List of usage examples for java.security.cert PKIXParameters getTrustAnchors
public Set<TrustAnchor> getTrustAnchors()
From source file:CAList.java
/** * <p><!-- Method description --></p> * * * @param args// www. java2s. c o m */ public static void main(String[] args) { try { // Load the JDK's cacerts keystore file String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "changeit"; keystore.load(is, password.toCharArray()); // This class retrieves the most-trusted CAs from the keystore PKIXParameters params = new PKIXParameters(keystore); // Get the set of trust anchors, which contain the most-trusted CA certificates Iterator it = params.getTrustAnchors().iterator(); for (; it.hasNext();) { TrustAnchor ta = (TrustAnchor) it.next(); // Get certificate X509Certificate cert = ta.getTrustedCert(); System.out.println("<issuer>" + cert.getIssuerDN() + "</issuer>\n"); } } catch (CertificateException e) { } catch (KeyStoreException e) { } catch (NoSuchAlgorithmException e) { } catch (InvalidAlgorithmParameterException e) { } catch (IOException e) { } }
From source file:controller.CCInstance.java
public ArrayList<Certificate> getTrustedCertificatesFromKeystore(KeyStore keystore) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, InvalidAlgorithmParameterException { final PKIXParameters params = new PKIXParameters(keystore); final ArrayList<Certificate> alTrustedCertificates = new ArrayList<>(); for (final TrustAnchor ta : params.getTrustAnchors()) { Certificate cert = (Certificate) ta.getTrustedCert(); alTrustedCertificates.add(cert); }// w w w . ja v a 2 s . c o m return alTrustedCertificates; }
From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java
/** * Validate the certificate path using a provided OCSP responder configuration. * * @param certPath required//from ww w.ja v a2s . com * @param crlCollection * @param certStore null possible cert store for PKIX param * @param altOCSP null possible * @throws CertificateRevocationCheckException * @throws IdmCertificateRevokedException */ private void validateCertPath(CertPath certPath, Collection<Object> crlCollection, CertStore certStore, AlternativeOCSP altOCSP) throws CertificateRevocationCheckException, IdmCertificateRevokedException { setupOCSPOptions(certPath, altOCSP); PKIXParameters params = createPKIXParameters(crlCollection); if (null != certStore) { params.addCertStore(certStore); } CertPathValidator certPathValidator; try { certPathValidator = CertPathValidator.getInstance("PKIX"); } catch (NoSuchAlgorithmException e) { throw new CertificateRevocationCheckException("Error getting PKIX validator instance:" + e.getMessage(), e); } try { String pkiParam = params.toString(); logger.trace("**Certificate Path Validation Parameters trust anchors **\n" + params.getTrustAnchors().toString() + "\n"); logger.trace("**Certificate Path Validation Parameters **\n" + pkiParam + "\n"); CertPathValidatorResult result = certPathValidator.validate(certPath, params); logger.trace("**Certificate Path Validation Result **\n" + result.toString() + "\n"); } catch (CertPathValidatorException e) { if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) { throw new IdmCertificateRevokedException("CRL shows certificate status as revoked"); } else if (e.getReason() == CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) { throw new CertRevocationStatusUnknownException( "CRL checking could not determine certificate status."); } throw new CertificateRevocationCheckException("Certificate path validation failed:" + e.getMessage(), e); } catch (InvalidAlgorithmParameterException e) { throw new CertificateRevocationCheckException( "Certificate validation parameters invalid, could not validate certificate path:" + e.getMessage(), e); } }