Example 51 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class ForwardState method updateState.
/**
* Update the state with the next certificate added to the path.
*
* @param cert the certificate which is used to update the state
*/
@Override
public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException {
if (cert == null)
return;
X509CertImpl icert = X509CertImpl.toImpl(cert);
/* see if certificate key has null parameters */
if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) {
keyParamsNeededFlag = true;
}
/* update certificate */
this.cert = icert;
/* update issuer DN */
issuerDN = cert.getIssuerX500Principal();
if (!X509CertImpl.isSelfIssued(cert)) {
/*
* update traversedCACerts only if this is a non-self-issued
* intermediate CA cert
*/
if (!init && cert.getBasicConstraints() != -1) {
traversedCACerts++;
}
}
/* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */
if (init || !X509CertImpl.isSelfIssued(cert)) {
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));
try {
SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected " + "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}
init = false;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
GeneralNames(sun.security.x509.GeneralNames)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
X509CertImpl(sun.security.x509.X509CertImpl)
X500Principal(javax.security.auth.x500.X500Principal)
GeneralName(sun.security.x509.GeneralName)
IOException(java.io.IOException)
Example 52 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class PolicyChecker method processPolicyMappings.
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (CertificatePolicyMap polMap : maps) {
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
PolicyMappingsExtension(sun.security.x509.PolicyMappingsExtension)
IOException(java.io.IOException)
CertificatePolicyMap(sun.security.x509.CertificatePolicyMap)
Example 53 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class PolicyChecker method mergeExplicitPolicy.
/**
* Merges the specified explicitPolicy value with the
* requireExplicitPolicy field of the <code>PolicyConstraints</code>
* extension obtained from the certificate. An explicitPolicy
* value of -1 implies no constraint.
*
* @param explicitPolicy an integer which indicates if a non-null
* valid policy tree is required
* @param currCert the Certificate to be processed
* @param finalCert a boolean indicating whether currCert is
* the final cert in the cert path
* @return returns the new explicitPolicy value
* @exception CertPathValidatorException Exception thrown if an error
* occurs
*/
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert, boolean finalCert) throws CertPathValidatorException {
if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
explicitPolicy--;
}
try {
PolicyConstraintsExtension polConstExt = currCert.getPolicyConstraintsExtension();
if (polConstExt == null)
return explicitPolicy;
int require = polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
if (debug != null) {
debug.println("PolicyChecker.mergeExplicitPolicy() " + "require Index from cert = " + require);
}
if (!finalCert) {
if (require != -1) {
if ((explicitPolicy == -1) || (require < explicitPolicy)) {
explicitPolicy = require;
}
}
} else {
if (require == 0)
explicitPolicy = require;
}
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergeExplicitPolicy " + "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
return explicitPolicy;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
PolicyConstraintsExtension(sun.security.x509.PolicyConstraintsExtension)
IOException(java.io.IOException)
Example 54 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class OCSP method check.
public static RevocationStatus check(X509Certificate cert, URI responderURI, TrustAnchor anchor, X509Certificate issuerCert, X509Certificate responderCert, Date date, List<Extension> extensions, String variant) throws IOException, CertPathValidatorException {
CertId certId;
try {
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId), responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert), responderCert, date, extensions, variant);
return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Example 55 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class ReasonTest method main.
public static void main(String[] args) throws Exception {
// check that getReason returns UNSPECIFIED if reason not specified
CertPathValidatorException cpve = new CertPathValidatorException("abc");
if (cpve.getReason() != BasicReason.UNSPECIFIED) {
failed = true;
System.err.println("FAILED: unexpected reason: " + cpve.getReason());
}
// check that getReason returns specified reason
cpve = new CertPathValidatorException("abc", null, null, -1, BasicReason.REVOKED);
if (cpve.getReason() != BasicReason.REVOKED) {
failed = true;
System.err.println("FAILED: unexpected reason: " + cpve.getReason());
}
// check that ctor throws NPE when reason is null
try {
cpve = new CertPathValidatorException("abc", null, null, -1, null);
failed = true;
System.err.println("ctor did not throw NPE for null reason");
} catch (Exception e) {
if (!(e instanceof NullPointerException)) {
failed = true;
System.err.println("FAILED: unexpected exception: " + e);
}
}
if (failed) {
throw new Exception("Some tests FAILED");
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
Aggregations
CertPathValidatorException (java.security.cert.CertPathValidatorException)102
IOException (java.io.IOException)46
X509Certificate (java.security.cert.X509Certificate)44
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)36
ArrayList (java.util.ArrayList)35
GeneralSecurityException (java.security.GeneralSecurityException)32
List (java.util.List)30
CertPathBuilderException (java.security.cert.CertPathBuilderException)25
CertificateExpiredException (java.security.cert.CertificateExpiredException)24
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)24
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)23
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)21
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18
Enumeration (java.util.Enumeration)15
Iterator (java.util.Iterator)15
CertPath (java.security.cert.CertPath)13
CertificateException (java.security.cert.CertificateException)13
HashSet (java.util.HashSet)12
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10
