Example usage for java.security.cert TrustAnchor TrustAnchor

List of usage examples for java.security.cert TrustAnchor TrustAnchor

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. TrustAnchor
  6. TrustAnchor

Introduction

In this page you can find the example usage for java.security.cert TrustAnchor TrustAnchor.

Prototype

public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)

Source Link

Document

Creates an instance of TrustAnchor with the specified X509Certificate and optional name constraints, which are intended to be used as additional constraints when validating an X.509 certification path.

Usage

From source file:org.votingsystem.web.ejb.SignatureBean.java

public Set<TrustAnchor> getEventTrustedAnchors(EventVS eventVS) throws Exception {
    Set<TrustAnchor> eventTrustedAnchors = eventTrustedAnchorsMap.get(eventVS.getId());
    if (eventTrustedAnchors == null) {
        CertificateVS eventCACert = eventVS.getCertificateVS();
        X509Certificate certCAEventVS = eventCACert.getX509Cert();
        eventTrustedAnchors = new HashSet<TrustAnchor>();
        eventTrustedAnchors.add(new TrustAnchor(certCAEventVS, null));
        eventTrustedAnchors.addAll(getTrustAnchors());
        eventTrustedAnchorsMap.put(eventVS.getId(), eventTrustedAnchors);
    }/*from www . j  a  v  a2  s .  c  o m*/
    return eventTrustedAnchors;
}

From source file:org.zuinnote.hadoop.office.format.common.util.CertificateChainVerificationUtil.java

public static boolean verifyCertificateChain(X509Certificate theCertificate,
        Set<X509Certificate> chainCertificates) throws CertificateException, NoSuchAlgorithmException,
        NoSuchProviderException, InvalidAlgorithmParameterException {

    // check if we can establish a trust chain
    if (isSelfSigned(theCertificate)) {
        LOG.error("Certificate is self-signed - no trust chain can be established with provided truststore");
        return false;
    }// w w  w. java 2s .c  o m
    if (chainCertificates.size() < 2) {
        LOG.error(
                "One needs at least three certificates (including certificate used for signing to establish a trust chain. Please check that you included them");
        return false;
    }
    HashSet<X509Certificate> rootCertificates = new HashSet<>();
    HashSet<X509Certificate> subCertificates = new HashSet<>();
    subCertificates.add(theCertificate);
    for (X509Certificate currentCertificate : chainCertificates) {
        if (CertificateChainVerificationUtil.isSelfSigned(currentCertificate)) {
            LOG.debug("Root: " + currentCertificate.getSubjectDN().getName());
            rootCertificates.add(currentCertificate);
        } else {
            LOG.debug("Sub: " + currentCertificate.getSubjectDN().getName());
            subCertificates.add(currentCertificate);
        }
    }
    // Configure verification
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(theCertificate);

    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
    HashSet<TrustAnchor> trustAnchors = new HashSet<>();
    for (X509Certificate currentCertificate : rootCertificates) {
        trustAnchors.add(new TrustAnchor(currentCertificate, null));
    }

    PKIXBuilderParameters builderParams = new PKIXBuilderParameters(trustAnchors, selector);

    CertStore subCertStore = CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(subCertificates), "BC");
    builderParams.addCertStore(subCertStore);

    try {
        PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(builderParams);
        return true;
    } catch (CertPathBuilderException e) {
        LOG.error("Exception: ", e);
        LOG.error("Cannot verify certification chain for " + theCertificate.getSubjectX500Principal());
    }
    return false;
}