use of java.security.cert.CertPathValidatorException in project jdk8u_jdk by JetBrains.
the class PKIXExtendedTM method main.
public static void main(String[] args) throws Exception {
if (args.length != 1) {
throw new Exception("Incorrect number of arguments");
}
Test test = tests[Integer.parseInt(args[0])];
Security.setProperty("jdk.tls.disabledAlgorithms", test.tlsDisAlgs);
Security.setProperty("jdk.certpath.disabledAlgorithms", test.certPathDisAlgs);
if (debug) {
System.setProperty("javax.net.debug", "all");
}
/*
* Start the tests.
*/
try {
new PKIXExtendedTM();
if (test.fail) {
throw new Exception("Expected MD5 certificate to be blocked");
}
} catch (Exception e) {
if (test.fail) {
// find expected cause
boolean correctReason = false;
Throwable cause = e.getCause();
while (cause != null) {
if (cause instanceof CertPathValidatorException) {
CertPathValidatorException cpve = (CertPathValidatorException) cause;
if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) {
correctReason = true;
break;
}
}
cause = cause.getCause();
}
if (!correctReason) {
throw new Exception("Unexpected exception", e);
}
} else {
throw e;
}
}
}
use of java.security.cert.CertPathValidatorException in project mobile-center-sdk-android by Microsoft.
the class HttpUtilsAndroidTest method isRecoverableErrorTest.
@Test
public void isRecoverableErrorTest() {
assertTrue(isRecoverableError(new EOFException()));
assertTrue(isRecoverableError(new InterruptedIOException()));
assertTrue(isRecoverableError(new SocketTimeoutException()));
assertTrue(isRecoverableError(new SocketException()));
assertTrue(isRecoverableError(new PortUnreachableException()));
assertTrue(isRecoverableError(new UnknownHostException()));
assertTrue(isRecoverableError(new RejectedExecutionException()));
assertFalse(isRecoverableError(new MalformedURLException()));
assertFalse(isRecoverableError(new IOException()));
assertTrue(isRecoverableError(new IOException(new EOFException())));
assertFalse(isRecoverableError(new IOException(new Exception())));
for (int i = 0; i <= 4; i++) assertTrue(isRecoverableError(new HttpException(500 + i)));
for (int i = 0; i <= 6; i++) assertFalse(isRecoverableError(new HttpException(400 + i)));
assertTrue(isRecoverableError(new HttpException(408)));
assertFalse(isRecoverableError(new HttpException(413)));
assertFalse(isRecoverableError(new HttpException(429)));
assertTrue(isRecoverableError(new SSLException("Write error: ssl=0x59c28f90: I/O error during system call, Connection timed out")));
assertFalse(isRecoverableError(new SSLException(null, new CertPathValidatorException("Trust anchor for certification path not found."))));
assertFalse(isRecoverableError(new SSLException("java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty")));
assertTrue(isRecoverableError(new SSLException("Read error: ssl=0x9dd07200: I/O error during system call, Connection reset by peer")));
assertTrue(isRecoverableError(new SSLException("SSL handshake aborted: ssl=0x1cc160: I/O error during system call, Connection reset by peer")));
assertTrue(isRecoverableError(new SSLHandshakeException("java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.")));
assertTrue(isRecoverableError(new SSLHandshakeException("javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x870c918: Failure in SSL library, usually a protocol error\nerror:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:658 0xb7c393a1:0x00000000)")));
}
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class CertificateValidityCheckerTest method getsInvalidCertificates.
@Test
public void getsInvalidCertificates() throws Exception {
String description = "Certificate invalid";
CertPathValidatorException certPathValidatorException = new CertPathValidatorException(description);
when(certificateChainValidator.validate(certificateDetails.getX509(), trustStore)).thenReturn(CertificateValidity.invalid(certPathValidatorException));
ImmutableList<InvalidCertificateDto> invalidCertificates = certificateValidityChecker.getInvalidCertificates(ImmutableList.of(certificateDetails));
InvalidCertificateDto expected = new InvalidCertificateDto(certificateDetails.getIssuerId(), certPathValidatorException.getReason(), CertificateType.SIGNING, certificateDetails.getFederationEntityType(), description);
assertThat(invalidCertificates).usingFieldByFieldElementComparator().containsOnly(expected);
}
use of java.security.cert.CertPathValidatorException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Aggregations