Package java.security.cert

Examples of java.security.cert.X509CertSelector

295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
    private KeySelectorResult x509DataSelect(X509Data xd, SignatureMethod sm)
  throws KeyStoreException, KeySelectorException {

  // convert signature algorithm to compatible public-key alg OID
  String algOID = getPKAlgorithmOID(sm.getAlgorithm());
        X509CertSelector subjectcs = new X509CertSelector();
  try {
            subjectcs.setSubjectPublicKeyAlgID(algOID);
        } catch (IOException ioe) {
      throw new KeySelectorException(ioe);
  }
        Collection certs = new ArrayList();

        Iterator xi = xd.getContent().iterator();
        while (xi.hasNext()) {
            Object o = xi.next();
      // check X509IssuerSerial
      if (o instanceof X509IssuerSerial) {
          X509IssuerSerial xis = (X509IssuerSerial) o;
          try {
              subjectcs.setSerialNumber(xis.getSerialNumber());
        String issuer = new X500Principal(xis.getIssuerName()).getName();
        // strip off newline
        if (issuer.endsWith("\n")) {
      issuer = new String
          (issuer.toCharArray(), 0, issuer.length()-1);
        }
        subjectcs.setIssuer(issuer);
          } catch (IOException ioe) {
        throw new KeySelectorException(ioe);
    }
      // check X509SubjectName
      } else if (o instanceof String) {
          String sn = (String) o;
          try {
        String subject = new X500Principal(sn).getName();
        // strip off newline
        if (subject.endsWith("\n")) {
      subject = new String
          (subject.toCharArray(), 0, subject.length()-1);
        }
        subjectcs.setSubject(subject);
    } catch (IOException ioe) {
        throw new KeySelectorException(ioe);
    }
      // check X509SKI
      } else if (o instanceof byte[]) {
          byte[] ski = (byte[]) o;
    // DER-encode ski - required by X509CertSelector
    byte[] encodedSki = new byte[ski.length+2];
    encodedSki[0] = 0x04; // OCTET STRING tag value
    encodedSki[1] = (byte) ski.length; // length
    System.arraycopy(ski, 0, encodedSki, 2, ski.length);
    subjectcs.setSubjectKeyIdentifier(encodedSki);
      } else if (o instanceof X509Certificate) {
    certs.add((X509Certificate) o);
      // check X509CRL
      // not supported: should use CertPath API
      } else {
          // skip all other entries
          continue;
      }
  }
  KeySelectorResult ksr = keyStoreSelect(subjectcs);
  if (ksr != null) {
      return ksr;
  }
  if (!certs.isEmpty() && !trusted) {
      // try to find public key in certs in X509Data
      Iterator i = certs.iterator();
      while (i.hasNext()) {
    X509Certificate cert = (X509Certificate) i.next();
    if (subjectcs.match(cert)) {
        return new SimpleKeySelectorResult(cert.getPublicKey());
    }
      }
  }
  return null;
View Full Code Here
115
116
117
118
119
120
121
122
123
124
125
126
                } catch (KeyStoreException ex) {
                    securityLogger.log(Level.SEVERE, null, ex);
                    throw new CertificateException(ex);
                }
            }
            X509CertSelector certSelector = new X509CertSelector();
            certSelector.setCertificate(certificate);
            PKIXBuilderParameters parameters;
            CertPathBuilder builder = null;
            CertPathValidator certValidator = null;
            CertPath certPath = null;
            List<Certificate> certChainList = new ArrayList<Certificate>();
View Full Code Here
643
644
645
646
647
648
649
650
651
652
653
                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
View Full Code Here
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
    private Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
    {
        Collection trustColl = new ArrayList();
        Iterator it = trustanchors.iterator();
       
        X509CertSelector certSelectX509 = new X509CertSelector();

        try
        {
            certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
        }
        catch (IOException ex)
        {
            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");
            throw new CertPathReviewerException(msg);
        }

        while (it.hasNext())
        {
            TrustAnchor trust = (TrustAnchor) it.next();
            if (trust.getTrustedCert() != null)
            {
                if (certSelectX509.match(trust.getTrustedCert()))
                {
                    trustColl.add(trust);
                }
            }
            else if (trust.getCAName() != null && trust.getCAPublicKey() != null)
View Full Code Here
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
        Iterator iter = trustAnchors.iterator();
        TrustAnchor trust = null;
        PublicKey trustPublicKey = null;
        Exception invalidKeyEx = null;

        X509CertSelector certSelectX509 = new X509CertSelector();

        try
        {
            certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
        }
        catch (IOException ex)
        {
            throw new CertPathValidatorException(ex);
        }

        while (iter.hasNext() && trust == null)
        {
            trust = (TrustAnchor) iter.next();
            if (trust.getTrustedCert() != null)
            {
                if (certSelectX509.match(trust.getTrustedCert()))
                {
                    trustPublicKey = trust.getTrustedCert().getPublicKey();
                }
                else
                {
View Full Code Here
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
            CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(
                    list);
            CertStore store = CertStore.getInstance("Collection", ccsp, "BC");

            // Searching for rootCert by subjectDN
            X509CertSelector targetConstraints = new X509CertSelector();
            targetConstraints.setSubject(rootCert.getSubjectX500Principal().getName());
            Collection certs = store.getCertificates(targetConstraints);
            if (certs.size() != 1 || !certs.contains(rootCert))
            {
                return new SimpleTestResult(false, this.getName()
                        + ": rootCert not found by subjectDN");
            }

            // Searching for rootCert by subjectDN encoded as byte
            targetConstraints = new X509CertSelector();
            targetConstraints.setSubject(rootCert.getSubjectX500Principal()
                    .getEncoded());
            certs = store.getCertificates(targetConstraints);
            if (certs.size() != 1 || !certs.contains(rootCert))
            {
                return new SimpleTestResult(false, this.getName()
                        + ": rootCert not found by encoded subjectDN");
            }

            // Searching for rootCert by public key encoded as byte
            targetConstraints = new X509CertSelector();
            targetConstraints.setSubjectPublicKey(rootCert.getPublicKey()
                    .getEncoded());
            certs = store.getCertificates(targetConstraints);
            if (certs.size() != 1 || !certs.contains(rootCert))
            {
                return new SimpleTestResult(false, this.getName()
                        + ": rootCert not found by encoded public key");
            }

            // Searching for interCert by issuerDN
            targetConstraints = new X509CertSelector();
            targetConstraints.setIssuer(rootCert.getSubjectX500Principal()
                    .getEncoded());
            certs = store.getCertificates(targetConstraints);
            if (certs.size() != 2)
            {
                return new SimpleTestResult(false, this.getName()
View Full Code Here
184
185
186
187
188
189
190
191
192
193
194
195
            pathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
        } catch (Exception e) {
            throw new MessagingException("Error during the creation of the certpathbuilder.", e);
        }
       
        X509CertSelector xcs = new X509CertSelector();
        xcs.setCertificate(cert);
        PKIXBuilderParameters params = new PKIXBuilderParameters(trustedStore, xcs);
        params.addCertStore(store);
        params.setRevocationEnabled(false);
       
        try {
View Full Code Here
179
180
181
182
183
184
185
186
187
188
189
190
   
            if (certList.isEmpty()) {
                throw new IllegalStateException("Invalid certificate chain");
            }
   
            X509CertSelector certSelect = new X509CertSelector();
            certSelect.setCertificate(certList.get(0));
           
            // Configure certification path builder parameters
            PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore, certSelect);
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));
   
View Full Code Here
89
90
91
92
93
94
95
96
97
98
99
100
    }
  }

  protected PKIXCertPathValidatorResult getValidatorResult(final Certificate[] chain) throws GeneralSecurityException {
    X509Certificate certificate = (X509Certificate) chain[0];
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(certificate);

    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    boolean localCA = Conditions.isEmpty(this.trustCerts);

    if (!localCA) {
View Full Code Here
220
221
222
223
224
225
226
227
228
229
230
     * @return The parameters including the CRLs and TrustStore.
     */
    protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
        CertPathParameters params;
        if ("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);
View Full Code Here
TOP

Related Classes of java.security.cert.X509CertSelector

  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateValidator
  • br.net.woodstock.rockframework.security.cert.impl.PKIXCertificateVerifier
  • com.facebook.presto.jdbc.internal.jetty.util.ssl.SslContextFactory
  • com.sun.xml.wss.impl.misc.DefaultCallbackHandler$X509CertificateValidatorImpl
  • com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment
  • com.sun.xml.wss.impl.WssProviderSecurityEnvironment
  • gnu.java.security.OID
  • gnu.java.security.x509.ext.GeneralName
  • gnu.java.security.x509.ext.NameConstraints
  • org.apache.cloudstack.network.lb.CertServiceImpl
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.