List of usage examples for org.bouncycastle.x509 PKIXCertPathReviewer isValidCertPath
public boolean isValidCertPath()
From source file:cn.com.rexen.ext.shiro.authc.x509.X509CredentialsPKIXPathMatcher.java
License:Open Source License
@Override public boolean doX509CredentialsMatch(X509AuthenticationToken token, X509AuthenticationInfo info) { try {//from w w w .j ava 2 s. c o m ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters(info.getGrantedTrustAnchors(), token.getX509CertSelector()); params.addStore(token.getX509CertChainStore()); params.setRevocationEnabled(false); CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); CertPathBuilderResult result = pathBuilder.build(params); if (LOGGER.isDebugEnabled()) { PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params); String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates() .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName(); LOGGER.debug( "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'", new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(), token.getX509Certificate().getSubjectX500Principal().getName(), certPathEnd }); } return true; } catch (GeneralSecurityException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } catch (CertPathReviewerException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } }
From source file:gov.nih.nci.cacis.nav.ValidateSignedMail.java
License:BSD License
private boolean handleCertPathValidation(PKIXCertPathReviewer review) { boolean valid = true; if (review.isValidCertPath()) { LOG.warn("Certificate path valid"); } else {//from w ww . j a va 2s . c om LOG.warn("Certificate path invalid"); valid = false; } LOG.warn("\nCertificate path validation results:"); // global errors LOG.warn("Errors:"); final Iterator errorsIt = review.getErrors(-1).iterator(); while (errorsIt.hasNext()) { final ErrorBundle errorMsg = (ErrorBundle) errorsIt.next(); if (dbgLvl == DETAIL) { LOG.warn(DBL_TAB + errorMsg.getDetail(loc)); } else { LOG.warn(DBL_TAB + errorMsg.getText(loc)); } } return valid; }
From source file:org.qi4j.library.shiro.authc.X509CredentialsPKIXPathMatcher.java
License:Open Source License
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { try {//w w w . j a v a 2s . c o m X509AuthenticationToken x509AuthToken = (X509AuthenticationToken) token; X509AuthenticationInfo x509AuthInfo = (X509AuthenticationInfo) info; ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters( x509AuthInfo.getGrantedTrustAnchors(), x509AuthToken.getClientX509CertSelector()); params.addStore(x509AuthToken.getClientCertChainStore()); params.setRevocationEnabled(false); CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); CertPathBuilderResult result = pathBuilder.build(params); if (LOGGER.isDebugEnabled()) { PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params); String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates() .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName(); LOGGER.debug( "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'", new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(), x509AuthToken.getClientX509Certificate().getSubjectX500Principal().getName(), certPathEnd }); } return true; } catch (GeneralSecurityException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } catch (CertPathReviewerException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } }