Search in sources :

Example 96 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.

the class PKIXExtendedTM method main.

public static void main(String[] args) throws Exception {
    if (args.length != 1) {
        throw new Exception("Incorrect number of arguments");
    }
    Test test = tests[Integer.parseInt(args[0])];
    Security.setProperty("jdk.tls.disabledAlgorithms", test.tlsDisAlgs);
    Security.setProperty("jdk.certpath.disabledAlgorithms", test.certPathDisAlgs);
    if (debug) {
        System.setProperty("javax.net.debug", "all");
    }
    /*
         * Start the tests.
         */
    try {
        new PKIXExtendedTM();
        if (test.fail) {
            throw new Exception("Expected MD5 certificate to be blocked");
        }
    } catch (Exception e) {
        if (test.fail) {
            // find expected cause
            boolean correctReason = false;
            Throwable cause = e.getCause();
            while (cause != null) {
                if (cause instanceof CertPathValidatorException) {
                    CertPathValidatorException cpve = (CertPathValidatorException) cause;
                    if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) {
                        correctReason = true;
                        break;
                    }
                }
                cause = cause.getCause();
            }
            if (!correctReason) {
                throw new Exception("Unexpected exception", e);
            }
        } else {
            throw e;
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) CertPathValidatorException(java.security.cert.CertPathValidatorException)

Example 97 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project mobile-center-sdk-android by Microsoft.

the class HttpUtilsAndroidTest method isRecoverableErrorTest.

@Test
public void isRecoverableErrorTest() {
    assertTrue(isRecoverableError(new EOFException()));
    assertTrue(isRecoverableError(new InterruptedIOException()));
    assertTrue(isRecoverableError(new SocketTimeoutException()));
    assertTrue(isRecoverableError(new SocketException()));
    assertTrue(isRecoverableError(new PortUnreachableException()));
    assertTrue(isRecoverableError(new UnknownHostException()));
    assertTrue(isRecoverableError(new RejectedExecutionException()));
    assertFalse(isRecoverableError(new MalformedURLException()));
    assertFalse(isRecoverableError(new IOException()));
    assertTrue(isRecoverableError(new IOException(new EOFException())));
    assertFalse(isRecoverableError(new IOException(new Exception())));
    for (int i = 0; i <= 4; i++) assertTrue(isRecoverableError(new HttpException(500 + i)));
    for (int i = 0; i <= 6; i++) assertFalse(isRecoverableError(new HttpException(400 + i)));
    assertTrue(isRecoverableError(new HttpException(408)));
    assertFalse(isRecoverableError(new HttpException(413)));
    assertFalse(isRecoverableError(new HttpException(429)));
    assertTrue(isRecoverableError(new SSLException("Write error: ssl=0x59c28f90: I/O error during system call, Connection timed out")));
    assertFalse(isRecoverableError(new SSLException(null, new CertPathValidatorException("Trust anchor for certification path not found."))));
    assertFalse(isRecoverableError(new SSLException("java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty")));
    assertTrue(isRecoverableError(new SSLException("Read error: ssl=0x9dd07200: I/O error during system call, Connection reset by peer")));
    assertTrue(isRecoverableError(new SSLException("SSL handshake aborted: ssl=0x1cc160: I/O error during system call, Connection reset by peer")));
    assertTrue(isRecoverableError(new SSLHandshakeException("java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.")));
    assertTrue(isRecoverableError(new SSLHandshakeException("javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x870c918: Failure in SSL library, usually a protocol error\nerror:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:658 0xb7c393a1:0x00000000)")));
}
Also used : InterruptedIOException(java.io.InterruptedIOException) SocketException(java.net.SocketException) PortUnreachableException(java.net.PortUnreachableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) IOException(java.io.IOException) InterruptedIOException(java.io.InterruptedIOException) SSLException(javax.net.ssl.SSLException) RejectedExecutionException(java.util.concurrent.RejectedExecutionException) MalformedURLException(java.net.MalformedURLException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) IOException(java.io.IOException) EOFException(java.io.EOFException) InterruptedIOException(java.io.InterruptedIOException) UnknownHostException(java.net.UnknownHostException) SocketException(java.net.SocketException) RejectedExecutionException(java.util.concurrent.RejectedExecutionException) SSLException(javax.net.ssl.SSLException) SocketTimeoutException(java.net.SocketTimeoutException) PortUnreachableException(java.net.PortUnreachableException) CertPathValidatorException(java.security.cert.CertPathValidatorException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) CertPathValidatorException(java.security.cert.CertPathValidatorException) SocketTimeoutException(java.net.SocketTimeoutException) EOFException(java.io.EOFException) Test(org.junit.Test)

Example 98 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.

the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.

@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
    final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
    when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
    when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
    when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
    CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
    when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
    try {
        configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
        Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
    } catch (CertificateChainValidationException success) {
        assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
        assertThat(success.getCause()).isEqualTo(underlyingException);
    }
}
Also used : CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto) CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException) FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType) Test(org.junit.Test)

Example 99 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.

the class CertificateValidityCheckerTest method getsInvalidCertificates.

@Test
public void getsInvalidCertificates() throws Exception {
    String description = "Certificate invalid";
    CertPathValidatorException certPathValidatorException = new CertPathValidatorException(description);
    when(certificateChainValidator.validate(certificateDetails.getX509(), trustStore)).thenReturn(CertificateValidity.invalid(certPathValidatorException));
    ImmutableList<InvalidCertificateDto> invalidCertificates = certificateValidityChecker.getInvalidCertificates(ImmutableList.of(certificateDetails));
    InvalidCertificateDto expected = new InvalidCertificateDto(certificateDetails.getIssuerId(), certPathValidatorException.getReason(), CertificateType.SIGNING, certificateDetails.getFederationEntityType(), description);
    assertThat(invalidCertificates).usingFieldByFieldElementComparator().containsOnly(expected);
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) InvalidCertificateDto(uk.gov.ida.hub.config.dto.InvalidCertificateDto) Test(org.junit.Test)

Example 100 with CertPathValidatorException

use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.

the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.

@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
    final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
    when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
    when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
    when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
    CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
    when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
    try {
        configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
        Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
    } catch (CertificateChainValidationException success) {
        assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
        assertThat(success.getCause()).isEqualTo(underlyingException);
    }
}
Also used : CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto) CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException) FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType) Test(org.junit.Test)

Aggregations

CertPathValidatorException (java.security.cert.CertPathValidatorException)102 IOException (java.io.IOException)46 X509Certificate (java.security.cert.X509Certificate)44 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)36 ArrayList (java.util.ArrayList)35 GeneralSecurityException (java.security.GeneralSecurityException)32 List (java.util.List)30 CertPathBuilderException (java.security.cert.CertPathBuilderException)25 CertificateExpiredException (java.security.cert.CertificateExpiredException)24 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)24 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)23 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)23 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)21 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18 Enumeration (java.util.Enumeration)15 Iterator (java.util.Iterator)15 CertPath (java.security.cert.CertPath)13 CertificateException (java.security.cert.CertificateException)13 HashSet (java.util.HashSet)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10