Examples of java.security.cert.TrustAnchor

java.security.cert.TrustAnchor
A trust anchor or most-trusted Certification Authority (CA).
This class represents a "most-trusted CA", which is used as a trust anchor for validating X.509 certification paths. A most-trusted CA includes the public key of the CA, the CA's name, and any constraints upon the set of paths which may be validated using this key. These parameters can be specified in the form of a trusted {@code X509Certificate} or asindividual parameters.
Concurrent Access
All {@code TrustAnchor} objects must be immutable andthread-safe. That is, multiple threads may concurrently invoke the methods defined in this class on a single {@code TrustAnchor}object (or more than one) with no ill effects. Requiring {@code TrustAnchor} objects to be immutable and thread-safeallows them to be passed around to various pieces of code without worrying about coordinating access. This stipulation applies to all public fields and methods of this class and any added or overridden by subclasses. @see PKIXParameters#PKIXParameters(Set) @see PKIXBuilderParameters#PKIXBuilderParameters(Set,CertSelector) @since 1.4 @author Sean Mullan

            Set hashSet = new HashSet();
            String[] aliases = getTrustCertificates();
            for (int i = 0; i < aliases.length; i++) {
                Certificate cert = getCertificate(aliases[i]);
                if (cert instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) cert, null));
                }
            }
            PKIXParameters param = new PKIXParameters(hashSet);
            // Do not check a revocation list
            param.setRevocationEnabled(false);

View Full Code Here

                // which isn't useful at all
                Set<TrustAnchor> anchors = new HashSet<TrustAnchor>(); // CertificateUtil.getDefaultRootCAs();
                Jenkins j = Jenkins.getInstance();
                for (String cert : (Set<String>) j.servletContext.getResourcePaths("/WEB-INF/update-center-rootCAs")) {
                    if (cert.endsWith(".txt"))  continue;       // skip text files that are meant to be documentation
                    anchors.add(new TrustAnchor((X509Certificate)cf.generateCertificate(j.servletContext.getResourceAsStream(cert)),null));
                }
                File[] cas = new File(j.root, "update-center-rootCAs").listFiles();
                if (cas!=null) {
                    for (File cert : cas) {
                        if (cert.getName().endsWith(".txt"))  continue;       // skip text files that are meant to be documentation
                        FileInputStream in = new FileInputStream(cert);
                        try {
                            anchors.add(new TrustAnchor((X509Certificate)cf.generateCertificate(in),null));
                        } finally {
                            in.close();
                        }
                    }
                }

View Full Code Here

                while (truststoreAliases.hasMoreElements()) {
                    String alias = truststoreAliases.nextElement();
                    X509Certificate cert = 
                        (X509Certificate) truststore.getCertificate(alias);
                    if (cert != null) {
                        TrustAnchor anchor = 
                            new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                        set.add(anchor);
                    }
                }
            }


            //
            // Add certificates from the keystore - only if there is no TrustStore, apart from
            // the case that the truststore is the JDK CA certs. This behaviour is preserved
            // for backwards compatibility reasons
            //
            if (keystore != null && (truststore == null || loadCACerts)) {
                Enumeration<String> aliases = keystore.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    X509Certificate cert = 
                        (X509Certificate) keystore.getCertificate(alias);
                    if (cert != null) {
                        TrustAnchor anchor = 
                            new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                        set.add(anchor);
                    }
                }
            }

View Full Code Here

        GeneralSecurityException
    {
        // Create a set of trust anchors using the root certificates.
        HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>();
        for (X509Certificate rootCertificate : rootCertificates) {
            anchors.add(new TrustAnchor(rootCertificate, null));
        }


        // Prepare to build a certificate path.
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(certificate);

View Full Code Here

     * 
     * @param cert the certificate which serves as the trust anchor
     * @return the newly constructed TrustAnchor
     */
    protected TrustAnchor buildTrustAnchor(X509Certificate cert) {
        return new TrustAnchor(cert, null);
    }

View Full Code Here

        log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal()));
        for (Certificate cert : buildResult.getCertPath().getCertificates()) {
            log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert)
                    .getSubjectX500Principal()));
        }
        TrustAnchor ta = buildResult.getTrustAnchor();
        if (ta.getTrustedCert() != null) {
            log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal()));
        } else if (ta.getCA() != null) {
            log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA()));
        } else {
            log.debug("TrustAnchor: {}", ta.getCAName());
        }
    }

View Full Code Here

    }


    private Set<TrustAnchor> asTrustAnchors(List<X509Certificate> trustedAuthorityCerts) {
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        for (X509Certificate trustedAuthorityCert : trustedAuthorityCerts) {
            trustAnchors.add(new TrustAnchor(trustedAuthorityCert, null));
        }
        return trustAnchors;
    }

View Full Code Here

            certchain.addAll(cACertChain);
            certchain.add(verCert);
            CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);


            Set<TrustAnchor> trust = new HashSet<TrustAnchor>();
            trust.add(new TrustAnchor(rootCert, null));


            CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
            PKIXParameters param = new PKIXParameters(trust);
            param.addCertStore(store);
            param.setDate(new Date());

View Full Code Here

            throw new CertPathValidatorException("CVC certificate chain can not be of length longer than two.");
          }
        } else {
          // Normal X509 certificates
          HashSet<TrustAnchor> trustancors = new HashSet<TrustAnchor>();
          TrustAnchor trustanchor = null;
          trustanchor = new TrustAnchor((X509Certificate)rootcert, null);
          trustancors.add(trustanchor);


          // Create the parameters for the validator
          PKIXParameters params = new PKIXParameters(trustancors);


          // Disable CRL checking since we are not supplying any CRLs
          params.setRevocationEnabled(false);
          params.setDate( new Date() );


          // Create the validator and validate the path
          CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType(), "BC");
          CertificateFactory fact = CertTools.getCertificateFactory();
          CertPath certpath = fact.generateCertPath(calist);


          CertPathValidatorResult result = certPathValidator.validate(certpath, params);


          // Get the certificates validate in the path
          PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult)result;
          returnval.addAll(certpath.getCertificates());


          // Get the CA used to validate this path
          TrustAnchor ta = pkixResult.getTrustAnchor();
          X509Certificate cert = ta.getTrustedCert();
          returnval.add(cert);
        }
      }
      return returnval;
    } // createCertChain

View Full Code Here


        final Set<TrustAnchor> anchors
                = new HashSet<TrustAnchor>();
        for (Certificate cert : trustedCerts) {
          if (cert instanceof X509Certificate) {
                anchors.add(new TrustAnchor((X509Certificate)cert, null));
      }
        }


        final CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
        X509CertSelector targetConstraints = new X509CertSelector();

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of java.security.cert.TrustAnchor

br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateValidator

br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateVerifier

BuildOddSel

com.adito.boot.SSLTrustManager

com.alu.e3.gateway.security.PKIXConfig

com.gitblit.utils.X509Utils

com.google.step2.xmlsimplesign.CachedCertPathValidator

com.maverick.ssl.SSLTransportTrustManager

demo.sts.provider.cert.CertificateVerifier

gnu.java.security.provider.PKIXCertPathValidatorImpl

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.