Search in sources :

Example 6 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project robovm by robovm.

the class CertPathBuilderExceptionTest method testCertPathBuilderException08.

/**
     * Test for <code>CertPathBuilderException(String, Throwable)</code>
     * constructor Assertion: constructs CertPathBuilderException when
     * <code>cause</code> is not null <code>msg</code> is null
     */
public void testCertPathBuilderException08() {
    CertPathBuilderException tE = new CertPathBuilderException(null, tCause);
    if (tE.getMessage() != null) {
        String toS = tCause.toString();
        String getM = tE.getMessage();
        assertTrue("getMessage() must should ".concat(toS), (getM.indexOf(toS) != -1));
    }
    assertNotNull("getCause() must not return null", tE.getCause());
    assertEquals("getCause() must return ".concat(tCause.toString()), tE.getCause(), tCause);
}
Also used : CertPathBuilderException(java.security.cert.CertPathBuilderException)

Example 7 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project robovm by robovm.

the class CertPathBuilderExceptionTest method testCertPathBuilderException04.

/**
     * Test for <code>CertPathBuilderException(Throwable)</code> constructor
     * Assertion: constructs CertPathBuilderException when <code>cause</code>
     * is null
     */
public void testCertPathBuilderException04() {
    Throwable cause = null;
    CertPathBuilderException tE = new CertPathBuilderException(cause);
    assertNull("getMessage() must return null.", tE.getMessage());
    assertNull("getCause() must return null", tE.getCause());
}
Also used : CertPathBuilderException(java.security.cert.CertPathBuilderException)

Example 8 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project robovm by robovm.

the class CertPathBuilderExceptionTest method testCertPathBuilderException02.

/**
     * Test for <code>CertPathBuilderException(String)</code> constructor
     * Assertion: constructs CertPathBuilderException with detail message msg.
     * Parameter <code>msg</code> is not null.
     */
public void testCertPathBuilderException02() {
    CertPathBuilderException tE;
    for (int i = 0; i < msgs.length; i++) {
        tE = new CertPathBuilderException(msgs[i]);
        assertEquals("getMessage() must return: ".concat(msgs[i]), tE.getMessage(), msgs[i]);
        assertNull("getCause() must return null", tE.getCause());
    }
}
Also used : CertPathBuilderException(java.security.cert.CertPathBuilderException)

Example 9 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project robovm by robovm.

the class myCertPathBuilder method testCertPathBuilder12.

/**
     * Test for
     * <code>CertPathBuilder</code> constructor
     * Assertion: returns CertPathBuilder object
     */
public void testCertPathBuilder12() throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertPathBuilderException {
    if (!PKIXSupport) {
        fail(NotSupportMsg);
        return;
    }
    CertPathBuilderSpi spi = new MyCertPathBuilderSpi();
    CertPathBuilder certPB = new myCertPathBuilder(spi, defaultProvider, defaultType);
    assertEquals("Incorrect algorithm", certPB.getAlgorithm(), defaultType);
    assertEquals("Incorrect provider", certPB.getProvider(), defaultProvider);
    try {
        certPB.build(null);
        fail("CertPathBuilderException must be thrown ");
    } catch (CertPathBuilderException e) {
    }
    certPB = new myCertPathBuilder(null, null, null);
    assertNull("Incorrect algorithm", certPB.getAlgorithm());
    assertNull("Incorrect provider", certPB.getProvider());
    try {
        certPB.build(null);
        fail("NullPointerException must be thrown ");
    } catch (NullPointerException e) {
    }
}
Also used : MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderSpi(java.security.cert.CertPathBuilderSpi) MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderException(java.security.cert.CertPathBuilderException) CertPathBuilder(java.security.cert.CertPathBuilder)

Example 10 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method processCRLF.

/**
     * Obtain and validate the certification path for the complete CRL issuer.
     * If a key usage extension is present in the CRL issuer's certificate,
     * verify that the cRLSign bit is set.
     *
     * @param crl                CRL which contains revocation information for the certificate
     *                           <code>cert</code>.
     * @param cert               The attribute certificate or certificate to check if it is
     *                           revoked.
     * @param defaultCRLSignCert The issuer certificate of the certificate <code>cert</code>.
     * @param defaultCRLSignKey  The public key of the issuer certificate
     *                           <code>defaultCRLSignCert</code>.
     * @param paramsPKIX         paramsPKIX PKIX parameters.
     * @param certPathCerts      The certificates on the certification path.
     * @return A <code>Set</code> with all keys of possible CRL issuer
     *         certificates.
     * @throws AnnotatedException if the CRL is not valid or the status cannot be checked or
     *                            some error occurs.
     */
protected static Set processCRLF(X509CRL crl, Object cert, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, ExtendedPKIXParameters paramsPKIX, List certPathCerts) throws AnnotatedException {
    // (f)
    // get issuer from CRL
    X509CertStoreSelector selector = new X509CertStoreSelector();
    try {
        byte[] issuerPrincipal = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
        selector.setSubject(issuerPrincipal);
    } catch (IOException e) {
        throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e);
    }
    // get CRL signing certs
    Collection coll;
    try {
        coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getStores());
        coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getAdditionalStores()));
        coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertStores()));
    } catch (AnnotatedException e) {
        throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e);
    }
    coll.add(defaultCRLSignCert);
    Iterator cert_it = coll.iterator();
    List validCerts = new ArrayList();
    List validKeys = new ArrayList();
    while (cert_it.hasNext()) {
        X509Certificate signingCert = (X509Certificate) cert_it.next();
        /*
             * CA of the certificate, for which this CRL is checked, has also
             * signed CRL, so skip the path validation, because is already done
             */
        if (signingCert.equals(defaultCRLSignCert)) {
            validCerts.add(signingCert);
            validKeys.add(defaultCRLSignKey);
            continue;
        }
        try {
            CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
            selector = new X509CertStoreSelector();
            selector.setCertificate(signingCert);
            ExtendedPKIXParameters temp = (ExtendedPKIXParameters) paramsPKIX.clone();
            temp.setTargetCertConstraints(selector);
            ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance(temp);
            /*
                 * if signingCert is placed not higher on the cert path a
                 * dependency loop results. CRL for cert is checked, but
                 * signingCert is needed for checking the CRL which is dependent
                 * on checking cert because it is higher in the cert path and so
                 * signing signingCert transitively. so, revocation is disabled,
                 * forgery attacks of the CRL are detected in this outer loop
                 * for all other it must be enabled to prevent forgery attacks
                 */
            if (certPathCerts.contains(signingCert)) {
                params.setRevocationEnabled(false);
            } else {
                params.setRevocationEnabled(true);
            }
            List certs = builder.build(params).getCertPath().getCertificates();
            validCerts.add(signingCert);
            validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
        } catch (CertPathBuilderException e) {
            throw new AnnotatedException("Internal error.", e);
        } catch (CertPathValidatorException e) {
            throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }
    Set checkKeys = new HashSet();
    AnnotatedException lastException = null;
    for (int i = 0; i < validCerts.size(); i++) {
        X509Certificate signCert = (X509Certificate) validCerts.get(i);
        boolean[] keyusage = signCert.getKeyUsage();
        if (keyusage != null && (keyusage.length < 7 || !keyusage[CRL_SIGN])) {
            lastException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
        } else {
            checkKeys.add(validKeys.get(i));
        }
    }
    if (checkKeys.isEmpty() && lastException == null) {
        throw new AnnotatedException("Cannot find a valid issuer certificate.");
    }
    if (checkKeys.isEmpty() && lastException != null) {
        throw lastException;
    }
    return checkKeys;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) ExtendedPKIXBuilderParameters(org.bouncycastle.x509.ExtendedPKIXBuilderParameters) X509CertStoreSelector(org.bouncycastle.x509.X509CertStoreSelector) ArrayList(java.util.ArrayList) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) Iterator(java.util.Iterator) Collection(java.util.Collection) List(java.util.List) ArrayList(java.util.ArrayList) CertPathBuilder(java.security.cert.CertPathBuilder) HashSet(java.util.HashSet)

Aggregations

CertPathBuilderException (java.security.cert.CertPathBuilderException)22 X509Certificate (java.security.cert.X509Certificate)9 CertPathBuilder (java.security.cert.CertPathBuilder)7 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)7 ArrayList (java.util.ArrayList)7 IOException (java.io.IOException)5 GeneralSecurityException (java.security.GeneralSecurityException)5 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)5 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)5 HashSet (java.util.HashSet)5 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4 CertPathValidatorException (java.security.cert.CertPathValidatorException)4 X509CertSelector (java.security.cert.X509CertSelector)4 Collection (java.util.Collection)4 Iterator (java.util.Iterator)4 List (java.util.List)4 ExtendedPKIXBuilderParameters (org.bouncycastle.x509.ExtendedPKIXBuilderParameters)4 X509CertStoreSelector (org.bouncycastle.x509.X509CertStoreSelector)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertPath (java.security.cert.CertPath)3