Java 类java.security.cert.CollectionCertStoreParameters 实例源码
项目:ipack
文件:JcaCertStoreBuilder.java
/**
* Build the CertStore from the current inputs.
*
* @return a CertStore.
* @throws GeneralSecurityException
*/
public CertStore build()
throws GeneralSecurityException
{
CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);
if (provider instanceof String)
{
return CertStore.getInstance(type, params, (String)provider);
}
if (provider instanceof Provider)
{
return CertStore.getInstance(type, params, (Provider)provider);
}
return CertStore.getInstance(type, params);
}
项目:ipack
文件:JcaCertStoreBuilder.java
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
throws CertificateException, CRLException
{
List jcaObjs = new ArrayList(certs.size() + crls.size());
for (Iterator it = certs.iterator(); it.hasNext();)
{
jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
}
for (Iterator it = crls.iterator(); it.hasNext();)
{
jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
}
return new CollectionCertStoreParameters(jcaObjs);
}
项目:ipack
文件:OCSPReq.java
/**
* If the request is signed return a possibly empty CertStore containing the certificates in the
* request. If the request is not signed the method returns null.
*
* @param type type of CertStore to return
* @param provider provider to use
* @return null if not signed, a CertStore otherwise
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws OCSPException
*/
public CertStore getCertificates(
String type,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
if (!this.isSigned())
{
return null;
}
try
{
CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
return OCSPUtil.createCertStoreInstance(type, params, provider);
}
catch (InvalidAlgorithmParameterException e)
{
throw new OCSPException("can't setup the CertStore", e);
}
}
项目:ipack
文件:BasicOCSPResp.java
/**
* Return the certificates, if any associated with the response.
* @param type type of CertStore to create
* @param provider provider to use
* @return a CertStore, possibly empty
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws OCSPException
*/
public CertStore getCertificates(
String type,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
try
{
CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
return OCSPUtil.createCertStoreInstance(type, params, provider);
}
catch (InvalidAlgorithmParameterException e)
{
throw new OCSPException("can't setup the CertStore", e);
}
}
项目:lams
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:lazycat
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager. Currently,
* only the default <code>PKIX</code> is supported.
*
* @param algorithm
* The algorithm to get parameters for.
* @param crlf
* The path to the CRL file.
* @param trustStore
* The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
CertPathParameters params = null;
if ("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if (trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch (Exception ex) {
log.warn("Bad maxCertLength: " + trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
项目:Aki-SSL
文件:JcaCertStoreBuilder.java
/**
* Build the CertStore from the current inputs.
*
* @return a CertStore.
* @throws GeneralSecurityException
*/
public CertStore build()
throws GeneralSecurityException
{
CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);
if (provider instanceof String)
{
return CertStore.getInstance(type, params, (String)provider);
}
if (provider instanceof Provider)
{
return CertStore.getInstance(type, params, (Provider)provider);
}
return CertStore.getInstance(type, params);
}
项目:Aki-SSL
文件:JcaCertStoreBuilder.java
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
throws CertificateException, CRLException
{
List jcaObjs = new ArrayList(certs.size() + crls.size());
for (Iterator it = certs.iterator(); it.hasNext();)
{
jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
}
for (Iterator it = crls.iterator(); it.hasNext();)
{
jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
}
return new CollectionCertStoreParameters(jcaObjs);
}
项目:In-the-Box-Fork
文件:CollectionCertStoreParametersTest.java
/**
* Test #2 for <code>CollectionCertStoreParameters</code> constructor<br>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "CollectionCertStoreParameters",
args = {}
)
@SuppressWarnings("unchecked")
public final void testCollectionCertStoreParameters02() {
CollectionCertStoreParameters cp = new CollectionCertStoreParameters();
Collection c = cp.getCollection();
assertTrue("isEmpty", c.isEmpty());
// check that empty collection is immutable
try {
// try to modify it
c.add(new Object());
fail("empty collection must be immutable");
} catch (Exception e) {
}
}
项目:In-the-Box-Fork
文件:CollectionCertStoreParametersTest.java
/**
* Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
* constructor<br>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "CollectionCertStoreParameters",
args = {java.util.Collection.class}
)
public final void testCollectionCertStoreParametersCollection03() {
Vector<Certificate> certificates = new Vector<Certificate>();
// create using empty collection
CollectionCertStoreParameters cp =
new CollectionCertStoreParameters(certificates);
// check that the reference is used
assertTrue("isRefUsed_1", certificates == cp.getCollection());
// check that collection still empty
assertTrue("isEmpty", cp.getCollection().isEmpty());
// modify our collection
certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
// check that internal state has been changed accordingly
assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
项目:In-the-Box-Fork
文件:CollectionCertStoreParametersTest.java
/**
* Test #1 for <code>clone()</code> method<br>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "clone",
args = {}
)
public final void testClone01() {
Vector<Certificate> certificates = new Vector<Certificate>();
certificates.add(new MyCertificate("TEST", new byte[] {(byte)4}));
CollectionCertStoreParameters cp1 =
new CollectionCertStoreParameters(certificates);
CollectionCertStoreParameters cp2 =
(CollectionCertStoreParameters)cp1.clone();
// check that that we have new object
assertTrue(cp1 != cp2);
}
项目:In-the-Box-Fork
文件:CollectionCertStoreParametersTest.java
/**
* Test #2 for <code>clone()</code> method<br>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "clone",
args = {}
)
public final void testClone02() {
Vector<Certificate> certificates = new Vector<Certificate>();
certificates.add(new MyCertificate("TEST", new byte[] {(byte)4}));
CollectionCertStoreParameters cp1 =
new CollectionCertStoreParameters(certificates);
CollectionCertStoreParameters cp2 =
(CollectionCertStoreParameters)cp1.clone();
// check that both objects hold the same reference
assertTrue(cp1.getCollection() == cp2.getCollection());
}
项目:In-the-Box-Fork
文件:CollectionCertStoreParametersTest.java
/**
* Test #3 for <code>clone()</code> method<br>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "clone",
args = {}
)
public final void testClone03() {
CollectionCertStoreParameters cp1 =
new CollectionCertStoreParameters();
CollectionCertStoreParameters cp2 =
(CollectionCertStoreParameters)cp1.clone();
CollectionCertStoreParameters cp3 =
(CollectionCertStoreParameters)cp2.clone();
// check that all objects hold the same reference
assertTrue(cp1.getCollection() == cp2.getCollection() &&
cp3.getCollection() == cp2.getCollection());
}
项目:Openfire
文件:ClientTrustManager.java
public ClientTrustManager(KeyStore trustTrust) {
super();
this.trustStore = trustTrust;
//Note: A reference of the Collection is used in the CertStore, so we can add CRL's
// after creating the CertStore.
crls = new ArrayList<>();
CollectionCertStoreParameters params = new CollectionCertStoreParameters(crls);
try {
crlStore = CertStore.getInstance("Collection", params);
}
catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException ex) {
Log.warn("ClientTrustManager: ",ex);
}
loadCRL();
}
项目:cn1
文件:CollectionCertStoreParametersTest.java
/**
* Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
* constructor<br>
* Assertion: The Collection is not copied. Instead, a reference is used.
* This allows the caller to subsequently add or remove Certificates or
* CRLs from the Collection, thus changing the set of Certificates or CRLs
* available to the Collection CertStore. The Collection CertStore will
* not modify the contents of the Collection
*/
public final void testCollectionCertStoreParametersCollection03() {
Vector certificates = new Vector();
// create using empty collection
CollectionCertStoreParameters cp =
new CollectionCertStoreParameters(certificates);
// check that the reference is used
assertTrue("isRefUsed_1", certificates == cp.getCollection());
// check that collection still empty
assertTrue("isEmpty", cp.getCollection().isEmpty());
// modify our collection
certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
// check that internal state has been changed accordingly
assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
项目:CryptMeme
文件:OCSPReq.java
/**
* If the request is signed return a possibly empty CertStore containing the certificates in the
* request. If the request is not signed the method returns null.
*
* @param type type of CertStore to return
* @param provider provider to use
* @return null if not signed, a CertStore otherwise
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws OCSPException
*/
public CertStore getCertificates(
String type,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
if (!this.isSigned())
{
return null;
}
try
{
CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
return OCSPUtil.createCertStoreInstance(type, params, provider);
}
catch (InvalidAlgorithmParameterException e)
{
throw new OCSPException("can't setup the CertStore", e);
}
}
项目:CryptMeme
文件:BasicOCSPResp.java
/**
* Return the certificates, if any associated with the response.
* @param type type of CertStore to create
* @param provider provider to use
* @return a CertStore, possibly empty
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws OCSPException
*/
public CertStore getCertificates(
String type,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
try
{
CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
return OCSPUtil.createCertStoreInstance(type, params, provider);
}
catch (InvalidAlgorithmParameterException e)
{
throw new OCSPException("can't setup the CertStore", e);
}
}
项目:openjdk-jdk7u-jdk
文件:CrlRevocationChecker.java
CrlRevocationChecker(TrustAnchor anchor, PKIXParameters params,
Collection<X509Certificate> certs, boolean onlyEECert)
throws CertPathValidatorException {
mAnchor = anchor;
mParams = params;
mStores = new ArrayList<CertStore>(params.getCertStores());
mSigProvider = params.getSigProvider();
if (certs != null) {
try {
mStores.add(CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certs)));
} catch (Exception e) {
// should never occur but not necessarily fatal, so log it,
// ignore and continue
if (debug != null) {
debug.println("CrlRevocationChecker: " +
"error creating Collection CertStore: " + e);
}
}
}
Date testDate = params.getDate();
mCurrentTime = (testDate != null ? testDate : new Date());
mOnlyEECert = onlyEECert;
init(false);
}
项目:bc-java
文件:SignedMailValidatorTest.java
public void testRevoked() throws Exception
{
String message = "validator.revoked.eml";
PKIXParameters params = createDefaultParams();
List crlList = new ArrayList();
crlList.add(loadCRL("validator.revoked.crl"));
CertStore crls = CertStore.getInstance("Collection",new CollectionCertStoreParameters(crlList));
params.addCertStore(crls);
params.setRevocationEnabled(true);
SignedMailValidator.ValidationResult result = doTest(message, params);
assertTrue(result.isVerifiedSignature());
assertFalse(result.isValidSignature());
PKIXCertPathReviewer review = result.getCertPathReview();
assertFalse(review.isValidCertPath());
assertContainsMessage(
review.getErrors(0),
"CertPathReviewer.certRevoked",
"The certificate was revoked at Sep 1, 2006 9:30:00 AM GMT. Reason: Key Compromise.");
}
项目:bc-java
文件:OCSPReq.java
/**
* If the request is signed return a possibly empty CertStore containing the certificates in the
* request. If the request is not signed the method returns null.
*
* @param type type of CertStore to return
* @param provider provider to use
* @return null if not signed, a CertStore otherwise
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws OCSPException
*/
public CertStore getCertificates(
String type,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
if (!this.isSigned())
{
return null;
}
try
{
CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
return OCSPUtil.createCertStoreInstance(type, params, provider);
}
catch (InvalidAlgorithmParameterException e)
{
throw new OCSPException("can't setup the CertStore", e);
}
}
项目:freeVM
文件:CollectionCertStoreParametersTest.java
/**
* Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
* constructor<br>
* Assertion: The Collection is not copied. Instead, a reference is used.
* This allows the caller to subsequently add or remove Certificates or
* CRLs from the Collection, thus changing the set of Certificates or CRLs
* available to the Collection CertStore. The Collection CertStore will
* not modify the contents of the Collection
*/
public final void testCollectionCertStoreParametersCollection03() {
Vector certificates = new Vector();
// create using empty collection
CollectionCertStoreParameters cp =
new CollectionCertStoreParameters(certificates);
// check that the reference is used
assertTrue("isRefUsed_1", certificates == cp.getCollection());
// check that collection still empty
assertTrue("isEmpty", cp.getCollection().isEmpty());
// modify our collection
certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
// check that internal state has been changed accordingly
assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
项目:irma_future_id
文件:JcaCertStoreBuilder.java
/**
* Build the CertStore from the current inputs.
*
* @return a CertStore.
* @throws GeneralSecurityException
*/
public CertStore build()
throws GeneralSecurityException
{
CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);
if (provider instanceof String)
{
return CertStore.getInstance(type, params, (String)provider);
}
if (provider instanceof Provider)
{
return CertStore.getInstance(type, params, (Provider)provider);
}
return CertStore.getInstance(type, params);
}
项目:irma_future_id
文件:JcaCertStoreBuilder.java
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
throws CertificateException, CRLException
{
List jcaObjs = new ArrayList(certs.size() + crls.size());
for (Iterator it = certs.iterator(); it.hasNext();)
{
jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
}
for (Iterator it = crls.iterator(); it.hasNext();)
{
jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
}
return new CollectionCertStoreParameters(jcaObjs);
}
项目:irma_future_id
文件:JcaCertStoreBuilder.java
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
throws CertificateException, CRLException
{
List jcaObjs = new ArrayList(certs.size() + crls.size());
for (Iterator it = certs.iterator(); it.hasNext();)
{
jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
}
for (Iterator it = crls.iterator(); it.hasNext();)
{
jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
}
return new CollectionCertStoreParameters(jcaObjs);
}
项目:bc-java
文件:JcaCertStoreBuilder.java
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
throws CertificateException, CRLException
{
List jcaObjs = new ArrayList(certs.size() + crls.size());
for (Iterator it = certs.iterator(); it.hasNext();)
{
jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
}
for (Iterator it = crls.iterator(); it.hasNext();)
{
jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
}
return new CollectionCertStoreParameters(jcaObjs);
}
项目:bc-java
文件:SMIMESignedTest.java
private MimeMultipart generateMultiPartGost(
MimeBodyPart msg)
throws Exception
{
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_signGostCert);
CertStore certs = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), "BC");
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSigner(_signGostKP.getPrivate(), _signGostCert, SMIMESignedGenerator.DIGEST_GOST3411);
gen.addCertificatesAndCRLs(certs);
return gen.generate(msg, "BC");
}
项目:bc-java
文件:SMIMESignedTest.java
private MimeBodyPart generateEncapsulatedRsa(String digestOid, MimeBodyPart msg)
throws Exception
{
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
CertStore certs = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), "BC");
ASN1EncodableVector signedAttrs = generateSignedAttributes();
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSigner(_signKP.getPrivate(), _signCert, digestOid, new AttributeTable(signedAttrs), null);
gen.addCertificatesAndCRLs(certs);
return gen.generateEncapsulated(msg, "BC");
}
项目:irma_future_id
文件:SMIMESignedTest.java
private MimeMultipart generateMultiPartGost(
MimeBodyPart msg)
throws Exception
{
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_signGostCert);
CertStore certs = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certList), "BC");
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSigner(_signGostKP.getPrivate(), _signGostCert, SMIMESignedGenerator.DIGEST_GOST3411);
gen.addCertificatesAndCRLs(certs);
return gen.generate(msg, "BC");
}
项目:DroidText
文件:OCSPReq.java
/**
* If the request is signed return a possibly empty CertStore containing the certificates in the
* request. If the request is not signed the method returns null.
*
* @param type type of CertStore to return
* @param provider provider to use
* @return null if not signed, a CertStore otherwise
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws OCSPException
*/
public CertStore getCertificates(
String type,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
if (!this.isSigned())
{
return null;
}
try
{
CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
return OCSPUtil.createCertStoreInstance(type, params, provider);
}
catch (InvalidAlgorithmParameterException e)
{
throw new OCSPException("can't setup the CertStore", e);
}
}
项目:irma_future_id
文件:SignedMailValidatorTest.java
public void testRevoked() throws Exception
{
String message = "validator.revoked.eml";
PKIXParameters params = createDefaultParams();
List crlList = new ArrayList();
crlList.add(loadCRL("validator.revoked.crl"));
CertStore crls = CertStore.getInstance("Collection",new CollectionCertStoreParameters(crlList));
params.addCertStore(crls);
params.setRevocationEnabled(true);
SignedMailValidator.ValidationResult result = doTest(message, params);
assertTrue(result.isVerifiedSignature());
assertFalse(result.isValidSignature());
PKIXCertPathReviewer review = result.getCertPathReview();
assertFalse(review.isValidCertPath());
assertContainsMessage(
review.getErrors(0),
"CertPathReviewer.certRevoked",
"The certificate was revoked at Sep 1, 2006 9:30:00 AM GMT. Reason: Key Compromise.");
}
项目:ipack
文件:CertStoreCollectionSpi.java
public CertStoreCollectionSpi(CertStoreParameters params)
throws InvalidAlgorithmParameterException
{
super(params);
if (!(params instanceof CollectionCertStoreParameters))
{
throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.CertStoreCollectionSpi: parameter must be a CollectionCertStoreParameters object\n" + params.toString());
}
this.params = (CollectionCertStoreParameters)params;
}
项目:tomcat7
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:lams
文件:CertPathPKIXTrustEvaluator.java
/**
* Creates the certificate store that will be used during validation.
*
* @param validationInfo PKIX validation information
* @param untrustedCredential credential to be validated
*
* @return certificate store used during validation
*
* @throws GeneralSecurityException thrown if the certificate store can not be created from the cert and CRL
* material
*/
protected CertStore buildCertStore(PKIXValidationInformation validationInfo, X509Credential untrustedCredential)
throws GeneralSecurityException {
log.trace("Creating cert store to use during path validation");
log.trace("Adding entity certificate chain to cert store");
List<Object> storeMaterial = new ArrayList<Object>(untrustedCredential.getEntityCertificateChain());
if (log.isTraceEnabled()) {
for (X509Certificate cert : untrustedCredential.getEntityCertificateChain()) {
log.trace(String.format("Added X509Certificate from entity cert chain to cert store "
+ "with subject name '%s' issued by '%s' with serial number '%s'",
x500DNHandler.getName(cert.getSubjectX500Principal()),
x500DNHandler.getName(cert.getIssuerX500Principal()),
cert.getSerialNumber().toString()));
}
}
Date now = new Date();
if (validationInfo.getCRLs() != null && !validationInfo.getCRLs().isEmpty()) {
log.trace("Processing CRL's from PKIX info set");
addCRLsToStoreMaterial(storeMaterial, validationInfo.getCRLs(), now);
}
if (untrustedCredential.getCRLs() != null && !untrustedCredential.getCRLs().isEmpty()
&& options.isProcessCredentialCRLs()) {
log.trace("Processing CRL's from untrusted credential");
addCRLsToStoreMaterial(storeMaterial, untrustedCredential.getCRLs(), now);
}
return CertStore.getInstance("Collection", new CollectionCertStoreParameters(storeMaterial));
}
项目:lams
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = (String)attributes.get("trustMaxCertLength");
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:apache-tomcat-7.0.73-with-comment
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:jdk8u-jdk
文件:NoExtensions.java
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
项目:jdk8u-jdk
文件:BuildEEBasicConstraints.java
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
项目:jdk8u-jdk
文件:CertUtils.java
/**
* Read a bunch of certs from files and create a CertStore from them.
*
* @param relPath relative path containing certs (must end in
* file.separator)
* @param fileNames an array of <code>String</code>s that are file names
* @return the <code>CertStore</code> created
* @throws Exception on error
*/
public static CertStore createStore(String relPath, String [] fileNames)
throws Exception {
Set<X509Certificate> certs = new HashSet<X509Certificate>();
for (int i = 0; i < fileNames.length; i++) {
certs.add(getCertFromFile(relPath + fileNames[i]));
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certs));
}
项目:jdk8u-jdk
文件:CertUtils.java
/**
* Read a bunch of CRLs from files and create a CertStore from them.
*
* @param relPath relative path containing CRLs (must end in file.separator)
* @param fileNames an array of <code>String</code>s that are file names
* @return the <code>CertStore</code> created
* @throws Exception on error
*/
public static CertStore createCRLStore(String relPath, String [] fileNames)
throws Exception {
Set<X509CRL> crls = new HashSet<X509CRL>();
for (int i = 0; i < fileNames.length; i++) {
crls.add(getCRLFromFile(relPath + fileNames[i]));
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(crls));
}
项目:openjdk-jdk10
文件:NoExtensions.java
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}