Java Code Examples for sun.security.provider.certpath.PKIX.ValidatorParams#initialPolicies()

The following examples show how to use sun.security.provider.certpath.PKIX.ValidatorParams#initialPolicies() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PKIXCertPathValidator.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
            params.timestamp(), params.variant()));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);

    // the time that the certificate validity period should be
    // checked against
    Date timeToCheck = null;
    // use timestamp if checking signed code that is timestamped, otherwise
    // use date parameter from PKIXParameters
    if ((params.variant() == Validator.VAR_CODE_SIGNING ||
         params.variant() == Validator.VAR_PLUGIN_CODE_SIGNING) &&
         params.timestamp() != null) {
        timeToCheck = params.timestamp().getTimestamp();
    } else {
        timeToCheck = params.date();
    }
    BasicChecker bc = new BasicChecker(anchor, timeToCheck,
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 2
Source File: PKIXCertPathValidator.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
            params.timestamp(), params.variant()));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);

    // the time that the certificate validity period should be
    // checked against
    Date timeToCheck = null;
    // use timestamp if checking signed code that is timestamped, otherwise
    // use date parameter from PKIXParameters
    if ((params.variant() == Validator.VAR_CODE_SIGNING ||
         params.variant() == Validator.VAR_PLUGIN_CODE_SIGNING) &&
         params.timestamp() != null) {
        timeToCheck = params.timestamp().getTimestamp();
    } else {
        timeToCheck = params.date();
    }
    BasicChecker bc = new BasicChecker(anchor, timeToCheck,
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 3
Source File: PKIXCertPathValidator.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 4
Source File: PKIXCertPathValidator.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
            params.timestamp(), params.variant()));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);

    // the time that the certificate validity period should be
    // checked against
    Date timeToCheck = null;
    // use timestamp if checking signed code that is timestamped, otherwise
    // use date parameter from PKIXParameters
    if ((params.variant() == Validator.VAR_CODE_SIGNING ||
         params.variant() == Validator.VAR_PLUGIN_CODE_SIGNING) &&
         params.timestamp() != null) {
        timeToCheck = params.timestamp().getTimestamp();
    } else {
        timeToCheck = params.date();
    }
    BasicChecker bc = new BasicChecker(anchor, timeToCheck,
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 5
Source File: PKIXCertPathValidator.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
            params.timestamp(), params.variant()));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc;
    bc = new BasicChecker(anchor,
            (params.timestamp() == null ? params.date() :
                    params.timestamp().getTimestamp()),
            params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 6
Source File: PKIXCertPathValidator.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
            params.timestamp(), params.variant()));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc;
    bc = new BasicChecker(anchor,
            (params.timestamp() == null ? params.date() :
                    params.timestamp().getTimestamp()),
            params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 7
Source File: PKIXCertPathValidator.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 8
Source File: PKIXCertPathValidator.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 9
Source File: PKIXCertPathValidator.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(new UntrustedChecker());
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 10
Source File: PKIXCertPathValidator.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(new UntrustedChecker());
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 11
Source File: PKIXCertPathValidator.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    // check if anchor is untrusted
    UntrustedChecker untrustedChecker = new UntrustedChecker();
    X509Certificate anchorCert = anchor.getTrustedCert();
    if (anchorCert != null) {
        untrustedChecker.check(anchorCert);
    }

    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(untrustedChecker);
    certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
            params.timestamp(), params.variant()));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);

    // the time that the certificate validity period should be
    // checked against
    Date timeToCheck = null;
    // use timestamp if checking signed code that is timestamped, otherwise
    // use date parameter from PKIXParameters
    if ((params.variant() == Validator.VAR_CODE_SIGNING ||
         params.variant() == Validator.VAR_PLUGIN_CODE_SIGNING) &&
         params.timestamp() != null) {
        timeToCheck = params.timestamp().getTimestamp();
    } else {
        timeToCheck = params.date();
    }
    BasicChecker bc = new BasicChecker(anchor, timeToCheck,
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 12
Source File: PKIXCertPathValidator.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(new UntrustedChecker());
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 13
Source File: PKIXCertPathValidator.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(new UntrustedChecker());
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}
 
Example 14
Source File: PKIXCertPathValidator.java    From j2objc with Apache License 2.0 4 votes vote down vote up
private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                                    ValidatorParams params)
    throws CertPathValidatorException
{
    int certPathLen = params.certificates().size();

    // create PKIXCertPathCheckers
    List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
    // add standard checkers that we will be using
    certPathCheckers.add(new UntrustedChecker());
    certPathCheckers.add(new AlgorithmChecker(anchor));
    certPathCheckers.add(new KeyChecker(certPathLen,
                                        params.targetCertConstraints()));
    certPathCheckers.add(new ConstraintsChecker(certPathLen));
    PolicyNodeImpl rootNode =
        new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, false,
                           Collections.singleton(PolicyChecker.ANY_POLICY),
                           false);
    PolicyChecker pc = new PolicyChecker(params.initialPolicies(),
                                         certPathLen,
                                         params.explicitPolicyRequired(),
                                         params.policyMappingInhibited(),
                                         params.anyPolicyInhibited(),
                                         params.policyQualifiersRejected(),
                                         rootNode);
    certPathCheckers.add(pc);
    // default value for date is current time
    BasicChecker bc = new BasicChecker(anchor, params.date(),
                                       params.sigProvider(), false);
    certPathCheckers.add(bc);

    boolean revCheckerAdded = false;
    List<PKIXCertPathChecker> checkers = params.certPathCheckers();
    for (PKIXCertPathChecker checker : checkers) {
        if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            revCheckerAdded = true;
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, params);
            }
        }
    }
    // only add a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (params.revocationEnabled() && !revCheckerAdded) {
        certPathCheckers.add(new RevocationChecker(anchor, params));
    }
    // add user-specified checkers
    certPathCheckers.addAll(checkers);

    PKIXMasterCertPathValidator.validate(params.certPath(),
                                         params.certificates(),
                                         certPathCheckers);

    return new PKIXCertPathValidatorResult(anchor, pc.getPolicyTree(),
                                           bc.getPublicKey());
}