Examples with CertPathValidator java.security.cert.CertPathValidator used on opensource projects

Example 11 with CertPathValidator

use of java.security.cert.CertPathValidator in project robovm by robovm.

the class CertPathValidator2Test method testGetInstance02.

/**
     * Test for <code>getInstance(String algorithm, String provider)</code>
     * method Assertions: throws NullPointerException when algorithm is null
     * throws NoSuchAlgorithmException when algorithm is not available throws
     * IllegalArgumentException when provider is null or empty; throws
     * NoSuchProviderException when provider is available; returns
     * CertPathValidator object
     */
public void testGetInstance02() throws NoSuchAlgorithmException, NoSuchProviderException, IllegalArgumentException, InvalidAlgorithmParameterException, CertPathValidatorException {
    try {
        CertPathValidator.getInstance(null, mProv.getName());
        fail("NullPointerException or NoSuchAlgorithmException must be thrown when algorithm is null");
    } catch (NullPointerException e) {
    } catch (NoSuchAlgorithmException e) {
    }
    for (int i = 0; i < invalidValues.length; i++) {
        try {
            CertPathValidator.getInstance(invalidValues[i], mProv.getName());
            fail("NoSuchAlgorithmException must be thrown (type: ".concat(invalidValues[i]).concat(")"));
        } catch (NoSuchAlgorithmException e) {
        }
    }
    String prov = null;
    for (int i = 0; i < validValues.length; i++) {
        try {
            CertPathValidator.getInstance(validValues[i], prov);
            fail("IllegalArgumentException must be thrown when provider is null (type: ".concat(validValues[i]).concat(")"));
        } catch (IllegalArgumentException e) {
        }
        try {
            CertPathValidator.getInstance(validValues[i], "");
            fail("IllegalArgumentException must be thrown when provider is empty (type: ".concat(validValues[i]).concat(")"));
        } catch (IllegalArgumentException e) {
        }
    }
    for (int i = 0; i < validValues.length; i++) {
        for (int j = 1; j < invalidValues.length; j++) {
            try {
                CertPathValidator.getInstance(validValues[i], invalidValues[j]);
                fail("NoSuchProviderException must be thrown (type: ".concat(validValues[i]).concat(" provider: ").concat(invalidValues[j]).concat(")"));
            } catch (NoSuchProviderException e) {
            }
        }
    }
    CertPathValidator cerPV;
    for (int i = 0; i < validValues.length; i++) {
        cerPV = CertPathValidator.getInstance(validValues[i], mProv.getName());
        assertEquals("Incorrect type", cerPV.getAlgorithm(), validValues[i]);
        assertEquals("Incorrect provider", cerPV.getProvider().getName(), mProv.getName());
        checkResult(cerPV);
    }
}

Example 12 with CertPathValidator

use of java.security.cert.CertPathValidator in project robovm by robovm.

the class invalidParams method testCertPathValidator14.

/**
     * Test for <code>getProvider()</code> method
     */
public void testCertPathValidator14() throws NoSuchAlgorithmException {
    if (!PKIXSupport) {
        fail(NotSupportMsg);
        return;
    }
    CertPathValidator certPV;
    for (int i = 0; i < validValues.length; i++) {
        try {
            certPV = CertPathValidator.getInstance(validValues[i], defaultProviderName);
            assertEquals("Incorrect provider", certPV.getProvider(), defaultProvider);
        } catch (NoSuchProviderException e) {
            fail("Unexpected NoSuchProviderException " + e.getMessage());
        }
        certPV = CertPathValidator.getInstance(validValues[i], defaultProvider);
        assertEquals("Incorrect provider", certPV.getProvider(), defaultProvider);
    }
}

Example 13 with CertPathValidator

use of java.security.cert.CertPathValidator in project robovm by robovm.

the class CertPathValidatorTest method testCertPathValidator.

public void testCertPathValidator() throws Exception {
    CertPathValidator certPathValidator = CertPathValidator.getInstance(algorithmName);
    CertPathValidatorResult validatorResult = certPathValidator.validate(getCertPath(), getParams());
    validateResult(validatorResult);
}

Example 14 with CertPathValidator

use of java.security.cert.CertPathValidator in project jdk8u_jdk by JetBrains.

the class VerifyNameConstraints method validate.

/**
     * Perform a PKIX validation. On success, print the
     * CertPathValidatorResult on System.out. On failure,
     * throw an exception.
     *
     * @param path CertPath to validate
     * @param params PKIXParameters to use in validation
     * @throws Exception on error
     */
public static void validate(CertPath path, PKIXParameters params) throws Exception {
    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
    CertPathValidatorResult cpvr = validator.validate(path, params);
}

Example 15 with CertPathValidator

use of java.security.cert.CertPathValidator in project cxf by apache.

the class TrustedAuthorityValidator method isCertificateChainValid.

/**
 * Checks if a certificate is signed by a trusted authority.
 *
 * @param x509Certificate to check
 * @return the validity state of the certificate
 */
boolean isCertificateChainValid(List<X509Certificate> certificates) {
    X509Certificate targetCert = certificates.get(0);
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(targetCert);
    try {
        List<X509Certificate> intermediateCerts = certRepo.getCaCerts();
        List<X509Certificate> trustedAuthorityCerts = certRepo.getTrustedCaCerts();
        Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
        CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
        CertStoreParameters certificateParams = new CollectionCertStoreParameters(certificates);
        PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
        pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
        pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
        pkixParams.setRevocationEnabled(false);
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
        CertPath certPath = builder.build(pkixParams).getCertPath();
        // Now validate the CertPath (including CRL checking)
        if (enableRevocation) {
            List<X509CRL> crls = certRepo.getCRLs();
            if (!crls.isEmpty()) {
                pkixParams.setRevocationEnabled(true);
                CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
                pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
            }
        }
        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
        validator.validate(certPath, pkixParams);
    } catch (InvalidAlgorithmParameterException e) {
        LOG.log(Level.WARNING, "Invalid algorithm parameter by certificate chain validation. " + "It is likely that issuer certificates are not found in XKMS trusted storage. " + e.getMessage(), e);
        return false;
    } catch (NoSuchAlgorithmException e) {
        LOG.log(Level.WARNING, "Unknown algorithm by trust chain validation: " + e.getMessage(), e);
        return false;
    } catch (CertPathBuilderException e) {
        LOG.log(Level.WARNING, "Cannot build certification path: " + e.getMessage(), e);
        return false;
    } catch (CertPathValidatorException e) {
        LOG.log(Level.WARNING, "Cannot vaidate certification path: " + e.getMessage(), e);
        return false;
    }
    return true;
}