Java 类java.security.cert.CollectionCertStoreParameters 实例源码

项目:ipack    文件:JcaCertStoreBuilder.java   
/**
 * Build the CertStore from the current inputs.
 *
 * @return  a CertStore.
 * @throws GeneralSecurityException
 */
public CertStore build()
    throws GeneralSecurityException
{
    CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);

    if (provider instanceof String)
    {
        return CertStore.getInstance(type, params, (String)provider);
    }

    if (provider instanceof Provider)
    {
        return CertStore.getInstance(type, params, (Provider)provider);
    }

    return CertStore.getInstance(type, params);
}
项目:ipack    文件:JcaCertStoreBuilder.java   
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
项目:ipack    文件:OCSPReq.java   
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }

    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
项目:ipack    文件:BasicOCSPResp.java   
/**
 * Return the certificates, if any associated with the response.
 * @param type type of CertStore to create
 * @param provider provider to use
 * @return a CertStore, possibly empty
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
项目:lams    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:lazycat    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager. Currently,
 * only the default <code>PKIX</code> is supported.
 *
 * @param algorithm
 *            The algorithm to get parameters for.
 * @param crlf
 *            The path to the CRL file.
 * @param trustStore
 *            The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params = null;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                log.warn("Bad maxCertLength: " + trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}
项目:Aki-SSL    文件:JcaCertStoreBuilder.java   
/**
 * Build the CertStore from the current inputs.
 *
 * @return  a CertStore.
 * @throws GeneralSecurityException
 */
public CertStore build()
    throws GeneralSecurityException
{
    CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);

    if (provider instanceof String)
    {
        return CertStore.getInstance(type, params, (String)provider);
    }

    if (provider instanceof Provider)
    {
        return CertStore.getInstance(type, params, (Provider)provider);
    }

    return CertStore.getInstance(type, params);
}
项目:Aki-SSL    文件:JcaCertStoreBuilder.java   
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
项目:In-the-Box-Fork    文件:CollectionCertStoreParametersTest.java   
/**
 * Test #2 for <code>CollectionCertStoreParameters</code> constructor<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "CollectionCertStoreParameters",
    args = {}
)
@SuppressWarnings("unchecked")
public final void testCollectionCertStoreParameters02() {
    CollectionCertStoreParameters cp = new CollectionCertStoreParameters();
    Collection c = cp.getCollection();
    assertTrue("isEmpty", c.isEmpty());

    // check that empty collection is immutable
    try {
        // try to modify it
        c.add(new Object());
        fail("empty collection must be immutable");
    } catch (Exception e) {
    }
}
项目:In-the-Box-Fork    文件:CollectionCertStoreParametersTest.java   
/**
 * Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
 * constructor<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "CollectionCertStoreParameters",
    args = {java.util.Collection.class}
)
public final void testCollectionCertStoreParametersCollection03() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    // create using empty collection
    CollectionCertStoreParameters cp =
        new CollectionCertStoreParameters(certificates);
    // check that the reference is used
    assertTrue("isRefUsed_1", certificates == cp.getCollection());
    // check that collection still empty
    assertTrue("isEmpty", cp.getCollection().isEmpty());
    // modify our collection
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
    // check that internal state has been changed accordingly
    assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
项目:In-the-Box-Fork    文件:CollectionCertStoreParametersTest.java   
/**
 * Test #1 for <code>clone()</code> method<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "clone",
    args = {}
)
public final void testClone01() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)4}));
    CollectionCertStoreParameters cp1 =
        new CollectionCertStoreParameters(certificates);
    CollectionCertStoreParameters cp2 =
        (CollectionCertStoreParameters)cp1.clone();
    // check that that we have new object
    assertTrue(cp1 != cp2);
}
项目:In-the-Box-Fork    文件:CollectionCertStoreParametersTest.java   
/**
 * Test #2 for <code>clone()</code> method<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "clone",
    args = {}
)
public final void testClone02() {
    Vector<Certificate> certificates = new Vector<Certificate>();
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)4}));
    CollectionCertStoreParameters cp1 =
        new CollectionCertStoreParameters(certificates);
    CollectionCertStoreParameters cp2 =
        (CollectionCertStoreParameters)cp1.clone();
    // check that both objects hold the same reference
    assertTrue(cp1.getCollection() == cp2.getCollection());
}
项目:In-the-Box-Fork    文件:CollectionCertStoreParametersTest.java   
/**
 * Test #3 for <code>clone()</code> method<br>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "",
    method = "clone",
    args = {}
)
public final void testClone03() {
    CollectionCertStoreParameters cp1 =
        new CollectionCertStoreParameters();
    CollectionCertStoreParameters cp2 =
        (CollectionCertStoreParameters)cp1.clone();
    CollectionCertStoreParameters cp3 =
        (CollectionCertStoreParameters)cp2.clone();
    // check that all objects hold the same reference
    assertTrue(cp1.getCollection() == cp2.getCollection() &&
               cp3.getCollection() == cp2.getCollection());
}
项目:Openfire    文件:ClientTrustManager.java   
public ClientTrustManager(KeyStore trustTrust) {
    super();
    this.trustStore = trustTrust;

    //Note: A reference of the Collection is used in the CertStore, so we can add CRL's 
    // after creating the CertStore.
    crls = new ArrayList<>();
    CollectionCertStoreParameters params = new CollectionCertStoreParameters(crls);

    try {
        crlStore = CertStore.getInstance("Collection", params);
    }
    catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException ex) {
        Log.warn("ClientTrustManager: ",ex);
    }

    loadCRL();

}
项目:cn1    文件:CollectionCertStoreParametersTest.java   
/**
 * Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
 * constructor<br>
 * Assertion: The Collection is not copied. Instead, a reference is used.
 * This allows the caller to subsequently add or remove Certificates or
 * CRLs from the Collection, thus changing the set of Certificates or CRLs
 * available to the Collection CertStore. The Collection CertStore will
 * not modify the contents of the Collection 
 */
public final void testCollectionCertStoreParametersCollection03() {
    Vector certificates = new Vector();
    // create using empty collection
    CollectionCertStoreParameters cp =
        new CollectionCertStoreParameters(certificates);
    // check that the reference is used 
    assertTrue("isRefUsed_1", certificates == cp.getCollection());
    // check that collection still empty
    assertTrue("isEmpty", cp.getCollection().isEmpty());
    // modify our collection
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
    // check that internal state has been changed accordingly
    assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
项目:CryptMeme    文件:OCSPReq.java   
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }

    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
项目:CryptMeme    文件:BasicOCSPResp.java   
/**
 * Return the certificates, if any associated with the response.
 * @param type type of CertStore to create
 * @param provider provider to use
 * @return a CertStore, possibly empty
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
项目:openjdk-jdk7u-jdk    文件:CrlRevocationChecker.java   
CrlRevocationChecker(TrustAnchor anchor, PKIXParameters params,
    Collection<X509Certificate> certs, boolean onlyEECert)
    throws CertPathValidatorException {
    mAnchor = anchor;
    mParams = params;
    mStores = new ArrayList<CertStore>(params.getCertStores());
    mSigProvider = params.getSigProvider();
    if (certs != null) {
        try {
            mStores.add(CertStore.getInstance("Collection",
                new CollectionCertStoreParameters(certs)));
        } catch (Exception e) {
            // should never occur but not necessarily fatal, so log it,
            // ignore and continue
            if (debug != null) {
                debug.println("CrlRevocationChecker: " +
                    "error creating Collection CertStore: " + e);
            }
        }
    }
    Date testDate = params.getDate();
    mCurrentTime = (testDate != null ? testDate : new Date());
    mOnlyEECert = onlyEECert;
    init(false);
}
项目:bc-java    文件:SignedMailValidatorTest.java   
public void testRevoked() throws Exception
{
    String message = "validator.revoked.eml";
    PKIXParameters params = createDefaultParams();
    List crlList = new ArrayList();
    crlList.add(loadCRL("validator.revoked.crl"));
    CertStore crls = CertStore.getInstance("Collection",new CollectionCertStoreParameters(crlList));
    params.addCertStore(crls);
    params.setRevocationEnabled(true);

    SignedMailValidator.ValidationResult result = doTest(message, params);

    assertTrue(result.isVerifiedSignature());
    assertFalse(result.isValidSignature());

    PKIXCertPathReviewer review = result.getCertPathReview();
    assertFalse(review.isValidCertPath());
    assertContainsMessage(
            review.getErrors(0),
            "CertPathReviewer.certRevoked",
            "The certificate was revoked at Sep 1, 2006 9:30:00 AM GMT. Reason: Key Compromise.");
}
项目:bc-java    文件:OCSPReq.java   
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }

    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
项目:freeVM    文件:CollectionCertStoreParametersTest.java   
/**
 * Test #3 for <code>CollectionCertStoreParameters(Collection)</code>
 * constructor<br>
 * Assertion: The Collection is not copied. Instead, a reference is used.
 * This allows the caller to subsequently add or remove Certificates or
 * CRLs from the Collection, thus changing the set of Certificates or CRLs
 * available to the Collection CertStore. The Collection CertStore will
 * not modify the contents of the Collection 
 */
public final void testCollectionCertStoreParametersCollection03() {
    Vector certificates = new Vector();
    // create using empty collection
    CollectionCertStoreParameters cp =
        new CollectionCertStoreParameters(certificates);
    // check that the reference is used 
    assertTrue("isRefUsed_1", certificates == cp.getCollection());
    // check that collection still empty
    assertTrue("isEmpty", cp.getCollection().isEmpty());
    // modify our collection
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)1}));
    certificates.add(new MyCertificate("TEST", new byte[] {(byte)2}));
    // check that internal state has been changed accordingly
    assertTrue("isRefUsed_2", certificates.equals(cp.getCollection()));
}
项目:irma_future_id    文件:JcaCertStoreBuilder.java   
/**
 * Build the CertStore from the current inputs.
 *
 * @return  a CertStore.
 * @throws GeneralSecurityException
 */
public CertStore build()
    throws GeneralSecurityException
{
    CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter);

    if (provider instanceof String)
    {
        return CertStore.getInstance(type, params, (String)provider);
    }

    if (provider instanceof Provider)
    {
        return CertStore.getInstance(type, params, (Provider)provider);
    }

    return CertStore.getInstance(type, params);
}
项目:irma_future_id    文件:JcaCertStoreBuilder.java   
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
项目:irma_future_id    文件:JcaCertStoreBuilder.java   
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
项目:bc-java    文件:JcaCertStoreBuilder.java   
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
项目:bc-java    文件:SMIMESignedTest.java   
private MimeMultipart generateMultiPartGost(
    MimeBodyPart msg)
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_signGostCert);

    CertStore certs = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(certList), "BC");

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSigner(_signGostKP.getPrivate(), _signGostCert, SMIMESignedGenerator.DIGEST_GOST3411);
    gen.addCertificatesAndCRLs(certs);

    return gen.generate(msg, "BC");
}
项目:bc-java    文件:SMIMESignedTest.java   
private MimeBodyPart generateEncapsulatedRsa(String digestOid, MimeBodyPart msg) 
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    CertStore certs = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(certList), "BC");

    ASN1EncodableVector signedAttrs = generateSignedAttributes();

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSigner(_signKP.getPrivate(), _signCert, digestOid, new AttributeTable(signedAttrs), null);
    gen.addCertificatesAndCRLs(certs);

    return gen.generateEncapsulated(msg, "BC");
}
项目:irma_future_id    文件:SMIMESignedTest.java   
private MimeMultipart generateMultiPartGost(
    MimeBodyPart msg)
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_signGostCert);

    CertStore certs = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(certList), "BC");

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSigner(_signGostKP.getPrivate(), _signGostCert, SMIMESignedGenerator.DIGEST_GOST3411);
    gen.addCertificatesAndCRLs(certs);

    return gen.generate(msg, "BC");
}
项目:DroidText    文件:OCSPReq.java   
/**
 * If the request is signed return a possibly empty CertStore containing the certificates in the
 * request. If the request is not signed the method returns null.
 * 
 * @param type type of CertStore to return
 * @param provider provider to use
 * @return null if not signed, a CertStore otherwise
 * @throws NoSuchAlgorithmException
 * @throws NoSuchProviderException
 * @throws OCSPException
 */
public CertStore getCertificates(
    String type,
    String provider) 
    throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
{
    if (!this.isSigned())
    {
        return null;
    }

    try
    {
        CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
        return OCSPUtil.createCertStoreInstance(type, params, provider);
    }
    catch (InvalidAlgorithmParameterException e)
    {
        throw new OCSPException("can't setup the CertStore", e);
    }
}
项目:irma_future_id    文件:SignedMailValidatorTest.java   
public void testRevoked() throws Exception
{
    String message = "validator.revoked.eml";
    PKIXParameters params = createDefaultParams();
    List crlList = new ArrayList();
    crlList.add(loadCRL("validator.revoked.crl"));
    CertStore crls = CertStore.getInstance("Collection",new CollectionCertStoreParameters(crlList));
    params.addCertStore(crls);
    params.setRevocationEnabled(true);

    SignedMailValidator.ValidationResult result = doTest(message, params);

    assertTrue(result.isVerifiedSignature());
    assertFalse(result.isValidSignature());

    PKIXCertPathReviewer review = result.getCertPathReview();
    assertFalse(review.isValidCertPath());
    assertContainsMessage(
            review.getErrors(0),
            "CertPathReviewer.certRevoked",
            "The certificate was revoked at Sep 1, 2006 9:30:00 AM GMT. Reason: Key Compromise.");
}
项目:ipack    文件:CertStoreCollectionSpi.java   
public CertStoreCollectionSpi(CertStoreParameters params)
    throws InvalidAlgorithmParameterException
{
    super(params);

    if (!(params instanceof CollectionCertStoreParameters))
    {
        throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.CertStoreCollectionSpi: parameter must be a CollectionCertStoreParameters object\n" +  params.toString());
    }

    this.params = (CollectionCertStoreParameters)params;
}
项目:tomcat7    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:lams    文件:CertPathPKIXTrustEvaluator.java   
/**
 * Creates the certificate store that will be used during validation.
 * 
 * @param validationInfo PKIX validation information
 * @param untrustedCredential credential to be validated
 * 
 * @return certificate store used during validation
 * 
 * @throws GeneralSecurityException thrown if the certificate store can not be created from the cert and CRL
 *             material
 */
protected CertStore buildCertStore(PKIXValidationInformation validationInfo, X509Credential untrustedCredential)
        throws GeneralSecurityException {

    log.trace("Creating cert store to use during path validation");

    log.trace("Adding entity certificate chain to cert store");
    List<Object> storeMaterial = new ArrayList<Object>(untrustedCredential.getEntityCertificateChain());
    if (log.isTraceEnabled()) {
        for (X509Certificate cert : untrustedCredential.getEntityCertificateChain()) {
            log.trace(String.format("Added X509Certificate from entity cert chain to cert store "
                    + "with subject name '%s' issued by '%s' with serial number '%s'",
                    x500DNHandler.getName(cert.getSubjectX500Principal()),
                    x500DNHandler.getName(cert.getIssuerX500Principal()),
                    cert.getSerialNumber().toString()));
        }
    }

    Date now = new Date();

    if (validationInfo.getCRLs() != null && !validationInfo.getCRLs().isEmpty()) {
        log.trace("Processing CRL's from PKIX info set");
        addCRLsToStoreMaterial(storeMaterial, validationInfo.getCRLs(), now);
    }        

    if (untrustedCredential.getCRLs() != null && !untrustedCredential.getCRLs().isEmpty() 
            && options.isProcessCredentialCRLs()) {
        log.trace("Processing CRL's from untrusted credential");
        addCRLsToStoreMaterial(storeMaterial, untrustedCredential.getCRLs(), now);
    }        

    return CertStore.getInstance("Collection", new CollectionCertStoreParameters(storeMaterial));
}
项目:lams    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = (String)attributes.get("trustMaxCertLength");
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:apache-tomcat-7.0.73-with-comment    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:jdk8u-jdk    文件:NoExtensions.java   
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
项目:jdk8u-jdk    文件:BuildEEBasicConstraints.java   
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
项目:jdk8u-jdk    文件:CertUtils.java   
/**
 * Read a bunch of certs from files and create a CertStore from them.
 *
 * @param relPath relative path containing certs (must end in
 *    file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @return the <code>CertStore</code> created
 * @throws Exception on error
 */
public static CertStore createStore(String relPath, String [] fileNames)
    throws Exception {
    Set<X509Certificate> certs = new HashSet<X509Certificate>();
    for (int i = 0; i < fileNames.length; i++) {
        certs.add(getCertFromFile(relPath + fileNames[i]));
    }
    return CertStore.getInstance("Collection",
        new CollectionCertStoreParameters(certs));
}
项目:jdk8u-jdk    文件:CertUtils.java   
/**
 * Read a bunch of CRLs from files and create a CertStore from them.
 *
 * @param relPath relative path containing CRLs (must end in file.separator)
 * @param fileNames an array of <code>String</code>s that are file names
 * @return the <code>CertStore</code> created
 * @throws Exception on error
 */
public static CertStore createCRLStore(String relPath, String [] fileNames)
    throws Exception {
    Set<X509CRL> crls = new HashSet<X509CRL>();
    for (int i = 0; i < fileNames.length; i++) {
        crls.add(getCRLFromFile(relPath + fileNames[i]));
    }
    return CertStore.getInstance("Collection",
        new CollectionCertStoreParameters(crls));
}
项目:openjdk-jdk10    文件:NoExtensions.java   
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }