List of usage examples for org.bouncycastle.x509 ExtendedPKIXBuilderParameters ExtendedPKIXBuilderParameters
public ExtendedPKIXBuilderParameters(Set trustAnchors, Selector targetConstraints) throws InvalidAlgorithmParameterException
PKIXBuilderParameters with the specified Set of most-trusted CAs. From source file:cn.com.rexen.ext.shiro.authc.x509.X509CredentialsPKIXPathMatcher.java
License:Open Source License
@Override public boolean doX509CredentialsMatch(X509AuthenticationToken token, X509AuthenticationInfo info) { try {/* ww w.j a v a2s . co m*/ ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters(info.getGrantedTrustAnchors(), token.getX509CertSelector()); params.addStore(token.getX509CertChainStore()); params.setRevocationEnabled(false); CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); CertPathBuilderResult result = pathBuilder.build(params); if (LOGGER.isDebugEnabled()) { PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params); String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates() .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName(); LOGGER.debug( "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'", new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(), token.getX509Certificate().getSubjectX500Principal().getName(), certPathEnd }); } return true; } catch (GeneralSecurityException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } catch (CertPathReviewerException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } }
From source file:org.qi4j.library.shiro.authc.X509CredentialsPKIXPathMatcher.java
License:Open Source License
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { try {/*from w w w . j a v a 2 s.com*/ X509AuthenticationToken x509AuthToken = (X509AuthenticationToken) token; X509AuthenticationInfo x509AuthInfo = (X509AuthenticationInfo) info; ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters( x509AuthInfo.getGrantedTrustAnchors(), x509AuthToken.getClientX509CertSelector()); params.addStore(x509AuthToken.getClientCertChainStore()); params.setRevocationEnabled(false); CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); CertPathBuilderResult result = pathBuilder.build(params); if (LOGGER.isDebugEnabled()) { PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params); String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates() .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName(); LOGGER.debug( "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'", new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(), x509AuthToken.getClientX509Certificate().getSubjectX500Principal().getName(), certPathEnd }); } return true; } catch (GeneralSecurityException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } catch (CertPathReviewerException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } }