Example 96 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class PKIXExtendedTM method main.
public static void main(String[] args) throws Exception {
if (args.length != 1) {
throw new Exception("Incorrect number of arguments");
}
Test test = tests[Integer.parseInt(args[0])];
Security.setProperty("jdk.tls.disabledAlgorithms", test.tlsDisAlgs);
Security.setProperty("jdk.certpath.disabledAlgorithms", test.certPathDisAlgs);
if (debug) {
System.setProperty("javax.net.debug", "all");
}
/*
* Start the tests.
*/
try {
new PKIXExtendedTM();
if (test.fail) {
throw new Exception("Expected MD5 certificate to be blocked");
}
} catch (Exception e) {
if (test.fail) {
// find expected cause
boolean correctReason = false;
Throwable cause = e.getCause();
while (cause != null) {
if (cause instanceof CertPathValidatorException) {
CertPathValidatorException cpve = (CertPathValidatorException) cause;
if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) {
correctReason = true;
break;
}
}
cause = cause.getCause();
}
if (!correctReason) {
throw new Exception("Unexpected exception", e);
}
} else {
throw e;
}
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
Example 97 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project mobile-center-sdk-android by Microsoft.
the class HttpUtilsAndroidTest method isRecoverableErrorTest.
@Test
public void isRecoverableErrorTest() {
assertTrue(isRecoverableError(new EOFException()));
assertTrue(isRecoverableError(new InterruptedIOException()));
assertTrue(isRecoverableError(new SocketTimeoutException()));
assertTrue(isRecoverableError(new SocketException()));
assertTrue(isRecoverableError(new PortUnreachableException()));
assertTrue(isRecoverableError(new UnknownHostException()));
assertTrue(isRecoverableError(new RejectedExecutionException()));
assertFalse(isRecoverableError(new MalformedURLException()));
assertFalse(isRecoverableError(new IOException()));
assertTrue(isRecoverableError(new IOException(new EOFException())));
assertFalse(isRecoverableError(new IOException(new Exception())));
for (int i = 0; i <= 4; i++) assertTrue(isRecoverableError(new HttpException(500 + i)));
for (int i = 0; i <= 6; i++) assertFalse(isRecoverableError(new HttpException(400 + i)));
assertTrue(isRecoverableError(new HttpException(408)));
assertFalse(isRecoverableError(new HttpException(413)));
assertFalse(isRecoverableError(new HttpException(429)));
assertTrue(isRecoverableError(new SSLException("Write error: ssl=0x59c28f90: I/O error during system call, Connection timed out")));
assertFalse(isRecoverableError(new SSLException(null, new CertPathValidatorException("Trust anchor for certification path not found."))));
assertFalse(isRecoverableError(new SSLException("java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty")));
assertTrue(isRecoverableError(new SSLException("Read error: ssl=0x9dd07200: I/O error during system call, Connection reset by peer")));
assertTrue(isRecoverableError(new SSLException("SSL handshake aborted: ssl=0x1cc160: I/O error during system call, Connection reset by peer")));
assertTrue(isRecoverableError(new SSLHandshakeException("java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.")));
assertTrue(isRecoverableError(new SSLHandshakeException("javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x870c918: Failure in SSL library, usually a protocol error\nerror:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:658 0xb7c393a1:0x00000000)")));
}
Also used :
InterruptedIOException(java.io.InterruptedIOException)
SocketException(java.net.SocketException)
PortUnreachableException(java.net.PortUnreachableException)
MalformedURLException(java.net.MalformedURLException)
UnknownHostException(java.net.UnknownHostException)
IOException(java.io.IOException)
InterruptedIOException(java.io.InterruptedIOException)
SSLException(javax.net.ssl.SSLException)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
MalformedURLException(java.net.MalformedURLException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
InterruptedIOException(java.io.InterruptedIOException)
UnknownHostException(java.net.UnknownHostException)
SocketException(java.net.SocketException)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
SSLException(javax.net.ssl.SSLException)
SocketTimeoutException(java.net.SocketTimeoutException)
PortUnreachableException(java.net.PortUnreachableException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
SocketTimeoutException(java.net.SocketTimeoutException)
EOFException(java.io.EOFException)
Test(org.junit.Test)
Example 98 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Example 99 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class CertificateValidityCheckerTest method getsInvalidCertificates.
@Test
public void getsInvalidCertificates() throws Exception {
String description = "Certificate invalid";
CertPathValidatorException certPathValidatorException = new CertPathValidatorException(description);
when(certificateChainValidator.validate(certificateDetails.getX509(), trustStore)).thenReturn(CertificateValidity.invalid(certPathValidatorException));
ImmutableList<InvalidCertificateDto> invalidCertificates = certificateValidityChecker.getInvalidCertificates(ImmutableList.of(certificateDetails));
InvalidCertificateDto expected = new InvalidCertificateDto(certificateDetails.getIssuerId(), certPathValidatorException.getReason(), CertificateType.SIGNING, certificateDetails.getFederationEntityType(), description);
assertThat(invalidCertificates).usingFieldByFieldElementComparator().containsOnly(expected);
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
InvalidCertificateDto(uk.gov.ida.hub.config.dto.InvalidCertificateDto)
Test(org.junit.Test)
Example 100 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Aggregations
CertPathValidatorException (java.security.cert.CertPathValidatorException)102
IOException (java.io.IOException)46
X509Certificate (java.security.cert.X509Certificate)44
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)36
ArrayList (java.util.ArrayList)35
GeneralSecurityException (java.security.GeneralSecurityException)32
List (java.util.List)30
CertPathBuilderException (java.security.cert.CertPathBuilderException)25
CertificateExpiredException (java.security.cert.CertificateExpiredException)24
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)24
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)23
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)21
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18
Enumeration (java.util.Enumeration)15
Iterator (java.util.Iterator)15
CertPath (java.security.cert.CertPath)13
CertificateException (java.security.cert.CertificateException)13
HashSet (java.util.HashSet)12
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10
