final X509CertSelector selector = new X509CertSelector(); selector.setCertificate( first ); final PKIXBuilderParameters params = new PKIXBuilderParameters( store, selector ); params.addCertStore( cs ); params.setDate( new Date() ); params.setRevocationEnabled( false ); final CertPathBuilder pathBuilder = CertPathBuilder.getInstance( CertPathBuilder.getDefaultType() ); final CertPath cp = pathBuilder.build( params ).getCertPath(); final CertPathValidator pathValidator = CertPathValidator.getInstance( "PKIX" ); pathValidator.validate( cp, params );
X509CertSelector certSelect = new X509CertSelector(); certSelect.setCertificate(certList.get(0)); CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX"); PKIXRevocationChecker revocationChecker = (PKIXRevocationChecker) certPathBuilder.getRevocationChecker(); pbParams = new PKIXBuilderParameters(_trustStore, certSelect); } else { Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>(); pbParams = new PKIXBuilderParameters(trustAnchors, certSelect); pbParams.addCertPathChecker(revocationChecker); pbParams.setDate(date); CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams); CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
X509CertSelector certificateSelector = new X509CertSelector(); certificateSelector.setCertificate(certificateList.get(0)); PKIXBuilderParameters params = new PKIXBuilderParameters(trustStoreReference.get(), certificateSelector); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certificateList))); params.setMaxPathLength(-1); params.setRevocationEnabled(true); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlReference.get()))); LOG.debug("Validating certificate " + certificateSelector.getCertificate()); CertPathBuilderResult builderResult = certPathBuilder.build(params); certPathValidator.validate(builderResult.getCertPath(), params); LOG.debug("Certificate " + certificateSelector.getCertificate() + " is valid"); } catch (GeneralSecurityException gse) {
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); final X509Certificate certificateToCheck = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes)); final KeyStore trustStore = KeyStore.getInstance("JKS"); InputStream keyStoreStream = ... trustStore.load(keyStoreStrem, "your password".toCharArray()); final CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX"); final X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate(certificateToCheck); final CertPathParameters certPathParameters = new PKIXBuilderParameters(trustStore, certSelector); final CertPathBuilderResult certPathBuilderResult = certPathBuilder.build(certPathParameters); final CertPath certPath = certPathBuilderResult.getCertPath(); final CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX"); final PKIXParameters validationParameters = new PKIXParameters(trustStore); validationParameters.setRevocationEnabled(true); // if you want to check CRL final X509CertSelector keyUsageSelector = new X509CertSelector(); keyUsageSelector.setKeyUsage(new boolean[] { true, false, true }); // to check digitalSignature and keyEncipherment bits validationParameters.setTargetCertConstraints(keyUsageSelector); final PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, validationParameters); System.out.println(result);
X509CertSelector targetConstraints = new X509CertSelector(); targetConstraints.setSubject(certs[0].getSubjectX500Principal()); PKIXBuilderParameters params = new PKIXBuilderParameters(cacerts, targetConstraints); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(certs)))); params.setRevocationEnabled(false); CertPath cp = CertPathBuilder.getInstance("PKIX").build(params).getCertPath(); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(cp, params); return isEV(result); } catch (Exception ex) {
public static boolean isLeafCertificateValid(KeyStore kstore, X509Certificate cert) throws LeafCertificateValidationException { try { CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX"); X509CertSelector select = new X509CertSelector(); select.setSubject(cert.getSubjectX500Principal().getEncoded()); PKIXBuilderParameters params = new PKIXBuilderParameters(trustanchors, select); CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)); params.addCertStore(certStore); params.setRevocationEnabled(false); CertPathBuilderResult cpbr = pathBuilder.build(params); List<X509Certificate> path = (List<X509Certificate>) cpbr.getCertPath().getCertificates(); X509Certificate issuer = (path.size()< 2 ? ((TrustAnchor)trustanchors.iterator().next()).getTrustedCert() : path.get(1)); OCSPClient client = new OCSPClient(issuer, path.get(0));
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate((X509Certificate) myKeyStore.getCertificate("mykey")); PKIXBuilderParameters cpp = new PKIXBuilderParameters(trustAnchors, certSelector); cpp.addCertStore(cs); cpp.setRevocationEnabled(true); cpp.setMaxPathLength(6); cpp.setDate(new Date()); CertPathBuilderResult a = cpb.build(cpp); CertPath certPath = a.getCertPath();
final PKIXBuilderParameters parameters = new PKIXBuilderParameters( trustAnchors, selector ); parameters.setDate( validPointInTime ); parameters.addCertStore( certificates ); try pathBuilder = CertPathBuilder.getInstance( "PKIX", "BC" ); pathBuilder = CertPathBuilder.getInstance( "PKIX" ); final CertPathBuilderResult result = pathBuilder.build( parameters ); return result.getCertPath();
X509CertSelector certSelector = new X509CertSelector(); certSelector.setSubject(x509certificate.getSubjectX500Principal()); PKIXParameters params = new PKIXBuilderParameters(store,certSelector); CertStore cstore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(icert1, icert2 /*, other certs... */))); params.addCertStore(cstore); CertPathBuilder cpb = CertPathBuilder.getInstance(CertPathBuilder.getDefaultType()); CertPath certPath = cpb.build(params).getCertPath();
if (attrCert.getHolder().getIssuer() != null) X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(attrCert.getHolder().getSerialNumber()); Principal[] principals = attrCert.getHolder().getIssuer(); for (int i = 0; i < principals.length; i++) selector.setIssuer(((X500Principal)principals[i]) .getEncoded()); try builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); result = builder.build(new PKIXExtendedBuilderParameters.Builder(paramsBldr.build()).build()); return result.getCertPath();
X509CertSelector certSelector = new X509CertSelector(); try certSelector.setSubject(issuerPrincipal); X509CertSelector tmpCertSelector = new X509CertSelector(); tmpCertSelector.setCertificate(signingCert); List certs = builder.engineBuild(extParams).getCertPath().getCertificates(); validCerts.add(signingCert); validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0, helper));
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); selector = new X509CertStoreSelector(); selector.setCertificate(signingCert); List certs = builder.build(params).getCertPath().getCertificates(); validCerts.add(signingCert); validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
final PKIXBuilderParameters parameters = new PKIXBuilderParameters( trustAnchors, selector ); parameters.setDate( validPointInTime ); parameters.addCertStore( certificates ); try pathBuilder = CertPathBuilder.getInstance( "PKIX", "BC" ); pathBuilder = CertPathBuilder.getInstance( "PKIX" ); final CertPathBuilderResult result = pathBuilder.build( parameters ); return result.getCertPath();
if (attrCert.getHolder().getIssuer() != null) X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(attrCert.getHolder().getSerialNumber()); Principal[] principals = attrCert.getHolder().getIssuer(); for (int i = 0; i < principals.length; i++) selector.setIssuer(((X500Principal)principals[i]) .getEncoded()); try builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); result = builder.build(new PKIXExtendedBuilderParameters.Builder(paramsBldr.build()).build()); return result.getCertPath();
X509CertSelector certSelector = new X509CertSelector(); try certSelector.setSubject(issuerPrincipal); X509CertSelector tmpCertSelector = new X509CertSelector(); tmpCertSelector.setCertificate(signingCert); List certs = builder.engineBuild(extParams).getCertPath().getCertificates(); validCerts.add(signingCert); validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0, helper));
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); selector = new X509CertStoreSelector(); selector.setCertificate(signingCert); List certs = builder.build(params).getCertPath().getCertificates(); validCerts.add(signingCert); validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate(x509Certificates[0]); PKIXBuilderParameters params = new PKIXBuilderParameters(trustStore,certSelector); if(useCRLs) { params.addCertStore(crlStore); } else { Log.debug("ClientTrustManager: no CRL's found, so setRevocationEnabled(false)"); params.setRevocationEnabled(false); CertPathBuilderResult cpbr = cpb.build(params); CertPath cp = cpbr.getCertPath(); if(JiveGlobals.getBooleanProperty("ocsp.enable",false)) { Log.debug("ClientTrustManager: OCSP requested"); params.addCertPathChecker(ocspChecker); PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp, params); X509Certificate trustedCert = cpvResult.getTrustAnchor().getTrustedCert(); if(trustedCert == null) {
if (attrCert.getHolder().getIssuer() != null) X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(attrCert.getHolder().getSerialNumber()); Principal[] principals = attrCert.getHolder().getIssuer(); for (int i = 0; i < principals.length; i++) selector.setIssuer(((X500Principal)principals[i]) .getEncoded()); try builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); result = builder.build(new PKIXExtendedBuilderParameters.Builder(paramsBldr.build()).build()); return result.getCertPath();
X509CertSelector certSelector = new X509CertSelector(); try certSelector.setSubject(issuerPrincipal); X509CertSelector tmpCertSelector = new X509CertSelector(); tmpCertSelector.setCertificate(signingCert); List certs = builder.engineBuild(extParams).getCertPath().getCertificates(); validCerts.add(signingCert); validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0, helper));
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); selector = new X509CertStoreSelector(); selector.setCertificate(signingCert); List certs = builder.build(params).getCertPath().getCertificates(); validCerts.add(signingCert); validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));