Java 类java.security.cert.PKIXBuilderParameters 实例源码
项目:lams
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:lazycat
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager. Currently,
* only the default <code>PKIX</code> is supported.
*
* @param algorithm
* The algorithm to get parameters for.
* @param crlf
* The path to the CRL file.
* @param trustStore
* The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
CertPathParameters params = null;
if ("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if (trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch (Exception ex) {
log.warn("Bad maxCertLength: " + trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
项目:In-the-Box-Fork
文件:TestUtils.java
public static CertPathParameters getCertPathParameters()
throws InvalidAlgorithmParameterException {
if ((rootCertificateSS == null) || (theCertSelector == null)
|| (builder == null)) {
throw new RuntimeException(
"Call initCertPathSSCertChain prior to buildCertPath");
}
PKIXBuilderParameters buildParams = new PKIXBuilderParameters(
Collections.singleton(new TrustAnchor(rootCertificateSS, null)),
theCertSelector);
buildParams.addCertStore(store);
buildParams.setRevocationEnabled(false);
return buildParams;
}
项目:In-the-Box-Fork
文件:PKIXBuilderParametersTest.java
/**
* Test #1 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: creates an instance of <code>PKIXBuilderParameters</code>
* @throws InvalidAlgorithmParameterException
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies positive case.",
method = "PKIXBuilderParameters",
args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersSetCertSelector01()
throws InvalidAlgorithmParameterException {
Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
// both parameters are valid and non-null
PKIXParameters p =
new PKIXBuilderParameters(taSet, new X509CertSelector());
assertTrue("instanceOf", p instanceof PKIXBuilderParameters);
assertNotNull("certSelector", p.getTargetCertConstraints());
}
项目:In-the-Box-Fork
文件:PKIXBuilderParametersTest.java
/**
* Test #2 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: creates an instance of <code>PKIXBuilderParameters</code>
* @throws InvalidAlgorithmParameterException
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies null as a CertSelector parameter.",
method = "PKIXBuilderParameters",
args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersSetCertSelector02()
throws InvalidAlgorithmParameterException {
Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
// both parameters are valid but CertSelector is null
PKIXParameters p = new PKIXBuilderParameters(taSet, null);
assertTrue("instanceOf", p instanceof PKIXBuilderParameters);
assertNull("certSelector", p.getTargetCertConstraints());
}
项目:In-the-Box-Fork
文件:PKIXBuilderParametersTest.java
/**
* Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: <code>ClassCastException</code> -
* if any of the elements in the <code>Set</code> are not of type
* <code>java.security.cert.TrustAnchor</code>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies ClassCastException.",
method = "PKIXBuilderParameters",
args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
@SuppressWarnings("unchecked")
public final void testPKIXBuilderParametersSetCertSelector06()
throws Exception {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
// add wrong object to valid set
assertTrue(taSet.add(new Object()));
try {
new PKIXBuilderParameters(taSet, null);
fail("ClassCastException expected");
} catch (ClassCastException e) {
}
}
项目:In-the-Box-Fork
文件:PKIXBuilderParametersTest.java
/**
* Test #1 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code>
* constructor<br>
* Assertion: <code>NullPointerException</code> - if the
* <code>keystore</code> is <code>null</code>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Veirifies null as a KeyStore parameter.",
method = "PKIXBuilderParameters",
args = {java.security.KeyStore.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersKeyStoreCertSelector01()
throws Exception {
try {
new PKIXBuilderParameters((KeyStore) null, new X509CertSelector());
fail("NullPointerException expected");
} catch (NullPointerException e) {
// expected
}
}
项目:In-the-Box-Fork
文件:PKIXBuilderParametersTest.java
/**
* Test #2 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code>
* constructor<br>
* Assertion: <code>KeyStoreException</code> - if the
* <code>keystore</code> has not been initialized
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Veirifies null as a CertSelector parameter.",
method = "PKIXBuilderParameters",
args = {java.security.KeyStore.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersKeyStoreCertSelector02()
throws Exception {
KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
try {
new PKIXBuilderParameters(keyTest, null);
fail("KeyStoreException expected");
} catch (KeyStoreException e) {
// expected
}
}
项目:In-the-Box-Fork
文件:PKIXBuilderParametersTest.java
/**
* Test #3 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code>
* constructor<br>
* Assertion: <code>InvalidAlgorithmParameterException</code> - if the
* <code>keystore</code> does not contain at least one trusted certificate
* entry
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies null as parameters.",
method = "PKIXBuilderParameters",
args = {java.security.KeyStore.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersKeyStoreCertSelector03()
throws Exception {
KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
keyTest.load(null, null);
try {
new PKIXBuilderParameters(keyTest, new X509CertSelector());
fail("InvalidAlgorithmParameterException expected");
} catch (InvalidAlgorithmParameterException e) {
// expected
}
}
项目:jdk7-jdk
文件:ReverseBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ReverseBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN) {
super(buildParams, targetSubjectDN);
Set<String> initialPolicies = buildParams.getInitialPolicies();
initPolicies = new HashSet<String>();
if (initialPolicies.isEmpty()) {
// if no initialPolicies are specified by user, set
// initPolicies to be anyPolicy by default
initPolicies.add(PolicyChecker.ANY_POLICY);
} else {
for (String policy : initialPolicies) {
initPolicies.add(policy);
}
}
}
项目:jdk7-jdk
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN, boolean searchAllCertStores,
boolean onlyEECert)
{
super(buildParams, targetSubjectDN);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.getTrustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
comparator = new PKIXCertComparator(trustedSubjectDNs);
this.searchAllCertStores = searchAllCertStores;
this.onlyEECert = onlyEECert;
}
项目:openjdk-source-code-learn
文件:ReverseBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ReverseBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN) {
super(buildParams, targetSubjectDN);
Set<String> initialPolicies = buildParams.getInitialPolicies();
initPolicies = new HashSet<String>();
if (initialPolicies.isEmpty()) {
// if no initialPolicies are specified by user, set
// initPolicies to be anyPolicy by default
initPolicies.add(PolicyChecker.ANY_POLICY);
} else {
for (String policy : initialPolicies) {
initPolicies.add(policy);
}
}
}
项目:openjdk-source-code-learn
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN, boolean searchAllCertStores,
boolean onlyEECert)
{
super(buildParams, targetSubjectDN);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.getTrustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
comparator = new PKIXCertComparator(trustedSubjectDNs);
this.searchAllCertStores = searchAllCertStores;
this.onlyEECert = onlyEECert;
}
项目:cn1
文件:PKIXBuilderParametersTest.java
/**
* Test #3 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: ... the <code>Set</code> is copied to protect against
* subsequent modifications
* @throws InvalidAlgorithmParameterException
*/
public final void testPKIXBuilderParametersSetCertSelector03()
throws InvalidAlgorithmParameterException {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
HashSet originalSet = (HashSet)taSet;
HashSet originalSetCopy = (HashSet)originalSet.clone();
// create test object using originalSet
PKIXBuilderParameters pp =
new PKIXBuilderParameters(originalSetCopy, null);
// modify originalSet
originalSetCopy.clear();
// check that test object's internal state
// has not been affected by the above modification
Set returnedSet = pp.getTrustAnchors();
assertEquals(originalSet, returnedSet);
}
项目:cn1
文件:PKIXBuilderParametersTest.java
/**
* Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: <code>ClassCastException</code> -
* if any of the elements in the <code>Set</code> are not of type
* <code>java.security.cert.TrustAnchor</code>
*/
public final void testPKIXBuilderParametersSetCertSelector06() throws Exception {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
// add wrong object to valid set
assertTrue(taSet.add(new Object()));
try {
new PKIXBuilderParameters(taSet, null);
fail("ClassCastException expected");
} catch (ClassCastException e) {
}
}
项目:cn1
文件:PKIXBuilderParameters_ImplTest.java
/**
* Test #1 for <code>setMaxPathLength(int)</code> method<br>
* Assertion: sets the maximum number of non-self-signed certificates
* in the cert path
* @throws KeyStoreException
* @throws InvalidAlgorithmParameterException
*/
public final void testSetMaxPathLength01()
throws KeyStoreException,
InvalidAlgorithmParameterException {
KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
if (ks == null) {
fail(getName() + ": not performed (could not create test KeyStore)");
}
// all these VALID maxPathLength values must be
// set (and get) without exceptions
int[] testPathLength = new int[] {-1, 0, 1, 999, Integer.MAX_VALUE};
for (int i=0; i<testPathLength.length; i++) {
PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
p.setMaxPathLength(testPathLength[i]);
assertEquals("i="+i, testPathLength[i], p.getMaxPathLength());
}
}
项目:cn1
文件:PKIXBuilderParameters_ImplTest.java
/**
* Test #2 for <code>setMaxPathLength(int)</code> method<br>
* Assertion: throws InvalidParameterException if parameter is
* less than -1
* @throws InvalidAlgorithmParameterException
* @throws KeyStoreException
*/
public final void testSetMaxPathLength02()
throws KeyStoreException,
InvalidAlgorithmParameterException {
KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
if (ks == null) {
fail(getName() + ": not performed (could not create test KeyStore)");
}
PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
try {
// pass parameter less than -1
p.setMaxPathLength(Integer.MIN_VALUE);
fail("InvalidParameterException expected");
} catch (InvalidParameterException e) {
}
}
项目:ximix
文件:SignedDataVerifier.java
private PKIXCertPathBuilderResult checkCertPath(SignerId signerId, Store certs)
throws IOException, GeneralSecurityException
{
CertStore store = new JcaCertStoreBuilder().setProvider("BC").addCertificates(certs).build();
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX","BC");
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setIssuer(signerId.getIssuer().getEncoded());
targetConstraints.setSerialNumber(signerId.getSerialNumber());
PKIXBuilderParameters params = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(trustAnchor, null)), targetConstraints);
params.addCertStore(store);
params.setRevocationEnabled(false); // TODO: CRLs?
return (PKIXCertPathBuilderResult)pathBuilder.build(params);
}
项目:openjdk-jdk7u-jdk
文件:ReverseBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ReverseBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN) {
super(buildParams, targetSubjectDN);
Set<String> initialPolicies = buildParams.getInitialPolicies();
initPolicies = new HashSet<String>();
if (initialPolicies.isEmpty()) {
// if no initialPolicies are specified by user, set
// initPolicies to be anyPolicy by default
initPolicies.add(PolicyChecker.ANY_POLICY);
} else {
for (String policy : initialPolicies) {
initPolicies.add(policy);
}
}
}
项目:openjdk-jdk7u-jdk
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN, boolean searchAllCertStores,
boolean onlyEECert)
{
super(buildParams, targetSubjectDN);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.getTrustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
comparator = new PKIXCertComparator(trustedSubjectDNs);
this.searchAllCertStores = searchAllCertStores;
this.onlyEECert = onlyEECert;
}
项目:freeVM
文件:PKIXBuilderParametersTest.java
/**
* Test #3 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: ... the <code>Set</code> is copied to protect against
* subsequent modifications
* @throws InvalidAlgorithmParameterException
*/
public final void testPKIXBuilderParametersSetCertSelector03()
throws InvalidAlgorithmParameterException {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
HashSet originalSet = (HashSet)taSet;
HashSet originalSetCopy = (HashSet)originalSet.clone();
// create test object using originalSet
PKIXBuilderParameters pp =
new PKIXBuilderParameters(originalSetCopy, null);
// modify originalSet
originalSetCopy.clear();
// check that test object's internal state
// has not been affected by the above modification
Set returnedSet = pp.getTrustAnchors();
assertEquals(originalSet, returnedSet);
}
项目:freeVM
文件:PKIXBuilderParametersTest.java
/**
* Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: <code>ClassCastException</code> -
* if any of the elements in the <code>Set</code> are not of type
* <code>java.security.cert.TrustAnchor</code>
*/
public final void testPKIXBuilderParametersSetCertSelector06() throws Exception {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
// add wrong object to valid set
assertTrue(taSet.add(new Object()));
try {
new PKIXBuilderParameters(taSet, null);
fail("ClassCastException expected");
} catch (ClassCastException e) {
}
}
项目:freeVM
文件:PKIXBuilderParameters_ImplTest.java
/**
* Test #1 for <code>setMaxPathLength(int)</code> method<br>
* Assertion: sets the maximum number of non-self-signed certificates
* in the cert path
* @throws KeyStoreException
* @throws InvalidAlgorithmParameterException
*/
public final void testSetMaxPathLength01()
throws KeyStoreException,
InvalidAlgorithmParameterException {
KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
if (ks == null) {
fail(getName() + ": not performed (could not create test KeyStore)");
}
// all these VALID maxPathLength values must be
// set (and get) without exceptions
int[] testPathLength = new int[] {-1, 0, 1, 999, Integer.MAX_VALUE};
for (int i=0; i<testPathLength.length; i++) {
PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
p.setMaxPathLength(testPathLength[i]);
assertEquals("i="+i, testPathLength[i], p.getMaxPathLength());
}
}
项目:freeVM
文件:PKIXBuilderParameters_ImplTest.java
/**
* Test #2 for <code>setMaxPathLength(int)</code> method<br>
* Assertion: throws InvalidParameterException if parameter is
* less than -1
* @throws InvalidAlgorithmParameterException
* @throws KeyStoreException
*/
public final void testSetMaxPathLength02()
throws KeyStoreException,
InvalidAlgorithmParameterException {
KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
if (ks == null) {
fail(getName() + ": not performed (could not create test KeyStore)");
}
PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
try {
// pass parameter less than -1
p.setMaxPathLength(Integer.MIN_VALUE);
fail("InvalidParameterException expected");
} catch (InvalidParameterException e) {
}
}
项目:freeVM
文件:PKIXBuilderParametersTest.java
/**
* Test #3 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: ... the <code>Set</code> is copied to protect against
* subsequent modifications
* @throws InvalidAlgorithmParameterException
*/
public final void testPKIXBuilderParametersSetCertSelector03()
throws InvalidAlgorithmParameterException {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
HashSet originalSet = (HashSet)taSet;
HashSet originalSetCopy = (HashSet)originalSet.clone();
// create test object using originalSet
PKIXBuilderParameters pp =
new PKIXBuilderParameters(originalSetCopy, null);
// modify originalSet
originalSetCopy.clear();
// check that test object's internal state
// has not been affected by the above modification
Set returnedSet = pp.getTrustAnchors();
assertEquals(originalSet, returnedSet);
}
项目:freeVM
文件:PKIXBuilderParametersTest.java
/**
* Test #6 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: <code>ClassCastException</code> -
* if any of the elements in the <code>Set</code> are not of type
* <code>java.security.cert.TrustAnchor</code>
*/
public final void testPKIXBuilderParametersSetCertSelector06() throws Exception {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
// add wrong object to valid set
assertTrue(taSet.add(new Object()));
try {
new PKIXBuilderParameters(taSet, null);
fail("ClassCastException expected");
} catch (ClassCastException e) {
}
}
项目:freeVM
文件:PKIXBuilderParameters_ImplTest.java
/**
* Test #1 for <code>setMaxPathLength(int)</code> method<br>
* Assertion: sets the maximum number of non-self-signed certificates
* in the cert path
* @throws KeyStoreException
* @throws InvalidAlgorithmParameterException
*/
public final void testSetMaxPathLength01()
throws KeyStoreException,
InvalidAlgorithmParameterException {
KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
if (ks == null) {
fail(getName() + ": not performed (could not create test KeyStore)");
}
// all these VALID maxPathLength values must be
// set (and get) without exceptions
int[] testPathLength = new int[] {-1, 0, 1, 999, Integer.MAX_VALUE};
for (int i=0; i<testPathLength.length; i++) {
PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
p.setMaxPathLength(testPathLength[i]);
assertEquals("i="+i, testPathLength[i], p.getMaxPathLength());
}
}
项目:freeVM
文件:PKIXBuilderParameters_ImplTest.java
/**
* Test #2 for <code>setMaxPathLength(int)</code> method<br>
* Assertion: throws InvalidParameterException if parameter is
* less than -1
* @throws InvalidAlgorithmParameterException
* @throws KeyStoreException
*/
public final void testSetMaxPathLength02()
throws KeyStoreException,
InvalidAlgorithmParameterException {
KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
if (ks == null) {
fail(getName() + ": not performed (could not create test KeyStore)");
}
PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
try {
// pass parameter less than -1
p.setMaxPathLength(Integer.MIN_VALUE);
fail("InvalidParameterException expected");
} catch (InvalidParameterException e) {
}
}
项目:openjdk-icedtea7
文件:ReverseBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ReverseBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN) {
super(buildParams, targetSubjectDN);
Set<String> initialPolicies = buildParams.getInitialPolicies();
initPolicies = new HashSet<String>();
if (initialPolicies.isEmpty()) {
// if no initialPolicies are specified by user, set
// initPolicies to be anyPolicy by default
initPolicies.add(PolicyChecker.ANY_POLICY);
} else {
for (String policy : initialPolicies) {
initPolicies.add(policy);
}
}
}
项目:openjdk-icedtea7
文件:ForwardBuilder.java
/**
* Initialize the builder with the input parameters.
*
* @param params the parameter set used to build a certification path
*/
ForwardBuilder(PKIXBuilderParameters buildParams,
X500Principal targetSubjectDN, boolean searchAllCertStores,
boolean onlyEECert)
{
super(buildParams, targetSubjectDN);
// populate sets of trusted certificates and subject DNs
trustAnchors = buildParams.getTrustAnchors();
trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
for (TrustAnchor anchor : trustAnchors) {
X509Certificate trustedCert = anchor.getTrustedCert();
if (trustedCert != null) {
trustedCerts.add(trustedCert);
trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
} else {
trustedSubjectDNs.add(anchor.getCA());
}
}
comparator = new PKIXCertComparator(trustedSubjectDNs);
this.searchAllCertStores = searchAllCertStores;
this.onlyEECert = onlyEECert;
}
项目:tomcat7
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:lams
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = (String)attributes.get("trustMaxCertLength");
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:apache-tomcat-7.0.73-with-comment
文件:JSSESocketFactory.java
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
项目:jdk8u-jdk
文件:NoExtensions.java
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
项目:jdk8u-jdk
文件:BuildOddSel.java
public static void createParams() throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile("sun.cer"), null);
Set anchors = Collections.singleton(anchor);
// Create odd CertSelector
sel = new OddSel();
params = new PKIXBuilderParameters(anchors, sel);
params.setRevocationEnabled(false);
}
项目:jdk8u-jdk
文件:BuildOddSel.java
/**
* Perform a PKIX build.
*
* @param params PKIXBuilderParameters to use in building
* @throws Exception on error
*/
public static void build(PKIXBuilderParameters params)
throws Exception {
CertPathBuilder builder =
CertPathBuilder.getInstance("PKIX");
CertPathBuilderResult cpbr = builder.build(params);
}
项目:jdk8u-jdk
文件:BuildEEBasicConstraints.java
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
项目:jdk8u-jdk
文件:ValidateNC.java
/**
* Perform a PKIX build.
*
* @param params PKIXBuilderParameters to use in the build
* @throws Exception on error
*/
public static void build(PKIXBuilderParameters params)
throws Exception {
CertPathBuilder builder =
CertPathBuilder.getInstance("PKIX", "SUN");
CertPathBuilderResult cpbr = builder.build(params);
}
项目:jdk8u-jdk
文件:CertUtils.java
/**
* Perform a PKIX path build. On failure, throw an exception.
*
* @param params PKIXBuilderParameters to use in validation
* @throws Exception on error
*/
public static PKIXCertPathBuilderResult build(PKIXBuilderParameters params)
throws Exception {
CertPathBuilder builder =
CertPathBuilder.getInstance("PKIX");
return (PKIXCertPathBuilderResult) builder.build(params);
}
项目:openjdk-jdk10
文件:PKIXExtendedParameters.java
public PKIXExtendedParameters(PKIXBuilderParameters params,
Timestamp timestamp, String variant)
throws InvalidAlgorithmParameterException {
super(params.getTrustAnchors(), null);
p = params;
jarTimestamp = timestamp;
this.variant = variant;
}