Java 类java.security.cert.TrustAnchor 实例源码
项目:the-vigilantes
文件:ExportControlled.java
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException {
this.origTm = tm;
this.verifyServerCert = verifyServerCertificate;
if (verifyServerCertificate) {
try {
Set<TrustAnchor> anch = new HashSet<TrustAnchor>();
for (X509Certificate cert : tm.getAcceptedIssuers()) {
anch.add(new TrustAnchor(cert, null));
}
this.validatorParams = new PKIXParameters(anch);
this.validatorParams.setRevocationEnabled(false);
this.validator = CertPathValidator.getInstance("PKIX");
this.certFactory = CertificateFactory.getInstance("X.509");
} catch (Exception e) {
throw new CertificateException(e);
}
}
}
项目:cwac-netsecurity
文件:TrustManagerImpl.java
/**
* Check the trustedCertificateIndex for the cert to see if it is
* already trusted and failing that check the KeyStore if it is
* available.
*/
private TrustAnchor findTrustAnchorBySubjectAndPublicKey(X509Certificate cert) {
TrustAnchor trustAnchor = trustedCertificateIndex.findBySubjectAndPublicKey(cert);
if (trustAnchor != null) {
return trustAnchor;
}
if (trustedCertificateStore == null) {
// not trusted and no TrustedCertificateStore to check
return null;
}
// probe KeyStore for a cert. AndroidCAStore stores its
// contents hashed by cert subject on the filesystem to make
// this faster than scanning all key store entries.
X509Certificate systemCert = trustedCertificateStore.getTrustAnchor(cert);
if (systemCert != null) {
// Don't index the system certificate here, that way the only place that adds anchors to
// the index are findAllTrustAnchorsByIssuerAndSignature.
// This allows findAllTrustAnchorsByIssuerAndSignature to avoid checking the
// TrustedCertificateStore if the TrustedCertificateIndex contains any issuers for the
// certificate because it will have cached all certificates contained in the
// TrustedCertificateStore.
return new TrustAnchor(systemCert, null);
}
return null;
}
项目:conscrypt
文件:TrustManagerImpl.java
/**
* Check the trustedCertificateIndex for the cert to see if it is
* already trusted and failing that check the KeyStore if it is
* available.
*/
private TrustAnchor findTrustAnchorBySubjectAndPublicKey(X509Certificate cert) {
TrustAnchor trustAnchor = trustedCertificateIndex.findBySubjectAndPublicKey(cert);
if (trustAnchor != null) {
return trustAnchor;
}
if (trustedCertificateStore == null) {
// not trusted and no TrustedCertificateStore to check
return null;
}
// probe KeyStore for a cert. AndroidCAStore stores its
// contents hashed by cert subject on the filesystem to make
// this faster than scanning all key store entries.
X509Certificate systemCert = trustedCertificateStore.getTrustAnchor(cert);
if (systemCert != null) {
// Don't index the system certificate here, that way the only place that adds anchors to
// the index are findAllTrustAnchorsByIssuerAndSignature.
// This allows findAllTrustAnchorsByIssuerAndSignature to avoid checking the
// TrustedCertificateStore if the TrustedCertificateIndex contains any issuers for the
// certificate because it will have cached all certificates contained in the
// TrustedCertificateStore.
return new TrustAnchor(systemCert, null);
}
return null;
}
项目:ipack
文件:ExtendedPKIXParameters.java
/**
* Sets the trusted attribute certificate issuers. If attribute certificates
* is verified the trusted AC issuers must be set.
* <p>
* The <code>trustedACIssuers</code> must be a <code>Set</code> of
* <code>TrustAnchor</code>
* <p>
* The given set is cloned.
*
* @param trustedACIssuers The trusted AC issuers to set. Is never
* <code>null</code>.
* @throws ClassCastException if an element of <code>stores</code> is not
* a <code>TrustAnchor</code>.
*/
public void setTrustedACIssuers(Set trustedACIssuers)
{
if (trustedACIssuers == null)
{
this.trustedACIssuers.clear();
return;
}
for (Iterator it = trustedACIssuers.iterator(); it.hasNext();)
{
if (!(it.next() instanceof TrustAnchor))
{
throw new ClassCastException("All elements of set must be "
+ "of type " + TrustAnchor.class.getName() + ".");
}
}
this.trustedACIssuers.clear();
this.trustedACIssuers.addAll(trustedACIssuers);
}
项目:ipack
文件:RFC3281CertPathUtilities.java
protected static void processAttrCert4(X509Certificate acIssuerCert,
ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
{
Set set = pkixParams.getTrustedACIssuers();
boolean trusted = false;
for (Iterator it = set.iterator(); it.hasNext();)
{
TrustAnchor anchor = (TrustAnchor) it.next();
if (acIssuerCert.getSubjectX500Principal().getName("RFC2253")
.equals(anchor.getCAName())
|| acIssuerCert.equals(anchor.getTrustedCert()))
{
trusted = true;
}
}
if (!trusted)
{
throw new CertPathValidatorException(
"Attribute certificate issuer is not directly trusted.");
}
}
项目:OpenVertretung
文件:ExportControlled.java
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException {
this.origTm = tm;
this.verifyServerCert = verifyServerCertificate;
if (verifyServerCertificate) {
try {
Set<TrustAnchor> anch = new HashSet<TrustAnchor>();
for (X509Certificate cert : tm.getAcceptedIssuers()) {
anch.add(new TrustAnchor(cert, null));
}
this.validatorParams = new PKIXParameters(anch);
this.validatorParams.setRevocationEnabled(false);
this.validator = CertPathValidator.getInstance("PKIX");
this.certFactory = CertificateFactory.getInstance("X.509");
} catch (Exception e) {
throw new CertificateException(e);
}
}
}
项目:lams
文件:CertPathPKIXTrustEvaluator.java
/**
* Creates the collection of trust anchors to use during validation.
*
* @param validationInfo PKIX validation information
*
* @return trust anchors to use during validation
*/
protected Set<TrustAnchor> getTrustAnchors(PKIXValidationInformation validationInfo) {
Collection<X509Certificate> validationCertificates = validationInfo.getCertificates();
log.trace("Constructing trust anchors for PKIX validation");
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate cert : validationCertificates) {
trustAnchors.add(buildTrustAnchor(cert));
}
if (log.isTraceEnabled()) {
for (TrustAnchor anchor : trustAnchors) {
log.trace("TrustAnchor: {}", anchor.toString());
}
}
return trustAnchors;
}
项目:lams
文件:CertPathPKIXTrustEvaluator.java
/**
* Log information from the constructed cert path at level debug.
*
* @param buildResult the PKIX cert path builder result containing the cert path and trust anchor
* @param targetCert the cert untrusted certificate that was being evaluated
*/
private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) {
log.debug("Built valid PKIX cert path");
log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal()));
for (Certificate cert : buildResult.getCertPath().getCertificates()) {
log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert)
.getSubjectX500Principal()));
}
TrustAnchor ta = buildResult.getTrustAnchor();
if (ta.getTrustedCert() != null) {
log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal()));
} else if (ta.getCA() != null) {
log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA()));
} else {
log.debug("TrustAnchor: {}", ta.getCAName());
}
}
项目:ProyectoPacientes
文件:ExportControlled.java
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException {
this.origTm = tm;
this.verifyServerCert = verifyServerCertificate;
if (verifyServerCertificate) {
try {
Set<TrustAnchor> anch = new HashSet<TrustAnchor>();
for (X509Certificate cert : tm.getAcceptedIssuers()) {
anch.add(new TrustAnchor(cert, null));
}
this.validatorParams = new PKIXParameters(anch);
this.validatorParams.setRevocationEnabled(false);
this.validator = CertPathValidator.getInstance("PKIX");
this.certFactory = CertificateFactory.getInstance("X.509");
} catch (Exception e) {
throw new CertificateException(e);
}
}
}
项目:OpenJSharp
文件:AlgorithmChecker.java
/**
* Create a new <code>AlgorithmChecker</code> with the
* given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
*
* @throws IllegalArgumentException if the <code>anchor</code> is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
}
this.prevPubKey = trustedPubKey;
this.constraints = constraints;
}
项目:OpenJSharp
文件:AlgorithmChecker.java
/**
* Try to set the trust anchor of the checker.
* <p>
* If there is no trust anchor specified and the checker has not started,
* set the trust anchor.
*
* @param anchor the trust anchor selected to validate the target
* certificate
*/
void trySetTrustAnchor(TrustAnchor anchor) {
// Don't bother if the check has started or trust anchor has already
// specified.
if (prevPubKey == null) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
// Don't bother to change the trustedPubKey.
if (anchor.getTrustedCert() != null) {
prevPubKey = anchor.getTrustedCert().getPublicKey();
} else {
prevPubKey = anchor.getCAPublicKey();
}
}
}
项目:OpenJSharp
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
super(buildParams);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.trustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
comparator = new PKIXCertComparator(trustedSubjectDNs);
this.searchAllCertStores = searchAllCertStores;
}
项目:BibliotecaPS
文件:ExportControlled.java
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException {
this.origTm = tm;
this.verifyServerCert = verifyServerCertificate;
if (verifyServerCertificate) {
try {
Set<TrustAnchor> anch = new HashSet<TrustAnchor>();
for (X509Certificate cert : tm.getAcceptedIssuers()) {
anch.add(new TrustAnchor(cert, null));
}
this.validatorParams = new PKIXParameters(anch);
this.validatorParams.setRevocationEnabled(false);
this.validator = CertPathValidator.getInstance("PKIX");
this.certFactory = CertificateFactory.getInstance("X.509");
} catch (Exception e) {
throw new CertificateException(e);
}
}
}
项目:jdk8u-jdk
文件:AlgorithmChecker.java
/**
* Create a new <code>AlgorithmChecker</code> with the
* given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
*
* @throws IllegalArgumentException if the <code>anchor</code> is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
this.trustedPubKey = anchor.getCAPublicKey();
}
this.prevPubKey = trustedPubKey;
this.constraints = constraints;
}
项目:jdk8u-jdk
文件:AlgorithmChecker.java
/**
* Try to set the trust anchor of the checker.
* <p>
* If there is no trust anchor specified and the checker has not started,
* set the trust anchor.
*
* @param anchor the trust anchor selected to validate the target
* certificate
*/
void trySetTrustAnchor(TrustAnchor anchor) {
// Don't bother if the check has started or trust anchor has already
// specified.
if (prevPubKey == null) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
// Don't bother to change the trustedPubKey.
if (anchor.getTrustedCert() != null) {
prevPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
prevPubKey = anchor.getCAPublicKey();
}
}
}
项目:jdk8u-jdk
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
super(buildParams);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.trustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
this.searchAllCertStores = searchAllCertStores;
}
项目:jdk8u-jdk
文件:ValidateTargetConstraints.java
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
项目:jdk8u-jdk
文件:ValidateNC.java
public static void createPath(String[] certs) throws Exception {
X509Certificate anchorCert = getCertFromFile(certs[0]);
byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
if (nameConstraints != null) {
DerInputStream in = new DerInputStream(nameConstraints);
nameConstraints = in.getOctetString();
}
TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
}
项目:openjdk-jdk10
文件:OCSPResponse.java
IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
if (anchor == null && issuerCert == null) {
throw new NullPointerException("TrustAnchor and issuerCert " +
"cannot be null");
}
this.anchor = anchor;
if (issuerCert != null) {
name = issuerCert.getSubjectX500Principal();
pubKey = issuerCert.getPublicKey();
certificate = issuerCert;
} else {
name = anchor.getCA();
pubKey = anchor.getCAPublicKey();
certificate = anchor.getTrustedCert();
}
}
项目:openjdk-jdk10
文件:OCSP.java
public static RevocationStatus check(X509Certificate cert,
URI responderURI, TrustAnchor anchor, X509Certificate issuerCert,
X509Certificate responderCert, Date date,
List<Extension> extensions, String variant)
throws IOException, CertPathValidatorException
{
CertId certId;
try {
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException
("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId),
responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert),
responderCert, date, extensions, variant);
return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
项目:openjdk-jdk10
文件:AlgorithmChecker.java
/**
* Try to set the trust anchor of the checker.
* <p>
* If there is no trust anchor specified and the checker has not started,
* set the trust anchor.
*
* @param anchor the trust anchor selected to validate the target
* certificate
*/
void trySetTrustAnchor(TrustAnchor anchor) {
// Don't bother if the check has started or trust anchor has already
// specified.
if (prevPubKey == null) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
// Don't bother to change the trustedPubKey.
if (anchor.getTrustedCert() != null) {
prevPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
prevPubKey = anchor.getCAPublicKey();
}
}
}
项目:openjdk-jdk10
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
super(buildParams);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.trustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
this.searchAllCertStores = searchAllCertStores;
}
项目:openjdk-jdk10
文件:ValidateTargetConstraints.java
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
项目:openjdk-jdk10
文件:ValidateNC.java
public static void createPath(String[] certs) throws Exception {
X509Certificate anchorCert = getCertFromFile(certs[0]);
byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
if (nameConstraints != null) {
DerInputStream in = new DerInputStream(nameConstraints);
nameConstraints = in.getOctetString();
}
TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
}
项目:openjdk-jdk10
文件:ValWithAnchorByName.java
private static void runTest(CertificateFactory cf,
List<X509Certificate> certList, TrustAnchor anchor)
throws Exception {
CertPath path = cf.generateCertPath(certList);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
System.out.println(anchor);
// Attach the OCSP responses to a PKIXParameters object
PKIXRevocationChecker pkrev =
(PKIXRevocationChecker)validator.getRevocationChecker();
Map<X509Certificate, byte[]> responseMap = new HashMap<>();
responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP));
responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP));
pkrev.setOcspResponses(responseMap);
PKIXParameters params =
new PKIXParameters(Collections.singleton(anchor));
params.addCertPathChecker(pkrev);
params.setDate(EVAL_DATE);
validator.validate(path, params);
}
项目:openjdk9
文件:AlgorithmChecker.java
/**
* Create a new {@code AlgorithmChecker} with the
* given {@code TrustAnchor} and {@code AlgorithmConstraints}.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
* @param pkixdate Date the constraints are checked against. The value is
* either the PKIXParameter date or null for the current date.
*
* @throws IllegalArgumentException if the {@code anchor} is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints,
Date pkixdate) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
this.trustedPubKey = anchor.getCAPublicKey();
}
this.prevPubKey = trustedPubKey;
this.constraints = constraints;
this.pkixdate = pkixdate;
}
项目:openjdk9
文件:AlgorithmChecker.java
/**
* Try to set the trust anchor of the checker.
* <p>
* If there is no trust anchor specified and the checker has not started,
* set the trust anchor.
*
* @param anchor the trust anchor selected to validate the target
* certificate
*/
void trySetTrustAnchor(TrustAnchor anchor) {
// Don't bother if the check has started or trust anchor has already
// specified.
if (prevPubKey == null) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
// Don't bother to change the trustedPubKey.
if (anchor.getTrustedCert() != null) {
prevPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
prevPubKey = anchor.getCAPublicKey();
}
}
}
项目:openjdk9
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
super(buildParams);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.trustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
this.searchAllCertStores = searchAllCertStores;
}
项目:openjdk9
文件:ValidateNC.java
public static void createPath(String[] certs) throws Exception {
X509Certificate anchorCert = getCertFromFile(certs[0]);
byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
if (nameConstraints != null) {
DerInputStream in = new DerInputStream(nameConstraints);
nameConstraints = in.getOctetString();
}
TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
}
项目:cwac-netsecurity
文件:TrustManagerImpl.java
private List<X509Certificate> checkTrusted(X509Certificate[] certs, String authType,
String host, boolean clientAuth) throws CertificateException {
if (certs == null || certs.length == 0 || authType == null || authType.length() == 0) {
throw new IllegalArgumentException("null or zero-length parameter");
}
if (err != null) {
throw new CertificateException(err);
}
Set<X509Certificate> used = new HashSet<X509Certificate>();
ArrayList<X509Certificate> untrustedChain = new ArrayList<X509Certificate>();
ArrayList<TrustAnchor> trustedChain = new ArrayList<TrustAnchor>();
// Initialize the chain to contain the leaf certificate. This potentially could be a trust
// anchor. If the leaf is a trust anchor we still continue with path building to build the
// complete trusted chain for additional validation such as certificate pinning.
X509Certificate leaf = certs[0];
TrustAnchor leafAsAnchor = findTrustAnchorBySubjectAndPublicKey(leaf);
if (leafAsAnchor != null) {
trustedChain.add(leafAsAnchor);
used.add(leafAsAnchor.getTrustedCert());
} else {
untrustedChain.add(leaf);
}
used.add(leaf);
return checkTrustedRecursive(certs, host, clientAuth, untrustedChain, trustedChain, used);
}
项目:cwac-netsecurity
文件:TrustManagerImpl.java
/**
* Find all possible issuing trust anchors of {@code cert}.
*/
private Set<TrustAnchor> findAllTrustAnchorsByIssuerAndSignature(X509Certificate cert) {
Set<TrustAnchor> indexedAnchors =
trustedCertificateIndex.findAllByIssuerAndSignature(cert);
if (!indexedAnchors.isEmpty() || trustedCertificateStore == null) {
return indexedAnchors;
}
Set<X509Certificate> storeAnchors = trustedCertificateStore.findAllIssuers(cert);
if (storeAnchors.isEmpty()) {
return indexedAnchors;
}
Set<TrustAnchor> result = new HashSet<TrustAnchor>(storeAnchors.size());
for (X509Certificate storeCert : storeAnchors) {
result.add(trustedCertificateIndex.index(storeCert));
}
return result;
}
项目:cwac-netsecurity
文件:TrustedCertificateIndex.java
public TrustAnchor findByIssuerAndSignature(X509Certificate cert) {
X500Principal issuer = cert.getIssuerX500Principal();
synchronized (subjectToTrustAnchors) {
List<TrustAnchor> anchors = subjectToTrustAnchors.get(issuer);
if (anchors == null) {
return null;
}
for (TrustAnchor anchor : anchors) {
PublicKey publicKey;
try {
X509Certificate caCert = anchor.getTrustedCert();
if (caCert != null) {
publicKey = caCert.getPublicKey();
} else {
publicKey = anchor.getCAPublicKey();
}
cert.verify(publicKey);
return anchor;
} catch (Exception ignored) {
}
}
}
return null;
}
项目:conscrypt
文件:TrustManagerImpl.java
/**
* Find all possible issuing trust anchors of {@code cert}.
*/
private Set<TrustAnchor> findAllTrustAnchorsByIssuerAndSignature(X509Certificate cert) {
Set<TrustAnchor> indexedAnchors =
trustedCertificateIndex.findAllByIssuerAndSignature(cert);
if (!indexedAnchors.isEmpty() || trustedCertificateStore == null) {
return indexedAnchors;
}
Set<X509Certificate> storeAnchors = trustedCertificateStore.findAllIssuers(cert);
if (storeAnchors.isEmpty()) {
return indexedAnchors;
}
Set<TrustAnchor> result = new HashSet<TrustAnchor>(storeAnchors.size());
for (X509Certificate storeCert : storeAnchors) {
result.add(trustedCertificateIndex.index(storeCert));
}
return result;
}
项目:conscrypt
文件:TrustedCertificateIndex.java
public TrustAnchor findByIssuerAndSignature(X509Certificate cert) {
X500Principal issuer = cert.getIssuerX500Principal();
synchronized (subjectToTrustAnchors) {
List<TrustAnchor> anchors = subjectToTrustAnchors.get(issuer);
if (anchors == null) {
return null;
}
for (TrustAnchor anchor : anchors) {
PublicKey publicKey;
try {
X509Certificate caCert = anchor.getTrustedCert();
if (caCert != null) {
publicKey = caCert.getPublicKey();
} else {
publicKey = anchor.getCAPublicKey();
}
cert.verify(publicKey);
return anchor;
} catch (Exception ignored) {
}
}
}
return null;
}
项目:jdk8u_jdk
文件:OCSPResponse.java
IssuerInfo(TrustAnchor anchor, X509Certificate issuerCert) {
if (anchor == null && issuerCert == null) {
throw new NullPointerException("TrustAnchor and issuerCert " +
"cannot be null");
}
this.anchor = anchor;
if (issuerCert != null) {
name = issuerCert.getSubjectX500Principal();
pubKey = issuerCert.getPublicKey();
certificate = issuerCert;
} else {
name = anchor.getCA();
pubKey = anchor.getCAPublicKey();
certificate = anchor.getTrustedCert();
}
}
项目:jdk8u_jdk
文件:OCSP.java
public static RevocationStatus check(X509Certificate cert,
URI responderURI, TrustAnchor anchor, X509Certificate issuerCert,
X509Certificate responderCert, Date date,
List<Extension> extensions, String variant)
throws IOException, CertPathValidatorException
{
CertId certId;
try {
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException
("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId),
responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert),
responderCert, date, extensions, variant);
return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
项目:jdk8u_jdk
文件:AlgorithmChecker.java
/**
* Try to set the trust anchor of the checker.
* <p>
* If there is no trust anchor specified and the checker has not started,
* set the trust anchor.
*
* @param anchor the trust anchor selected to validate the target
* certificate
*/
void trySetTrustAnchor(TrustAnchor anchor) {
// Don't bother if the check has started or trust anchor has already
// specified.
if (prevPubKey == null) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
// Don't bother to change the trustedPubKey.
if (anchor.getTrustedCert() != null) {
prevPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
prevPubKey = anchor.getCAPublicKey();
}
}
}
项目:jdk8u_jdk
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
super(buildParams);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.trustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
this.searchAllCertStores = searchAllCertStores;
}
项目:jdk8u_jdk
文件:ValidateTargetConstraints.java
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
项目:jdk8u_jdk
文件:ValidateNC.java
public static void createPath(String[] certs) throws Exception {
X509Certificate anchorCert = getCertFromFile(certs[0]);
byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
if (nameConstraints != null) {
DerInputStream in = new DerInputStream(nameConstraints);
nameConstraints = in.getOctetString();
}
TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
}