Examples of java.security.cert.X509CertSelector

• java.security.cert.X509CertSelector
  @com.intel.drl.spec_ref

        TrustManager[] managers = null;
        if (trustStore != null) {
            // Revocation checking is only supported for PKIX algorithm
            if (sslConfig.isValidatePeerCerts() &&
    sslConfig.getTrustManagerFactoryAlgorithm().equalsIgnoreCase("PKIX")) {
                PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
                // Set maximum certification path length
                pbParams.setMaxPathLength(sslConfig.getMaxCertPathLength());
                // Make sure revocation checking is enabled
                pbParams.setRevocationEnabled(true);

                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);

            }else{
                throw new XWSSecurityException("Validation of self signed certificate failed");
            }
        }

        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(cert);

        PKIXBuilderParameters parameters;
        CertPathBuilder builder = null;
        CertPathValidator certValidator = null;
        CertPath certPath = null;

                    log.log(Level.SEVERE,LogStringsMessages.WSS_1533_X_509_SELF_SIGNED_CERTIFICATE_NOT_VALID());
                    throw new CertificateValidationCallback.CertificateValidationException("Validation of self signed certificate failed");
                }
            }

            X509CertSelector certSelector = new X509CertSelector();
            certSelector.setCertificate(certificate);

            PKIXBuilderParameters parameters;
            CertPathValidator certValidator = null;
            CertPath certPath = null;
            List<Certificate> certChainList = new ArrayList<Certificate>();

                throw new XWSSecurityException("Validation of self signed certificate failed");
            }
        }

        //check keyUsage
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(cert);
        PKIXBuilderParameters parameters;
        CertPathValidator certPathValidator = null;
        CertPath certPath = null;
        List<Certificate> certChainList = new ArrayList<Certificate>();
        boolean caFound = false;

        if (trustAnchors == null || trustAnchors.isEmpty()) {
            throw new GeneralSecurityException(
                    "Unable to validate X509 certificate, no trust anchors found in the PKIX validation information");
        }

        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(untrustedCredential.getEntityCertificate());

        log.trace("Adding trust anchors to PKIX validator parameters");
        PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, selector);

        Integer effectiveVerifyDepth = getEffectiveVerificationDepth(validationInfo);

                                        logger.info("verifying revokation status via CRL for X509 public key " + signingcert.getSubjectDN().toString());

                                        Security.setProperty("ocsp.enable", "false");
                                        System.setProperty("com.sun.security.enableCRLDP", "true");

                                        X509CertSelector targetConstraints = new X509CertSelector();
                                        targetConstraints.setCertificate(signingcert);
                                        PKIXParameters params = new PKIXParameters(GetTrustStore());
                                        params.setRevocationEnabled(true);
                                        CertPath certPath = cf.generateCertPath(Arrays.asList(signingcert));

                                        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());

                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
                                                                     new X509CertSelector());
            Collection crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);

                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);

        // Get subject key identifier from certificate
        byte[] skid = XMLX509SKI.getSKIBytesFromCert(cert);

        // Use X509CertSelector to match on certificate using the skid,
        // thereby testing that the returned skid was correct
        X509CertSelector xcs = new X509CertSelector();
        // DER-encode skid - required by X509CertSelector
        byte[] encodedSkid = new byte[skid.length+2];
        encodedSkid[0] = 0x04; // OCTET STRING tag value
        encodedSkid[1] = (byte) skid.length; // length
        System.arraycopy(skid, 0, encodedSkid, 2, skid.length);
        xcs.setSubjectKeyIdentifier(encodedSkid);

        CertStore cs = CertStore.getInstance(
            "Collection",
            new CollectionCertStoreParameters(Collections.singleton(cert)));