use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class CertPathBuilderExceptionTest method testCertPathBuilderException08.
/**
* Test for <code>CertPathBuilderException(String, Throwable)</code>
* constructor Assertion: constructs CertPathBuilderException when
* <code>cause</code> is not null <code>msg</code> is null
*/
public void testCertPathBuilderException08() {
CertPathBuilderException tE = new CertPathBuilderException(null, tCause);
if (tE.getMessage() != null) {
String toS = tCause.toString();
String getM = tE.getMessage();
assertTrue("getMessage() must should ".concat(toS), (getM.indexOf(toS) != -1));
}
assertNotNull("getCause() must not return null", tE.getCause());
assertEquals("getCause() must return ".concat(tCause.toString()), tE.getCause(), tCause);
}
use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class CertPathBuilderExceptionTest method testCertPathBuilderException04.
/**
* Test for <code>CertPathBuilderException(Throwable)</code> constructor
* Assertion: constructs CertPathBuilderException when <code>cause</code>
* is null
*/
public void testCertPathBuilderException04() {
Throwable cause = null;
CertPathBuilderException tE = new CertPathBuilderException(cause);
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class CertPathBuilderExceptionTest method testCertPathBuilderException02.
/**
* Test for <code>CertPathBuilderException(String)</code> constructor
* Assertion: constructs CertPathBuilderException with detail message msg.
* Parameter <code>msg</code> is not null.
*/
public void testCertPathBuilderException02() {
CertPathBuilderException tE;
for (int i = 0; i < msgs.length; i++) {
tE = new CertPathBuilderException(msgs[i]);
assertEquals("getMessage() must return: ".concat(msgs[i]), tE.getMessage(), msgs[i]);
assertNull("getCause() must return null", tE.getCause());
}
}
use of java.security.cert.CertPathBuilderException in project robovm by robovm.
the class myCertPathBuilder method testCertPathBuilder12.
/**
* Test for
* <code>CertPathBuilder</code> constructor
* Assertion: returns CertPathBuilder object
*/
public void testCertPathBuilder12() throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertPathBuilderException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
CertPathBuilderSpi spi = new MyCertPathBuilderSpi();
CertPathBuilder certPB = new myCertPathBuilder(spi, defaultProvider, defaultType);
assertEquals("Incorrect algorithm", certPB.getAlgorithm(), defaultType);
assertEquals("Incorrect provider", certPB.getProvider(), defaultProvider);
try {
certPB.build(null);
fail("CertPathBuilderException must be thrown ");
} catch (CertPathBuilderException e) {
}
certPB = new myCertPathBuilder(null, null, null);
assertNull("Incorrect algorithm", certPB.getAlgorithm());
assertNull("Incorrect provider", certPB.getProvider());
try {
certPB.build(null);
fail("NullPointerException must be thrown ");
} catch (NullPointerException e) {
}
}
use of java.security.cert.CertPathBuilderException in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCRLF.
/**
* Obtain and validate the certification path for the complete CRL issuer.
* If a key usage extension is present in the CRL issuer's certificate,
* verify that the cRLSign bit is set.
*
* @param crl CRL which contains revocation information for the certificate
* <code>cert</code>.
* @param cert The attribute certificate or certificate to check if it is
* revoked.
* @param defaultCRLSignCert The issuer certificate of the certificate <code>cert</code>.
* @param defaultCRLSignKey The public key of the issuer certificate
* <code>defaultCRLSignCert</code>.
* @param paramsPKIX paramsPKIX PKIX parameters.
* @param certPathCerts The certificates on the certification path.
* @return A <code>Set</code> with all keys of possible CRL issuer
* certificates.
* @throws AnnotatedException if the CRL is not valid or the status cannot be checked or
* some error occurs.
*/
protected static Set processCRLF(X509CRL crl, Object cert, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, ExtendedPKIXParameters paramsPKIX, List certPathCerts) throws AnnotatedException {
// (f)
// get issuer from CRL
X509CertStoreSelector selector = new X509CertStoreSelector();
try {
byte[] issuerPrincipal = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
selector.setSubject(issuerPrincipal);
} catch (IOException e) {
throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e);
}
// get CRL signing certs
Collection coll;
try {
coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getStores());
coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getAdditionalStores()));
coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertStores()));
} catch (AnnotatedException e) {
throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e);
}
coll.add(defaultCRLSignCert);
Iterator cert_it = coll.iterator();
List validCerts = new ArrayList();
List validKeys = new ArrayList();
while (cert_it.hasNext()) {
X509Certificate signingCert = (X509Certificate) cert_it.next();
/*
* CA of the certificate, for which this CRL is checked, has also
* signed CRL, so skip the path validation, because is already done
*/
if (signingCert.equals(defaultCRLSignCert)) {
validCerts.add(signingCert);
validKeys.add(defaultCRLSignKey);
continue;
}
try {
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
selector = new X509CertStoreSelector();
selector.setCertificate(signingCert);
ExtendedPKIXParameters temp = (ExtendedPKIXParameters) paramsPKIX.clone();
temp.setTargetCertConstraints(selector);
ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance(temp);
/*
* if signingCert is placed not higher on the cert path a
* dependency loop results. CRL for cert is checked, but
* signingCert is needed for checking the CRL which is dependent
* on checking cert because it is higher in the cert path and so
* signing signingCert transitively. so, revocation is disabled,
* forgery attacks of the CRL are detected in this outer loop
* for all other it must be enabled to prevent forgery attacks
*/
if (certPathCerts.contains(signingCert)) {
params.setRevocationEnabled(false);
} else {
params.setRevocationEnabled(true);
}
List certs = builder.build(params).getCertPath().getCertificates();
validCerts.add(signingCert);
validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
} catch (CertPathBuilderException e) {
throw new AnnotatedException("Internal error.", e);
} catch (CertPathValidatorException e) {
throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e);
} catch (Exception e) {
throw new RuntimeException(e.getMessage());
}
}
Set checkKeys = new HashSet();
AnnotatedException lastException = null;
for (int i = 0; i < validCerts.size(); i++) {
X509Certificate signCert = (X509Certificate) validCerts.get(i);
boolean[] keyusage = signCert.getKeyUsage();
if (keyusage != null && (keyusage.length < 7 || !keyusage[CRL_SIGN])) {
lastException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
} else {
checkKeys.add(validKeys.get(i));
}
}
if (checkKeys.isEmpty() && lastException == null) {
throw new AnnotatedException("Cannot find a valid issuer certificate.");
}
if (checkKeys.isEmpty() && lastException != null) {
throw lastException;
}
return checkKeys;
}
Aggregations