Java 类java.security.cert.PKIXBuilderParameters 实例源码

项目:lams    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:lazycat    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager. Currently,
 * only the default <code>PKIX</code> is supported.
 *
 * @param algorithm
 *            The algorithm to get parameters for.
 * @param crlf
 *            The path to the CRL file.
 * @param trustStore
 *            The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params = null;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                log.warn("Bad maxCertLength: " + trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}
项目:In-the-Box-Fork    文件:TestUtils.java   
public static CertPathParameters getCertPathParameters()
        throws InvalidAlgorithmParameterException {
    if ((rootCertificateSS == null) || (theCertSelector == null)
            || (builder == null)) {
        throw new RuntimeException(
                "Call initCertPathSSCertChain prior to buildCertPath");
    }
    PKIXBuilderParameters buildParams = new PKIXBuilderParameters(
            Collections.singleton(new TrustAnchor(rootCertificateSS, null)),
            theCertSelector);

    buildParams.addCertStore(store);
    buildParams.setRevocationEnabled(false);

    return buildParams;

}
项目:In-the-Box-Fork    文件:PKIXBuilderParametersTest.java   
/**
 * Test #1 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: creates an instance of <code>PKIXBuilderParameters</code>
 * @throws InvalidAlgorithmParameterException
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Verifies positive case.",
    method = "PKIXBuilderParameters",
    args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersSetCertSelector01()
    throws InvalidAlgorithmParameterException {
    Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }
    // both parameters are valid and non-null
    PKIXParameters p =
        new PKIXBuilderParameters(taSet, new X509CertSelector());
    assertTrue("instanceOf", p instanceof PKIXBuilderParameters);
    assertNotNull("certSelector", p.getTargetCertConstraints());
}
项目:In-the-Box-Fork    文件:PKIXBuilderParametersTest.java   
/**
 * Test #2 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: creates an instance of <code>PKIXBuilderParameters</code>
 * @throws InvalidAlgorithmParameterException
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Verifies null as a CertSelector parameter.",
    method = "PKIXBuilderParameters",
    args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersSetCertSelector02()
    throws InvalidAlgorithmParameterException {
    Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }
    // both parameters are valid but CertSelector is null
    PKIXParameters p = new PKIXBuilderParameters(taSet, null);
    assertTrue("instanceOf", p instanceof PKIXBuilderParameters);
    assertNull("certSelector", p.getTargetCertConstraints());
}
项目:In-the-Box-Fork    文件:PKIXBuilderParametersTest.java   
/**
 * Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>ClassCastException</code> -
 * if any of the elements in the <code>Set</code> are not of type
 * <code>java.security.cert.TrustAnchor</code>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Verifies ClassCastException.",
    method = "PKIXBuilderParameters",
    args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
@SuppressWarnings("unchecked")
public final void testPKIXBuilderParametersSetCertSelector06()
        throws Exception {
    Set taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }

    // add wrong object to valid set
    assertTrue(taSet.add(new Object()));

    try {
        new PKIXBuilderParameters(taSet, null);
        fail("ClassCastException expected");
    } catch (ClassCastException e) {
    }
}
项目:In-the-Box-Fork    文件:PKIXBuilderParametersTest.java   
/**
 * Test #1 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>NullPointerException</code> - if the
 * <code>keystore</code> is <code>null</code>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Veirifies null as a KeyStore parameter.",
    method = "PKIXBuilderParameters",
    args = {java.security.KeyStore.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersKeyStoreCertSelector01()
        throws Exception {
    try {
        new PKIXBuilderParameters((KeyStore) null, new X509CertSelector());
        fail("NullPointerException expected");
    } catch (NullPointerException e) {
        // expected
    }
}
项目:In-the-Box-Fork    文件:PKIXBuilderParametersTest.java   
/**
 * Test #2 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>KeyStoreException</code> - if the
 * <code>keystore</code> has not been initialized
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Veirifies null as a CertSelector parameter.",
    method = "PKIXBuilderParameters",
    args = {java.security.KeyStore.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersKeyStoreCertSelector02()
        throws Exception {
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
    try {
        new PKIXBuilderParameters(keyTest, null);
        fail("KeyStoreException expected");
    } catch (KeyStoreException e) {
        // expected
    }
}
项目:In-the-Box-Fork    文件:PKIXBuilderParametersTest.java   
/**
 * Test #3 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>InvalidAlgorithmParameterException</code> - if the
 * <code>keystore</code> does not contain at least one trusted certificate
 * entry
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Verifies null as parameters.",
    method = "PKIXBuilderParameters",
    args = {java.security.KeyStore.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersKeyStoreCertSelector03()
        throws Exception {
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
    keyTest.load(null, null);
    try {
        new PKIXBuilderParameters(keyTest, new X509CertSelector());
        fail("InvalidAlgorithmParameterException expected");
    } catch (InvalidAlgorithmParameterException e) {
        // expected
    }
}
项目:jdk7-jdk    文件:ReverseBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN) {

    super(buildParams, targetSubjectDN);

    Set<String> initialPolicies = buildParams.getInitialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        for (String policy : initialPolicies) {
            initPolicies.add(policy);
        }
    }
}
项目:jdk7-jdk    文件:ForwardBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN, boolean searchAllCertStores,
    boolean onlyEECert)
{
    super(buildParams, targetSubjectDN);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.getTrustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
    this.onlyEECert = onlyEECert;
}
项目:openjdk-source-code-learn    文件:ReverseBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN) {

    super(buildParams, targetSubjectDN);

    Set<String> initialPolicies = buildParams.getInitialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        for (String policy : initialPolicies) {
            initPolicies.add(policy);
        }
    }
}
项目:openjdk-source-code-learn    文件:ForwardBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN, boolean searchAllCertStores,
    boolean onlyEECert)
{
    super(buildParams, targetSubjectDN);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.getTrustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
    this.onlyEECert = onlyEECert;
}
项目:cn1    文件:PKIXBuilderParametersTest.java   
/**
 * Test #3 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: ... the <code>Set</code> is copied to protect against
 * subsequent modifications
 * @throws InvalidAlgorithmParameterException
 */
public final void testPKIXBuilderParametersSetCertSelector03()
    throws InvalidAlgorithmParameterException {
    Set taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }
    HashSet originalSet = (HashSet)taSet;
    HashSet originalSetCopy = (HashSet)originalSet.clone();
    // create test object using originalSet 
    PKIXBuilderParameters pp =
        new PKIXBuilderParameters(originalSetCopy, null);
    // modify originalSet
    originalSetCopy.clear();
    // check that test object's internal state
    // has not been affected by the above modification
    Set returnedSet = pp.getTrustAnchors();
    assertEquals(originalSet, returnedSet);
}
项目:cn1    文件:PKIXBuilderParametersTest.java   
/**
 * Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>ClassCastException</code> -
 * if any of the elements in the <code>Set</code> are not of type
 * <code>java.security.cert.TrustAnchor</code>
 */
public final void testPKIXBuilderParametersSetCertSelector06() throws Exception {
    Set taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }

    // add wrong object to valid set
    assertTrue(taSet.add(new Object()));

    try {
        new PKIXBuilderParameters(taSet, null);
        fail("ClassCastException expected");
    } catch (ClassCastException e) {
    }
}
项目:cn1    文件:PKIXBuilderParameters_ImplTest.java   
/**
 * Test #1 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: sets the maximum number of non-self-signed certificates
 * in the cert path
 * @throws KeyStoreException
 * @throws InvalidAlgorithmParameterException
 */
public final void testSetMaxPathLength01()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    // all these VALID maxPathLength values must be
    // set (and get) without exceptions
    int[] testPathLength = new int[] {-1, 0, 1, 999, Integer.MAX_VALUE};
    for (int i=0; i<testPathLength.length; i++) {
        PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
        p.setMaxPathLength(testPathLength[i]);
        assertEquals("i="+i, testPathLength[i], p.getMaxPathLength());
    }
}
项目:cn1    文件:PKIXBuilderParameters_ImplTest.java   
/**
 * Test #2 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: throws InvalidParameterException if parameter is
 * less than -1
 * @throws InvalidAlgorithmParameterException
 * @throws KeyStoreException
 */
public final void testSetMaxPathLength02()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);

    try {
        // pass parameter less than -1
        p.setMaxPathLength(Integer.MIN_VALUE);
        fail("InvalidParameterException expected");
    } catch (InvalidParameterException e) {
    }
}
项目:ximix    文件:SignedDataVerifier.java   
private PKIXCertPathBuilderResult checkCertPath(SignerId signerId, Store certs)
    throws IOException, GeneralSecurityException
{
    CertStore store = new JcaCertStoreBuilder().setProvider("BC").addCertificates(certs).build();

    CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX","BC");
    X509CertSelector targetConstraints = new X509CertSelector();

    targetConstraints.setIssuer(signerId.getIssuer().getEncoded());
    targetConstraints.setSerialNumber(signerId.getSerialNumber());

    PKIXBuilderParameters params = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(trustAnchor, null)), targetConstraints);

    params.addCertStore(store);
    params.setRevocationEnabled(false);            // TODO: CRLs?

    return (PKIXCertPathBuilderResult)pathBuilder.build(params);
}
项目:openjdk-jdk7u-jdk    文件:ReverseBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN) {

    super(buildParams, targetSubjectDN);

    Set<String> initialPolicies = buildParams.getInitialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        for (String policy : initialPolicies) {
            initPolicies.add(policy);
        }
    }
}
项目:openjdk-jdk7u-jdk    文件:ForwardBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN, boolean searchAllCertStores,
    boolean onlyEECert)
{
    super(buildParams, targetSubjectDN);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.getTrustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
    this.onlyEECert = onlyEECert;
}
项目:freeVM    文件:PKIXBuilderParametersTest.java   
/**
 * Test #3 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: ... the <code>Set</code> is copied to protect against
 * subsequent modifications
 * @throws InvalidAlgorithmParameterException
 */
public final void testPKIXBuilderParametersSetCertSelector03()
    throws InvalidAlgorithmParameterException {
    Set taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }
    HashSet originalSet = (HashSet)taSet;
    HashSet originalSetCopy = (HashSet)originalSet.clone();
    // create test object using originalSet 
    PKIXBuilderParameters pp =
        new PKIXBuilderParameters(originalSetCopy, null);
    // modify originalSet
    originalSetCopy.clear();
    // check that test object's internal state
    // has not been affected by the above modification
    Set returnedSet = pp.getTrustAnchors();
    assertEquals(originalSet, returnedSet);
}
项目:freeVM    文件:PKIXBuilderParametersTest.java   
/**
 * Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>ClassCastException</code> -
 * if any of the elements in the <code>Set</code> are not of type
 * <code>java.security.cert.TrustAnchor</code>
 */
public final void testPKIXBuilderParametersSetCertSelector06() throws Exception {
    Set taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }

    // add wrong object to valid set
    assertTrue(taSet.add(new Object()));

    try {
        new PKIXBuilderParameters(taSet, null);
        fail("ClassCastException expected");
    } catch (ClassCastException e) {
    }
}
项目:freeVM    文件:PKIXBuilderParameters_ImplTest.java   
/**
 * Test #1 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: sets the maximum number of non-self-signed certificates
 * in the cert path
 * @throws KeyStoreException
 * @throws InvalidAlgorithmParameterException
 */
public final void testSetMaxPathLength01()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    // all these VALID maxPathLength values must be
    // set (and get) without exceptions
    int[] testPathLength = new int[] {-1, 0, 1, 999, Integer.MAX_VALUE};
    for (int i=0; i<testPathLength.length; i++) {
        PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
        p.setMaxPathLength(testPathLength[i]);
        assertEquals("i="+i, testPathLength[i], p.getMaxPathLength());
    }
}
项目:freeVM    文件:PKIXBuilderParameters_ImplTest.java   
/**
 * Test #2 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: throws InvalidParameterException if parameter is
 * less than -1
 * @throws InvalidAlgorithmParameterException
 * @throws KeyStoreException
 */
public final void testSetMaxPathLength02()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);

    try {
        // pass parameter less than -1
        p.setMaxPathLength(Integer.MIN_VALUE);
        fail("InvalidParameterException expected");
    } catch (InvalidParameterException e) {
    }
}
项目:freeVM    文件:PKIXBuilderParametersTest.java   
/**
 * Test #3 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: ... the <code>Set</code> is copied to protect against
 * subsequent modifications
 * @throws InvalidAlgorithmParameterException
 */
public final void testPKIXBuilderParametersSetCertSelector03()
    throws InvalidAlgorithmParameterException {
    Set taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }
    HashSet originalSet = (HashSet)taSet;
    HashSet originalSetCopy = (HashSet)originalSet.clone();
    // create test object using originalSet 
    PKIXBuilderParameters pp =
        new PKIXBuilderParameters(originalSetCopy, null);
    // modify originalSet
    originalSetCopy.clear();
    // check that test object's internal state
    // has not been affected by the above modification
    Set returnedSet = pp.getTrustAnchors();
    assertEquals(originalSet, returnedSet);
}
项目:freeVM    文件:PKIXBuilderParametersTest.java   
/**
 * Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>ClassCastException</code> -
 * if any of the elements in the <code>Set</code> are not of type
 * <code>java.security.cert.TrustAnchor</code>
 */
public final void testPKIXBuilderParametersSetCertSelector06() throws Exception {
    Set taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }

    // add wrong object to valid set
    assertTrue(taSet.add(new Object()));

    try {
        new PKIXBuilderParameters(taSet, null);
        fail("ClassCastException expected");
    } catch (ClassCastException e) {
    }
}
项目:freeVM    文件:PKIXBuilderParameters_ImplTest.java   
/**
 * Test #1 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: sets the maximum number of non-self-signed certificates
 * in the cert path
 * @throws KeyStoreException
 * @throws InvalidAlgorithmParameterException
 */
public final void testSetMaxPathLength01()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    // all these VALID maxPathLength values must be
    // set (and get) without exceptions
    int[] testPathLength = new int[] {-1, 0, 1, 999, Integer.MAX_VALUE};
    for (int i=0; i<testPathLength.length; i++) {
        PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
        p.setMaxPathLength(testPathLength[i]);
        assertEquals("i="+i, testPathLength[i], p.getMaxPathLength());
    }
}
项目:freeVM    文件:PKIXBuilderParameters_ImplTest.java   
/**
 * Test #2 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: throws InvalidParameterException if parameter is
 * less than -1
 * @throws InvalidAlgorithmParameterException
 * @throws KeyStoreException
 */
public final void testSetMaxPathLength02()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);

    try {
        // pass parameter less than -1
        p.setMaxPathLength(Integer.MIN_VALUE);
        fail("InvalidParameterException expected");
    } catch (InvalidParameterException e) {
    }
}
项目:openjdk-icedtea7    文件:ReverseBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN) {

    super(buildParams, targetSubjectDN);

    Set<String> initialPolicies = buildParams.getInitialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        for (String policy : initialPolicies) {
            initPolicies.add(policy);
        }
    }
}
项目:openjdk-icedtea7    文件:ForwardBuilder.java   
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(PKIXBuilderParameters buildParams,
    X500Principal targetSubjectDN, boolean searchAllCertStores,
    boolean onlyEECert)
{
    super(buildParams, targetSubjectDN);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.getTrustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
    this.onlyEECert = onlyEECert;
}
项目:tomcat7    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:lams    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = (String)attributes.get("trustMaxCertLength");
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:apache-tomcat-7.0.73-with-comment    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:jdk8u-jdk    文件:NoExtensions.java   
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
项目:jdk8u-jdk    文件:BuildOddSel.java   
public static void createParams() throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile("sun.cer"), null);
    Set anchors = Collections.singleton(anchor);
    // Create odd CertSelector
    sel = new OddSel();
    params = new PKIXBuilderParameters(anchors, sel);
    params.setRevocationEnabled(false);
}
项目:jdk8u-jdk    文件:BuildOddSel.java   
/**
 * Perform a PKIX build.
 *
 * @param params PKIXBuilderParameters to use in building
 * @throws Exception on error
 */
public static void build(PKIXBuilderParameters params)
    throws Exception {
    CertPathBuilder builder =
        CertPathBuilder.getInstance("PKIX");
    CertPathBuilderResult cpbr = builder.build(params);
}
项目:jdk8u-jdk    文件:BuildEEBasicConstraints.java   
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
项目:jdk8u-jdk    文件:ValidateNC.java   
/**
 * Perform a PKIX build.
 *
 * @param params PKIXBuilderParameters to use in the build
 * @throws Exception on error
 */
public static void build(PKIXBuilderParameters params)
    throws Exception {
    CertPathBuilder builder =
        CertPathBuilder.getInstance("PKIX", "SUN");
    CertPathBuilderResult cpbr = builder.build(params);
}
项目:jdk8u-jdk    文件:CertUtils.java   
/**
 * Perform a PKIX path build. On failure, throw an exception.
 *
 * @param params PKIXBuilderParameters to use in validation
 * @throws Exception on error
 */
public static PKIXCertPathBuilderResult build(PKIXBuilderParameters params)
    throws Exception {
    CertPathBuilder builder =
        CertPathBuilder.getInstance("PKIX");
    return (PKIXCertPathBuilderResult) builder.build(params);
}
项目:openjdk-jdk10    文件:PKIXExtendedParameters.java   
public PKIXExtendedParameters(PKIXBuilderParameters params,
        Timestamp timestamp, String variant)
        throws InvalidAlgorithmParameterException {
    super(params.getTrustAnchors(), null);
    p = params;
    jarTimestamp = timestamp;
    this.variant = variant;
}