Example 56 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class Serial method main.
public static void main(String[] args) throws Exception {
File f = new File(System.getProperty("test.src", "."), "cert_file");
FileInputStream fis = new FileInputStream(f);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate c = cf.generateCertificate(fis);
fis.close();
CertPath cp = cf.generateCertPath(Collections.singletonList(c));
CertPathValidatorException cpve1 = new CertPathValidatorException("Test", new Exception("Expired"), cp, 0, BasicReason.EXPIRED);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
// FileOutputStream fos = new FileOutputStream("jdk7.serial");
ObjectOutputStream oos = new ObjectOutputStream(baos);
// ObjectOutputStream foos = new ObjectOutputStream(fos);
oos.writeObject(cpve1);
// foos.writeObject(cpve1);
ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
ObjectInputStream ois = new ObjectInputStream(bais);
CertPathValidatorException cpve2 = (CertPathValidatorException) ois.readObject();
check(!cpve1.getMessage().equals(cpve2.getMessage()), "CertPathValidatorException messages not equal");
check(!cpve1.getCause().getMessage().equals(cpve2.getCause().getMessage()), "CertPathValidatorException causes not equal");
check(!cpve1.getCertPath().equals(cpve2.getCertPath()), "CertPathValidatorException certpaths not equal");
check(cpve1.getIndex() != cpve2.getIndex(), "CertPathValidatorException indexes not equal");
check(cpve1.getReason() != cpve2.getReason(), "CertPathValidatorException reasons not equal");
oos.close();
ois.close();
f = new File(System.getProperty("test.src", "."), "jdk6.serial");
fis = new FileInputStream(f);
ois = new ObjectInputStream(fis);
cpve2 = (CertPathValidatorException) ois.readObject();
check(!cpve1.getMessage().equals(cpve2.getMessage()), "CertPathValidatorException messages not equal");
check(!cpve1.getCause().getMessage().equals(cpve2.getCause().getMessage()), "CertPathValidatorException causes not equal");
check(!cpve1.getCertPath().equals(cpve2.getCertPath()), "CertPathValidatorException certpaths not equal");
check(cpve1.getIndex() != cpve2.getIndex(), "CertPathValidatorException indexes not equal");
// System.out.println(cpve2.getReason());
check(cpve2.getReason() != BasicReason.UNSPECIFIED, "CertPathValidatorException reasons not equal");
oos.close();
ois.close();
if (failed) {
throw new Exception("Some tests FAILED");
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
CertPath(java.security.cert.CertPath)
ObjectOutputStream(java.io.ObjectOutputStream)
File(java.io.File)
CertificateFactory(java.security.cert.CertificateFactory)
FileInputStream(java.io.FileInputStream)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
Certificate(java.security.cert.Certificate)
ObjectInputStream(java.io.ObjectInputStream)
Example 57 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Example 58 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Example 59 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project dropbox-sdk-java by dropbox.
the class NetworkIOException method computeMessage.
private static String computeMessage(IOException ex) {
String message = ex.getMessage();
// useful for debugging.
if (ex instanceof SSLHandshakeException) {
Throwable innerCause = ex.getCause();
if (innerCause instanceof CertPathValidatorException) {
CertPathValidatorException cpve = (CertPathValidatorException) innerCause;
message += "[CERT PATH: " + cpve.getCertPath() + "]";
}
}
return message;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
Example 60 with CertPathValidatorException
use of java.security.cert.CertPathValidatorException in project cxf by apache.
the class TrustedAuthorityValidator method isCertificateChainValid.
/**
* Checks if a certificate is signed by a trusted authority.
*
* @param x509Certificate to check
* @return the validity state of the certificate
*/
boolean isCertificateChainValid(List<X509Certificate> certificates) {
X509Certificate targetCert = certificates.get(0);
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(targetCert);
try {
List<X509Certificate> intermediateCerts = certRepo.getCaCerts();
List<X509Certificate> trustedAuthorityCerts = certRepo.getTrustedCaCerts();
Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
CertStoreParameters certificateParams = new CollectionCertStoreParameters(certificates);
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
pkixParams.setRevocationEnabled(false);
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
CertPath certPath = builder.build(pkixParams).getCertPath();
// Now validate the CertPath (including CRL checking)
if (enableRevocation) {
List<X509CRL> crls = certRepo.getCRLs();
if (!crls.isEmpty()) {
pkixParams.setRevocationEnabled(true);
CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
}
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
validator.validate(certPath, pkixParams);
} catch (InvalidAlgorithmParameterException e) {
LOG.log(Level.WARNING, "Invalid algorithm parameter by certificate chain validation. " + "It is likely that issuer certificates are not found in XKMS trusted storage. " + e.getMessage(), e);
return false;
} catch (NoSuchAlgorithmException e) {
LOG.log(Level.WARNING, "Unknown algorithm by trust chain validation: " + e.getMessage(), e);
return false;
} catch (CertPathBuilderException e) {
LOG.log(Level.WARNING, "Cannot build certification path: " + e.getMessage(), e);
return false;
} catch (CertPathValidatorException e) {
LOG.log(Level.WARNING, "Cannot vaidate certification path: " + e.getMessage(), e);
return false;
}
return true;
}
Also used :
X509CRL(java.security.cert.X509CRL)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
X509CertSelector(java.security.cert.X509CertSelector)
TrustAnchor(java.security.cert.TrustAnchor)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509Certificate(java.security.cert.X509Certificate)
CertStoreParameters(java.security.cert.CertStoreParameters)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
CertPathValidator(java.security.cert.CertPathValidator)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
CertPathBuilder(java.security.cert.CertPathBuilder)
CertPath(java.security.cert.CertPath)
Aggregations
CertPathValidatorException (java.security.cert.CertPathValidatorException)102
IOException (java.io.IOException)46
X509Certificate (java.security.cert.X509Certificate)44
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)36
ArrayList (java.util.ArrayList)35
GeneralSecurityException (java.security.GeneralSecurityException)32
List (java.util.List)30
CertPathBuilderException (java.security.cert.CertPathBuilderException)25
CertificateExpiredException (java.security.cert.CertificateExpiredException)24
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)24
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)23
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)21
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18
Enumeration (java.util.Enumeration)15
Iterator (java.util.Iterator)15
CertPath (java.security.cert.CertPath)13
CertificateException (java.security.cert.CertificateException)13
HashSet (java.util.HashSet)12
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10
