try first.checkValidity(); if ( chain.length == 1 && first.getSubjectX500Principal().equals( first.getIssuerX500Principal() ) ) for ( Enumeration<String> aliases = store.aliases(); aliases.hasMoreElements(); ) String alias = aliases.nextElement(); if ( store.isCertificateEntry( alias ) ) pathValidator.validate( cp, params ); return (X509Certificate) cp.getCertificates().get( 0 );
/** * Returns an alternate object to be serialized. * * @return an alternate object to be serialized. * @throws ObjectStreamException * if the creation of the alternate object fails. */ protected Object writeReplace() throws ObjectStreamException { try { return new CertPathRep(getType(), getEncoded()); } catch (CertificateEncodingException e) { throw new NotSerializableException("Could not create serialization object: " + e); } }
/** * Compares the specified object with this {@code Timestamp} for equality * and returns {@code true} if the specified object is equal, {@code false} * otherwise. The given object is equal to this {@code Timestamp}, if it is * an instance of {@code Timestamp}, the two timestamps have an equal date * and time and their certificate paths are equal. * * @param obj * object to be compared for equality with this {@code * Timestamp}. * @return {@code true} if the specified object is equal to this {@code * Timestamp}, otherwise {@code false}. * @see #hashCode */ @Override public boolean equals(Object obj) { if (obj == this) { return true; } if (obj instanceof Timestamp) { Timestamp that = (Timestamp) obj; return timestamp.equals(that.timestamp) && signerCertPath.equals(that.signerCertPath); } return false; }
/** * Overrides {@code Object.hashCode()}. The function is defined as follows: * <pre> * {@code hashCode = 31 * path.getType().hashCode() + * path.getCertificates().hashCode();} * </pre> * * @return the hash code for this instance. */ public int hashCode() { int hash = getType().hashCode(); hash = hash*31 + getCertificates().hashCode(); return hash; }
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX"); X509CertSelector select = new X509CertSelector(); select.setSubject(cert.getSubjectX500Principal().getEncoded()); Set trustanchors = new HashSet(); List<Certificate> certList = new ArrayList<>(); certList.add(cert); Enumeration<String> enumeration = kstore.aliases(); while (enumeration.hasMoreElements()) { X509Certificate certificate = (X509Certificate) kstore.getCertificate(enumeration.nextElement()); if (certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) { if (isCertificateSelfSigned(certificate)) { trustanchors.add(new TrustAnchor((X509Certificate) certificate, null)); params.setRevocationEnabled(false); CertPathBuilderResult cpbr = pathBuilder.build(params); List<X509Certificate> path = (List<X509Certificate>) cpbr.getCertPath().getCertificates(); X509Certificate issuer = (path.size()< 2 ? ((TrustAnchor)trustanchors.iterator().next()).getTrustedCert() : path.get(1)); OCSPClient client = new OCSPClient(issuer, path.get(0));
Set<Credential> credentials = new HashSet<Credential>(); if (source != null) { try { if (X509PKIPATHV1.equals(valueType)) { CertPath path = factory.generateCertPath(certStream); for (Certificate certificate : path.getCertificates()) { credentials.add(new CertificateCredential(certificate));
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); while (policyConstraints.hasMoreElements()) ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement(); switch (constraint.getTagNo()) try tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); int n = certs.size(); Set s_idp = new HashSet(); tmp = new HashSet(); tmp.add(sd_p); m_idp.put(id_p, tmp); while (e.hasMoreElements()) pinfo = PolicyInformation.getInstance(e.nextElement()); throw new CertPathValidatorException( "Policy information could not be decoded.", ex, certPath, index); if (cert.getCriticalExtensionOIDs() != null) ci = cert.getCriticalExtensionOIDs().contains( RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
if (signingCert.equals(defaultCRLSignCert)) List certs = builder.build(params).getCertPath().getCertificates(); validCerts.add(signingCert); validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0)); Set checkKeys = new HashSet(); boolean[] keyusage = signCert.getKeyUsage();
Set<X509Certificate> trustedRootCerts = new HashSet<X509Certificate>(); Set<X509Certificate> intermediateCerts = new HashSet<X509Certificate>(); for (X509Certificate additionalCert : additionalCerts) { if (isSelfSigned(additionalCert)) { List<? extends Certificate> certList = certPath.getCertificates(); X509Certificate cert = (X509Certificate) certList.get(0); if (cert.getBasicConstraints() != -1) { log.error("Target certificate is not an EE certificate!");
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); int _inhibitAnyPolicy = iap.getValue().intValue();
/** * Log information from the constructed cert path at level debug. * * @param buildResult the PKIX cert path builder result containing the cert path and trust anchor * @param targetCert the cert untrusted certificate that was being evaluated */ private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) { log.debug("Built valid PKIX cert path"); log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal())); for (Certificate cert : buildResult.getCertPath().getCertificates()) { log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert) .getSubjectX500Principal())); } TrustAnchor ta = buildResult.getTrustAnchor(); if (ta.getTrustedCert() != null) { log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal())); } else if (ta.getCA() != null) { log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA())); } else { log.debug("TrustAnchor: {}", ta.getCAName()); } }
/** * {@inheritDoc} */ public Object getSubject() { return ((X509Certificate) certs.getCertificates().get(0)).getSubjectDN(); }
protected static void prepareNextCertN( CertPath certPath, int index) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); // // (n) // boolean[] _usage = cert.getKeyUsage(); if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN]) { throw new ExtCertPathValidatorException( "Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, index); } }
/** * {@inheritDoc} * <p/> * A PSE Credential is valid as long as the associated certificate is * valid. */ public boolean isExpired() { try { ((X509Certificate) certs.getCertificates().get(0)).checkValidity(); return false; } catch (CertificateExpiredException expired) { return true; } catch (CertificateNotYetValidException notyet) { return true; } }
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
/** * Returns the latest time for which all of the X.509 certificates in the * certificate chain are valid. */ static long certificatesValidUntil(CertPath chain) { long result = Long.MAX_VALUE; List<? extends Certificate> certs = chain.getCertificates(); for (int i = certs.size(); --i >= 0;) { X509Certificate cert = (X509Certificate) certs.get(i); long until = cert.getNotAfter().getTime(); if (until < result) { result = until; } } return result; }
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); throw new CertPathValidatorException("Not a CA certificate"); throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
OCSPChecker(CertPath certPath, PKIXParameters pkixParams) throws CertPathValidatorException { this.cp = certPath; this.pkixParams = pkixParams; List<? extends Certificate> tmp = cp.getCertificates(); certs = (X509Certificate[]) tmp.toArray(new X509Certificate[tmp.size()]); init(false); }
private X509Certificate verifyPath(CertPathValidator cpv, CertPath certPath, PKIXParameters params) { try { cpv.validate(certPath, params); return (X509Certificate) certPath.getCertificates().get(0); } catch (CertPathValidatorException ex) { if (ex.getReason() == CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) { log.info("Cert not validated against the root {}", ex.getMessage()); return null; } else { log.warn("Cert not validated against the root {}", ex.getMessage()); throw new Fido2RPRuntimeException("Problem with certificate " + ex.getMessage()); } } catch (InvalidAlgorithmParameterException e) { log.warn("Cert verification problem {}", e.getMessage(), e); throw new Fido2RPRuntimeException("Problem with certificate"); } }