sun.security.validator.Validator Java Examples
The following examples show how to use
sun.security.validator.Validator.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TrustManagerFactoryImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #2
| Source File: TrustManagerFactoryImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #3
| Source File: TrustManagerFactoryImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #4
| Source File: TrustManagerFactoryImpl.java From Bytecoder with Apache License 2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #5
| Source File: TrustManagerFactoryImpl.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #6
| Source File: TrustManagerFactoryImpl.java From hottub with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #7
| Source File: TrustManagerFactoryImpl.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #8
| Source File: TrustManagerFactoryImpl.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #9
| Source File: ConstraintsParameters.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public ConstraintsParameters(X509Certificate c, boolean match,
Date pkixdate, Timestamp jarTime, String variant) {
cert = c;
trustedMatch = match;
pkixDate = pkixdate;
jarTimestamp = jarTime;
this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
algorithm = null;
algParams = null;
publicKey = null;
}
Example #10
| Source File: ConstraintsParameters.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
public ConstraintsParameters(X509Certificate c, boolean match,
Date pkixdate, Timestamp jarTime, String variant) {
cert = c;
trustedMatch = match;
pkixDate = pkixdate;
jarTimestamp = jarTime;
this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
algorithm = null;
algParams = null;
publicKey = null;
}
Example #11
| Source File: DistributionPointFetcher.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the X509CRLs matching this selector. The selector must be
* an X509CRLSelector with certificateChecking set.
*/
// Called by com.sun.deploy.security.RevocationChecker
public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
boolean signFlag,
PublicKey prevKey,
String provider,
List<CertStore> certStores,
boolean[] reasonsMask,
Set<TrustAnchor> trustAnchors,
Date validity)
throws CertStoreException
{
return getCRLs(selector, signFlag, prevKey, null, provider, certStores,
reasonsMask, trustAnchors, validity, Validator.VAR_GENERIC);
}
Example #12
| Source File: ConstraintsParameters.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
public ConstraintsParameters(String algorithm, AlgorithmParameters params,
Key key, String variant) {
this.algorithm = algorithm;
algParams = params;
this.publicKey = key;
cert = null;
trustedMatch = false;
pkixDate = null;
jarTimestamp = null;
this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
}
Example #13
| Source File: ConstraintsParameters.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public ConstraintsParameters(X509Certificate c, boolean match,
Date pkixdate, Timestamp jarTime, String variant) {
cert = c;
trustedMatch = match;
pkixDate = pkixdate;
jarTimestamp = jarTime;
this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
algorithm = null;
algParams = null;
publicKey = null;
}
Example #14
| Source File: DisabledAlgorithmConstraints.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
String extendedMsg(ConstraintsParameters cp) {
return (cp.getCertificate() == null ? "." :
" used with certificate: " +
cp.getCertificate().getSubjectX500Principal() +
(cp.getVariant() != Validator.VAR_GENERIC ?
". Usage was " + cp.getVariant() : "."));
}
Example #15
| Source File: SSLContextImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
private void checkAlgorithmConstraints(X509Certificate[] chain,
AlgorithmConstraints constraints,
boolean checkClientTrusted) throws CertificateException {
try {
// Does the certificate chain end with a trusted certificate?
int checkedLength = chain.length - 1;
Collection<X509Certificate> trustedCerts = new HashSet<>();
X509Certificate[] certs = tm.getAcceptedIssuers();
if ((certs != null) && (certs.length > 0)){
Collections.addAll(trustedCerts, certs);
}
if (trustedCerts.contains(chain[checkedLength])) {
checkedLength--;
}
// A forward checker, need to check from trust to target
if (checkedLength >= 0) {
AlgorithmChecker checker =
new AlgorithmChecker(constraints, null,
(checkClientTrusted ? Validator.VAR_TLS_CLIENT :
Validator.VAR_TLS_SERVER));
checker.init(false);
for (int i = checkedLength; i >= 0; i--) {
Certificate cert = chain[i];
// We don't care about the unresolved critical extensions.
checker.check(cert, Collections.<String>emptySet());
}
}
} catch (CertPathValidatorException cpve) {
throw new CertificateException(
"Certificates do not conform to algorithm constraints", cpve);
}
}
Example #16
| Source File: CertReplace.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* @param args {cacerts keystore, cert chain}
*/
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
Validator v = Validator.getInstance
(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
X509Certificate[] chain = createPath(args[1]);
System.out.println("Chain: ");
for (X509Certificate c: v.validate(chain)) {
System.out.println(" " + c.getSubjectX500Principal() +
" issued by " + c.getIssuerX500Principal());
}
}
Example #17
| Source File: DistributionPointFetcher.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the X509CRLs matching this selector. The selector must be
* an X509CRLSelector with certificateChecking set.
*/
// Called by com.sun.deploy.security.RevocationChecker
public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
boolean signFlag,
PublicKey prevKey,
String provider,
List<CertStore> certStores,
boolean[] reasonsMask,
Set<TrustAnchor> trustAnchors,
Date validity)
throws CertStoreException
{
return getCRLs(selector, signFlag, prevKey, null, provider, certStores,
reasonsMask, trustAnchors, validity, Validator.VAR_GENERIC);
}
Example #18
| Source File: X509KeyManagerImpl.java From Bytecoder with Apache License 2.0 | 5 votes |
|
public String getValidator() {
if (this == CLIENT) {
return Validator.VAR_TLS_CLIENT;
} else if (this == SERVER) {
return Validator.VAR_TLS_SERVER;
}
return Validator.VAR_GENERIC;
}
Example #19
| Source File: CertReplace.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* @param args {cacerts keystore, cert chain}
*/
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
Validator v = Validator.getInstance
(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
X509Certificate[] chain = createPath(args[1]);
System.out.println("Chain: ");
for (X509Certificate c: v.validate(chain)) {
System.out.println(" " + c.getSubjectX500Principal() +
" issued by " + c.getIssuerX500Principal());
}
}
Example #20
| Source File: DisabledAlgorithmConstraints.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public void permits(ConstraintsParameters cp)
throws CertPathValidatorException {
for (String usage : usages) {
String v = null;
if (usage.compareToIgnoreCase("TLSServer") == 0) {
v = Validator.VAR_TLS_SERVER;
} else if (usage.compareToIgnoreCase("TLSClient") == 0) {
v = Validator.VAR_TLS_CLIENT;
} else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
v = Validator.VAR_PLUGIN_CODE_SIGNING;
}
if (debug != null) {
debug.println("Checking if usage constraint \"" + v +
"\" matches \"" + cp.getVariant() + "\"");
// Because usage checking can come from many places
// a stack trace is very helpful.
ByteArrayOutputStream ba = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(ba);
(new Exception()).printStackTrace(ps);
debug.println(ba.toString());
}
if (cp.getVariant().compareTo(v) == 0) {
if (next(cp)) {
return;
}
throw new CertPathValidatorException("Usage constraint " +
usage + " check failed: " + algorithm +
extendedMsg(cp),
null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
}
Example #21
| Source File: AlgorithmChecker.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Create a new {@code AlgorithmChecker} with the
* given {@code TrustAnchor}, {@code AlgorithmConstraints},
* {@code Timestamp}, and {@code String} variant.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
* @param pkixdate The date specified by the PKIXParameters date. If the
* PKIXParameters is null, the current date is used. This
* should be null when jar files are being checked.
* @param jarTimestamp Timestamp passed for JAR timestamp constraint
* checking. Set to null if not applicable.
* @param variant is the Validator variants of the operation. A null value
* passed will set it to Validator.GENERIC.
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints, Date pkixdate,
Timestamp jarTimestamp, String variant) {
if (anchor != null) {
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
this.trustedPubKey = anchor.getCAPublicKey();
}
} else {
this.trustedPubKey = null;
if (debug != null) {
debug.println("TrustAnchor is null, trustedMatch is false.");
}
}
this.prevPubKey = this.trustedPubKey;
this.constraints = (constraints == null ? certPathDefaultConstraints :
constraints);
// If we are checking jar files, set pkixdate the same as the timestamp
// for certificate checking
this.pkixdate = (jarTimestamp != null ? jarTimestamp.getTimestamp() :
pkixdate);
this.jarTimestamp = jarTimestamp;
this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
}
Example #22
| Source File: DistributionPointFetcher.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the X509CRLs matching this selector. The selector must be
* an X509CRLSelector with certificateChecking set.
*/
// Called by com.sun.deploy.security.RevocationChecker
public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
boolean signFlag,
PublicKey prevKey,
String provider,
List<CertStore> certStores,
boolean[] reasonsMask,
Set<TrustAnchor> trustAnchors,
Date validity)
throws CertStoreException
{
return getCRLs(selector, signFlag, prevKey, null, provider, certStores,
reasonsMask, trustAnchors, validity, Validator.VAR_GENERIC);
}
Example #23
| Source File: CertReplace.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* @param args {cacerts keystore, cert chain}
*/
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
Validator v = Validator.getInstance
(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
X509Certificate[] chain = createPath(args[1]);
System.out.println("Chain: ");
for (X509Certificate c: v.validate(chain)) {
System.out.println(" " + c.getSubjectX500Principal() +
" issued by " + c.getIssuerX500Principal());
}
}
Example #24
| Source File: X509KeyManagerImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public String getValidator() {
if (this == CLIENT) {
return Validator.VAR_TLS_CLIENT;
} else if (this == SERVER) {
return Validator.VAR_TLS_SERVER;
}
return Validator.VAR_GENERIC;
}
Example #25
| Source File: SSLContextImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
private void checkAlgorithmConstraints(X509Certificate[] chain,
AlgorithmConstraints constraints,
boolean checkClientTrusted) throws CertificateException {
try {
// Does the certificate chain end with a trusted certificate?
int checkedLength = chain.length - 1;
Collection<X509Certificate> trustedCerts = new HashSet<>();
X509Certificate[] certs = tm.getAcceptedIssuers();
if ((certs != null) && (certs.length > 0)){
Collections.addAll(trustedCerts, certs);
}
if (trustedCerts.contains(chain[checkedLength])) {
checkedLength--;
}
// A forward checker, need to check from trust to target
if (checkedLength >= 0) {
AlgorithmChecker checker =
new AlgorithmChecker(constraints, null,
(checkClientTrusted ? Validator.VAR_TLS_CLIENT :
Validator.VAR_TLS_SERVER));
checker.init(false);
for (int i = checkedLength; i >= 0; i--) {
Certificate cert = chain[i];
// We don't care about the unresolved critical extensions.
checker.check(cert, Collections.<String>emptySet());
}
}
} catch (CertPathValidatorException cpve) {
throw new CertificateException(
"Certificates do not conform to algorithm constraints", cpve);
}
}
Example #26
| Source File: DisabledAlgorithmConstraints.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
@Override
public void permits(ConstraintsParameters cp)
throws CertPathValidatorException {
for (String usage : usages) {
String v = null;
if (usage.compareToIgnoreCase("TLSServer") == 0) {
v = Validator.VAR_TLS_SERVER;
} else if (usage.compareToIgnoreCase("TLSClient") == 0) {
v = Validator.VAR_TLS_CLIENT;
} else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
v = Validator.VAR_PLUGIN_CODE_SIGNING;
}
if (debug != null) {
debug.println("Checking if usage constraint \"" + v +
"\" matches \"" + cp.getVariant() + "\"");
// Because usage checking can come from many places
// a stack trace is very helpful.
ByteArrayOutputStream ba = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(ba);
(new Exception()).printStackTrace(ps);
debug.println(ba.toString());
}
if (cp.getVariant().compareTo(v) == 0) {
if (next(cp)) {
return;
}
throw new CertPathValidatorException("Usage constraint " +
usage + " check failed: " + algorithm +
extendedMsg(cp),
null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
}
Example #27
| Source File: CertReplace.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* @param args {cacerts keystore, cert chain}
*/
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
Validator v = Validator.getInstance
(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
X509Certificate[] chain = createPath(args[1]);
System.out.println("Chain: ");
for (X509Certificate c: v.validate(chain)) {
System.out.println(" " + c.getSubjectX500Principal() +
" issued by " + c.getIssuerX500Principal());
}
}
Example #28
| Source File: DistributionPointFetcher.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the X509CRLs matching this selector. The selector must be
* an X509CRLSelector with certificateChecking set.
*/
// Called by com.sun.deploy.security.RevocationChecker
public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
boolean signFlag,
PublicKey prevKey,
String provider,
List<CertStore> certStores,
boolean[] reasonsMask,
Set<TrustAnchor> trustAnchors,
Date validity)
throws CertStoreException
{
return getCRLs(selector, signFlag, prevKey, null, provider, certStores,
reasonsMask, trustAnchors, validity, Validator.VAR_GENERIC);
}
Example #29
| Source File: CertReplace.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* @param args {cacerts keystore, cert chain}
*/
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
Validator v = Validator.getInstance
(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
X509Certificate[] chain = createPath(args[1]);
System.out.println("Chain: ");
for (X509Certificate c: v.validate(chain)) {
System.out.println(" " + c.getSubjectX500Principal() +
" issued by " + c.getIssuerX500Principal());
}
}
Example #30
| Source File: CertReplace.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* @param args {cacerts keystore, cert chain}
*/
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(args[0]), "changeit".toCharArray());
Validator v = Validator.getInstance
(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks);
X509Certificate[] chain = createPath(args[1]);
System.out.println("Chain: ");
for (X509Certificate c: v.validate(chain)) {
System.out.println(" " + c.getSubjectX500Principal() +
" issued by " + c.getIssuerX500Principal());
}
}
