Java Code Examples for java.security.cert.PKIXParameters#setDate()

The following examples show how to use java.security.cert.PKIXParameters#setDate() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ValWithAnchorByName.java    From openjdk-jdk9 with GNU General Public License v2.0 7 votes vote down vote up 
private static void runTest(CertificateFactory cf,
        List<X509Certificate> certList, TrustAnchor anchor)
        throws Exception {
    CertPath path = cf.generateCertPath(certList);
    CertPathValidator validator = CertPathValidator.getInstance("PKIX");

    System.out.println(anchor);

    // Attach the OCSP responses to a PKIXParameters object
    PKIXRevocationChecker pkrev =
            (PKIXRevocationChecker)validator.getRevocationChecker();
    Map<X509Certificate, byte[]> responseMap = new HashMap<>();
    responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP));
    responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP));
    pkrev.setOcspResponses(responseMap);
    PKIXParameters params =
            new PKIXParameters(Collections.singleton(anchor));
    params.addCertPathChecker(pkrev);
    params.setDate(EVAL_DATE);

    validator.validate(path, params);
}
Example 2
Source File: JKSValidator.java    From knopflerfish.org with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up 
/**
 * 
 */
private CertPathParameters getCertPathParameters(KeyStore keystore)
  throws GeneralSecurityException
{
  HashSet<TrustAnchor> tas = new HashSet<TrustAnchor>();
  for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements(); ) {
    String name = e.nextElement();
    Certificate c = keystore.getCertificate(name);
    if (c != null) {
      if (trustKeys || keystore.isCertificateEntry(name)) {
        tas.add(new TrustAnchor((X509Certificate)c, null)); 
      }
    }
  }
  PKIXParameters p = new PKIXParameters(tas);
  // NYI! Handle CRLs
  p.setRevocationEnabled(false);
  if (validationDate != null) {
    p.setDate(validationDate);
  }
  return p;
}
Example 3
Source File: CachedCertPathValidator.java    From swellrt with Apache License 2.0 6 votes vote down vote up 
private void validateNoCache(List<? extends X509Certificate> certs)
    throws SignatureException {
  try {
    CertPathValidator validator = CertPathValidator.getInstance(
        VALIDATOR_TYPE);
    PKIXParameters params = new PKIXParameters(trustRoots);
    params.addCertPathChecker(WAVE_OID_CHECKER);
    params.setDate(timeSource.now());

    // turn off default revocation-checking mechanism
    params.setRevocationEnabled(false);

    // TODO: add a way for clients to add certificate revocation checks,
    // perhaps by letting them pass in PKIXCertPathCheckers. This can also be
    // useful to check for Wave-specific certificate extensions.

    CertificateFactory certFactory = CertificateFactory.getInstance(
        CERTIFICATE_TYPE);
    CertPath certPath = certFactory.generateCertPath(certs);
    validator.validate(certPath, params);
  } catch (GeneralSecurityException e) {
    throw new SignatureException("Certificate validation failure", e);
  }
}
Example 4
Source File: CachedCertPathValidator.java    From incubator-retired-wave with Apache License 2.0 6 votes vote down vote up 
private void validateNoCache(List<? extends X509Certificate> certs)
    throws SignatureException {
  try {
    CertPathValidator validator = CertPathValidator.getInstance(
        VALIDATOR_TYPE);
    PKIXParameters params = new PKIXParameters(trustRoots);
    params.addCertPathChecker(WAVE_OID_CHECKER);
    params.setDate(timeSource.now());

    // turn off default revocation-checking mechanism
    params.setRevocationEnabled(false);

    // TODO: add a way for clients to add certificate revocation checks,
    // perhaps by letting them pass in PKIXCertPathCheckers. This can also be
    // useful to check for Wave-specific certificate extensions.

    CertificateFactory certFactory = CertificateFactory.getInstance(
        CERTIFICATE_TYPE);
    CertPath certPath = certFactory.generateCertPath(certs);
    validator.validate(certPath, params);
  } catch (GeneralSecurityException e) {
    throw new SignatureException("Certificate validation failure", e);
  }
}
Example 5
Source File: PKIXChainValidation.java    From fido2 with GNU Lesser General Public License v2.1 5 votes vote down vote up 
public static boolean pkixvalidate(CertPath cp, Set<TrustAnchor> trustAnchorSet,
        boolean isRevocationChecked, boolean isPolicyQualifiersRejected) {
    try {
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");  //TODO use BCFIPS when "Support for PKIXRevocationChecker
                                                                        //in the CertPath implementation" is added

        PKIXParameters pkix = new PKIXParameters(trustAnchorSet);

        if(isRevocationChecked){
            PKIXRevocationChecker prc = (PKIXRevocationChecker) cpv.getRevocationChecker();
            prc.setOptions(EnumSet.of(PKIXRevocationChecker.Option.PREFER_CRLS, PKIXRevocationChecker.Option.NO_FALLBACK));
            pkix.addCertPathChecker(prc);
        }
        else{
            pkix.setRevocationEnabled(false);
        }

        pkix.setPolicyQualifiersRejected(isPolicyQualifiersRejected);
        pkix.setDate(null);
        CertPathValidatorResult cpvr = cpv.validate(cp, pkix);
        if (cpvr != null) {
            System.out.println("Certificate validated");
            return true;
        } else {
            System.out.println("Certificate not valid");
            return false;
        }
    } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException ex) {
        Logger.getLogger(PKIXChainValidation.class.getName()).log(Level.SEVERE, null, ex);
        return false;
    }
}