Package java.security.cert

Examples of java.security.cert.PKIXBuilderParameters


         delegate.init(spec);
      }
      else
      {
         CertPathTrustManagerParameters parameters = (CertPathTrustManagerParameters) spec;
         PKIXBuilderParameters oldParams = (PKIXBuilderParameters) parameters.getParameters();

         PKIXBuilderParameters xparams = null;
         try
         {
            xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
            xparams.setAnyPolicyInhibited(oldParams.isAnyPolicyInhibited());
            xparams.setCertPathCheckers(oldParams.getCertPathCheckers());
            xparams.setCertStores(oldParams.getCertStores());
            xparams.setDate(oldParams.getDate());
            xparams.setExplicitPolicyRequired(oldParams.isExplicitPolicyRequired());
            xparams.setInitialPolicies(oldParams.getInitialPolicies());
            xparams.setMaxPathLength(oldParams.getMaxPathLength());
            xparams.setPolicyMappingInhibited(oldParams.isPolicyMappingInhibited());
            xparams.setPolicyQualifiersRejected(oldParams.getPolicyQualifiersRejected());
            xparams.setRevocationEnabled(oldParams.isRevocationEnabled());
            xparams.setSigProvider(oldParams.getSigProvider());
         }
         catch (KeyStoreException ke)
         {
            log.error("Error initializing TrustManagerFactory", ke);
         }
View Full Code Here


                                                String crlf,
                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
            String trustLength = endpoint.getTrustMaxCertLength();
            if(trustLength != null) {
                try {
                    xparams.setMaxPathLength(Integer.parseInt(trustLength));
                } catch(Exception ex) {
                    log.warn("Bad maxCertLength: "+trustLength);
                }
            }
View Full Code Here

   * @throws GeneralSecurityException in case of errors
   * @see #setRevocationEnabled(boolean)
   */
  protected PKIXBuilderParameters createBuilderParameters(KeyStore trustStore, X509CertSelector certSelector)
      throws GeneralSecurityException {
    return new PKIXBuilderParameters(trustStore, certSelector);
  }
View Full Code Here

            }

            X509CertSelector certSelector = new X509CertSelector();
            certSelector.setCertificate(certificate);

            PKIXBuilderParameters parameters;
            CertPathBuilder builder;
            try {
              parameters = createBuilderParameters(trustStore, certSelector);
              parameters.setRevocationEnabled(revocationEnabled);
                builder = CertPathBuilder.getInstance("PKIX");
            }
            catch (GeneralSecurityException ex) {
                throw new CertificateValidationCallback.CertificateValidationException(
                        "Could not create PKIX CertPathBuilder", ex);
View Full Code Here

                } catch(IOException ioe) {
                    // Ignore
                }
            }

            PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(ks, new X509CertSelector());

            if (caCrlFile.exists()) {
                log.log(Level.FINE, "read certificate revocation list from {0}", caCrlFile);
                in = new FileInputStream(caCrlFile);

                try {
                    Collection crls = certFac.generateCRLs(in);

                    CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(crls);
                    CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

                    pkixParams.setRevocationEnabled(true);
                    pkixParams.addCertStore(certStore);
                } finally {
                    try {
                        in.close();
                    } catch(IOException ioe) {
                        // Ignore
                    }
                }
            } else {
                // crl file does not exists, disable revocation
                pkixParams.setRevocationEnabled(false);
            }

            // Wrap them as trust manager parameters
            ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(pkixParams);
            TrustManagerFactory fac = TrustManagerFactory.getInstance("PKIX");
View Full Code Here

            CertPathBuilder _cpb = CertPathBuilder.getInstance("PKIX", "BC");
            X509Certificate _ee = decodeCertificate(_data[_data.length - 1]);
            X509CertSelector _select = new X509CertSelector();
            _select.setSubject(_ee.getSubjectX500Principal().getEncoded());

            PKIXBuilderParameters _param = new PKIXBuilderParameters(
                    trustedSet, _select);
            _param.setExplicitPolicyRequired(_explicit);
            _param.addCertStore(makeCertStore(_data));
            _param.setRevocationEnabled(true);
            if (_ipolset != null)
            {
                _param.setInitialPolicies(_ipolset);
            }

            CertPathBuilderResult _result = _cpb.build(_param);

            if (!_accept)
View Full Code Here

        trust.add(new TrustAnchor(caCert, null));

        CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
        //PKIXParameters param = new PKIXParameters(trust);

        PKIXBuilderParameters param = new PKIXBuilderParameters(trust, null);
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(crlCaCert);
        param.setTargetCertConstraints(certSelector);
        param.addCertStore(store);
        param.setRevocationEnabled(true);
        param.setDate(validDate.getTime());

        PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)cpv.validate(cp, param);
    }
View Full Code Here

        trust.add(new TrustAnchor(rootCert, null));

        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC");
        X509CertSelector targetConstraints = new X509CertSelector();
        targetConstraints.setSubject(finalCert.getSubjectX500Principal().getEncoded());
        PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
        params.addCertStore(store);
        params.setDate(validDate.getTime());
        PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
        CertPath                  path = result.getCertPath();

        if (path.getCertificates().size() != 2)
        {
View Full Code Here

        CertPathBuilder  builder = CertPathBuilder.getInstance("PKIX", "BC");
        X509CertSelector pathConstraints = new X509CertSelector();

        pathConstraints.setSubject(endCert.getSubjectX500Principal().getEncoded());

        PKIXBuilderParameters buildParams = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(rootCert, null)), pathConstraints);

        buildParams.addCertStore(store);
        buildParams.setDate(new Date());

        PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult)builder.build(buildParams);
        CertPath                  path = result.getCertPath();

        if (path.getCertificates().size() != 2)
View Full Code Here

        X509CertSelector endSelector = new X509CertSelector();

        endSelector.setCertificate(endCert);

        PKIXBuilderParameters builderParams = new PKIXBuilderParameters(trustedSet, endSelector);

        if (initialPolicies != null)
        {
            builderParams.setInitialPolicies(initialPolicies);
            builderParams.setExplicitPolicyRequired(true);
        }
        if (policyMappingInhibited)
        {
            builderParams.setPolicyMappingInhibited(policyMappingInhibited);
        }
        if (anyPolicyInhibited)
        {
            builderParams.setAnyPolicyInhibited(anyPolicyInhibited);
        }

        builderParams.addCertStore(store);
        builderParams.setDate(new GregorianCalendar(2010, 1, 1).getTime());

        try
        {
            return (PKIXCertPathBuilderResult)builder.build(builderParams);
        }
View Full Code Here

TOP

Related Classes of java.security.cert.PKIXBuilderParameters

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.