List of usage examples for org.bouncycastle.jcajce PKIXExtendedParameters CHAIN_VALIDITY_MODEL
int CHAIN_VALIDITY_MODEL
To view the source code for org.bouncycastle.jcajce PKIXExtendedParameters CHAIN_VALIDITY_MODEL.
Click Source Link
From source file:org.jcryptool.visual.crtverification.verification.CertPathVerifier.java
License:Open Source License
/** * validates the certificate path using the validity model specified * /*from ww w . j a va 2 s.co m*/ * @param model shell, modified shell or chain model * @return true if the path was successfully validated * @throws InvalidAlgorithmParameterException exception if a not existing model is selected */ public boolean validate(int model) throws InvalidAlgorithmParameterException { boolean valid = false; if (model != 0 && model != 1 && model != 2) { throw new InvalidAlgorithmParameterException(); } else if (clientCertificate == null || caCertificate == null || rootCertificate == null) { throw new NullPointerException("certificates cannot be null"); } try { CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", new BouncyCastleProvider()); CertPath certPath = buildCertPath(clientCertificate, caCertificate, rootCertificate); // set rootcert as trust anchor TrustAnchor trustAnchor = new TrustAnchor((X509Certificate) rootCertificate, null); HashSet<TrustAnchor> trustAnchors = new HashSet<>(); trustAnchors.add(trustAnchor); PKIXParameters pkixParameters = new PKIXParameters(trustAnchors); Builder builder = new PKIXExtendedParameters.Builder(pkixParameters); builder.setRevocationEnabled(false); // select validity model and set parameters if (model != 2) { builder.setValidityModel(PKIXExtendedParameters.PKIX_VALIDITY_MODEL); // modified shell model, verificationdate = sig date if (model == 1) { pkixParameters.setDate(signatureDate); } else { pkixParameters.setDate(verificationDate); } } else { builder.setValidityModel(PKIXExtendedParameters.CHAIN_VALIDITY_MODEL); pkixParameters.setDate(signatureDate); } certPathValidator.validate(certPath, builder.build()); // if shell model, verify a second time at signing time if (model == 0) { pkixParameters.setDate(signatureDate); certPathValidator.validate(certPath, builder.build()); } // if no exception is thrown, the path is valid valid = true; } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { LogUtil.logError(Activator.PLUGIN_ID, e); } catch (CertPathValidatorException e) { LogUtil.logInfo(e.getMessage()); } return valid; }