Example usage for java.security.cert PKIXParameters setExplicitPolicyRequired

List of usage examples for java.security.cert PKIXParameters setExplicitPolicyRequired

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. PKIXParameters
  6. setExplicitPolicyRequired

Introduction

In this page you can find the example usage for java.security.cert PKIXParameters setExplicitPolicyRequired.

Prototype

public void setExplicitPolicyRequired(boolean val)

Source Link

Document

Sets the ExplicitPolicyRequired flag.

Usage

From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java

/**
 * Create parameters for CertPathValidator using PKIX algorithm.
 *
 * The parameter object was defined with given trustStore and CRL collection
 * @param trustStore2/*w w w  . j a  v a2s.c om*/
 * @return non-null PKIXParameters
 * @throws CertificateRevocationCheckException
 */
private PKIXParameters createPKIXParameters(Collection<Object> crlCollection)
        throws CertificateRevocationCheckException {

    PKIXParameters params = null;
    try {
        Validate.notNull(trustStore, "TrustStore can not be null.");
        params = new PKIXParameters(trustStore);

        if (this.certPolicy.revocationCheckEnabled()) {
            params.setRevocationEnabled(true);
        } else {
            params.setRevocationEnabled(false);
        }
    } catch (KeyStoreException e) {
        throw new CertificateRevocationCheckException(
                "Error creating validator parameters: Please check trust store" + e.getMessage(), e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateRevocationCheckException("Error creating validator parameters:" + e.getMessage(),
                e);
    } catch (Throwable e) {
        //have this block in case a new type of error was thrown
        throw new CertificateRevocationCheckException("Error creating validator parameters:" + e.getMessage(),
                e);
    }

    if (!crlCollection.isEmpty()) {
        try {
            CertStore crlStore = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(crlCollection));
            params.addCertStore(crlStore);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateRevocationCheckException(
                    "Error adding CRLs to validating parameters:" + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateRevocationCheckException(
                    "Error adding CRLs to validating parameters:" + e.getMessage(), e);
        }
    } else {
        logger.debug("Revocation check: CRL list empty");
    }

    // setup certificate policy white list

    String[] oidWhiteList = this.certPolicy.getOIDs();

    if (oidWhiteList != null && oidWhiteList.length > 0) {
        Set<String> oidSet = new HashSet<String>();
        for (String oid : oidWhiteList) {
            oidSet.add(oid);
        }
        params.setInitialPolicies(oidSet);
        params.setExplicitPolicyRequired(true);
    }
    return params;

}