use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class TrustManagerImpl method checkTrusted.
private List<X509Certificate> checkTrusted(X509Certificate[] chain, String authType, String host, boolean clientAuth) throws CertificateException {
if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
throw new IllegalArgumentException("null or zero-length parameter");
}
if (err != null) {
throw new CertificateException(err);
}
// get the cleaned up chain and trust anchor
// there can only be one!
Set<TrustAnchor> trustAnchor = new HashSet<TrustAnchor>();
X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchor);
// add the first trust anchor to the chain, which may be an intermediate
List<X509Certificate> wholeChain = new ArrayList<X509Certificate>();
wholeChain.addAll(Arrays.asList(newChain));
// trustAnchor is actually just a single element
for (TrustAnchor trust : trustAnchor) {
wholeChain.add(trust.getTrustedCert());
}
// add all the cached certificates from the cert index, avoiding loops
// this gives us a full chain from leaf to root, which we use for cert pinning and pass
// back out to callers when we return.
X509Certificate last = wholeChain.get(wholeChain.size() - 1);
while (true) {
TrustAnchor cachedTrust = trustedCertificateIndex.findByIssuerAndSignature(last);
// trusted a non-self-signed cert.
if (cachedTrust == null) {
break;
}
// at this point we have a cached trust anchor, but don't know if its one we got from
// the server. Extract the cert, compare it to the last element in the chain, and add it
// if we haven't seen it before.
X509Certificate next = cachedTrust.getTrustedCert();
if (next != last) {
wholeChain.add(next);
last = next;
} else {
// if next == last then we found a self-signed cert and the chain is done
break;
}
}
// build the cert path from the array of certs sans trust anchors
CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
if (host != null) {
boolean chainIsNotPinned = true;
try {
chainIsNotPinned = pinManager.chainIsNotPinned(host, wholeChain);
} catch (PinManagerException e) {
throw new CertificateException(e);
}
if (chainIsNotPinned) {
throw new CertificateException(new CertPathValidatorException("Certificate path is not properly pinned.", null, certPath, -1));
}
}
if (newChain.length == 0) {
// chain was entirely trusted, skip the validator
return wholeChain;
}
if (trustAnchor.isEmpty()) {
throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
}
// There's no point in checking trust anchors here, and it will throw off the MD5 check,
// so we just hand it the chain without anchors
ChainStrengthAnalyzer.check(newChain);
try {
PKIXParameters params = new PKIXParameters(trustAnchor);
params.setRevocationEnabled(false);
params.addCertPathChecker(new ExtendedKeyUsagePKIXCertPathChecker(clientAuth, newChain[0]));
validator.validate(certPath, params);
// cleanupCertChainAndFindTrustAnchors. http://b/3404902
for (int i = 1; i < newChain.length; i++) {
trustedCertificateIndex.index(newChain[i]);
}
} catch (InvalidAlgorithmParameterException e) {
throw new CertificateException(e);
} catch (CertPathValidatorException e) {
throw new CertificateException(e);
}
return wholeChain;
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class invalidParams method testCertPathValidator12.
/**
* Test for
* <code>CertPathValidator</code> constructor
* Assertion: returns CertPathValidator object
*/
public void testCertPathValidator12() throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, CertPathValidatorException, InvalidAlgorithmParameterException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
CertPathValidatorSpi spi = new MyCertPathValidatorSpi();
CertPathValidator certPV = new myCertPathValidator(spi, defaultProvider, defaultType);
assertEquals("Incorrect algorithm", certPV.getAlgorithm(), defaultType);
assertEquals("Incorrect provider", certPV.getProvider(), defaultProvider);
certPV.validate(null, null);
try {
certPV.validate(null, null);
fail("CertPathValidatorException must be thrown");
} catch (CertPathValidatorException e) {
}
certPV = new myCertPathValidator(null, null, null);
assertNull("Incorrect algorithm", certPV.getAlgorithm());
assertNull("Incorrect provider", certPV.getProvider());
try {
certPV.validate(null, null);
fail("NullPointerException must be thrown");
} catch (NullPointerException e) {
}
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidatorExceptionTest method testCertPathValidatorException03.
/**
* Test for <code>CertPathValidatorException(String)</code> constructor
* Assertion: constructs CertPathValidatorException when <code>msg</code>
* is null
*/
public void testCertPathValidatorException03() {
String msg = null;
CertPathValidatorException tE = new CertPathValidatorException(msg);
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidatorExceptionTest method testCertPathValidatorException01.
/**
* Test for <code>CertPathValidatorException()</code> constructor
* Assertion: constructs CertPathValidatorException with no detail message
*/
public void testCertPathValidatorException01() {
CertPathValidatorException tE = new CertPathValidatorException();
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
use of java.security.cert.CertPathValidatorException in project robovm by robovm.
the class CertPathValidatorExceptionTest method testCertPathValidatorException12.
/**
* Test for
* <code>CertPathValidatorException(String, Throwable, CertPath, int)</code>
* constructor Assertion: constructs CertPathValidatorException when
* <code>cause</code> not null <code>msg</code> not null
* <code>certPath</code> is null <code>index</code> is -1
*/
public void testCertPathValidatorException12() {
CertPathValidatorException tE;
for (int i = 0; i < msgs.length; i++) {
try {
tE = new CertPathValidatorException(msgs[i], tCause, null, -1);
String getM = tE.getMessage();
String toS = tCause.toString();
if (msgs[i].length() > 0) {
assertTrue("getMessage() must contain ".concat(msgs[i]), getM.indexOf(msgs[i]) != -1);
if (!getM.equals(msgs[i])) {
assertTrue("getMessage() should contain ".concat(toS), getM.indexOf(toS) != -1);
}
}
assertNotNull("getCause() must not return null", tE.getCause());
assertEquals("getCause() must return ".concat(tCause.toString()), tE.getCause(), tCause);
assertNull("getCertPath() must return null", tE.getCertPath());
assertEquals("getIndex() must return -1", tE.getIndex(), -1);
} catch (IndexOutOfBoundsException e) {
fail("Unexpected exception: " + e.toString() + " Parameters: msg: " + msgs[i] + ", certPath is null and index is -1");
}
}
}
Aggregations