java.security.cert.CertPathValidatorResult Java Examples
The following examples show how to use
java.security.cert.CertPathValidatorResult.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MyCertPathValidatorSpi.java From j2objc with Apache License 2.0 | 6 votes |
public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { ++sw; if (certPath == null) { if ((sw % 2) == 0) { throw new CertPathValidatorException("certPath null"); } } if (params == null) { if ((sw % 3) == 0) { throw new InvalidAlgorithmParameterException("params null"); } } return null; }
Example #2
Source File: PKIXChainValidation.java From fido2 with GNU Lesser General Public License v2.1 | 5 votes |
public static boolean pkixvalidate(CertPath cp, Set<TrustAnchor> trustAnchorSet, boolean isRevocationChecked, boolean isPolicyQualifiersRejected) { try { CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); //TODO use BCFIPS when "Support for PKIXRevocationChecker //in the CertPath implementation" is added PKIXParameters pkix = new PKIXParameters(trustAnchorSet); if(isRevocationChecked){ PKIXRevocationChecker prc = (PKIXRevocationChecker) cpv.getRevocationChecker(); prc.setOptions(EnumSet.of(PKIXRevocationChecker.Option.PREFER_CRLS, PKIXRevocationChecker.Option.NO_FALLBACK)); pkix.addCertPathChecker(prc); } else{ pkix.setRevocationEnabled(false); } pkix.setPolicyQualifiersRejected(isPolicyQualifiersRejected); pkix.setDate(null); CertPathValidatorResult cpvr = cpv.validate(cp, pkix); if (cpvr != null) { System.out.println("Certificate validated"); return true; } else { System.out.println("Certificate not valid"); return false; } } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException ex) { Logger.getLogger(PKIXChainValidation.class.getName()).log(Level.SEVERE, null, ex); return false; } }
Example #3
Source File: PKIXAttrCertPathValidatorSpi.java From ripple-lib-java with ISC License | 4 votes |
/** * Validates an attribute certificate with the given certificate path. * * <p> * <code>params</code> must be an instance of * <code>ExtendedPKIXParameters</code>. * <p> * The target constraints in the <code>params</code> must be an * <code>X509AttributeCertStoreSelector</code> with at least the attribute * certificate criterion set. Obey that also target informations may be * necessary to correctly validate this attribute certificate. * <p> * The attribute certificate issuer must be added to the trusted attribute * issuers with {@link org.ripple.bouncycastle.x509.ExtendedPKIXParameters#setTrustedACIssuers(java.util.Set)}. * * @param certPath The certificate path which belongs to the attribute * certificate issuer public key certificate. * @param params The PKIX parameters. * @return A <code>PKIXCertPathValidatorResult</code> of the result of * validating the <code>certPath</code>. * @throws java.security.InvalidAlgorithmParameterException if <code>params</code> is * inappropriate for this validator. * @throws java.security.cert.CertPathValidatorException if the verification fails. */ public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { if (!(params instanceof ExtendedPKIXParameters || params instanceof PKIXExtendedParameters)) { throw new InvalidAlgorithmParameterException( "Parameters must be a " + ExtendedPKIXParameters.class.getName() + " instance."); } Set attrCertCheckers = new HashSet(); Set prohibitedACAttrbiutes = new HashSet(); Set necessaryACAttributes = new HashSet(); Set trustedACIssuers = new HashSet(); PKIXExtendedParameters paramsPKIX; if (params instanceof PKIXParameters) { PKIXExtendedParameters.Builder paramsPKIXBldr = new PKIXExtendedParameters.Builder((PKIXParameters)params); if (params instanceof ExtendedPKIXParameters) { ExtendedPKIXParameters extPKIX = (ExtendedPKIXParameters)params; paramsPKIXBldr.setUseDeltasEnabled(extPKIX.isUseDeltasEnabled()); paramsPKIXBldr.setValidityModel(extPKIX.getValidityModel()); attrCertCheckers = extPKIX.getAttrCertCheckers(); prohibitedACAttrbiutes = extPKIX.getProhibitedACAttributes(); necessaryACAttributes = extPKIX.getNecessaryACAttributes(); } paramsPKIX = paramsPKIXBldr.build(); } else { paramsPKIX = (PKIXExtendedParameters)params; } Selector certSelect = paramsPKIX.getTargetConstraints(); if (!(certSelect instanceof X509AttributeCertStoreSelector)) { throw new InvalidAlgorithmParameterException( "TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class."); } X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect) .getAttributeCert(); CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, paramsPKIX); CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, paramsPKIX); X509Certificate issuerCert = (X509Certificate) certPath .getCertificates().get(0); RFC3281CertPathUtilities.processAttrCert3(issuerCert, paramsPKIX); RFC3281CertPathUtilities.processAttrCert4(issuerCert, trustedACIssuers); RFC3281CertPathUtilities.processAttrCert5(attrCert, paramsPKIX); // 6 already done in X509AttributeCertStoreSelector RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, paramsPKIX, attrCertCheckers); RFC3281CertPathUtilities.additionalChecks(attrCert, prohibitedACAttrbiutes, necessaryACAttributes); Date date = null; try { date = CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, null, -1); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException( "Could not get validity date from attribute certificate.", e); } RFC3281CertPathUtilities.checkCRLs(attrCert, paramsPKIX, issuerCert, date, certPath.getCertificates(), helper); return result; }
Example #4
Source File: PKIXAttrCertPathValidatorSpi.java From RipplePower with Apache License 2.0 | 4 votes |
/** * Validates an attribute certificate with the given certificate path. * * <p> * <code>params</code> must be an instance of * <code>ExtendedPKIXParameters</code>. * <p> * The target constraints in the <code>params</code> must be an * <code>X509AttributeCertStoreSelector</code> with at least the attribute * certificate criterion set. Obey that also target informations may be * necessary to correctly validate this attribute certificate. * <p> * The attribute certificate issuer must be added to the trusted attribute * issuers with {@link org.ripple.bouncycastle.x509.ExtendedPKIXParameters#setTrustedACIssuers(java.util.Set)}. * * @param certPath The certificate path which belongs to the attribute * certificate issuer public key certificate. * @param params The PKIX parameters. * @return A <code>PKIXCertPathValidatorResult</code> of the result of * validating the <code>certPath</code>. * @throws java.security.InvalidAlgorithmParameterException if <code>params</code> is * inappropriate for this validator. * @throws java.security.cert.CertPathValidatorException if the verification fails. */ public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { if (!(params instanceof ExtendedPKIXParameters || params instanceof PKIXExtendedParameters)) { throw new InvalidAlgorithmParameterException( "Parameters must be a " + ExtendedPKIXParameters.class.getName() + " instance."); } Set attrCertCheckers = new HashSet(); Set prohibitedACAttrbiutes = new HashSet(); Set necessaryACAttributes = new HashSet(); Set trustedACIssuers = new HashSet(); PKIXExtendedParameters paramsPKIX; if (params instanceof PKIXParameters) { PKIXExtendedParameters.Builder paramsPKIXBldr = new PKIXExtendedParameters.Builder((PKIXParameters)params); if (params instanceof ExtendedPKIXParameters) { ExtendedPKIXParameters extPKIX = (ExtendedPKIXParameters)params; paramsPKIXBldr.setUseDeltasEnabled(extPKIX.isUseDeltasEnabled()); paramsPKIXBldr.setValidityModel(extPKIX.getValidityModel()); attrCertCheckers = extPKIX.getAttrCertCheckers(); prohibitedACAttrbiutes = extPKIX.getProhibitedACAttributes(); necessaryACAttributes = extPKIX.getNecessaryACAttributes(); } paramsPKIX = paramsPKIXBldr.build(); } else { paramsPKIX = (PKIXExtendedParameters)params; } Selector certSelect = paramsPKIX.getTargetConstraints(); if (!(certSelect instanceof X509AttributeCertStoreSelector)) { throw new InvalidAlgorithmParameterException( "TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class."); } X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect) .getAttributeCert(); CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, paramsPKIX); CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, paramsPKIX); X509Certificate issuerCert = (X509Certificate) certPath .getCertificates().get(0); RFC3281CertPathUtilities.processAttrCert3(issuerCert, paramsPKIX); RFC3281CertPathUtilities.processAttrCert4(issuerCert, trustedACIssuers); RFC3281CertPathUtilities.processAttrCert5(attrCert, paramsPKIX); // 6 already done in X509AttributeCertStoreSelector RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, paramsPKIX, attrCertCheckers); RFC3281CertPathUtilities.additionalChecks(attrCert, prohibitedACAttrbiutes, necessaryACAttributes); Date date = null; try { date = CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, null, -1); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException( "Could not get validity date from attribute certificate.", e); } RFC3281CertPathUtilities.checkCRLs(attrCert, paramsPKIX, issuerCert, date, certPath.getCertificates(), helper); return result; }
Example #5
Source File: VerifyNameConstraints.java From jdk8u_jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #6
Source File: ValidateNC.java From jdk8u-jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #7
Source File: ValidateTargetConstraints.java From hottub with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #8
Source File: ValidateNC.java From hottub with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #9
Source File: VerifyNameConstraints.java From openjdk-8-source with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #10
Source File: ValidateTargetConstraints.java From openjdk-8-source with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #11
Source File: ValidateNC.java From openjdk-8-source with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #12
Source File: VerifyNameConstraints.java From openjdk-8 with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #13
Source File: ValidateTargetConstraints.java From openjdk-8 with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #14
Source File: ValidateNC.java From openjdk-8 with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #15
Source File: ValidateTargetConstraints.java From jdk8u_jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #16
Source File: ValidateNC.java From jdk8u_jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #17
Source File: VerifyNameConstraints.java From jdk8u-jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #18
Source File: ValidateTargetConstraints.java From jdk8u-jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #19
Source File: ValidateNC.java From jdk8u-jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #20
Source File: VerifyNameConstraints.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #21
Source File: ValidateTargetConstraints.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #22
Source File: ValidateNC.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #23
Source File: ValidateTargetConstraints.java From openjdk-jdk8u with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #24
Source File: VerifyNameConstraints.java From dragonwell8_jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #25
Source File: ValidateTargetConstraints.java From dragonwell8_jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #26
Source File: ValidateNC.java From dragonwell8_jdk with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #27
Source File: VerifyNameConstraints.java From TencentKona-8 with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #28
Source File: ValidateTargetConstraints.java From TencentKona-8 with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #29
Source File: ValidateNC.java From TencentKona-8 with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
Example #30
Source File: VerifyNameConstraints.java From jdk8u60 with GNU General Public License v2.0 | 3 votes |
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }