Package java.security.cert

Examples of java.security.cert.CertPathBuilder


                validKeys.add(defaultCRLSignKey);
                continue;
            }
            try
            {
                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
                selector = new X509CertStoreSelector();
                selector.setCertificate(signingCert);
                ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
                temp.setTargetCertConstraints(selector);
                ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters)ExtendedPKIXBuilderParameters
                    .getInstance(temp);
                /*
                 * if signingCert is placed not higher on the cert path a
                 * dependency loop results. CRL for cert is checked, but
                 * signingCert is needed for checking the CRL which is dependent
                 * on checking cert because it is higher in the cert path and so
                 * signing signingCert transitively. so, revocation is disabled,
                 * forgery attacks of the CRL are detected in this outer loop
                 * for all other it must be enabled to prevent forgery attacks
                 */
                if (certPathCerts.contains(signingCert))
                {
                    params.setRevocationEnabled(false);
                }
                else
                {
                    params.setRevocationEnabled(true);
                }
                List certs = builder.build(params).getCertPath().getCertificates();
                validCerts.add(signingCert);
                validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
            }
            catch (CertPathBuilderException e)
            {
View Full Code Here


        testCount++;
        boolean _pass = true;

        try
        {
            CertPathBuilder _cpb = CertPathBuilder.getInstance("PKIX", "BC");
            X509Certificate _ee = decodeCertificate(_data[_data.length - 1]);
            X509CertSelector _select = new X509CertSelector();
            _select.setSubject(_ee.getSubjectX500Principal().getEncoded());

            PKIXBuilderParameters _param = new PKIXBuilderParameters(
                    trustedSet, _select);
            _param.setExplicitPolicyRequired(_explicit);
            _param.addCertStore(makeCertStore(_data));
            _param.setRevocationEnabled(true);
            if (_ipolset != null)
            {
                _param.setInitialPolicies(_ipolset);
            }

            CertPathBuilderResult _result = _cpb.build(_param);

            if (!_accept)
            {
                System.out.println("Accept when it should reject");
                _pass = false;
View Full Code Here

        {
            params.setExplicitPolicyRequired(true);
            params.setInitialPolicies(requirePolicies);
        }
       
        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC")
//      CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","SUN"); 
        PKIXCertPathBuilderResult result = null;
        try
        {
            result = (PKIXCertPathBuilderResult)cpb.build(params);
           
            if (!okay)
            {
                fail(index + ": path validated when failure expected.");
            }
View Full Code Here

        certCol.add(cf.generateCertificate(new ByteArrayInputStream(certA)));
        certCol.add(cf.generateCertificate(new ByteArrayInputStream(certB)));
        certCol.add(cf.generateCertificate(new ByteArrayInputStream(certC)));
        certCol.add(cf.generateCertificate(new ByteArrayInputStream(certD)));

        CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
        X509CertSelector select = new X509CertSelector();
        select.setSubject(((X509Certificate)certCol.get(0)).getSubjectX500Principal().getEncoded());

        Set trustanchors = new HashSet();
        trustanchors.add(new TrustAnchor((X509Certificate)cf.generateCertificate(new ByteArrayInputStream(rootCertBin)), null));

        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certCol));

        PKIXBuilderParameters params = new PKIXBuilderParameters(trustanchors, select);
        params.addCertStore(certStore);

        try
        {
            CertPathBuilderResult result = pathBuilder.build(params);
            CertPath path = result.getCertPath();
            fail("found cert path in circular set");
        }
        catch (CertPathBuilderException e)
        {
View Full Code Here

            certsAndCrls.add(loadCrl(crls[i]));
        }
   
        CertStore  store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certsAndCrls), "BC");

        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");

        X509CertSelector endSelector = new X509CertSelector();

        endSelector.setCertificate(endCert);

        PKIXBuilderParameters builderParams = new PKIXBuilderParameters(trustedSet, endSelector);

        if (initialPolicies != null)
        {
            builderParams.setInitialPolicies(initialPolicies);
            builderParams.setExplicitPolicyRequired(true);
        }
        if (policyMappingInhibited)
        {
            builderParams.setPolicyMappingInhibited(policyMappingInhibited);
        }
        if (anyPolicyInhibited)
        {
            builderParams.setAnyPolicyInhibited(anyPolicyInhibited);
        }

        builderParams.addCertStore(store);

        try
        {
            return (PKIXCertPathBuilderResult)builder.build(builderParams);
        }
        catch (CertPathBuilderException e)
        {
            throw (Exception)e.getCause();
        }
View Full Code Here

            PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
            pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
            pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
            pkixParams.setRevocationEnabled(false);
           
            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
            CertPath certPath = builder.build(pkixParams).getCertPath();
           
            // Now validate the CertPath (including CRL checking)
            if (enableRevocation) {
                List<X509CRL> crls = certRepo.getCRLs();
                if (!crls.isEmpty()) {
View Full Code Here

                new CollectionCertStoreParameters(intermediateCertificates)));
        }
        parameters.setRevocationEnabled(false);

        // Build a certificate path.
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
        CertPath path = builder.build(parameters).getCertPath();

        if (disableRevocationCheck) {
            // Disable revocatin check.
            parameters.setRevocationEnabled(false);
        } else {
View Full Code Here

        try {
            PKIXBuilderParameters params = getPKIXBuilderParameters(validationInfo, untrustedCredential);

            log.trace("Building certificate validation path");

            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
            PKIXCertPathBuilderResult buildResult = (PKIXCertPathBuilderResult) builder.build(params);
            if (log.isDebugEnabled()) {
                logCertPathDebug(buildResult, untrustedCredential.getEntityCertificate());
                log.debug("PKIX validation succeeded for untrusted credential: {}",
                        X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler));
            }           
View Full Code Here

            PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
            pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
            pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
            pkixParams.setRevocationEnabled(false);
           
            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
            CertPath certPath = builder.build(pkixParams).getCertPath();
           
            // Now validate the CertPath (including CRL checking)
            if (enableRevocation) {
                List<X509CRL> crls = certRepo.getCRLs();
                if (!crls.isEmpty()) {
View Full Code Here

          if (cert instanceof X509Certificate) {
                anchors.add(new TrustAnchor((X509Certificate)cert, null));
      }
        }

        final CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
        X509CertSelector targetConstraints = new X509CertSelector();
        targetConstraints.setCertificate(signerCert);
        PKIXBuilderParameters cpbParams =
            new PKIXBuilderParameters(anchors, targetConstraints);

        cpbParams.addCertStore(certs);
        cpbParams.setRevocationEnabled(false);

        // Build path
        PKIXCertPathBuilderResult cpbResult =
            (PKIXCertPathBuilderResult) cpb.build(cpbParams);
        CertPath certPath = cpbResult.getCertPath();

        // Validate path
        final CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
        final PKIXParameters params = new PKIXParameters(anchors);
View Full Code Here

TOP

Related Classes of java.security.cert.CertPathBuilder

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.