Example usage for org.bouncycastle.x509 PKIXCertPathReviewer getCertPathSize

Introduction

In this page you can find the example usage for org.bouncycastle.x509 PKIXCertPathReviewer getCertPathSize.

Prototype

public int getCertPathSize() 

Source Link

Usage

From source file:cn.com.rexen.ext.shiro.authc.x509.X509CredentialsPKIXPathMatcher.java

License:Open Source License

@Override
public boolean doX509CredentialsMatch(X509AuthenticationToken token, X509AuthenticationInfo info) {
    try {//from   w  w  w. j  a  v a 2  s  .co  m

        ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters(info.getGrantedTrustAnchors(),
                token.getX509CertSelector());
        params.addStore(token.getX509CertChainStore());
        params.setRevocationEnabled(false);

        CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
        CertPathBuilderResult result = pathBuilder.build(params);

        if (LOGGER.isDebugEnabled()) {
            PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params);
            String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates()
                    .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName();
            LOGGER.debug(
                    "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'",
                    new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(),
                            token.getX509Certificate().getSubjectX500Principal().getName(), certPathEnd });
        }

        return true;

    } catch (GeneralSecurityException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    } catch (CertPathReviewerException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    }

}

---

From source file:org.qi4j.library.shiro.authc.X509CredentialsPKIXPathMatcher.java

License:Open Source License

public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
    try {//from   w w  w  .  ja v a2 s .com

        X509AuthenticationToken x509AuthToken = (X509AuthenticationToken) token;
        X509AuthenticationInfo x509AuthInfo = (X509AuthenticationInfo) info;

        ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters(
                x509AuthInfo.getGrantedTrustAnchors(), x509AuthToken.getClientX509CertSelector());
        params.addStore(x509AuthToken.getClientCertChainStore());
        params.setRevocationEnabled(false);

        CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
        CertPathBuilderResult result = pathBuilder.build(params);

        if (LOGGER.isDebugEnabled()) {
            PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params);
            String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates()
                    .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName();
            LOGGER.debug(
                    "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'",
                    new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(),
                            x509AuthToken.getClientX509Certificate().getSubjectX500Principal().getName(),
                            certPathEnd });
        }

        return true;

    } catch (GeneralSecurityException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    } catch (CertPathReviewerException ex) {
        LOGGER.trace("Unable to do credentials matching", ex);
        return false;
    }
}

---