Example usage for java.security.cert PKIXParameters setInitialPolicies

List of usage examples for java.security.cert PKIXParameters setInitialPolicies

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. PKIXParameters
  6. setInitialPolicies

Introduction

In this page you can find the example usage for java.security.cert PKIXParameters setInitialPolicies.

Prototype

public void setInitialPolicies(Set<String> initialPolicies)

Source Link

Document

Sets the Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing.

Usage

From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java

/**
 * Create parameters for CertPathValidator using PKIX algorithm.
 *
 * The parameter object was defined with given trustStore and CRL collection
 * @param trustStore2/*from  ww w  .  j av a2 s.c  o m*/
 * @return non-null PKIXParameters
 * @throws CertificateRevocationCheckException
 */
private PKIXParameters createPKIXParameters(Collection<Object> crlCollection)
        throws CertificateRevocationCheckException {

    PKIXParameters params = null;
    try {
        Validate.notNull(trustStore, "TrustStore can not be null.");
        params = new PKIXParameters(trustStore);

        if (this.certPolicy.revocationCheckEnabled()) {
            params.setRevocationEnabled(true);
        } else {
            params.setRevocationEnabled(false);
        }
    } catch (KeyStoreException e) {
        throw new CertificateRevocationCheckException(
                "Error creating validator parameters: Please check trust store" + e.getMessage(), e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateRevocationCheckException("Error creating validator parameters:" + e.getMessage(),
                e);
    } catch (Throwable e) {
        //have this block in case a new type of error was thrown
        throw new CertificateRevocationCheckException("Error creating validator parameters:" + e.getMessage(),
                e);
    }

    if (!crlCollection.isEmpty()) {
        try {
            CertStore crlStore = CertStore.getInstance("Collection",
                    new CollectionCertStoreParameters(crlCollection));
            params.addCertStore(crlStore);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateRevocationCheckException(
                    "Error adding CRLs to validating parameters:" + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateRevocationCheckException(
                    "Error adding CRLs to validating parameters:" + e.getMessage(), e);
        }
    } else {
        logger.debug("Revocation check: CRL list empty");
    }

    // setup certificate policy white list

    String[] oidWhiteList = this.certPolicy.getOIDs();

    if (oidWhiteList != null && oidWhiteList.length > 0) {
        Set<String> oidSet = new HashSet<String>();
        for (String oid : oidWhiteList) {
            oidSet.add(oid);
        }
        params.setInitialPolicies(oidSet);
        params.setExplicitPolicyRequired(true);
    }
    return params;

}