.createCertificate(admin, crmfReq, org.ejbca.core.protocol.cmp.CmpResponseMessage.class, null);
              ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(response.getResponseMessage()));
              CertRepMessage certRepMessage = PKIMessage.getInstance(ais.readObject()).getBody().getCp();
          InputStream inStream = new ByteArrayInputStream(certRepMessage.getResponse(0).getCertifiedKeyPair().getCertOrEncCert().getCertificate().getEncoded());
          cert = CertificateFactory.getInstance("X.509").generateCertificate(inStream);
          inStream.close();
          // Convert to the right response type
              if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE) {
                result = cert.getEncoded();
              } else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7) { 
                result = signSession.createPKCS7(admin, cert, false);
              } else if (submessage.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_PKCS7WITHCHAIN) {
                // Read certificate chain
                    ArrayList<Certificate> certList = new ArrayList<Certificate>();
                      certList.add(cert);
                      certList.addAll(caSession.getCA(Admin.getInternalAdmin(), CertTools.getIssuerDN(cert).hashCode()).getCertificateChain());
                      // Create large certificate-only PKCS7
                      CertificateFactory cf = CertificateFactory.getInstance("X.509");
                      CertPath certPath = cf.generateCertPath(new ByteArrayInputStream(CertTools.getPEMFromCerts(certList)));
                      result = certPath.getEncoded("PKCS7");
              } else {
              return new CertificateRequestResponse(submessage.getRequestId(), false, MSG_UNSUPPORTED_RESPONSE_TYPE, null, null);
              }
              break;
            default:
View Full Code Here

         
          //validating path
          List certchain = new ArrayList();
          certchain.addAll(cACertChain);
          certchain.add(usercert);
          CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);
         
          Set trust = new HashSet();
          trust.add(new TrustAnchor(rootCert, null));
         
          CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
View Full Code Here

     *
     */
    public X509Certificate[] getX509Certificates(byte[] data, boolean reverse)
        throws WSSecurityException {
        InputStream in = new ByteArrayInputStream(data);
        CertPath path = null;
        try {
            CertificateFactory factory = CertificateFactory.getInstance("X.509");
            path = factory.generateCertPath(in);
        } catch (CertificateException e) {
            throw new WSSecurityException(
                WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "parseError", null, e
            );
        }
        List l = path.getCertificates();
        X509Certificate[] certs = new X509Certificate[l.size()];
        Iterator iterator = l.iterator();
        for (int i = 0; i < l.size(); i++) {
            certs[(reverse) ? (l.size() - 1 - i) : i] = (X509Certificate) iterator.next();
        }
View Full Code Here

TOP

Related Classes of java.security.cert.CertPath

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.