Example usage for org.bouncycastle.jcajce PKIXExtendedParameters CHAIN_VALIDITY_MODEL

List of usage examples for org.bouncycastle.jcajce PKIXExtendedParameters CHAIN_VALIDITY_MODEL

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.jcajce.*
  5. PKIXExtendedParameters
  6. CHAIN_VALIDITY_MODEL

Introduction

In this page you can find the example usage for org.bouncycastle.jcajce PKIXExtendedParameters CHAIN_VALIDITY_MODEL.

Prototype

int CHAIN_VALIDITY_MODEL

To view the source code for org.bouncycastle.jcajce PKIXExtendedParameters CHAIN_VALIDITY_MODEL.

Click Source Link

Document

This model uses the following validity model.

Usage

From source file:org.jcryptool.visual.crtverification.verification.CertPathVerifier.java

License:Open Source License

/**
 * validates the certificate path using the validity model specified
 * /*from  ww w .  j a  va 2  s.co  m*/
 * @param model shell, modified shell or chain model
 * @return true if the path was successfully validated
 * @throws InvalidAlgorithmParameterException exception if a not existing model is selected
 */
public boolean validate(int model) throws InvalidAlgorithmParameterException {
    boolean valid = false;

    if (model != 0 && model != 1 && model != 2) {
        throw new InvalidAlgorithmParameterException();
    } else if (clientCertificate == null || caCertificate == null || rootCertificate == null) {
        throw new NullPointerException("certificates cannot be null");
    }

    try {
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", new BouncyCastleProvider());
        CertPath certPath = buildCertPath(clientCertificate, caCertificate, rootCertificate);

        // set rootcert as trust anchor
        TrustAnchor trustAnchor = new TrustAnchor((X509Certificate) rootCertificate, null);
        HashSet<TrustAnchor> trustAnchors = new HashSet<>();
        trustAnchors.add(trustAnchor);
        PKIXParameters pkixParameters = new PKIXParameters(trustAnchors);
        Builder builder = new PKIXExtendedParameters.Builder(pkixParameters);
        builder.setRevocationEnabled(false);

        // select validity model and set parameters
        if (model != 2) {
            builder.setValidityModel(PKIXExtendedParameters.PKIX_VALIDITY_MODEL);
            // modified shell model, verificationdate = sig date
            if (model == 1) {
                pkixParameters.setDate(signatureDate);
            } else {
                pkixParameters.setDate(verificationDate);
            }
        } else {
            builder.setValidityModel(PKIXExtendedParameters.CHAIN_VALIDITY_MODEL);
            pkixParameters.setDate(signatureDate);
        }

        certPathValidator.validate(certPath, builder.build());

        // if shell model, verify a second time at signing time
        if (model == 0) {
            pkixParameters.setDate(signatureDate);
            certPathValidator.validate(certPath, builder.build());
        }

        // if no exception is thrown, the path is valid
        valid = true;
    } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
        LogUtil.logError(Activator.PLUGIN_ID, e);
    } catch (CertPathValidatorException e) {
        LogUtil.logInfo(e.getMessage());
    }

    return valid;
}