Package java.security.cert

Examples of java.security.cert.CollectionCertStoreParameters

577
578
579
580
581
582
583
584
585
586
587
        for (int i = 0; i != crls.length; i++)
        {
            certsAndCrls.add(loadCrl(crls[i]));
        }
   
        CertStore  store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certsAndCrls), "BC");
       
        //CertPathValidator validator = CertPathValidator.getInstance("PKIX","BC");
        PKIXCertPathReviewer reviewer;
        PKIXParameters    params = new PKIXParameters(trustedSet);
       
View Full Code Here
663
664
665
666
667
668
669
670
671
672
673
        for (int i = 0; i != crls.length; i++)
        {
            certsAndCrls.add(loadCrl(crls[i]));
        }
   
        CertStore  store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certsAndCrls), "BC");
       
        CertPathValidator validator = CertPathValidator.getInstance("PKIX","BC");
        PKIXParameters    params = new PKIXParameters(trustedSet);
       
        params.addCertStore(store);
View Full Code Here
705
706
707
708
709
710
711
712
713
714
715
        for (int i = 0; i != crls.length; i++)
        {
            certsAndCrls.add(loadCrl(crls[i]));
        }
   
        CertStore  store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certsAndCrls), "BC");

        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");

        X509CertSelector endSelector = new X509CertSelector();
View Full Code Here
177
178
179
180
181
182
183
184
185
186
187
     */
    public static List getCollectionCertStoresList()
        throws InvalidAlgorithmParameterException,
               NoSuchAlgorithmException {
        CertStore cs = CertStore.getInstance("Collection",
                new CollectionCertStoreParameters());
        ArrayList l = new ArrayList();
        if (!l.add(cs)) {
            throw new RuntimeException("Could not create cert stores list");
        }
        return l;
View Full Code Here
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
        selector.setCertificate(targetCert);
        try {
            List<X509Certificate> intermediateCerts = certRepo.getCaCerts();
            List<X509Certificate> trustedAuthorityCerts = certRepo.getTrustedCaCerts();
            Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
            CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
            CertStoreParameters certificateParams = new CollectionCertStoreParameters(certificates);
            PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
            pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
            pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
            pkixParams.setRevocationEnabled(false);
           
            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
            CertPath certPath = builder.build(pkixParams).getCertPath();
           
            // Now validate the CertPath (including CRL checking)
            if (enableRevocation) {
                List<X509CRL> crls = certRepo.getCRLs();
                if (!crls.isEmpty()) {
                    pkixParams.setRevocationEnabled(true);
                    CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
                    pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
                }
            }
               
            CertPathValidator validator = CertPathValidator.getInstance("PKIX");
View Full Code Here
634
635
636
637
638
639
640
641
642
643
644
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
            String trustLength = endpoint.getTrustMaxCertLength();
            if(trustLength != null) {
View Full Code Here
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
               
                if (provider == null || provider.length() == 0) {
                    crlCertStore =
                        CertStore.getInstance(
                            "Collection",
                            new CollectionCertStoreParameters(Collections.singletonList(crl))
                        );
                } else {
                    crlCertStore =
                        CertStore.getInstance(
                            "Collection",
                            new CollectionCertStoreParameters(Collections.singletonList(crl)),
                            provider
                        );
                }
                if (DO_DEBUG) {
                    LOG.debug(
View Full Code Here
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(certificate);
        PKIXBuilderParameters parameters = new PKIXBuilderParameters(anchors, selector);
        parameters.setMaxPathLength(-1);
        parameters.addCertStore(CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(Collections.singletonList(certificate))));
        if (intermediateCertificates != null) {
            parameters.addCertStore(CertStore.getInstance("Collection",
                new CollectionCertStoreParameters(intermediateCertificates)));
        }
        parameters.setRevocationEnabled(false);

        // Build a certificate path.
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
        CertPath path = builder.build(parameters).getCertPath();

        if (disableRevocationCheck) {
            // Disable revocatin check.
            parameters.setRevocationEnabled(false);
        } else {
            // Enable revocation check.
            parameters.setRevocationEnabled(true);

            // Select a method to check revocation status.
            boolean useOCSP = OCSPClient.getOCSPURLs(certificate).size() > 0;
            boolean useCRL = CRLDownloader.getCRLDistributionPoints(certificate).size() > 0;
            if (!useOCSP && !useCRL) {
                throw new NoRevocationStatusException(
                    String.format(messages.getString(
                    "Certificate_has_no_method_to_verify_revocation_status__%s"),
                    CertificateValidator.getCertificateName(certificate)));
            }

            // Select online or offline revocation check.
            if (date == null) {
                // Enable online revocation check.
                Security.setProperty("ocsp.enable", "true");

                // Correct problem with enableCRLDP system property.
                // Once enableCRLDP is true, it cannot be disabled.
                // Must manually download all CRLs.
                System.setProperty("com.sun.security.enableCRLDP", "false");

                // Download manually CRLs.
                Collection<? extends Certificate> certificates = path.getCertificates();
                ArrayList<X509CRL> crls = new ArrayList<X509CRL>();
                for (Certificate c : certificates) {
                    X509CRL crl = CRLDownloader.getCRL((X509Certificate) c);
                    if (crl != null) {
                        crls.add(crl);
                    }
                }
                parameters.addCertStore(CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(crls)));

            } else {
                // Enable validation on a previous date.
                parameters.setDate(date.getTime());

                // Disable online revocation check.
                Security.setProperty("ocsp.enable", "false");
                System.setProperty("com.sun.security.enableCRLDP", "false");

                // Determine the issuer certificate.
                X509Certificate issuerCertificate = null;
                if (path.getCertificates().size() > 1) {
                    // Assign the next certificate in chain as the issuer.
                    issuerCertificate = (X509Certificate) path.getCertificates().get(1);
                } else {
                    // Check if a root certificate is the issuer.
                    for (X509Certificate rootCertificate : rootCertificates) {
                        try {
                            certificate.verify(rootCertificate.getPublicKey());
                            issuerCertificate = rootCertificate;
                            break;
                        } catch (Exception exception) {
                            // Try the next root certificate.
                            continue;
                        }
                    }
                }

                // Perform offline revocation check using stored OCSP responses.
                if (useOCSP) {
                    // Check if offline OCSP responses were provided.
                    if (ocspResponses == null) {
                        throw new NoOCSPResponseException(
                            String.format(messages.getString(
                            "No_OCSP_response_was_provided_to_perform_offline_revocation_check_of_the_certificate__%s"),
                            CertificateValidator.getCertificateName(certificate)));
                    }

                    // Disable standard online revocation check.
                    parameters.setRevocationEnabled(false);

                    // Verify the certificate using OCSP responses.
                    OCSPVerifier verifier = new OCSPVerifier(null, (ArrayList<BasicOCSPResp>) ocspResponses);
                    verifier.setOnlineCheckingAllowed(false);
                    if (verifier.verify(certificate, issuerCertificate, date.getTime()).size() == 0) {
                        throw new NoOCSPResponseException(
                            String.format(messages.getString(
                            "Could_not_find_a_valid_OCSP_response_for_the_certificate__%s"),
                            CertificateValidator.getCertificateName(certificate)));
                    }

                // Enable offline revocation check using CRL.
                } else if (useCRL) {
                    // Check if CRLs were provided.
                    if (certificateRevocationLists == null) {
                        throw new NoCRLException(
                            String.format(messages.getString(
                            "No_certificate_revocation_list_was_provided_to_perform_offline_revocation_check_of_the_certificate__%s"),
                            CertificateValidator.getCertificateName(certificate)));
                    }

                    // Add CRLs to perform offline revocation check.
                    parameters.addCertStore(CertStore.getInstance("Collection",
                        new CollectionCertStoreParameters(certificateRevocationLists)));
                }

                // If it is necessary to verify OCSP responses offline,
                // validate recursively the certificate chain.
                if (ocspResponses != null && ocspResponses.size() > 0
View Full Code Here
325
326
327
328
329
330
331
                && options.isProcessCredentialCRLs()) {
            log.trace("Processing CRL's from untrusted credential");
            addCRLsToStoreMaterial(storeMaterial, untrustedCredential.getCRLs(), now);
        }       
       
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(storeMaterial));
    }
View Full Code Here
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
        selector.setCertificate(targetCert);
        try {
            List<X509Certificate> intermediateCerts = certRepo.getCaCerts();
            List<X509Certificate> trustedAuthorityCerts = certRepo.getTrustedCaCerts();
            Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
            CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
            CertStoreParameters certificateParams = new CollectionCertStoreParameters(certificates);
            PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
            pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
            pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
            pkixParams.setRevocationEnabled(false);
           
            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
            CertPath certPath = builder.build(pkixParams).getCertPath();
           
            // Now validate the CertPath (including CRL checking)
            if (enableRevocation) {
                List<X509CRL> crls = certRepo.getCRLs();
                if (!crls.isEmpty()) {
                    pkixParams.setRevocationEnabled(true);
                    CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
                    pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
                }
            }
               
            CertPathValidator validator = CertPathValidator.getInstance("PKIX");
View Full Code Here
TOP

Related Classes of java.security.cert.CollectionCertStoreParameters

  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateValidator
  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateVerifier
  • CertUtils
  • com.alu.e3.gateway.security.PKIXConfig
  • com.cloudhopper.commons.ssl.CertificateValidator
  • com.cloudhopper.commons.ssl.SslContextFactory
  • com.cloudhopper.smpp.ssl.CertificateValidator
  • com.cloudhopper.smpp.ssl.SslContextFactory
  • com.facebook.presto.jdbc.internal.jetty.util.security.CertificateValidator
  • com.facebook.presto.jdbc.internal.jetty.util.ssl.SslContextFactory
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.