java.security.cert.TrustAnchor源码实例Demo

java.security.cert.CertPathValidatorResult#java.security.cert.TrustAnchor源码实例Demo

下面列出了java.security.cert.CertPathValidatorResult#java.security.cert.TrustAnchor 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。

源代码1 项目: Komondor   文件: ExportControlled.java
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException {
    this.origTm = tm;
    this.verifyServerCert = verifyServerCertificate;

    if (verifyServerCertificate) {
        try {
            Set<TrustAnchor> anch = new HashSet<TrustAnchor>();
            for (X509Certificate cert : tm.getAcceptedIssuers()) {
                anch.add(new TrustAnchor(cert, null));
            }
            this.validatorParams = new PKIXParameters(anch);
            this.validatorParams.setRevocationEnabled(false);
            this.validator = CertPathValidator.getInstance("PKIX");
            this.certFactory = CertificateFactory.getInstance("X.509");
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }
}
 
源代码2 项目: FoxTelem   文件: ExportControlled.java
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate, String hostName) throws CertificateException {
    this.origTm = tm;
    this.verifyServerCert = verifyServerCertificate;
    this.hostName = hostName;

    if (verifyServerCertificate) {
        try {
            Set<TrustAnchor> anch = Arrays.stream(tm.getAcceptedIssuers()).map(c -> new TrustAnchor(c, null)).collect(Collectors.toSet());
            this.validatorParams = new PKIXParameters(anch);
            this.validatorParams.setRevocationEnabled(false);
            this.validator = CertPathValidator.getInstance("PKIX");
            this.certFactory = CertificateFactory.getInstance("X.509");
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

}
 
源代码3 项目: dragonwell8_jdk   文件: OCSP.java
public static RevocationStatus check(X509Certificate cert,
        URI responderURI, TrustAnchor anchor, X509Certificate issuerCert,
        X509Certificate responderCert, Date date,
        List<Extension> extensions, String variant)
        throws IOException, CertPathValidatorException
{
    CertId certId;
    try {
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
    } catch (CertificateException | IOException e) {
        throw new CertPathValidatorException
            ("Exception while encoding OCSPRequest", e);
    }
    OCSPResponse ocspResponse = check(Collections.singletonList(certId),
            responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert),
            responderCert, date, extensions, variant);
    return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
 
源代码4 项目: openjdk-jdk8u-backup   文件: AlgorithmChecker.java
/**
 * Try to set the trust anchor of the checker.
 * <p>
 * If there is no trust anchor specified and the checker has not started,
 * set the trust anchor.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 */
void trySetTrustAnchor(TrustAnchor anchor) {
    // Don't bother if the check has started or trust anchor has already
    // specified.
    if (prevPubKey == null) {
        if (anchor == null) {
            throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
        }

        // Don't bother to change the trustedPubKey.
        if (anchor.getTrustedCert() != null) {
            prevPubKey = anchor.getTrustedCert().getPublicKey();
            // Check for anchor certificate restrictions
            trustedMatch = checkFingerprint(anchor.getTrustedCert());
            if (trustedMatch && debug != null) {
                debug.println("trustedMatch = true");
            }
        } else {
            prevPubKey = anchor.getCAPublicKey();
        }
    }
}
 
源代码5 项目: hottub   文件: ValidateNC.java
public static void createPath(String[] certs) throws Exception {

        X509Certificate anchorCert = getCertFromFile(certs[0]);
        byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
        if (nameConstraints != null) {
            DerInputStream in = new DerInputStream(nameConstraints);
            nameConstraints = in.getOctetString();
        }
        TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
        List list = new ArrayList();
        for (int i = 1; i < certs.length; i++) {
            list.add(0, getCertFromFile(certs[i]));
        }
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        path = cf.generateCertPath(list);

        anchors = Collections.singleton(anchor);
        params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
    }
 
源代码6 项目: dragonwell8_jdk   文件: AlgorithmChecker.java
/**
 * Try to set the trust anchor of the checker.
 * <p>
 * If there is no trust anchor specified and the checker has not started,
 * set the trust anchor.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 */
void trySetTrustAnchor(TrustAnchor anchor) {
    // Don't bother if the check has started or trust anchor has already
    // specified.
    if (prevPubKey == null) {
        if (anchor == null) {
            throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
        }

        // Don't bother to change the trustedPubKey.
        if (anchor.getTrustedCert() != null) {
            prevPubKey = anchor.getTrustedCert().getPublicKey();
            // Check for anchor certificate restrictions
            trustedMatch = checkFingerprint(anchor.getTrustedCert());
            if (trustedMatch && debug != null) {
                debug.println("trustedMatch = true");
            }
        } else {
            prevPubKey = anchor.getCAPublicKey();
        }
    }
}
 
源代码7 项目: openjdk-8   文件: ValidateTargetConstraints.java
public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}
 
源代码8 项目: openjdk-jdk9   文件: ValidateTargetConstraints.java
public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}
 
源代码9 项目: dragonwell8_jdk   文件: ValidateNC.java
public static void createPath(String[] certs) throws Exception {

        X509Certificate anchorCert = getCertFromFile(certs[0]);
        byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
        if (nameConstraints != null) {
            DerInputStream in = new DerInputStream(nameConstraints);
            nameConstraints = in.getOctetString();
        }
        TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
        List list = new ArrayList();
        for (int i = 1; i < certs.length; i++) {
            list.add(0, getCertFromFile(certs[i]));
        }
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        path = cf.generateCertPath(list);

        anchors = Collections.singleton(anchor);
        params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
    }
 
源代码10 项目: j2objc   文件: ForwardBuilder.java
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 
public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}
 
源代码12 项目: openjdk-jdk9   文件: ValidateNC.java
public static void createPath(String[] certs) throws Exception {

        X509Certificate anchorCert = getCertFromFile(certs[0]);
        byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
        if (nameConstraints != null) {
            DerInputStream in = new DerInputStream(nameConstraints);
            nameConstraints = in.getOctetString();
        }
        TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
        List list = new ArrayList();
        for (int i = 1; i < certs.length; i++) {
            list.add(0, getCertFromFile(certs[i]));
        }
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        path = cf.generateCertPath(list);

        anchors = Collections.singleton(anchor);
        params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
    }
 
源代码13 项目: hottub   文件: AlgorithmChecker.java
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
 
源代码14 项目: Bytecoder   文件: ForwardBuilder.java
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 
源代码15 项目: jdk8u_jdk   文件: AlgorithmChecker.java
/**
 * Try to set the trust anchor of the checker.
 * <p>
 * If there is no trust anchor specified and the checker has not started,
 * set the trust anchor.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 */
void trySetTrustAnchor(TrustAnchor anchor) {
    // Don't bother if the check has started or trust anchor has already
    // specified.
    if (prevPubKey == null) {
        if (anchor == null) {
            throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
        }

        // Don't bother to change the trustedPubKey.
        if (anchor.getTrustedCert() != null) {
            prevPubKey = anchor.getTrustedCert().getPublicKey();
            // Check for anchor certificate restrictions
            trustedMatch = checkFingerprint(anchor.getTrustedCert());
            if (trustedMatch && debug != null) {
                debug.println("trustedMatch = true");
            }
        } else {
            prevPubKey = anchor.getCAPublicKey();
        }
    }
}
 
源代码16 项目: jdk8u60   文件: AlgorithmChecker.java
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
 
源代码17 项目: cwac-netsecurity   文件: TrustedCertificateIndex.java
public TrustAnchor findByIssuerAndSignature(X509Certificate cert) {
    X500Principal issuer = cert.getIssuerX500Principal();
    synchronized (subjectToTrustAnchors) {
        List<TrustAnchor> anchors = subjectToTrustAnchors.get(issuer);
        if (anchors == null) {
            return null;
        }

        for (TrustAnchor anchor : anchors) {
            PublicKey publicKey;
            try {
                X509Certificate caCert = anchor.getTrustedCert();
                if (caCert != null) {
                    publicKey = caCert.getPublicKey();
                } else {
                    publicKey = anchor.getCAPublicKey();
                }
                cert.verify(publicKey);
                return anchor;
            } catch (Exception ignored) {
            }
        }
    }
    return null;
}
 
源代码18 项目: jdk8u60   文件: ForwardBuilder.java
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 
源代码19 项目: jdk8u-jdk   文件: ForwardBuilder.java
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 
源代码20 项目: openjdk-8   文件: ForwardBuilder.java
/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 
源代码21 项目: openjdk-8   文件: AlgorithmChecker.java
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
 
源代码22 项目: netbeans   文件: Utilities.java
public static Collection<TrustAnchor> getTrustAnchor (KeyStore keyStore) throws KeyStoreException {
    Set<TrustAnchor> certs = new HashSet<> ();
    for (String alias: Collections.list (keyStore.aliases ())) {
        Certificate[] certificateChain = keyStore.getCertificateChain(alias);
        if (certificateChain != null) {
            for(Certificate cert: certificateChain) {
                if(cert instanceof X509Certificate) {
                    certs.add(new TrustAnchor((X509Certificate) cert, null));
                }
            }
        }
        Certificate aliasCert = keyStore.getCertificate(alias);
        if(aliasCert instanceof X509Certificate) {
            certs.add(new TrustAnchor((X509Certificate) aliasCert, null));
        }
    }
    return certs;
}
 
源代码23 项目: Openfire   文件: KeystoreTestUtils.java
/**
 * This method will validate a chain of certificates. It is provided as an alternative to the certificate chain
 * validation mechanisms that are under test. This method is intended to be used as a comparative benchmark against
 * other validation methods.
 *
 * The first certificate in the chain is expected to be the end-entity certificate.
 *
 * The last certificate in the chain is expected to be the root CA certificate.
 *
 * @param chain A certificate chain (cannot be null or empty).
 * @return CertPathBuilderResult result of validation.
 * @throws Exception When the chain is not valid.
 */
public CertPathBuilderResult testChain( X509Certificate[] chain ) throws Exception
{
    // Create the selector that specifies the starting certificate
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate( chain[0] );

    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    trustAnchors.add(new TrustAnchor(chain[ chain.length - 1], null));

    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(
            trustAnchors, selector);

    // Disable CRL checks (this is done manually as additional step)
    pkixParams.setRevocationEnabled(false);

    // Specify a list of intermediate certificates
    Set<java.security.cert.Certificate> intermediateCerts = new HashSet<>();
    for (int i=1; i<chain.length -1; i++)
    {
        intermediateCerts.add( chain[ i ] );
    }

    CertStore intermediateCertStore = CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(intermediateCerts));
    pkixParams.addCertStore(intermediateCertStore);

    // Build and verify the certification chain
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder
            .build(pkixParams);

    return result;
}
 
源代码24 项目: Bytecoder   文件: PKIXExtendedParameters.java
@Override
public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
        throws InvalidAlgorithmParameterException {
    // To avoid problems with PKIXBuilderParameter's constructors
    if (p == null) {
        return;
    }
    p.setTrustAnchors(trustAnchors);
}
 
源代码25 项目: openjdk-8-source   文件: BuildEEBasicConstraints.java
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
 
源代码26 项目: dragonwell8_jdk   文件: AlgorithmChecker.java
/**
 * Create a new {@code AlgorithmChecker} with the
 * given {@code TrustAnchor}, {@code AlgorithmConstraints},
 * {@code Timestamp}, and {@code String} variant.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 * @param pkixdate The date specified by the PKIXParameters date.  If the
 *                 PKIXParameters is null, the current date is used.  This
 *                 should be null when jar files are being checked.
 * @param jarTimestamp Timestamp passed for JAR timestamp constraint
 *                     checking. Set to null if not applicable.
 * @param variant is the Validator variants of the operation. A null value
 *                passed will set it to Validator.GENERIC.
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints, Date pkixdate,
        Timestamp jarTimestamp, String variant) {

    if (anchor != null) {
        if (anchor.getTrustedCert() != null) {
            this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
            // Check for anchor certificate restrictions
            trustedMatch = checkFingerprint(anchor.getTrustedCert());
            if (trustedMatch && debug != null) {
                debug.println("trustedMatch = true");
            }
        } else {
            this.trustedPubKey = anchor.getCAPublicKey();
        }
    } else {
        this.trustedPubKey = null;
        if (debug != null) {
            debug.println("TrustAnchor is null, trustedMatch is false.");
        }
    }

    this.prevPubKey = this.trustedPubKey;
    this.constraints = (constraints == null ? certPathDefaultConstraints :
            constraints);
    // If we are checking jar files, set pkixdate the same as the timestamp
    // for certificate checking
    this.pkixdate = (jarTimestamp != null ? jarTimestamp.getTimestamp() :
            pkixdate);
    this.jarTimestamp = jarTimestamp;
    this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
}
 
源代码27 项目: dragonwell8_jdk   文件: PKIXTimestampParameters.java
@Override
public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
        throws InvalidAlgorithmParameterException {
    // To avoid problems with PKIXBuilderParameter's constructors
    if (p == null) {
        return;
    }
    p.setTrustAnchors(trustAnchors);
}
 
源代码28 项目: dragonwell8_jdk   文件: PKIXExtendedParameters.java
@Override
public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
        throws InvalidAlgorithmParameterException {
    // To avoid problems with PKIXBuilderParameter's constructors
    if (p == null) {
        return;
    }
    p.setTrustAnchors(trustAnchors);
}
 
源代码29 项目: openjdk-jdk8u   文件: PKIXExtendedParameters.java
@Override
public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
        throws InvalidAlgorithmParameterException {
    // To avoid problems with PKIXBuilderParameter's constructors
    if (p == null) {
        return;
    }
    p.setTrustAnchors(trustAnchors);
}
 
源代码30 项目: dragonwell8_jdk   文件: BuildEEBasicConstraints.java
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}