Java Code Examples for sun.security.provider.certpath.PKIX.ValidatorParams#trustAnchors()
The following examples show how to use
sun.security.provider.certpath.PKIX.ValidatorParams#trustAnchors() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PKIXCertPathValidator.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 2
Source File: PKIXCertPathValidator.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 3
Source File: PKIXCertPathValidator.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 4
Source File: PKIXCertPathValidator.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 5
Source File: PKIXCertPathValidator.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 6
Source File: PKIXCertPathValidator.java From Bytecoder with Apache License 2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null && Debug.isVerbose()) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 7
Source File: PKIXCertPathValidator.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 8
Source File: PKIXCertPathValidator.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 9
Source File: PKIXCertPathValidator.java From hottub with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 10
Source File: PKIXCertPathValidator.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); // check the validity period selector.setValidityPeriod(firstCert.getNotBefore(), firstCert.getNotAfter()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.parseAuthorityKeyIdentifierExtension( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 11
Source File: PKIXCertPathValidator.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); // check the validity period selector.setValidityPeriod(firstCert.getNotBefore(), firstCert.getNotAfter()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.parseAuthorityKeyIdentifierExtension( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 12
Source File: PKIXCertPathValidator.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 13
Source File: PKIXCertPathValidator.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 14
Source File: PKIXCertPathValidator.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.setSkiAndSerialNumber( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }
Example 15
Source File: PKIXCertPathValidator.java From j2objc with Apache License 2.0 | 4 votes |
private static PKIXCertPathValidatorResult validate(ValidatorParams params) throws CertPathValidatorException { if (debug != null) debug.println("PKIXCertPathValidator.engineValidate()..."); // Retrieve the first certificate in the certpath // (to be used later in pre-screening) AdaptableX509CertSelector selector = null; List<X509Certificate> certList = params.certificates(); if (!certList.isEmpty()) { selector = new AdaptableX509CertSelector(); X509Certificate firstCert = certList.get(0); // check trusted certificate's subject selector.setSubject(firstCert.getIssuerX500Principal()); // check the validity period selector.setValidityPeriod(firstCert.getNotBefore(), firstCert.getNotAfter()); /* * Facilitate certification path construction with authority * key identifier and subject key identifier. */ try { X509CertImpl firstCertImpl = X509CertImpl.toImpl(firstCert); selector.parseAuthorityKeyIdentifierExtension( firstCertImpl.getAuthorityKeyIdentifierExtension()); } catch (CertificateException | IOException e) { // ignore } } CertPathValidatorException lastException = null; // We iterate through the set of trust anchors until we find // one that works at which time we stop iterating for (TrustAnchor anchor : params.trustAnchors()) { X509Certificate trustedCert = anchor.getTrustedCert(); if (trustedCert != null) { // if this trust anchor is not worth trying, // we move on to the next one if (selector != null && !selector.match(trustedCert)) { if (debug != null) { debug.println("NO - don't try this trustedCert"); } continue; } if (debug != null) { debug.println("YES - try this trustedCert"); debug.println("anchor.getTrustedCert()." + "getSubjectX500Principal() = " + trustedCert.getSubjectX500Principal()); } } else { if (debug != null) { debug.println("PKIXCertPathValidator.engineValidate(): " + "anchor.getTrustedCert() == null"); } } try { return validate(anchor, params); } catch (CertPathValidatorException cpe) { // remember this exception lastException = cpe; } } // could not find a trust anchor that verified // (a) if we did a validation and it failed, use that exception if (lastException != null) { throw lastException; } // (b) otherwise, generate new exception throw new CertPathValidatorException ("Path does not chain with any of the trust anchors", null, null, -1, PKIXReason.NO_TRUST_ANCHOR); }