Search in sources :

Example 36 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project oxAuth by GluuFederation.

the class PathCertificateVerifier method verifyCertificate.

public PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, List<X509Certificate> additionalCerts) {
    try {
        // Check for self-signed certificate
        if (!verifySelfSignedCertificate && isSelfSigned(certificate)) {
            log.error("The certificate is self-signed!");
            return null;
        }
        // Prepare a set of trusted root CA certificates and a set of
        // intermediate certificates
        Set<X509Certificate> trustedRootCerts = new HashSet<X509Certificate>();
        Set<X509Certificate> intermediateCerts = new HashSet<X509Certificate>();
        for (X509Certificate additionalCert : additionalCerts) {
            if (isSelfSigned(additionalCert)) {
                trustedRootCerts.add(additionalCert);
            } else {
                intermediateCerts.add(additionalCert);
            }
        }
        // Attempt to build the certification chain and verify it
        PKIXCertPathBuilderResult certPathBuilderResult = verifyCertificate(certificate, trustedRootCerts, intermediateCerts);
        // Check that first certificate is an EE certificate
        CertPath certPath = certPathBuilderResult.getCertPath();
        List<? extends Certificate> certList = certPath.getCertificates();
        X509Certificate cert = (X509Certificate) certList.get(0);
        if (cert.getBasicConstraints() != -1) {
            log.error("Target certificate is not an EE certificate!");
            return null;
        }
        // The chain is verified. Return it as a result
        return certPathBuilderResult;
    } catch (CertPathBuilderException ex) {
        log.error("Failed to build certificate path", ex);
    } catch (GeneralSecurityException ex) {
        log.error("Failed to build certificate path", ex);
    }
    return null;
}
Also used : CertPathBuilderException(java.security.cert.CertPathBuilderException) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) GeneralSecurityException(java.security.GeneralSecurityException) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 37 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project j2objc by google.

the class CertPathBuilderSpiTest method testCertPathBuilderSpi01.

/**
 * Test for <code>CertPathBuilderSpi</code> constructor Assertion:
 * constructs CertPathBuilderSpi
 */
public void testCertPathBuilderSpi01() throws CertPathBuilderException, InvalidAlgorithmParameterException {
    CertPathBuilderSpi certPathBuilder = new MyCertPathBuilderSpi();
    CertPathParameters cpp = null;
    try {
        certPathBuilder.engineBuild(cpp);
        fail("CertPathBuilderException must be thrown");
    } catch (CertPathBuilderException e) {
    }
    CertPathBuilderResult cpbResult = certPathBuilder.engineBuild(cpp);
    assertNull("Not null CertPathBuilderResult", cpbResult);
}
Also used : MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderSpi(java.security.cert.CertPathBuilderSpi) MyCertPathBuilderSpi(org.apache.harmony.security.tests.support.cert.MyCertPathBuilderSpi) CertPathBuilderException(java.security.cert.CertPathBuilderException) CertPathBuilderResult(java.security.cert.CertPathBuilderResult) CertPathParameters(java.security.cert.CertPathParameters)

Example 38 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project j2objc by google.

the class CertPathBuilderExceptionTest method testCertPathBuilderException04.

/**
 * Test for <code>CertPathBuilderException(Throwable)</code> constructor
 * Assertion: constructs CertPathBuilderException when <code>cause</code>
 * is null
 */
public void testCertPathBuilderException04() {
    Throwable cause = null;
    CertPathBuilderException tE = new CertPathBuilderException(cause);
    assertNull("getMessage() must return null.", tE.getMessage());
    assertNull("getCause() must return null", tE.getCause());
}
Also used : CertPathBuilderException(java.security.cert.CertPathBuilderException)

Example 39 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project j2objc by google.

the class CertPathBuilderExceptionTest method testCertPathBuilderException02.

/**
 * Test for <code>CertPathBuilderException(String)</code> constructor
 * Assertion: constructs CertPathBuilderException with detail message msg.
 * Parameter <code>msg</code> is not null.
 */
public void testCertPathBuilderException02() {
    CertPathBuilderException tE;
    for (int i = 0; i < msgs.length; i++) {
        tE = new CertPathBuilderException(msgs[i]);
        assertEquals("getMessage() must return: ".concat(msgs[i]), tE.getMessage(), msgs[i]);
        assertNull("getCause() must return null", tE.getCause());
    }
}
Also used : CertPathBuilderException(java.security.cert.CertPathBuilderException)

Example 40 with CertPathBuilderException

use of java.security.cert.CertPathBuilderException in project jackrabbit by apache.

the class ConnectionTest method testObtainWithTLSSelfSignedCertNotAllowed.

public void testObtainWithTLSSelfSignedCertNotAllowed() throws RepositoryException, URISyntaxException {
    RepositoryService repositoryService = createRepositoryService(true, null);
    try {
        repositoryService.obtain(new SimpleCredentials("admin", "admin".toCharArray()), null);
        fail("should have failed with CertPathBuilderException!");
    } catch (RepositoryException e) {
        Throwable cause = ExceptionUtils.getRootCause(e);
        if (!(cause instanceof CertPathBuilderException)) {
            fail("should have failed with CertPathBuilderException but got " + e.getCause());
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) CertPathBuilderException(java.security.cert.CertPathBuilderException) RepositoryException(javax.jcr.RepositoryException) RepositoryService(org.apache.jackrabbit.spi.RepositoryService)

Aggregations

CertPathBuilderException (java.security.cert.CertPathBuilderException)41 X509Certificate (java.security.cert.X509Certificate)17 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)12 CertPathBuilder (java.security.cert.CertPathBuilder)11 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10 ArrayList (java.util.ArrayList)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 HashSet (java.util.HashSet)9 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)8 TrustAnchor (java.security.cert.TrustAnchor)8 X509CertSelector (java.security.cert.X509CertSelector)8 GeneralSecurityException (java.security.GeneralSecurityException)7 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)7 IOException (java.io.IOException)6 CertPath (java.security.cert.CertPath)6 CertPathBuilderResult (java.security.cert.CertPathBuilderResult)6 NoSuchProviderException (java.security.NoSuchProviderException)5 CertPathValidatorException (java.security.cert.CertPathValidatorException)5 Certificate (java.security.cert.Certificate)5 List (java.util.List)5