/*
  * Parses the data in the given input stream as a sequence of DER encoded
  * X.509 CRLs (in binary or base 64 encoded format) OR as a single PKCS#7
  * encoded blob (in binary or base 64 encoded format).
  */
 private Collection<? extends java.security.cert.CRL> parseX509orPKCS7CRL(InputStream is)
     throws CRLException, IOException {
   Collection<X509CRLImpl> coll = new ArrayList<>();
   byte[] data = readOneBlock(is);
   if (data == null) {
     return new ArrayList<>(0);
   }
   try {
     PKCS7 pkcs7 = new PKCS7(data);
     X509CRL[] crls = pkcs7.getCRLs();
     // CRLs are optional in PKCS #7
     if (crls != null) {
       return Arrays.asList(crls);
     } else {
       // no crls provided
       return new ArrayList<>(0);
     }
   } catch (ParsingException e) {
     while (data != null) {
       coll.add(new X509CRLImpl(data));
       data = readOneBlock(is);
     }
   }
   return coll;
 }
Example #2
0
  private X509Certificate[] doBuild(X509Certificate[] chain, Collection otherCerts)
      throws CertificateException {
    try {
      PKIXBuilderParameters params = (PKIXBuilderParameters) parameterTemplate.clone();
      setDate(params);

      // setup target constraints
      X509CertSelector selector = new X509CertSelector();
      selector.setCertificate(chain[0]);
      params.setTargetCertConstraints(selector);

      // setup CertStores
      Collection certs = new ArrayList();
      certs.addAll(Arrays.asList(chain));
      if (otherCerts != null) {
        certs.addAll(otherCerts);
      }
      CertStore store =
          CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs));
      params.addCertStore(store);

      // do the build
      CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
      PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(params);

      return toArray(result.getCertPath(), result.getTrustAnchor());
    } catch (GeneralSecurityException e) {
      throw new ValidatorException("PKIX path building failed: " + e.toString(), e);
    }
  }
Example #3
0
 boolean commit(List rows, long updateStamp) {
   checkAllPermission();
   synchronized (lock) {
     if (updateStamp != timeStamp) return false;
     SecurityRow[] newRows = new SecurityRow[rows.size()];
     Collection names = new ArrayList();
     for (int i = 0; i < newRows.length; i++) {
       Object rowObj = rows.get(i);
       if (!(rowObj instanceof ConditionalPermissionInfo))
         throw new IllegalStateException(
             "Invalid type \""
                 + rowObj.getClass().getName()
                 + "\" at row: "
                 + i); //$NON-NLS-1$//$NON-NLS-2$
       ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj;
       String name = infoBaseRow.getName();
       if (name == null) name = generateName();
       if (names.contains(name))
         throw new IllegalStateException(
             "Duplicate name \"" + name + "\" at row: " + i); // $NON-NLS-1$//$NON-NLS-2$
       newRows[i] =
           new SecurityRow(
               this,
               name,
               infoBaseRow.getConditionInfos(),
               infoBaseRow.getPermissionInfos(),
               infoBaseRow.getAccessDecision());
     }
     condAdminTable = new SecurityTable(this, newRows);
     try {
       permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows());
     } catch (IOException e) {
       // TODO log
       e.printStackTrace();
     }
     timeStamp += 1;
     return true;
   }
 }
Example #4
0
 PKIXValidator(String variant, Collection trustedCerts) {
   super(TYPE_PKIX, variant);
   if (trustedCerts instanceof Set) {
     this.trustedCerts = (Set) trustedCerts;
   } else {
     this.trustedCerts = new HashSet(trustedCerts);
   }
   Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
   for (Iterator t = trustedCerts.iterator(); t.hasNext(); ) {
     X509Certificate cert = (X509Certificate) t.next();
     trustAnchors.add(new TrustAnchor(cert, null));
   }
   try {
     parameterTemplate = new PKIXBuilderParameters(trustAnchors, null);
   } catch (InvalidAlgorithmParameterException e) {
     throw new RuntimeException("Unexpected error: " + e.toString(), e);
   }
   setDefaultParameters(variant);
   initCommon();
 }