List of usage examples for org.bouncycastle.cert.jcajce JcaCertStoreBuilder build
public CertStore build() throws GeneralSecurityException
From source file:CAModulePackage.CertificateHelper.java
/** * Validates the certificate chain/path. * @param TACerts - Set of Certificates that are the Trust Anchors. * @param certificates - List of certificates in the chain/path. * @return True if the path is valid, False if it's not. *//* w ww .j a v a 2 s . com*/ public static boolean validateCertificatePath(Set<X509CertificateHolder> TACerts, ArrayList<X509CertificateHolder> certificates) { Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>(); //Convert all our TA Certificates to normal X509Certificates. for (X509CertificateHolder cert : TACerts) { X509Certificate tempCert = null; try { tempCert = (new JcaX509CertificateConverter()).getCertificate(cert); } catch (CertificateException e) { e.printStackTrace(); } trustAnchors.add(new TrustAnchor(tempCert, null)); } PKIXBuilderParameters params = null; try { params = new PKIXBuilderParameters(trustAnchors, new X509CertSelector()); } catch (InvalidAlgorithmParameterException e) { e.printStackTrace(); } //Build a Certificate Store with the certificates from the chain. JcaCertStoreBuilder builder = new JcaCertStoreBuilder(); for (X509CertificateHolder c : certificates) { System.out.println("---Chain Cert---"); System.out.println("SUBJ: " + c.getSubject().toString()); System.out.println("ISSUER: " + c.getIssuer().toString()); builder.addCertificate(c); } //Add the store to the build parameters try { params.addCertStore(builder.build()); } catch (GeneralSecurityException ex) { Logger.getLogger(CertificateHelper.class.getName()).log(Level.SEVERE, null, ex); } params.setRevocationEnabled(false); //Build the certificate chain - if a result is thrown, we failed. PKIXCertPathBuilderSpi pathBuilder = new PKIXCertPathBuilderSpi(); PKIXCertPathBuilderResult resultPath = null; try { resultPath = (PKIXCertPathBuilderResult) pathBuilder.engineBuild(params); } catch (CertPathBuilderException e) { return false; } catch (InvalidAlgorithmParameterException e) { e.printStackTrace(); } return true; }
From source file:org.ejbca.batchenrollmentgui.BatchEnrollmentGUIView.java
License:Open Source License
private static List<X509Certificate> validateChain(X509Certificate signerCert, Store certs, Collection<Certificate> trustedCerts) throws GeneralSecurityException { final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>(); for (Certificate cert : trustedCerts) { if (cert instanceof X509Certificate) { anchors.add(new TrustAnchor((X509Certificate) cert, null)); }//from w ww .ja v a 2 s.com } final CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); X509CertSelector targetConstraints = new X509CertSelector(); targetConstraints.setCertificate(signerCert); PKIXBuilderParameters cpbParams = new PKIXBuilderParameters(anchors, targetConstraints); JcaCertStoreBuilder jcaCertStoreBuilder = new JcaCertStoreBuilder(); jcaCertStoreBuilder.addCertificates(certs); cpbParams.addCertStore(jcaCertStoreBuilder.build()); cpbParams.setRevocationEnabled(false); // Build path PKIXCertPathBuilderResult cpbResult = (PKIXCertPathBuilderResult) cpb.build(cpbParams); CertPath certPath = cpbResult.getCertPath(); // Validate path final CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); final PKIXParameters params = new PKIXParameters(anchors); params.setSigProvider("BC"); params.setRevocationEnabled(false); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(certPath, params); if (LOG.isDebugEnabled()) { LOG.debug("Found trust anchor: " + result.getTrustAnchor()); } List<X509Certificate> signerChain = new ArrayList<X509Certificate>(); for (Certificate cert : certPath.getCertificates()) { signerChain.add((X509Certificate) cert); } if (signerChain.size() > 0) { signerChain.add(result.getTrustAnchor().getTrustedCert()); } return signerChain; }