Package java.security.cert

Examples of java.security.cert.X509CertSelector

208
209
210
211
212
213
214
215
216
217
218
219
        for (X509Certificate rootCertificate : rootCertificates) {
            anchors.add(new TrustAnchor(rootCertificate, null));
        }

        // Prepare to build a certificate path.
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(certificate);
        PKIXBuilderParameters parameters = new PKIXBuilderParameters(anchors, selector);
        parameters.setMaxPathLength(-1);
        parameters.addCertStore(CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(Collections.singletonList(certificate))));
        if (intermediateCertificates != null) {
View Full Code Here
174
175
176
177
178
179
180
181
182
183
184
185
        if (trustAnchors == null || trustAnchors.isEmpty()) {
            throw new GeneralSecurityException(
                    "Unable to validate X509 certificate, no trust anchors found in the PKIX validation information");
        }

        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(untrustedCredential.getEntityCertificate());

        log.trace("Adding trust anchors to PKIX validator parameters");
        PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, selector);

        Integer effectiveVerifyDepth = getEffectiveVerificationDepth(validationInfo);
View Full Code Here
65
66
67
68
69
70
71
72
73
74
75
76
     * @param x509Certificate to check
     * @return the validity state of the certificate
     */
    boolean isCertificateChainValid(List<X509Certificate> certificates) {
        X509Certificate targetCert = certificates.get(0);
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(targetCert);
        try {
            List<X509Certificate> intermediateCerts = certRepo.getCaCerts();
            List<X509Certificate> trustedAuthorityCerts = certRepo.getTrustedCaCerts();
            Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
            CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
View Full Code Here
542
543
544
545
546
547
548
549
550
551
552
                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
                                                                     new X509CertSelector());
            Collection crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
View Full Code Here
476
477
478
479
480
481
482
483
484
485
486
                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
                                                                     new X509CertSelector());
            Collection crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
View Full Code Here
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
                anchors.add(new TrustAnchor((X509Certificate)cert, null));
      }
        }

        final CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
        X509CertSelector targetConstraints = new X509CertSelector();
        targetConstraints.setCertificate(signerCert);
        PKIXBuilderParameters cpbParams =
            new PKIXBuilderParameters(anchors, targetConstraints);

        cpbParams.addCertStore(certs);
        cpbParams.setRevocationEnabled(false);
View Full Code Here
604
605
606
607
608
609
610
611
612
613
614
                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
View Full Code Here
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
                X509Certificate xcert = (X509Certificate) o;
            ksr = certSelect(xcert, sm);
        // check X509IssuerSerial
        } else if (o instanceof X509IssuerSerial) {
            X509IssuerSerial xis = (X509IssuerSerial) o;
            X509CertSelector xcs = new X509CertSelector();
            try {
                xcs.setSubjectPublicKeyAlgID(algOID);
                xcs.setSerialNumber(xis.getSerialNumber());
            xcs.setIssuer(new X500Principal
                (xis.getIssuerName()).getName());
            } catch (IOException ioe) {
            throw new KeySelectorException(ioe);
        }
        ksr = keyStoreSelect(xcs);
        // check X509SubjectName
        } else if (o instanceof String) {
            String sn = (String) o;
            X509CertSelector xcs = new X509CertSelector();
            try {
                xcs.setSubjectPublicKeyAlgID(algOID);
            xcs.setSubject(new X500Principal(sn).getName());
        } catch (IOException ioe) {
            throw new KeySelectorException(ioe);
        }
        ksr = keyStoreSelect(xcs);
        // check X509SKI
        } else if (o instanceof byte[]) {
            byte[] ski = (byte[]) o;
            X509CertSelector xcs = new X509CertSelector();
            try {
                xcs.setSubjectPublicKeyAlgID(algOID);
        } catch (IOException ioe) {
            throw new KeySelectorException(ioe);
        }
        // DER-encode ski - required by X509CertSelector
        byte[] encodedSki = new byte[ski.length+2];
        encodedSki[0] = 0x04; // OCTET STRING tag value
        encodedSki[1] = (byte) ski.length; // length
        System.arraycopy(ski, 0, encodedSki, 2, ski.length);
        xcs.setSubjectKeyIdentifier(encodedSki);
        ksr = keyStoreSelect(xcs);
        // check X509CRL
        // not supported: should use CertPath API
        } else {
            // skip all other entries
View Full Code Here
155
156
157
158
159
160
161
162
163
164
165
166
            X509Certificate cert, Set<X509Certificate> trustedRootCerts,
            Set<X509Certificate> intermediateCerts,
            boolean verifySelfSignedCert) throws GeneralSecurityException {

        // Create the selector that specifies the starting certificate
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(cert);

        // Create the trust anchors (set of root CA certificates)
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        for (X509Certificate trustedRootCert : trustedRootCerts) {
            trustAnchors.add(new TrustAnchor(trustedRootCert, null));
View Full Code Here
473
474
475
476
477
478
479
480
481
482
483
                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
                                                                     new X509CertSelector());
            Collection crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
View Full Code Here
TOP

Related Classes of java.security.cert.X509CertSelector

  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateValidator
  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateVerifier
  • com.facebook.presto.jdbc.internal.jetty.util.ssl.SslContextFactory
  • com.sun.xml.wss.impl.misc.DefaultCallbackHandler$X509CertificateValidatorImpl
  • com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment
  • com.sun.xml.wss.impl.WssProviderSecurityEnvironment
  • gnu.java.security.OID
  • gnu.java.security.x509.ext.GeneralName
  • gnu.java.security.x509.ext.NameConstraints
  • org.apache.cloudstack.network.lb.CertServiceImpl
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.