Example 6 with CertPathBuilderException
use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class CertPathBuilderExceptionTest method testCertPathBuilderException08.
/**
* Test for <code>CertPathBuilderException(String, Throwable)</code>
* constructor Assertion: constructs CertPathBuilderException when
* <code>cause</code> is not null <code>msg</code> is null
*/
public void testCertPathBuilderException08() {
CertPathBuilderException tE = new CertPathBuilderException(null, tCause);
if (tE.getMessage() != null) {
String toS = tCause.toString();
String getM = tE.getMessage();
assertTrue("getMessage() must should ".concat(toS), (getM.indexOf(toS) != -1));
}
assertNotNull("getCause() must not return null", tE.getCause());
assertEquals("getCause() must return ".concat(tCause.toString()), tE.getCause(), tCause);
}
Also used :
CertPathBuilderException(java.security.cert.CertPathBuilderException)
Example 7 with CertPathBuilderException
use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class CertPathBuilderExceptionTest method testCertPathBuilderException04.
/**
* Test for <code>CertPathBuilderException(Throwable)</code> constructor
* Assertion: constructs CertPathBuilderException when <code>cause</code>
* is null
*/
public void testCertPathBuilderException04() {
Throwable cause = null;
CertPathBuilderException tE = new CertPathBuilderException(cause);
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
Also used :
CertPathBuilderException(java.security.cert.CertPathBuilderException)
Example 8 with CertPathBuilderException
use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class CertPathBuilderExceptionTest method testCertPathBuilderException02.
/**
* Test for <code>CertPathBuilderException(String)</code> constructor
* Assertion: constructs CertPathBuilderException with detail message msg.
* Parameter <code>msg</code> is not null.
*/
public void testCertPathBuilderException02() {
CertPathBuilderException tE;
for (int i = 0; i < msgs.length; i++) {
tE = new CertPathBuilderException(msgs[i]);
assertEquals("getMessage() must return: ".concat(msgs[i]), tE.getMessage(), msgs[i]);
assertNull("getCause() must return null", tE.getCause());
}
}
Also used :
CertPathBuilderException(java.security.cert.CertPathBuilderException)
Example 9 with CertPathBuilderException
use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class myCertPathBuilder method testCertPathBuilder12.
/**
* Test for
* <code>CertPathBuilder</code> constructor
* Assertion: returns CertPathBuilder object
*/
public void testCertPathBuilder12() throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertPathBuilderException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
CertPathBuilderSpi spi = new MyCertPathBuilderSpi();
CertPathBuilder certPB = new myCertPathBuilder(spi, defaultProvider, defaultType);
assertEquals("Incorrect algorithm", certPB.getAlgorithm(), defaultType);
assertEquals("Incorrect provider", certPB.getProvider(), defaultProvider);
try {
certPB.build(null);
fail("CertPathBuilderException must be thrown ");
} catch (CertPathBuilderException e) {
}
certPB = new myCertPathBuilder(null, null, null);
assertNull("Incorrect algorithm", certPB.getAlgorithm());
assertNull("Incorrect provider", certPB.getProvider());
try {
certPB.build(null);
fail("NullPointerException must be thrown ");
} catch (NullPointerException e) {
}
}
Also used :
MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi)
CertPathBuilderSpi(java.security.cert.CertPathBuilderSpi)
MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
CertPathBuilder(java.security.cert.CertPathBuilder)
Example 10 with CertPathBuilderException
use of java.security.cert.CertPathBuilderException in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCRLF.
/**
* Obtain and validate the certification path for the complete CRL issuer.
* If a key usage extension is present in the CRL issuer's certificate,
* verify that the cRLSign bit is set.
*
* @param crl CRL which contains revocation information for the certificate
* <code>cert</code>.
* @param cert The attribute certificate or certificate to check if it is
* revoked.
* @param defaultCRLSignCert The issuer certificate of the certificate <code>cert</code>.
* @param defaultCRLSignKey The public key of the issuer certificate
* <code>defaultCRLSignCert</code>.
* @param paramsPKIX paramsPKIX PKIX parameters.
* @param certPathCerts The certificates on the certification path.
* @return A <code>Set</code> with all keys of possible CRL issuer
* certificates.
* @throws AnnotatedException if the CRL is not valid or the status cannot be checked or
* some error occurs.
*/
protected static Set processCRLF(X509CRL crl, Object cert, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, ExtendedPKIXParameters paramsPKIX, List certPathCerts) throws AnnotatedException {
// (f)
// get issuer from CRL
X509CertStoreSelector selector = new X509CertStoreSelector();
try {
byte[] issuerPrincipal = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
selector.setSubject(issuerPrincipal);
} catch (IOException e) {
throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e);
}
// get CRL signing certs
Collection coll;
try {
coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getStores());
coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getAdditionalStores()));
coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertStores()));
} catch (AnnotatedException e) {
throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e);
}
coll.add(defaultCRLSignCert);
Iterator cert_it = coll.iterator();
List validCerts = new ArrayList();
List validKeys = new ArrayList();
while (cert_it.hasNext()) {
X509Certificate signingCert = (X509Certificate) cert_it.next();
/*
* CA of the certificate, for which this CRL is checked, has also
* signed CRL, so skip the path validation, because is already done
*/
if (signingCert.equals(defaultCRLSignCert)) {
validCerts.add(signingCert);
validKeys.add(defaultCRLSignKey);
continue;
}
try {
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
selector = new X509CertStoreSelector();
selector.setCertificate(signingCert);
ExtendedPKIXParameters temp = (ExtendedPKIXParameters) paramsPKIX.clone();
temp.setTargetCertConstraints(selector);
ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance(temp);
/*
* if signingCert is placed not higher on the cert path a
* dependency loop results. CRL for cert is checked, but
* signingCert is needed for checking the CRL which is dependent
* on checking cert because it is higher in the cert path and so
* signing signingCert transitively. so, revocation is disabled,
* forgery attacks of the CRL are detected in this outer loop
* for all other it must be enabled to prevent forgery attacks
*/
if (certPathCerts.contains(signingCert)) {
params.setRevocationEnabled(false);
} else {
params.setRevocationEnabled(true);
}
List certs = builder.build(params).getCertPath().getCertificates();
validCerts.add(signingCert);
validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
} catch (CertPathBuilderException e) {
throw new AnnotatedException("Internal error.", e);
} catch (CertPathValidatorException e) {
throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e);
} catch (Exception e) {
throw new RuntimeException(e.getMessage());
}
}
Set checkKeys = new HashSet();
AnnotatedException lastException = null;
for (int i = 0; i < validCerts.size(); i++) {
X509Certificate signCert = (X509Certificate) validCerts.get(i);
boolean[] keyusage = signCert.getKeyUsage();
if (keyusage != null && (keyusage.length < 7 || !keyusage[CRL_SIGN])) {
lastException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
} else {
checkKeys.add(validKeys.get(i));
}
}
if (checkKeys.isEmpty() && lastException == null) {
throw new AnnotatedException("Cannot find a valid issuer certificate.");
}
if (checkKeys.isEmpty() && lastException != null) {
throw lastException;
}
return checkKeys;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters)
X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
List(java.util.List)
ArrayList(java.util.ArrayList)
CertPathBuilder(java.security.cert.CertPathBuilder)
HashSet(java.util.HashSet)
Aggregations
CertPathBuilderException (java.security.cert.CertPathBuilderException)22
X509Certificate (java.security.cert.X509Certificate)9
CertPathBuilder (java.security.cert.CertPathBuilder)7
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)7
ArrayList (java.util.ArrayList)7
IOException (java.io.IOException)5
GeneralSecurityException (java.security.GeneralSecurityException)5
CertPathBuilderResult (java.security.cert.CertPathBuilderResult)5
PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)5
HashSet (java.util.HashSet)5
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4
CertPathValidatorException (java.security.cert.CertPathValidatorException)4
X509CertSelector (java.security.cert.X509CertSelector)4
Collection (java.util.Collection)4
Iterator (java.util.Iterator)4
List (java.util.List)4
ExtendedPKIXBuilderParameters (org.bouncycastle.x509.ExtendedPKIXBuilderParameters)4
X509CertStoreSelector (org.bouncycastle.x509.X509CertStoreSelector)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertPath (java.security.cert.CertPath)3
