Example 36 with InvalidAlgorithmParameterException
use of java.security.InvalidAlgorithmParameterException in project robovm by robovm.
the class myCertPathBuilder method testBuild.
// Test passed on RI
@KnownFailure(value = "expired certificate bug 2322662")
public void testBuild() throws Exception {
TestUtils.initCertPathSSCertChain();
CertPathParameters params = TestUtils.getCertPathParameters();
CertPathBuilder builder = TestUtils.getCertPathBuilder();
try {
CertPathBuilderResult result = builder.build(params);
assertNotNull("builder result is null", result);
CertPath certPath = result.getCertPath();
assertNotNull("certpath of builder result is null", certPath);
} catch (InvalidAlgorithmParameterException e) {
fail("unexpected Exception: " + e);
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
CertPathBuilderResult(java.security.cert.CertPathBuilderResult)
CertPathParameters(java.security.cert.CertPathParameters)
CertPathBuilder(java.security.cert.CertPathBuilder)
CertPath(java.security.cert.CertPath)
KnownFailure(dalvik.annotation.KnownFailure)
Example 37 with InvalidAlgorithmParameterException
use of java.security.InvalidAlgorithmParameterException in project robovm by robovm.
the class KeyPairGeneratorSpi method initialize.
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
if (!(params instanceof RSAKeyGenParameterSpec)) {
throw new InvalidAlgorithmParameterException("parameter object not a RSAKeyGenParameterSpec");
}
RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec) params;
param = new RSAKeyGenerationParameters(rsaParams.getPublicExponent(), random, rsaParams.getKeysize(), defaultTests);
engine.init(param);
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec)
RSAKeyGenerationParameters(org.bouncycastle.crypto.params.RSAKeyGenerationParameters)
Example 38 with InvalidAlgorithmParameterException
use of java.security.InvalidAlgorithmParameterException in project robovm by robovm.
the class CipherSpi method engineInit.
protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
AlgorithmParameterSpec paramSpec = null;
if (params != null) {
try {
paramSpec = params.getParameterSpec(OAEPParameterSpec.class);
} catch (InvalidParameterSpecException e) {
throw new InvalidAlgorithmParameterException("cannot recognise parameters: " + e.toString(), e);
}
}
engineParams = params;
engineInit(opmode, key, paramSpec, random);
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
Example 39 with InvalidAlgorithmParameterException
use of java.security.InvalidAlgorithmParameterException in project robovm by robovm.
the class CipherSpi method engineInit.
protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
CipherParameters param;
if (params == null || params instanceof OAEPParameterSpec) {
if (key instanceof RSAPublicKey) {
if (privateKeyOnly && opmode == Cipher.ENCRYPT_MODE) {
throw new InvalidKeyException("mode 1 requires RSAPrivateKey");
}
param = RSAUtil.generatePublicKeyParameter((RSAPublicKey) key);
} else if (key instanceof RSAPrivateKey) {
if (publicKeyOnly && opmode == Cipher.ENCRYPT_MODE) {
throw new InvalidKeyException("mode 2 requires RSAPublicKey");
}
param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey) key);
} else {
throw new InvalidKeyException("unknown key type passed to RSA");
}
if (params != null) {
OAEPParameterSpec spec = (OAEPParameterSpec) params;
paramSpec = params;
if (!spec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !spec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) {
throw new InvalidAlgorithmParameterException("unknown mask generation function specified");
}
if (!(spec.getMGFParameters() instanceof MGF1ParameterSpec)) {
throw new InvalidAlgorithmParameterException("unkown MGF parameters");
}
Digest digest = DigestFactory.getDigest(spec.getDigestAlgorithm());
if (digest == null) {
throw new InvalidAlgorithmParameterException("no match on digest algorithm: " + spec.getDigestAlgorithm());
}
MGF1ParameterSpec mgfParams = (MGF1ParameterSpec) spec.getMGFParameters();
Digest mgfDigest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm());
if (mgfDigest == null) {
throw new InvalidAlgorithmParameterException("no match on MGF digest algorithm: " + mgfParams.getDigestAlgorithm());
}
cipher = new OAEPEncoding(new RSABlindedEngine(), digest, mgfDigest, ((PSource.PSpecified) spec.getPSource()).getValue());
}
} else {
throw new IllegalArgumentException("unknown parameter type.");
}
if (!(cipher instanceof RSABlindedEngine)) {
if (random != null) {
param = new ParametersWithRandom(param, random);
} else {
param = new ParametersWithRandom(param, new SecureRandom());
}
}
bOut.reset();
switch(opmode) {
case Cipher.ENCRYPT_MODE:
case Cipher.WRAP_MODE:
cipher.init(true, param);
break;
case Cipher.DECRYPT_MODE:
case Cipher.UNWRAP_MODE:
cipher.init(false, param);
break;
default:
throw new InvalidParameterException("unknown opmode " + opmode + " passed to RSA");
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
Digest(org.bouncycastle.crypto.Digest)
ParametersWithRandom(org.bouncycastle.crypto.params.ParametersWithRandom)
SecureRandom(java.security.SecureRandom)
InvalidKeyException(java.security.InvalidKeyException)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
CipherParameters(org.bouncycastle.crypto.CipherParameters)
InvalidParameterException(java.security.InvalidParameterException)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine)
OAEPEncoding(org.bouncycastle.crypto.encodings.OAEPEncoding)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)
Example 40 with InvalidAlgorithmParameterException
use of java.security.InvalidAlgorithmParameterException in project robovm by robovm.
the class TrustManagerImpl method checkTrusted.
private List<X509Certificate> checkTrusted(X509Certificate[] chain, String authType, String host, boolean clientAuth) throws CertificateException {
if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
throw new IllegalArgumentException("null or zero-length parameter");
}
if (err != null) {
throw new CertificateException(err);
}
// get the cleaned up chain and trust anchor
// there can only be one!
Set<TrustAnchor> trustAnchor = new HashSet<TrustAnchor>();
X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchor);
// add the first trust anchor to the chain, which may be an intermediate
List<X509Certificate> wholeChain = new ArrayList<X509Certificate>();
wholeChain.addAll(Arrays.asList(newChain));
// trustAnchor is actually just a single element
for (TrustAnchor trust : trustAnchor) {
wholeChain.add(trust.getTrustedCert());
}
// add all the cached certificates from the cert index, avoiding loops
// this gives us a full chain from leaf to root, which we use for cert pinning and pass
// back out to callers when we return.
X509Certificate last = wholeChain.get(wholeChain.size() - 1);
while (true) {
TrustAnchor cachedTrust = trustedCertificateIndex.findByIssuerAndSignature(last);
// trusted a non-self-signed cert.
if (cachedTrust == null) {
break;
}
// at this point we have a cached trust anchor, but don't know if its one we got from
// the server. Extract the cert, compare it to the last element in the chain, and add it
// if we haven't seen it before.
X509Certificate next = cachedTrust.getTrustedCert();
if (next != last) {
wholeChain.add(next);
last = next;
} else {
// if next == last then we found a self-signed cert and the chain is done
break;
}
}
// build the cert path from the array of certs sans trust anchors
CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
if (host != null) {
boolean chainIsNotPinned = true;
try {
chainIsNotPinned = pinManager.chainIsNotPinned(host, wholeChain);
} catch (PinManagerException e) {
throw new CertificateException(e);
}
if (chainIsNotPinned) {
throw new CertificateException(new CertPathValidatorException("Certificate path is not properly pinned.", null, certPath, -1));
}
}
if (newChain.length == 0) {
// chain was entirely trusted, skip the validator
return wholeChain;
}
if (trustAnchor.isEmpty()) {
throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
}
// There's no point in checking trust anchors here, and it will throw off the MD5 check,
// so we just hand it the chain without anchors
ChainStrengthAnalyzer.check(newChain);
try {
PKIXParameters params = new PKIXParameters(trustAnchor);
params.setRevocationEnabled(false);
params.addCertPathChecker(new ExtendedKeyUsagePKIXCertPathChecker(clientAuth, newChain[0]));
validator.validate(certPath, params);
// cleanupCertChainAndFindTrustAnchors. http://b/3404902
for (int i = 1; i < newChain.length; i++) {
trustedCertificateIndex.index(newChain[i]);
}
} catch (InvalidAlgorithmParameterException e) {
throw new CertificateException(e);
} catch (CertPathValidatorException e) {
throw new CertificateException(e);
}
return wholeChain;
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
TrustAnchor(java.security.cert.TrustAnchor)
X509Certificate(java.security.cert.X509Certificate)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
PKIXParameters(java.security.cert.PKIXParameters)
CertPath(java.security.cert.CertPath)
HashSet(java.util.HashSet)
Aggregations
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)394
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)216
InvalidKeyException (java.security.InvalidKeyException)206
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)130
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)114
BadPaddingException (javax.crypto.BadPaddingException)112
Cipher (javax.crypto.Cipher)101
IvParameterSpec (javax.crypto.spec.IvParameterSpec)100
IOException (java.io.IOException)74
SecretKeySpec (javax.crypto.spec.SecretKeySpec)58
NoSuchProviderException (java.security.NoSuchProviderException)56
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)49
CertificateException (java.security.cert.CertificateException)45
KeyStoreException (java.security.KeyStoreException)43
SecureRandom (java.security.SecureRandom)37
SecretKey (javax.crypto.SecretKey)34
BigInteger (java.math.BigInteger)31
KeyPairGenerator (java.security.KeyPairGenerator)27
UnrecoverableKeyException (java.security.UnrecoverableKeyException)27
X509Certificate (java.security.cert.X509Certificate)27
