use of java.security.cert.CertPathValidatorException in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method prepareNextCertO.
protected static void prepareNextCertO(CertPath certPath, int index, Set criticalExtensions, List pathCheckers) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (o)
//
Iterator tmpIter;
tmpIter = pathCheckers.iterator();
while (tmpIter.hasNext()) {
try {
((PKIXCertPathChecker) tmpIter.next()).check(cert, criticalExtensions);
} catch (CertPathValidatorException e) {
throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
}
}
if (!criticalExtensions.isEmpty()) {
throw new ExtCertPathValidatorException("Certificate has unsupported critical extension.", null, certPath, index);
}
}
use of java.security.cert.CertPathValidatorException in project XobotOS by xamarin.
the class TrustManagerImpl method checkTrusted.
private void checkTrusted(X509Certificate[] chain, String authType) throws CertificateException {
if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
throw new IllegalArgumentException("null or zero-length parameter");
}
if (err != null) {
throw new CertificateException(err);
}
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchors);
if (newChain.length == 0) {
// chain was entirely trusted, skip the validator
return;
}
CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
if (trustAnchors.isEmpty()) {
throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
}
try {
PKIXParameters params = new PKIXParameters(trustAnchors);
params.setRevocationEnabled(false);
validator.validate(certPath, params);
// cleanupCertChainAndFindTrustAnchors. http://b/3404902
for (int i = 1; i < newChain.length; i++) {
trustedCertificateIndex.index(newChain[i]);
}
} catch (InvalidAlgorithmParameterException e) {
throw new CertificateException(e);
} catch (CertPathValidatorException e) {
throw new CertificateException(e);
}
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidator2Test method testValidate.
public void testValidate() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
MyCertPath mCP = new MyCertPath(new byte[0]);
CertPathParameters params = new PKIXParameters(TestUtils.getTrustAnchorSet());
CertPathValidator certPV = CertPathValidator.getInstance(defaultAlg);
try {
certPV.validate(mCP, params);
} catch (InvalidAlgorithmParameterException e) {
fail("unexpected exception: " + e);
} catch (CertPathValidatorException e) {
fail("unexpected exception: " + e);
}
try {
certPV.validate(null, params);
fail("NullPointerException must be thrown");
} catch (InvalidAlgorithmParameterException e) {
fail("unexpected exception: " + e);
} catch (CertPathValidatorException e) {
// ok
}
try {
certPV.validate(mCP, null);
fail("InvalidAlgorithmParameterException must be thrown");
} catch (InvalidAlgorithmParameterException e) {
// ok
} catch (CertPathValidatorException e) {
fail("unexpected exception");
}
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidatorExceptionTest method testCertPathValidatorException09.
/**
* Test for <code>CertPathValidatorException(String, Throwable)</code>
* constructor Assertion: constructs CertPathValidatorException when
* <code>cause</code> is not null <code>msg</code> is not null
*/
public void testCertPathValidatorException09() {
CertPathValidatorException tE;
for (int i = 0; i < msgs.length; i++) {
tE = new CertPathValidatorException(msgs[i], tCause);
String getM = tE.getMessage();
String toS = tCause.toString();
if (msgs[i].length() > 0) {
assertTrue("getMessage() must contain ".concat(msgs[i]), getM.indexOf(msgs[i]) != -1);
if (!getM.equals(msgs[i])) {
assertTrue("getMessage() should contain ".concat(toS), getM.indexOf(toS) != -1);
}
}
assertNotNull("getCause() must not return null", tE.getCause());
assertEquals("getCause() must return ".concat(tCause.toString()), tE.getCause(), tCause);
}
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidatorUtilities method getNextWorkingKey.
/**
* Return the next working key inheriting DSA parameters if necessary.
* <p>
* This methods inherits DSA parameters from the indexed certificate or
* previous certificates in the certificate chain to the returned
* <code>PublicKey</code>. The list is searched upwards, meaning the end
* certificate is at position 0 and previous certificates are following.
* </p>
* <p>
* If the indexed certificate does not contain a DSA key this method simply
* returns the public key. If the DSA key already contains DSA parameters
* the key is also only returned.
* </p>
*
* @param certs The certification path.
* @param index The index of the certificate which contains the public key
* which should be extended with DSA parameters.
* @return The public key of the certificate in list position
* <code>index</code> extended with DSA parameters if applicable.
* @throws AnnotatedException if DSA parameters cannot be inherited.
*/
protected static PublicKey getNextWorkingKey(List certs, int index) throws CertPathValidatorException {
Certificate cert = (Certificate) certs.get(index);
PublicKey pubKey = cert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
return pubKey;
}
DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
if (dsaPubKey.getParams() != null) {
return dsaPubKey;
}
for (int i = index + 1; i < certs.size(); i++) {
X509Certificate parentCert = (X509Certificate) certs.get(i);
pubKey = parentCert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
if (prevDSAPubKey.getParams() == null) {
continue;
}
DSAParams dsaParams = prevDSAPubKey.getParams();
DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
try {
KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
return keyFactory.generatePublic(dsaPubKeySpec);
} catch (Exception exception) {
throw new RuntimeException(exception.getMessage());
}
}
throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
Aggregations