Examples of java.security.cert.TrustAnchor

• java.security.cert.TrustAnchor
  A trust anchor or most-trusted Certification Authority (CA).

  This class represents a "most-trusted CA", which is used as a trust anchor for validating X.509 certification paths. A most-trusted CA includes the public key of the CA, the CA's name, and any constraints upon the set of paths which may be validated using this key. These parameters can be specified in the form of a trusted {@code X509Certificate} or asindividual parameters.

  Concurrent Access

  All {@code TrustAnchor} objects must be immutable andthread-safe. That is, multiple threads may concurrently invoke the methods defined in this class on a single {@code TrustAnchor}object (or more than one) with no ill effects. Requiring {@code TrustAnchor} objects to be immutable and thread-safeallows them to be passed around to various pieces of code without worrying about coordinating access. This stipulation applies to all public fields and methods of this class and any added or overridden by subclasses. @see PKIXParameters#PKIXParameters(Set) @see PKIXBuilderParameters#PKIXBuilderParameters(Set,CertSelector) @since 1.4 @author Sean Mullan

              certchain.addAll(cACertChain);
              certchain.add(verCert);
              CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);

              Set trust = new HashSet();
              trust.add(new TrustAnchor(rootCert, null));

              CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
              PKIXParameters param = new PKIXParameters(trust);
              param.addCertStore(store);
              param.setDate(new Date());

       certchain.addAll(cACertChain);
       certchain.add(usercert);
       CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);

       Set trust = new HashSet();
       trust.add(new TrustAnchor(rootCert, null));

       CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
       PKIXParameters param = new PKIXParameters(trust);
       param.addCertStore(store);
       param.setDate(new Date());

          certchain.addAll(cACertChain);
          certchain.add(usercert);
          CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);

          Set trust = new HashSet();
          trust.add(new TrustAnchor(rootCert, null));

          CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
          PKIXParameters param = new PKIXParameters(trust);
          param.addCertStore(store);
          param.setDate(date);

                Enumeration cacertsAliases = this.cacerts.aliases();
                while (cacertsAliases.hasMoreElements()) {
                    String alias = (String) cacertsAliases.nextElement();
                    X509Certificate cert =
                        (X509Certificate) this.cacerts.getCertificate(alias);
                    TrustAnchor anchor =
                        new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                    set.add(anchor);
                }
            }

            // Add certificates from the keystore
            Enumeration aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String alias = (String) aliases.nextElement();
                X509Certificate cert =
                    (X509Certificate) this.keystore.getCertificate(alias);
                TrustAnchor anchor =
                    new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                set.add(anchor);
            }

            PKIXParameters param = new PKIXParameters(set);

                while (truststoreAliases.hasMoreElements()) {
                    String alias = truststoreAliases.nextElement();
                    X509Certificate cert =
                        (X509Certificate) truststore.getCertificate(alias);
                    if (cert != null) {
                        TrustAnchor anchor =
                            new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                        set.add(anchor);
                    }
                }
            }

            //
            // Add certificates from the keystore - only if there is no TrustStore, apart from
            // the case that the truststore is the JDK CA certs. This behaviour is preserved
            // for backwards compatibility reasons
            //
            if (keystore != null && (truststore == null || loadCACerts)) {
                Enumeration<String> aliases = keystore.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    X509Certificate cert =
                        (X509Certificate) keystore.getCertificate(alias);
                    if (cert != null) {
                        TrustAnchor anchor =
                            new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                        set.add(anchor);
                    }
                }
            }

            Enumeration cacertsAliases = this.cacerts.aliases();
            while (cacertsAliases.hasMoreElements()) {
                String alias = (String) cacertsAliases.nextElement();
                X509Certificate cert = (X509Certificate) this.cacerts
                        .getCertificate(alias);
                TrustAnchor anchor = new TrustAnchor(cert, cert
                        .getExtensionValue("NameConstraints"));
                set.add(anchor);
            }

            // Add certificates from the keystore
            Enumeration aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String alias = (String) aliases.nextElement();
                X509Certificate cert = (X509Certificate) this.keystore
                        .getCertificate(alias);
                TrustAnchor anchor = new TrustAnchor(cert, cert
                        .getExtensionValue("NameConstraints"));
                set.add(anchor);
            }

            PKIXParameters param = new PKIXParameters(set);

        selector.setCertificate(cert);

        // Create the trust anchors (set of root CA certificates)
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        for (X509Certificate trustedRootCert : trustedRootCerts) {
            trustAnchors.add(new TrustAnchor(trustedRootCert, null));
        }

        // Configure the PKIX certificate builder algorithm parameters
        PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(
                trustAnchors, selector);

                X500Principal certIssuerName =
                        currCert.getIssuerX500Principal();
                while (anchors.hasNext() &&
                        (!haveIssuerCert || !haveResponderCert)) {

                    TrustAnchor anchor = (TrustAnchor) anchors.next();
                    X509Certificate anchorCert = anchor.getTrustedCert();
                    X500Principal anchorSubjectName =
                            anchorCert.getSubjectX500Principal();

                    // Check if this anchor cert is the issuer cert
                    if (!haveIssuerCert && certIssuerName.equals(anchorSubjectName)) {

                while (truststoreAliases.hasMoreElements()) {
                    String alias = truststoreAliases.nextElement();
                    X509Certificate cert =
                        (X509Certificate) truststore.getCertificate(alias);
                    if (cert != null) {
                        TrustAnchor anchor =
                            new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                        set.add(anchor);
                    }
                }
            }

            //
            // Add certificates from the keystore - only if there is no TrustStore, apart from
            // the case that the truststore is the JDK CA certs. This behaviour is preserved
            // for backwards compatibility reasons
            //
            if (keystore != null && (truststore == null || loadCACerts)) {
                Enumeration<String> aliases = keystore.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    X509Certificate cert =
                        (X509Certificate) keystore.getCertificate(alias);
                    if (cert != null) {
                        TrustAnchor anchor =
                            new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                        set.add(anchor);
                    }
                }
            }

            CertPath path = getCertificateFactory().generateCertPath(certList);

            Set<TrustAnchor> set = new HashSet<TrustAnchor>();
            if (trustedCerts != null) {
                for (X509Certificate cert : trustedCerts) {
                    TrustAnchor anchor =
                        new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID));
                    set.add(anchor);
                }
            }

            PKIXParameters param = new PKIXParameters(set);