Java Code Examples for java.security.cert.PKIXCertPathChecker#check()

The following examples show how to use java.security.cert.PKIXCertPathChecker#check() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PKIXMasterCertPathValidator.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Validates a certification path consisting exclusively of
 * <code>X509Certificate</code>s using the specified
 * <code>PKIXCertPathChecker</code>s. It is assumed that the
 * <code>PKIXCertPathChecker</code>s
 * have been initialized with any input parameters they may need.
 *
 * @param cpOriginal the original X509 CertPath passed in by the user
 * @param reversedCertList the reversed X509 CertPath (as a List)
 * @param certPathCheckers the PKIXCertPathCheckers
 * @throws CertPathValidatorException if cert path does not validate
 */
static void validate(CertPath cpOriginal,
                     List<X509Certificate> reversedCertList,
                     List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    // we actually process reversedCertList, but we keep cpOriginal because
    // we need to return the original certPath when we throw an exception.
    // we will also need to modify the index appropriately when we
    // throw an exception.

    int cpSize = reversedCertList.size();

    if (debug != null) {
        debug.println("--------------------------------------------------"
              + "------------");
        debug.println("Executing PKIX certification path validation "
              + "algorithm.");
    }

    for (int i = 0; i < cpSize; i++) {

        /* The basic loop algorithm is that we get the
         * current certificate, we verify the current certificate using
         * information from the previous certificate and from the state,
         * and we modify the state for the next loop by setting the
         * current certificate of this loop to be the previous certificate
         * of the next loop. The state is initialized during first loop.
         */
        if (debug != null)
            debug.println("Checking cert" + (i+1) + " ...");

        X509Certificate currCert = reversedCertList.get(i);
        Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
        if (unresCritExts == null) {
            unresCritExts = Collections.<String>emptySet();
        }

        if (debug != null && !unresCritExts.isEmpty()) {
            debug.println("Set of critical extensions:");
            for (String oid : unresCritExts) {
                debug.println(oid);
            }
        }

        for (int j = 0; j < certPathCheckers.size(); j++) {

            PKIXCertPathChecker currChecker = certPathCheckers.get(j);
            if (debug != null) {
                debug.println("-Using checker" + (j + 1) + " ... [" +
                    currChecker.getClass().getName() + "]");
            }

            if (i == 0)
                currChecker.init(false);

            try {
                currChecker.check(currCert, unresCritExts);

                if (debug != null) {
                    debug.println("-checker" + (j + 1) +
                        " validation succeeded");
                }

            } catch (CertPathValidatorException cpve) {
                throw new CertPathValidatorException(cpve.getMessage(),
                    cpve.getCause(), cpOriginal, cpSize - (i + 1),
                    cpve.getReason());
            }
        }

        if (!unresCritExts.isEmpty()) {
            throw new CertPathValidatorException("unrecognized " +
                "critical extension(s)", null, cpOriginal, cpSize-(i+1),
                PKIXReason.UNRECOGNIZED_CRIT_EXT);
        }

        if (debug != null)
            debug.println("\ncert" + (i+1) + " validation succeeded.\n");
    }

    if (debug != null) {
        debug.println("Cert path validation succeeded. (PKIX validation "
                      + "algorithm)");
        debug.println("-------------------------------------------------"
                      + "-------------");
    }
}
 
Example 2
Source File: PKIXMasterCertPathValidator.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Validates a certification path consisting exclusively of
 * <code>X509Certificate</code>s using the specified
 * <code>PKIXCertPathChecker</code>s. It is assumed that the
 * <code>PKIXCertPathChecker</code>s
 * have been initialized with any input parameters they may need.
 *
 * @param cpOriginal the original X509 CertPath passed in by the user
 * @param reversedCertList the reversed X509 CertPath (as a List)
 * @param certPathCheckers the PKIXCertPathCheckers
 * @throws CertPathValidatorException if cert path does not validate
 */
static void validate(CertPath cpOriginal,
                     List<X509Certificate> reversedCertList,
                     List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    // we actually process reversedCertList, but we keep cpOriginal because
    // we need to return the original certPath when we throw an exception.
    // we will also need to modify the index appropriately when we
    // throw an exception.

    int cpSize = reversedCertList.size();

    if (debug != null) {
        debug.println("--------------------------------------------------"
              + "------------");
        debug.println("Executing PKIX certification path validation "
              + "algorithm.");
    }

    for (int i = 0; i < cpSize; i++) {

        /* The basic loop algorithm is that we get the
         * current certificate, we verify the current certificate using
         * information from the previous certificate and from the state,
         * and we modify the state for the next loop by setting the
         * current certificate of this loop to be the previous certificate
         * of the next loop. The state is initialized during first loop.
         */
        if (debug != null)
            debug.println("Checking cert" + (i+1) + " ...");

        X509Certificate currCert = reversedCertList.get(i);
        Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
        if (unresCritExts == null) {
            unresCritExts = Collections.<String>emptySet();
        }

        if (debug != null && !unresCritExts.isEmpty()) {
            debug.println("Set of critical extensions:");
            for (String oid : unresCritExts) {
                debug.println(oid);
            }
        }

        for (int j = 0; j < certPathCheckers.size(); j++) {

            PKIXCertPathChecker currChecker = certPathCheckers.get(j);
            if (debug != null) {
                debug.println("-Using checker" + (j + 1) + " ... [" +
                    currChecker.getClass().getName() + "]");
            }

            if (i == 0)
                currChecker.init(false);

            try {
                currChecker.check(currCert, unresCritExts);

                if (debug != null) {
                    debug.println("-checker" + (j + 1) +
                        " validation succeeded");
                }

            } catch (CertPathValidatorException cpve) {
                throw new CertPathValidatorException(cpve.getMessage(),
                    cpve.getCause(), cpOriginal, cpSize - (i + 1),
                    cpve.getReason());
            }
        }

        if (!unresCritExts.isEmpty()) {
            throw new CertPathValidatorException("unrecognized " +
                "critical extension(s)", null, cpOriginal, cpSize-(i+1),
                PKIXReason.UNRECOGNIZED_CRIT_EXT);
        }

        if (debug != null)
            debug.println("\ncert" + (i+1) + " validation succeeded.\n");
    }

    if (debug != null) {
        debug.println("Cert path validation succeeded. (PKIX validation "
                      + "algorithm)");
        debug.println("-------------------------------------------------"
                      + "-------------");
    }
}
 
Example 3
Source File: PKIXCertPathCheckerTest.java    From j2objc with Apache License 2.0 4 votes vote down vote up
public final void testCheck() throws CertPathValidatorException {
    PKIXCertPathChecker pc = TestUtils.getTestCertPathChecker();
    pc.check(new MyCertificate("", null), new HashSet<String>());
}