List of usage examples for java.security.cert CertPathBuilderResult getCertPath
CertPath getCertPath();
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCRLUnavailableButCRLCheckOff() throws Exception { // add roots/*from w ww . ja va 2s .c o m*/ addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(false); CertPathBuilderResult result = builder.buildPath(selector); List<? extends Certificate> certificates = result.getCertPath().getCertificates(); assertEquals(2, certificates.size()); CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certificates)); Collection<? extends Certificate> foundCertificates = store.getCertificates(selector); assertEquals(1, foundCertificates.size()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPath() throws Exception { // add roots/*from w w w . j a v a 2 s. c om*/ addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("intel-basic-enterprise-issuing-CA.crl", certStoreParams.getCRLStore()); addCRL("itrus.com.cn.crl", certStoreParams.getCRLStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); addCRL("ThawteSGCCA.crl", certStoreParams.getCRLStore()); final int tries = 5; long start = System.currentTimeMillis(); for (int i = 0; i < tries; i++) { trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); CertPathBuilderResult result = builder.buildPath(selector); List<? extends Certificate> certificates = result.getCertPath().getCertificates(); assertEquals(2, certificates.size()); assertEquals("115FD110A82F742D0AE14A71B651962", X509CertificateInspector.getSerialNumberHex((X509Certificate) certificates.get(0))); assertEquals("115FCAD6B536FD8D49E72922CD1F0DA", X509CertificateInspector.getSerialNumberHex((X509Certificate) certificates.get(1))); } System.out.println("testBuildPath. Seconds / try: " + (System.currentTimeMillis() - start) * 0.001 / tries); }
From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java
/** * build and validate cert path from end certificate. * * Note: the certpath return seems only include intermediate CA unless there is none in * which case the end cert is returned./* w w w .ja va 2 s . co m*/ * @param endCert * @return CertPath never null * @throws CertificatePathBuildingException */ private CertPath buildCertPath(X509Certificate endCert) throws CertificatePathBuildingException { CertPathBuilder cpb = null; try { cpb = CertPathBuilder.getInstance("PKIX"); } catch (NoSuchAlgorithmException e) { throw new CertificatePathBuildingException("Error building CertPathBuilder:" + e.getMessage(), e); } PKIXBuilderParameters params = CreatePKIXBuilderParameters(endCert); CertPathBuilderResult cpbResult; try { cpbResult = cpb.build(params); } catch (CertPathBuilderException e) { throw new CertificatePathBuildingException(e.getMessage(), e.getCause()); } catch (InvalidAlgorithmParameterException e) { throw new CertificatePathBuildingException(e.getMessage(), e); } CertPath cp = cpbResult.getCertPath(); return cp; }
From source file:mitm.application.djigzo.workflow.impl.KeyAndCertificateWorkflowImpl.java
private void getPFXTransacted(Collection<X509Certificate> certificates, char[] password, boolean includeRoot, OutputStream pfx) throws KeyStoreException { try {/*ww w . j ava 2 s. co m*/ KeyStore keyStore = SecurityFactoryFactory.getSecurityFactory().createKeyStore("PKCS12"); keyStore.load(null); for (X509Certificate certificate : certificates) { if (certificate == null) { continue; } X509CertStoreEntry entry = keyAndCertStore.getByCertificate(certificate); if (entry != null && entry.getCertificate() != null) { KeyAndCertificate keyAndCertificate = keyAndCertStore.getKeyAndCertificate(entry); if (keyAndCertificate != null) { if (!certificate.equals(keyAndCertificate.getCertificate())) { throw new IllegalStateException("Certificate mismatch."); } X509Certificate[] chain = null; /* * Build a certificate chain so we add the chain (if valid) */ try { CertificatePathBuilder pathBuilder = pathBuilderFactory.createCertificatePathBuilder(); CertPathBuilderResult pathBuilderResult = pathBuilder.buildPath(certificate); X509Certificate root = null; if (includeRoot && pathBuilderResult instanceof PKIXCertPathBuilderResult) { TrustAnchor trustAnchor = ((PKIXCertPathBuilderResult) pathBuilderResult) .getTrustAnchor(); if (trustAnchor != null) { root = trustAnchor.getTrustedCert(); } } CertPath certPath = pathBuilderResult.getCertPath(); if (certPath != null && CollectionUtils.isNotEmpty(certPath.getCertificates())) { List<X509Certificate> completePath = new LinkedList<X509Certificate>(); for (Certificate fromPath : certPath.getCertificates()) { if (!(fromPath instanceof X509Certificate)) { /* * only X509Certificates are supported */ continue; } completePath.add((X509Certificate) fromPath); } if (root != null && includeRoot) { completePath.add(root); } chain = new X509Certificate[completePath.size()]; chain = completePath.toArray(chain); } } catch (CertPathBuilderException e) { logger.warn( "Could not build a path. Message: " + ExceptionUtils.getRootCauseMessage(e)); } if (ArrayUtils.getLength(chain) == 0) { chain = new X509Certificate[] { certificate }; } String alias = X509CertificateInspector.getThumbprint(certificate); if (keyAndCertificate.getPrivateKey() != null) { keyStore.setKeyEntry(alias, keyAndCertificate.getPrivateKey(), password, chain); } else { keyStore.setCertificateEntry(alias, certificate); } } } } keyStore.store(pfx, password); } catch (NoSuchAlgorithmException e) { throw new KeyStoreException(e); } catch (CertificateException e) { throw new KeyStoreException(e); } catch (IOException e) { throw new KeyStoreException(e); } catch (CertStoreException e) { throw new KeyStoreException(e); } catch (NoSuchProviderException e) { throw new NoSuchProviderRuntimeException(e); } catch (SecurityFactoryFactoryException e) { throw new KeyStoreException(e); } }