@Override protected PKIXValidationInformationResolver getPKIXResolver(MetadataProvider provider, Set<String> trustedKeys, Set<String> trustedNames) { // Use all available keys if (trustedKeys == null) { trustedKeys = keyManager.getAvailableCredentials(); } // Resolve allowed certificates to build the anchors List<X509Certificate> certificates = new LinkedList<X509Certificate>(); for (String key : trustedKeys) { log.debug("Adding PKIX trust anchor {} for metadata verification of provider {}", key, provider); X509Certificate certificate = keyManager.getCertificate(key); if (certificate != null) { certificates.add(certificate); } else { log.warn("Cannot construct PKIX trust anchor for key with alias {} for provider {}, key isn't included in the keystore", key, provider); } } List<PKIXValidationInformation> info = new LinkedList<PKIXValidationInformation>(); info.add(new BasicPKIXValidationInformation(certificates, null, 4)); return new StaticPKIXValidationInformationResolver(info, trustedNames); }
/** * Method is expected to construct information resolver with all trusted data available for the given provider. * * @return information resolver */ protected PKIXValidationInformationResolver getPKIXResolver() { // Use all available keys if (trustedKeys == null) { trustedKeys = keyManager.getAvailableCredentials(); } // Resolve allowed certificates to build the anchors List<X509Certificate> certificates = new ArrayList<X509Certificate>(trustedKeys.size()); for (String key : trustedKeys) { log.debug("Adding PKIX trust anchor {} for SSL/TLS verification {}", key); certificates.add(keyManager.getCertificate(key)); } List<PKIXValidationInformation> info = new LinkedList<PKIXValidationInformation>(); info.add(new BasicPKIXValidationInformation(certificates, null, 4)); return new StaticPKIXValidationInformationResolver(info, null); }
/** {@inheritDoc} */ protected Object createInstance() throws Exception { List<X509Certificate> certs = new ArrayList<X509Certificate>(); if (getCertificates() != null) { certs.addAll(getCertificates()); } List<X509CRL> crls = new ArrayList<X509CRL>(); if (getCrls() != null) { crls.addAll(getCrls()); } return new BasicPKIXValidationInformation(certs, crls, getVerifyDepth()); }
/** * Method responsible for loading of PKIX information. * * @param criteriaSet criteria for selection of data to include * @throws SecurityException in case credentials cannot be populated * @return PKIX information */ protected Collection<PKIXValidationInformation> populateCredentials(CriteriaSet criteriaSet) throws SecurityException { Collection<X509Certificate> anchors = new ArrayList<X509Certificate>(); Collection<X509CRL> crls = new ArrayList<X509CRL>(); populateMetadataAnchors(criteriaSet, anchors, crls); populateTrustedKeysAnchors(criteriaSet, anchors, crls); populateCRLs(criteriaSet, anchors, crls); PKIXValidationInformation info = new BasicPKIXValidationInformation(anchors, crls, getPKIXDepth()); return new ArrayList<PKIXValidationInformation>(Arrays.asList(info)); }
info.add(new BasicPKIXValidationInformation(certificates, null, 4)); return new StaticPKIXValidationInformationResolver(info, trustedNames) { @Override
return new BasicPKIXValidationInformation(certs, crls, depth);