Example usage for org.bouncycastle.x509 PKIXCertPathReviewer getCertPath

List of usage examples for org.bouncycastle.x509 PKIXCertPathReviewer getCertPath

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.x509.*
  5. PKIXCertPathReviewer
  6. getCertPath

Introduction

In this page you can find the example usage for org.bouncycastle.x509 PKIXCertPathReviewer getCertPath.

Prototype

public CertPath getCertPath()

Source Link

Usage

From source file:cn.com.rexen.ext.shiro.authc.x509.X509CredentialsPKIXPathMatcher.java

License:Open Source License

@Override
public boolean doX509CredentialsMatch(X509AuthenticationToken token, X509AuthenticationInfo info) {
    try {/* w w w .  ja va  2s  .  c o  m*/

        ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters(info.getGrantedTrustAnchors(),
                token.getX509CertSelector());
        params.addStore(token.getX509CertChainStore());
        params.setRevocationEnabled(false);

        CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
        CertPathBuilderResult result = pathBuilder.build(params);

        if (LOGGER.isDebugEnabled()) {
            PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params);
            String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates()
                    .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName();
            LOGGER.debug(
                    "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'",
                    new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(),
                            token.getX509Certificate().getSubjectX500Principal().getName(), certPathEnd });
        }

        return true;

    } catch (GeneralSecurityException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    } catch (CertPathReviewerException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    }

}

From source file:gov.nih.nci.cacis.nav.ValidateSignedMail.java

License:BSD License

private void handleCertificateErrorsAndNotifications(PKIXCertPathReviewer review) {
    // per certificate errors and notifications
    final Iterator certIt = review.getCertPath().getCertificates().iterator();
    int i = 0;/*from   w w w  .j av a 2  s  .  c  o  m*/
    while (certIt.hasNext()) {
        final X509Certificate cert = (X509Certificate) certIt.next();
        LOG.warn("\nCertificate " + i + "\n========");
        LOG.warn("Issuer: " + cert.getIssuerDN().getName());
        LOG.warn("Subject: " + cert.getSubjectDN().getName());

        // errors
        LOG.warn("\tErrors:");
        final Iterator errorsIt = review.getErrors(i).iterator();
        while (errorsIt.hasNext()) {
            final ErrorBundle errorMsg = (ErrorBundle) errorsIt.next();
            if (dbgLvl == DETAIL) {
                LOG.warn(DBL_TAB + errorMsg.getDetail(loc));
            } else {
                LOG.warn(DBL_TAB + errorMsg.getText(loc));
            }
        }

        // notifications
        LOG.warn("\tNotifications:");
        final Iterator notificationsIt = review.getNotifications(i).iterator();
        while (notificationsIt.hasNext()) {
            final ErrorBundle noteMsg = (ErrorBundle) notificationsIt.next();
            if (dbgLvl == DETAIL) {
                LOG.warn(DBL_TAB + noteMsg.getDetail(loc));
            } else {
                LOG.warn(DBL_TAB + noteMsg.getText(loc));
            }
        }

        i++;
    }
}

From source file:org.qi4j.library.shiro.authc.X509CredentialsPKIXPathMatcher.java

License:Open Source License

public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
    try {//from ww w  . j  a  va  2  s  .c  om

        X509AuthenticationToken x509AuthToken = (X509AuthenticationToken) token;
        X509AuthenticationInfo x509AuthInfo = (X509AuthenticationInfo) info;

        ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters(
                x509AuthInfo.getGrantedTrustAnchors(), x509AuthToken.getClientX509CertSelector());
        params.addStore(x509AuthToken.getClientCertChainStore());
        params.setRevocationEnabled(false);

        CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
        CertPathBuilderResult result = pathBuilder.build(params);

        if (LOGGER.isDebugEnabled()) {
            PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params);
            String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates()
                    .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName();
            LOGGER.debug(
                    "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'",
                    new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(),
                            x509AuthToken.getClientX509Certificate().getSubjectX500Principal().getName(),
                            certPathEnd });
        }

        return true;

    } catch (GeneralSecurityException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    } catch (CertPathReviewerException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    }
}