Search in sources :

Example 71 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method prepareNextCertO.

protected static void prepareNextCertO(CertPath certPath, int index, Set criticalExtensions, List pathCheckers) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (o)
    //
    Iterator tmpIter;
    tmpIter = pathCheckers.iterator();
    while (tmpIter.hasNext()) {
        try {
            ((PKIXCertPathChecker) tmpIter.next()).check(cert, criticalExtensions);
        } catch (CertPathValidatorException e) {
            throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
        }
    }
    if (!criticalExtensions.isEmpty()) {
        throw new ExtCertPathValidatorException("Certificate has unsupported critical extension.", null, certPath, index);
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PKIXCertPathChecker(java.security.cert.PKIXCertPathChecker) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate)

Example 72 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project XobotOS by xamarin.

the class TrustManagerImpl method checkTrusted.

private void checkTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
        throw new IllegalArgumentException("null or zero-length parameter");
    }
    if (err != null) {
        throw new CertificateException(err);
    }
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchors);
    if (newChain.length == 0) {
        // chain was entirely trusted, skip the validator
        return;
    }
    CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
    if (trustAnchors.isEmpty()) {
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
    }
    try {
        PKIXParameters params = new PKIXParameters(trustAnchors);
        params.setRevocationEnabled(false);
        validator.validate(certPath, params);
        // cleanupCertChainAndFindTrustAnchors.  http://b/3404902
        for (int i = 1; i < newChain.length; i++) {
            trustedCertificateIndex.index(newChain[i]);
        }
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateException(e);
    } catch (CertPathValidatorException e) {
        throw new CertificateException(e);
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) CertificateException(java.security.cert.CertificateException) TrustAnchor(java.security.cert.TrustAnchor) CertPath(java.security.cert.CertPath) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 73 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project robovm by robovm.

the class CertPathValidator2Test method testValidate.

public void testValidate() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
    MyCertPath mCP = new MyCertPath(new byte[0]);
    CertPathParameters params = new PKIXParameters(TestUtils.getTrustAnchorSet());
    CertPathValidator certPV = CertPathValidator.getInstance(defaultAlg);
    try {
        certPV.validate(mCP, params);
    } catch (InvalidAlgorithmParameterException e) {
        fail("unexpected exception: " + e);
    } catch (CertPathValidatorException e) {
        fail("unexpected exception: " + e);
    }
    try {
        certPV.validate(null, params);
        fail("NullPointerException must be thrown");
    } catch (InvalidAlgorithmParameterException e) {
        fail("unexpected exception: " + e);
    } catch (CertPathValidatorException e) {
    // ok
    }
    try {
        certPV.validate(mCP, null);
        fail("InvalidAlgorithmParameterException must be thrown");
    } catch (InvalidAlgorithmParameterException e) {
    // ok
    } catch (CertPathValidatorException e) {
        fail("unexpected exception");
    }
}
Also used : MyCertPath(org.apache.harmony.security.tests.support.cert.MyCertPath) CertPathValidator(java.security.cert.CertPathValidator) CertPathValidatorException(java.security.cert.CertPathValidatorException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) CertPathParameters(java.security.cert.CertPathParameters)

Example 74 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project robovm by robovm.

the class CertPathValidatorExceptionTest method testCertPathValidatorException09.

/**
     * Test for <code>CertPathValidatorException(String, Throwable)</code>
     * constructor Assertion: constructs CertPathValidatorException when
     * <code>cause</code> is not null <code>msg</code> is not null
     */
public void testCertPathValidatorException09() {
    CertPathValidatorException tE;
    for (int i = 0; i < msgs.length; i++) {
        tE = new CertPathValidatorException(msgs[i], tCause);
        String getM = tE.getMessage();
        String toS = tCause.toString();
        if (msgs[i].length() > 0) {
            assertTrue("getMessage() must contain ".concat(msgs[i]), getM.indexOf(msgs[i]) != -1);
            if (!getM.equals(msgs[i])) {
                assertTrue("getMessage() should contain ".concat(toS), getM.indexOf(toS) != -1);
            }
        }
        assertNotNull("getCause() must not return null", tE.getCause());
        assertEquals("getCause() must return ".concat(tCause.toString()), tE.getCause(), tCause);
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException)

Example 75 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project robovm by robovm.

the class CertPathValidatorUtilities method getNextWorkingKey.

/**
     * Return the next working key inheriting DSA parameters if necessary.
     * <p>
     * This methods inherits DSA parameters from the indexed certificate or
     * previous certificates in the certificate chain to the returned
     * <code>PublicKey</code>. The list is searched upwards, meaning the end
     * certificate is at position 0 and previous certificates are following.
     * </p>
     * <p>
     * If the indexed certificate does not contain a DSA key this method simply
     * returns the public key. If the DSA key already contains DSA parameters
     * the key is also only returned.
     * </p>
     *
     * @param certs The certification path.
     * @param index The index of the certificate which contains the public key
     *              which should be extended with DSA parameters.
     * @return The public key of the certificate in list position
     *         <code>index</code> extended with DSA parameters if applicable.
     * @throws AnnotatedException if DSA parameters cannot be inherited.
     */
protected static PublicKey getNextWorkingKey(List certs, int index) throws CertPathValidatorException {
    Certificate cert = (Certificate) certs.get(index);
    PublicKey pubKey = cert.getPublicKey();
    if (!(pubKey instanceof DSAPublicKey)) {
        return pubKey;
    }
    DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
    if (dsaPubKey.getParams() != null) {
        return dsaPubKey;
    }
    for (int i = index + 1; i < certs.size(); i++) {
        X509Certificate parentCert = (X509Certificate) certs.get(i);
        pubKey = parentCert.getPublicKey();
        if (!(pubKey instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
        }
        DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
        if (prevDSAPubKey.getParams() == null) {
            continue;
        }
        DSAParams dsaParams = prevDSAPubKey.getParams();
        DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
            return keyFactory.generatePublic(dsaPubKeySpec);
        } catch (Exception exception) {
            throw new RuntimeException(exception.getMessage());
        }
    }
    throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) DSAParams(java.security.interfaces.DSAParams) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) X509Certificate(java.security.cert.X509Certificate) KeyFactory(java.security.KeyFactory) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) StoreException(org.bouncycastle.util.StoreException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate) DSAPublicKey(java.security.interfaces.DSAPublicKey) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Aggregations

CertPathValidatorException (java.security.cert.CertPathValidatorException)102 IOException (java.io.IOException)46 X509Certificate (java.security.cert.X509Certificate)44 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)36 ArrayList (java.util.ArrayList)35 GeneralSecurityException (java.security.GeneralSecurityException)32 List (java.util.List)30 CertPathBuilderException (java.security.cert.CertPathBuilderException)25 CertificateExpiredException (java.security.cert.CertificateExpiredException)24 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)24 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)23 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)21 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18 Enumeration (java.util.Enumeration)15 Iterator (java.util.Iterator)15 CertPath (java.security.cert.CertPath)13 CertificateException (java.security.cert.CertificateException)13 HashSet (java.util.HashSet)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10