Example usage for java.security.cert X509Certificate getBasicConstraints

List of usage examples for java.security.cert X509Certificate getBasicConstraints

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. X509Certificate
  6. getBasicConstraints

Introduction

In this page you can find the example usage for java.security.cert X509Certificate getBasicConstraints.

Prototype

public abstract int getBasicConstraints();

Source Link

Document

Gets the certificate constraints path length from the critical BasicConstraints extension, (OID = 2.5.29.19).

Usage

From source file:Main.java

public static boolean isTrustAnchor(X509Certificate certificate) throws IOException {
    boolean trust_anchor = certificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal())
            && certificate.getBasicConstraints() >= 0;
    if (trust_anchor) {
        try {//from   ww w .  j a  va2s.co  m
            certificate.verify(certificate.getPublicKey());
        } catch (Exception e) {
            throw new IOException(e);
        }
        return true;
    }
    return false;
}

From source file:be.fedict.eidviewer.lib.X509Utilities.java

public static boolean isCertificateAuthority(X509Certificate certificate) {
    return (certificate.getBasicConstraints() != -1) && isSelfSigned(certificate);
}

From source file:be.fedict.eid.tsl.Tsl2PdfExporter.java

private static String getBasicConstraints(final X509Certificate cert) {
    final int x = cert.getBasicConstraints();
    return (x < 0) ? "CA=false"
            : ("CA=true; PathLen=" + ((x == Integer.MAX_VALUE) ? "unlimited" : String.valueOf(x)));
}

From source file:org.globus.gsi.trustmanager.TrustedCertPathFinder.java

private static CertPath isTrustedCert(KeyStore keyStore, X509Certificate x509Certificate,
        List<X509Certificate> trustedCertPath) throws CertPathValidatorException {
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(x509Certificate);
    Collection<? extends Certificate> caCerts;
    try {//from  w  ww.ja  v a2  s .  c  o m
        caCerts = KeyStoreUtil.getTrustedCertificates(keyStore, certSelector);
    } catch (KeyStoreException e) {
        throw new CertPathValidatorException("Error accessing trusted certificate store", e);
    }
    if ((caCerts.size() > 0) && (x509Certificate.getBasicConstraints() != -1)) {

        trustedCertPath.add(x509Certificate);
        // JGLOBUS-92
        try {
            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
            return certFac.generateCertPath(trustedCertPath);
        } catch (CertificateException e) {
            throw new CertPathValidatorException("Error generating trusted certificate path", e);
        }
    }
    return null;
}

From source file:co.runrightfast.core.security.cert.CAIssuedX509V3CertRequest.java

private void checkArgs(final X509Certificate caCert, final Collection<X509CertExtension> extensions) {
    checkArgument(caCert.getBasicConstraints() >= 0, "caCert cannot be used for signing certificates");
    checkArgument(CertificateService.containsKeyUsage(caCert, KEY_CERT_SIGN));
    checkConstraints(extensions);// w w w.  ja  va  2  s  . c  om
}

From source file:net.solarnetwork.pki.bc.test.BCCertificateServiceTest.java

@Test
public void createCACertificate() throws Exception {
    X509Certificate cert = service.generateCertificationAuthorityCertificate(TEST_CA_DN, publicKey, privateKey);
    assertEquals("Is a CA", Integer.MAX_VALUE, cert.getBasicConstraints()); // should be a CA
    assertEquals("Self signed", cert.getIssuerX500Principal(), cert.getSubjectX500Principal());
}

From source file:org.ejbca.ui.web.CertificateView.java

public String getBasicConstraints(String localizedNoneText, String localizedNolimitText,
        String localizedEndEntityText, String localizedCaPathLengthText) {
    String retval = localizedNoneText; //ejbcawebbean.getText("EXT_NONE");
    if (certificate instanceof X509Certificate) {
        X509Certificate x509cert = (X509Certificate) certificate;
        int bc = x509cert.getBasicConstraints();
        if (bc == Integer.MAX_VALUE) {
            retval = localizedNolimitText; //ejbcawebbean.getText("EXT_PKIX_BC_CANOLIMIT");
        } else if (bc == -1) {
            retval = localizedEndEntityText; //ejbcawebbean.getText("EXT_PKIX_BC_ENDENTITY");
        } else {/*from   w w w. ja  va  2 s . c  o m*/
            retval = localizedCaPathLengthText /*ejbcawebbean.getText("EXT_PKIX_BC_CAPATHLENGTH")*/ + " : "
                    + x509cert.getBasicConstraints();
        }
    } else if (certificate.getType().equals("CVC")) {
        CardVerifiableCertificate cvccert = (CardVerifiableCertificate) certificate;
        try {
            retval = cvccert.getCVCertificate().getCertificateBody().getAuthorizationTemplate()
                    .getAuthorizationField().getAuthRole().toString();
        } catch (NoSuchFieldException e) {
            retval = localizedNoneText; //ejbcawebbean.getText("EXT_NONE");
        }
    }
    return retval;
}

From source file:org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAService.java

private X509Certificate getCMSCertificate() {
    if (cmsCertificate == null) {
        for (final Certificate current : certificatechain) {
            final X509Certificate cert = (X509Certificate) current;
            if (cert.getBasicConstraints() == -1) {
                cmsCertificate = cert;//w  w w .  j a  v a 2 s.c  o m
                break;
            }
        }
    }
    return cmsCertificate;
}

From source file:be.fedict.eid.applet.service.signer.ooxml.OPCKeySelector.java

@Override
public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose, AlgorithmMethod method,
        XMLCryptoContext context) throws KeySelectorException {
    try {//w ww .  j  a  v  a  2s  . c  o  m
        return super.select(keyInfo, purpose, method, context);
    } catch (KeySelectorException e) {
        LOG.debug("no key found via ds:KeyInfo key selector");
    }
    LOG.debug("signature resource name: " + this.signatureResourceName);
    String signatureSegment = this.signatureResourceName.substring(0,
            this.signatureResourceName.lastIndexOf("/"));
    LOG.debug("signature segment: " + signatureSegment);
    String signatureBase = this.signatureResourceName
            .substring(this.signatureResourceName.lastIndexOf("/") + 1);
    LOG.debug("signature base: " + signatureBase);
    String signatureRelationshipResourceName = signatureSegment + "/_rels/" + signatureBase + ".rels";
    LOG.debug("signature relationship resource name: " + signatureRelationshipResourceName);

    ZipArchiveInputStream zipInputStream;
    try {
        zipInputStream = new ZipArchiveInputStream(this.opcUrl.openStream(), "UTF8", true, true);
    } catch (IOException e) {
        throw new KeySelectorException(e);
    }
    ZipArchiveEntry zipEntry;
    try {
        while (null != (zipEntry = zipInputStream.getNextZipEntry())) {
            if (signatureRelationshipResourceName.equals(zipEntry.getName())) {
                break;
            }
        }
    } catch (IOException e) {
        throw new KeySelectorException(e);
    }
    if (null == zipEntry) {
        LOG.warn("relationship part not present: " + signatureRelationshipResourceName);
        throw new KeySelectorException("no key found");
    }
    LOG.debug("signature relationship part found");

    JAXBElement<CTRelationships> signatureRelationshipsElement;
    try {
        signatureRelationshipsElement = (JAXBElement<CTRelationships>) this.relationshipsUnmarshaller
                .unmarshal(zipInputStream);
    } catch (JAXBException e) {
        throw new KeySelectorException(e);
    }
    CTRelationships signatureRelationships = signatureRelationshipsElement.getValue();
    List<CTRelationship> signatureRelationshipList = signatureRelationships.getRelationship();
    List<String> certificateResourceNames = new LinkedList<String>();
    for (CTRelationship signatureRelationship : signatureRelationshipList) {
        if (DIGITAL_SIGNATURE_CERTIFICATE_REL_TYPE.equals(signatureRelationship.getType())) {
            String certificateResourceName = signatureRelationship.getTarget().substring(1);
            certificateResourceNames.add(certificateResourceName);
        }
    }

    X509Certificate endEntityCertificate = null;

    for (String certificateResourceName : certificateResourceNames) {
        try {
            zipInputStream = new ZipArchiveInputStream(this.opcUrl.openStream(), "UTF8", true, true);
        } catch (IOException e) {
            throw new KeySelectorException(e);
        }
        try {
            while (null != (zipEntry = zipInputStream.getNextZipEntry())) {
                if (certificateResourceName.equals(zipEntry.getName())) {
                    break;
                }
            }
        } catch (IOException e) {
            throw new KeySelectorException(e);
        }
        if (null == zipEntry) {
            LOG.warn("certificate part not present: " + certificateResourceName);
            continue;
        }
        X509Certificate certificate;
        try {
            certificate = (X509Certificate) this.certificateFactory.generateCertificate(zipInputStream);
        } catch (CertificateException e) {
            throw new KeySelectorException(e);
        }
        LOG.debug("certificate subject: " + certificate.getSubjectX500Principal());
        if (-1 != certificate.getBasicConstraints()) {
            LOG.debug("skipping CA certificate");
            continue;
        }
        if (null != endEntityCertificate) {
            throw new KeySelectorException("two possible end entity certificates");
        }
        endEntityCertificate = certificate;
    }
    if (null == endEntityCertificate) {
        throw new KeySelectorException("no key found");
    }
    this.certificate = endEntityCertificate;
    return this;
}

From source file:ch.swisscom.mid.verifier.MobileIdCmsVerifier.java

/**
 * Prints Issuer/SubjectDN/SerialNumber of all x509 certificates that can be found in the CMSSignedData
 * /*from ww w.j av a  2 s .  com*/
 * @throws CertificateException
 */
private void printAllX509Certificates() throws CertificateException {

    // Find all available certificates with getMatches(null)
    Iterator<?> certIt = cmsSignedData.getCertificates().getMatches(null).iterator();
    int i = 0;

    while (certIt.hasNext()) {
        X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
        X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
        System.out.println("X509 Certificate #" + ++i);
        System.out.println("X509 Issuer: " + cert.getIssuerDN());
        System.out.println("X509 Subject DN: " + cert.getSubjectDN());
        System.out.println("X509 SerialNumber: " + cert.getSerialNumber());
        System.out.println("SignerCert: " + (cert.getBasicConstraints() == -1 ? "Yes" : "No"));
        System.out.println();
    }
}