Example usage for java.security.cert CertPathBuilder getInstance

List of usage examples for java.security.cert CertPathBuilder getInstance

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. CertPathBuilder
  6. getInstance

Introduction

In this page you can find the example usage for java.security.cert CertPathBuilder getInstance.

Prototype

public static CertPathBuilder getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException

Source Link

Document

Returns a CertPathBuilder object that implements the specified algorithm.

Usage

From source file:org.apache.cloudstack.network.lb.CertServiceImpl.java

private void validateChain(List<Certificate> chain, Certificate cert) {

    List<Certificate> certs = new ArrayList<Certificate>();
    Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();

    certs.add(cert); // adding for self signed certs
    certs.addAll(chain);//w  w  w . ja va  2s.co  m

    for (Certificate c : certs) {
        if (!(c instanceof X509Certificate))
            throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate");

        X509Certificate xCert = (X509Certificate) c;

        Principal subject = xCert.getSubjectDN();
        Principal issuer = xCert.getIssuerDN();

        anchors.add(new TrustAnchor(xCert, null));
    }

    X509CertSelector target = new X509CertSelector();
    target.setCertificate((X509Certificate) cert);

    PKIXBuilderParameters params = null;
    try {
        params = new PKIXBuilderParameters(anchors, target);
        params.setRevocationEnabled(false);
        params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
        builder.build(params);

    } catch (InvalidAlgorithmParameterException e) {
        throw new IllegalArgumentException("Invalid certificate chain", e);
    } catch (CertPathBuilderException e) {
        throw new IllegalArgumentException("Invalid certificate chain", e);
    } catch (NoSuchAlgorithmException e) {
        throw new IllegalArgumentException("Invalid certificate chain", e);
    } catch (NoSuchProviderException e) {
        throw new CloudRuntimeException("No provider for certificate validation", e);
    }

}

From source file:org.apache.cloudstack.network.ssl.CertServiceImpl.java

private void validateChain(final List<Certificate> chain, final Certificate cert) {

    final List<Certificate> certs = new ArrayList<Certificate>();
    final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();

    certs.add(cert); // adding for self signed certs
    certs.addAll(chain);/*from  ww  w.  j  ava 2s  .  co  m*/

    for (final Certificate c : certs) {
        if (!(c instanceof X509Certificate)) {
            throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate");
        }
        final X509Certificate xCert = (X509Certificate) c;
        anchors.add(new TrustAnchor(xCert, null));
    }

    final X509CertSelector target = new X509CertSelector();
    target.setCertificate((X509Certificate) cert);

    PKIXBuilderParameters params = null;
    try {
        params = new PKIXBuilderParameters(anchors, target);
        params.setRevocationEnabled(false);
        params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs)));
        final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
        builder.build(params);

    } catch (final InvalidAlgorithmParameterException | CertPathBuilderException | NoSuchAlgorithmException e) {
        throw new IllegalStateException("Invalid certificate chain", e);
    } catch (final NoSuchProviderException e) {
        throw new CloudRuntimeException("No provider for certificate validation", e);
    }

}

From source file:org.zuinnote.hadoop.office.format.common.util.CertificateChainVerificationUtil.java

public static boolean verifyCertificateChain(X509Certificate theCertificate,
        Set<X509Certificate> chainCertificates) throws CertificateException, NoSuchAlgorithmException,
        NoSuchProviderException, InvalidAlgorithmParameterException {

    // check if we can establish a trust chain
    if (isSelfSigned(theCertificate)) {
        LOG.error("Certificate is self-signed - no trust chain can be established with provided truststore");
        return false;
    }//from   ww w .  j av a  2 s . co m
    if (chainCertificates.size() < 2) {
        LOG.error(
                "One needs at least three certificates (including certificate used for signing to establish a trust chain. Please check that you included them");
        return false;
    }
    HashSet<X509Certificate> rootCertificates = new HashSet<>();
    HashSet<X509Certificate> subCertificates = new HashSet<>();
    subCertificates.add(theCertificate);
    for (X509Certificate currentCertificate : chainCertificates) {
        if (CertificateChainVerificationUtil.isSelfSigned(currentCertificate)) {
            LOG.debug("Root: " + currentCertificate.getSubjectDN().getName());
            rootCertificates.add(currentCertificate);
        } else {
            LOG.debug("Sub: " + currentCertificate.getSubjectDN().getName());
            subCertificates.add(currentCertificate);
        }
    }
    // Configure verification
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(theCertificate);

    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
    HashSet<TrustAnchor> trustAnchors = new HashSet<>();
    for (X509Certificate currentCertificate : rootCertificates) {
        trustAnchors.add(new TrustAnchor(currentCertificate, null));
    }

    PKIXBuilderParameters builderParams = new PKIXBuilderParameters(trustAnchors, selector);

    CertStore subCertStore = CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(subCertificates), "BC");
    builderParams.addCertStore(subCertStore);

    try {
        PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(builderParams);
        return true;
    } catch (CertPathBuilderException e) {
        LOG.error("Exception: ", e);
        LOG.error("Cannot verify certification chain for " + theCertificate.getSubjectX500Principal());
    }
    return false;
}