Example usage for java.security.cert PKIXCertPathValidatorResult toString

List of usage examples for java.security.cert PKIXCertPathValidatorResult toString

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. PKIXCertPathValidatorResult
  6. toString

Introduction

In this page you can find the example usage for java.security.cert PKIXCertPathValidatorResult toString.

Prototype

public String toString()

Source Link

Document

Return a printable representation of this PKIXCertPathValidatorResult .

Usage

From source file:net.sf.dsig.verify.XmldsigVerifier.java

public boolean isCertificatePathValid() throws VerificationException {
    if (trustAnchors == null) {
        throw new ConfigurationException("TrustAnchors must be set");
    }/*from w w w.j av  a2s. co m*/

    try {
        PKIXParameters parameters = new PKIXParameters(trustAnchors);
        parameters.setRevocationEnabled(false);

        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        CertPath certPath = cf.generateCertPath(Arrays.asList(getCertificateChain()));

        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
        PKIXCertPathValidatorResult res = (PKIXCertPathValidatorResult) cpv.validate(certPath, parameters);

        logger.debug("Certificate path validation succeeded; result=" + res.toString());

        return true;
    } catch (CertPathValidatorException e) {
        logger.info("Certificate path validation failed", e);
        return false;
    } catch (InvalidAlgorithmParameterException e) {
        throw new ConfigurationException("PKIX algorithm not found; should not happen");
    } catch (CertificateException e) {
        throw new ConfigurationException("X.509 certificate factory not found; should not happen");
    } catch (NoSuchAlgorithmException e) {
        throw new ConfigurationException("PKIX algorithm not found; should not happen");
    }
}

From source file:org.cesecore.util.CertTools.java

/**
 * Check the certificate with CA certificate.
 * //  w  ww.  ja v  a 2  s.  co m
 * @param certificate cert to verify
 * @param caCertChain collection of X509Certificate
 * @return true if verified OK
 * @throws Exception if verification failed
 */
public static boolean verify(Certificate certificate, Collection<Certificate> caCertChain) throws Exception {
    try {
        ArrayList<Certificate> certlist = new ArrayList<Certificate>();
        // Create CertPath
        certlist.add(certificate);
        // Add other certs...
        CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
        java.security.cert.CertPath cp = cf.generateCertPath(certlist);

        // Create TrustAnchor. Since EJBCA use BouncyCastle provider, we assume
        // certificate already in correct order
        X509Certificate[] cac = (X509Certificate[]) caCertChain.toArray(new X509Certificate[] {});
        java.security.cert.TrustAnchor anchor = new java.security.cert.TrustAnchor(cac[0], null);
        // Set the PKIX parameters
        java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(
                java.util.Collections.singleton(anchor));

        params.setRevocationEnabled(false);
        java.security.cert.CertPathValidator cpv = java.security.cert.CertPathValidator.getInstance("PKIX",
                "BC");
        java.security.cert.PKIXCertPathValidatorResult result = (java.security.cert.PKIXCertPathValidatorResult) cpv
                .validate(cp, params);
        if (log.isDebugEnabled()) {
            log.debug("Certificate verify result: " + result.toString());
        }
    } catch (java.security.cert.CertPathValidatorException cpve) {
        throw new Exception(
                "Invalid certificate or certificate not issued by specified CA: " + cpve.getMessage());
    } catch (Exception e) {
        throw new Exception("Error checking certificate chain: " + e.getMessage());
    }
    return true;
}

From source file:org.ejbca.util.CertTools.java

/**
 * Check the certificate with CA certificate.
 *
 * @param certificate cert to verify/*from   ww w.ja v a 2s  . c  o m*/
 * @param caCertPath collection of X509Certificate
 * @return true if verified OK
 * @throws Exception if verification failed
 */
public static boolean verify(Certificate certificate, Collection<Certificate> caCertPath) throws Exception {
    try {
        ArrayList<Certificate> certlist = new ArrayList<Certificate>();
        // Create CertPath
        certlist.add(certificate);
        // Add other certs...         
        CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
        java.security.cert.CertPath cp = cf.generateCertPath(certlist);
        // Create TrustAnchor. Since EJBCA use BouncyCastle provider, we assume
        // certificate already in correct order
        X509Certificate[] cac = (X509Certificate[]) caCertPath.toArray(new X509Certificate[] {});
        java.security.cert.TrustAnchor anchor = new java.security.cert.TrustAnchor(cac[0], null);
        // Set the PKIX parameters
        java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(
                java.util.Collections.singleton(anchor));
        params.setRevocationEnabled(false);
        java.security.cert.CertPathValidator cpv = java.security.cert.CertPathValidator.getInstance("PKIX",
                "BC");
        java.security.cert.PKIXCertPathValidatorResult result = (java.security.cert.PKIXCertPathValidatorResult) cpv
                .validate(cp, params);
        if (log.isDebugEnabled()) {
            log.debug("Certificate verify result: " + result.toString());
        }
    } catch (java.security.cert.CertPathValidatorException cpve) {
        throw new Exception(
                "Invalid certificate or certificate not issued by specified CA: " + cpve.getMessage());
    } catch (Exception e) {
        throw new Exception("Error checking certificate chain: " + e.getMessage());
    }
    return true;
}