use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertJ.
protected static int prepareNextCertJ(CertPath certPath, int index, int inhibitAnyPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (j)
//
DERInteger iap = null;
try {
iap = DERInteger.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.INHIBIT_ANY_POLICY));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e, certPath, index);
}
if (iap != null) {
int _inhibitAnyPolicy = iap.getValue().intValue();
if (_inhibitAnyPolicy < inhibitAnyPolicy) {
return _inhibitAnyPolicy;
}
}
return inhibitAnyPolicy;
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertM.
protected static int prepareNextCertM(CertPath certPath, int index, int maxPathLength) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (m)
//
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath, index);
}
if (bc != null) {
BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
if (_pathLengthConstraint != null) {
int _plc = _pathLengthConstraint.intValue();
if (_plc < maxPathLength) {
return _plc;
}
}
}
return maxPathLength;
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidatorUtilities method getNextWorkingKey.
/**
* Return the next working key inheriting DSA parameters if necessary.
* <p>
* This methods inherits DSA parameters from the indexed certificate or
* previous certificates in the certificate chain to the returned
* <code>PublicKey</code>. The list is searched upwards, meaning the end
* certificate is at position 0 and previous certificates are following.
* </p>
* <p>
* If the indexed certificate does not contain a DSA key this method simply
* returns the public key. If the DSA key already contains DSA parameters
* the key is also only returned.
* </p>
*
* @param certs The certification path.
* @param index The index of the certificate which contains the public key
* which should be extended with DSA parameters.
* @return The public key of the certificate in list position
* <code>index</code> extended with DSA parameters if applicable.
* @throws AnnotatedException if DSA parameters cannot be inherited.
*/
protected static PublicKey getNextWorkingKey(List certs, int index) throws CertPathValidatorException {
Certificate cert = (Certificate) certs.get(index);
PublicKey pubKey = cert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
return pubKey;
}
DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
if (dsaPubKey.getParams() != null) {
return dsaPubKey;
}
for (int i = index + 1; i < certs.size(); i++) {
X509Certificate parentCert = (X509Certificate) certs.get(i);
pubKey = parentCert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
if (prevDSAPubKey.getParams() == null) {
continue;
}
DSAParams dsaParams = prevDSAPubKey.getParams();
DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
try {
KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
return keyFactory.generatePublic(dsaPubKeySpec);
} catch (Exception exception) {
throw new RuntimeException(exception.getMessage());
}
}
throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidatorUtilities method prepareNextCertB1.
protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
boolean idp_found = false;
Iterator nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (node.getValidPolicy().equals(id_p)) {
idp_found = true;
node.expectedPolicies = (Set) m_idp.get(id_p);
break;
}
}
if (!idp_found) {
nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (ANY_POLICY.equals(node.getValidPolicy())) {
Set pq = null;
ASN1Sequence policies = null;
try {
policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
} catch (Exception e) {
throw new AnnotatedException("Certificate policies cannot be decoded.", e);
}
Enumeration e = policies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pinfo = null;
try {
pinfo = PolicyInformation.getInstance(e.nextElement());
} catch (Exception ex) {
throw new AnnotatedException("Policy information cannot be decoded.", ex);
}
if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
try {
pq = getQualifierSet(pinfo.getPolicyQualifiers());
} catch (CertPathValidatorException ex) {
throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
}
break;
}
}
boolean ci = false;
if (cert.getCriticalExtensionOIDs() != null) {
ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
}
PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
if (ANY_POLICY.equals(p_node.getValidPolicy())) {
PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
p_node.addChild(c_node);
policyNodes[i].add(c_node);
}
break;
}
}
}
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidator2Test method testValidate.
public void testValidate() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
MyCertPath mCP = new MyCertPath(new byte[0]);
CertPathParameters params = new PKIXParameters(TestUtils.getTrustAnchorSet());
CertPathValidator certPV = CertPathValidator.getInstance(defaultAlg);
try {
certPV.validate(mCP, params);
} catch (InvalidAlgorithmParameterException e) {
fail("unexpected exception: " + e);
} catch (CertPathValidatorException e) {
fail("unexpected exception: " + e);
}
try {
certPV.validate(null, params);
fail("NullPointerException must be thrown");
} catch (InvalidAlgorithmParameterException e) {
fail("unexpected exception: " + e);
} catch (CertPathValidatorException e) {
// ok
}
try {
certPV.validate(mCP, null);
fail("InvalidAlgorithmParameterException must be thrown");
} catch (InvalidAlgorithmParameterException e) {
// ok
} catch (CertPathValidatorException e) {
fail("unexpected exception");
}
}
Aggregations