List of usage examples for org.bouncycastle.cert.jcajce JcaCertStoreBuilder addCertificates
public JcaCertStoreBuilder addCertificates(Store certStore)
From source file:org.ejbca.batchenrollmentgui.BatchEnrollmentGUIView.java
License:Open Source License
private static List<X509Certificate> validateChain(X509Certificate signerCert, Store certs, Collection<Certificate> trustedCerts) throws GeneralSecurityException { final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>(); for (Certificate cert : trustedCerts) { if (cert instanceof X509Certificate) { anchors.add(new TrustAnchor((X509Certificate) cert, null)); }/* w ww . j a va 2 s . c om*/ } final CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); X509CertSelector targetConstraints = new X509CertSelector(); targetConstraints.setCertificate(signerCert); PKIXBuilderParameters cpbParams = new PKIXBuilderParameters(anchors, targetConstraints); JcaCertStoreBuilder jcaCertStoreBuilder = new JcaCertStoreBuilder(); jcaCertStoreBuilder.addCertificates(certs); cpbParams.addCertStore(jcaCertStoreBuilder.build()); cpbParams.setRevocationEnabled(false); // Build path PKIXCertPathBuilderResult cpbResult = (PKIXCertPathBuilderResult) cpb.build(cpbParams); CertPath certPath = cpbResult.getCertPath(); // Validate path final CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); final PKIXParameters params = new PKIXParameters(anchors); params.setSigProvider("BC"); params.setRevocationEnabled(false); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(certPath, params); if (LOG.isDebugEnabled()) { LOG.debug("Found trust anchor: " + result.getTrustAnchor()); } List<X509Certificate> signerChain = new ArrayList<X509Certificate>(); for (Certificate cert : certPath.getCertificates()) { signerChain.add((X509Certificate) cert); } if (signerChain.size() > 0) { signerChain.add(result.getTrustAnchor().getTrustedCert()); } return signerChain; }