Example 11 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project service-proxy by membrane.
the class TrustManagerWrapper method adjustChain.
private void adjustChain(X509Certificate[] chain) {
for (int i = 0; i < chain.length; i++) {
final X509Certificate x509 = chain[i];
chain[i] = new X509Certificate() {
public boolean hasUnsupportedCriticalExtension() {
return x509.hasUnsupportedCriticalExtension();
}
public Set<String> getCriticalExtensionOIDs() {
return x509.getCriticalExtensionOIDs();
}
@Override
public boolean equals(Object other) {
return x509.equals(other);
}
@Override
public int hashCode() {
return x509.hashCode();
}
public Set<String> getNonCriticalExtensionOIDs() {
return x509.getNonCriticalExtensionOIDs();
}
@Override
public byte[] getEncoded() throws CertificateEncodingException {
return x509.getEncoded();
}
@Override
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
x509.verify(key);
}
public byte[] getExtensionValue(String oid) {
return x509.getExtensionValue(oid);
}
@Override
public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
x509.verify(key, sigProvider);
}
@Override
public int getVersion() {
return x509.getVersion();
}
@Override
public BigInteger getSerialNumber() {
return x509.getSerialNumber();
}
@Override
public String toString() {
return x509.toString();
}
@Override
public PublicKey getPublicKey() {
return x509.getPublicKey();
}
@Override
public Principal getIssuerDN() {
return x509.getIssuerDN();
}
@Override
public X500Principal getIssuerX500Principal() {
return x509.getIssuerX500Principal();
}
@Override
public Principal getSubjectDN() {
return x509.getSubjectDN();
}
@Override
public X500Principal getSubjectX500Principal() {
return x509.getSubjectX500Principal();
}
@Override
public Date getNotBefore() {
return x509.getNotBefore();
}
@Override
public Date getNotAfter() {
return x509.getNotAfter();
}
@Override
public byte[] getTBSCertificate() throws CertificateEncodingException {
return x509.getTBSCertificate();
}
@Override
public byte[] getSignature() {
return x509.getSignature();
}
@Override
public String getSigAlgName() {
return x509.getSigAlgName();
}
@Override
public String getSigAlgOID() {
return x509.getSigAlgOID();
}
@Override
public byte[] getSigAlgParams() {
return x509.getSigAlgParams();
}
@Override
public boolean[] getIssuerUniqueID() {
return x509.getIssuerUniqueID();
}
@Override
public boolean[] getSubjectUniqueID() {
return x509.getSubjectUniqueID();
}
@Override
public boolean[] getKeyUsage() {
return x509.getKeyUsage();
}
@Override
public List<String> getExtendedKeyUsage() throws CertificateParsingException {
return x509.getExtendedKeyUsage();
}
@Override
public int getBasicConstraints() {
return x509.getBasicConstraints();
}
@Override
public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException {
return x509.getSubjectAlternativeNames();
}
@Override
public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException {
return x509.getIssuerAlternativeNames();
}
@Override
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
if (ignoreTimestampCheckFailure)
return;
x509.checkValidity(date);
}
@Override
public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
if (ignoreTimestampCheckFailure)
return;
x509.checkValidity();
}
};
}
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
Set(java.util.Set)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
PublicKey(java.security.PublicKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
BigInteger(java.math.BigInteger)
X500Principal(javax.security.auth.x500.X500Principal)
Collection(java.util.Collection)
List(java.util.List)
NoSuchProviderException(java.security.NoSuchProviderException)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Example 12 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project j2objc by google.
the class CertificateExpiredExceptionTest method testCertificateExpiredException03.
/**
* Test for <code>CertificateExpiredException(String)</code> constructor
* Assertion: constructs CertificateExpiredException when <code>msg</code>
* is null
*/
public void testCertificateExpiredException03() {
String msg = null;
CertificateExpiredException tE = new CertificateExpiredException(msg);
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
Also used :
CertificateExpiredException(java.security.cert.CertificateExpiredException)
Example 13 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project j2objc by google.
the class CertificateExpiredExceptionTest method testCertificateExpiredException01.
/**
* Test for <code>CertificateExpiredException()</code> constructor
* Assertion: constructs CertificateExpiredException with no detail message
*/
public void testCertificateExpiredException01() {
CertificateExpiredException tE = new CertificateExpiredException();
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
Also used :
CertificateExpiredException(java.security.cert.CertificateExpiredException)
Example 14 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project cas by apereo.
the class X509CredentialsAuthenticationHandlerTests method getTestParameters.
/**
* Gets the unit test parameters.
*
* @return Test parameter data.
*/
@SuppressWarnings("PMD.ExcessiveMethodLength")
public static Stream<Arguments> getTestParameters() {
val params = new ArrayList<Arguments>();
/* Test case #1: Unsupported credential type */
var handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
params.add(arguments(handler, new UsernamePasswordCredential(), false, null, null));
/* Test case #2:Valid certificate /*/
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
var credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #3: Expired certificate */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-expired.crt")), true, null, new CertificateExpiredException()));
/* Test case #4: Untrusted issuer */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"), true, false, false);
params.add(arguments(handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()));
/* Test case #5: Disallowed subject */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), true, RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"));
params.add(arguments(handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()));
/* Test case #6: Check key usage on a cert without keyUsage extension */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, false);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #7: Require key usage on a cert without keyUsage extension */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new FailedLoginException()));
/* Test case #8: Require key usage on a cert with acceptable keyUsage extension values */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
credential = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #9: Require key usage on a cert with unacceptable keyUsage extension values */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, null, new FailedLoginException()));
/*
* Revocation tests
*/
/* Test case #10: Valid certificate with CRL checking */
var checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #11: Revoked end user certificate */
checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-revoked.crt")), true, null, new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), null)));
/* Test case #12: Valid certificate on expired CRL data */
val zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy(0);
checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"), null, zeroThresholdPolicy);
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new ExpiredCRLException(null, ZonedDateTime.now(ZoneOffset.UTC))));
/* Certificate not allowed */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, RegexUtils.MATCH_NOTHING_PATTERN);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 0);
var certificate = new CasX509Certificate(true);
certificate.setBasicConstraints(Integer.MAX_VALUE);
credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 1);
certificate = new CasX509Certificate(true);
certificate.setBasicConstraints(10);
credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".+"), true, true, false);
certificate = new CasX509Certificate(true);
certificate.setKeyUsage(true);
credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
return params.stream();
}
Also used :
lombok.val(lombok.val)
RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
ArrayList(java.util.ArrayList)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
CasX509Certificate(org.apereo.cas.adaptors.x509.authentication.CasX509Certificate)
ClassPathResource(org.springframework.core.io.ClassPathResource)
ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy)
ExpiredCRLException(org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
X509CertificateCredential(org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential)
ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker)
UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential)
Example 15 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project mobile-center-sdk-android by Microsoft.
the class CryptoRsaHandler method encrypt.
@Override
public byte[] encrypt(CryptoUtils.ICryptoFactory cryptoFactory, int apiLevel, KeyStore.Entry keyStoreEntry, byte[] input) throws Exception {
CryptoUtils.ICipher cipher = getCipher(cryptoFactory, apiLevel);
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStoreEntry;
X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate();
try {
certificate.checkValidity();
} catch (CertificateExpiredException e) {
throw new InvalidKeyException(e);
}
cipher.init(ENCRYPT_MODE, certificate.getPublicKey());
return cipher.doFinal(input);
}
Also used :
CertificateExpiredException(java.security.cert.CertificateExpiredException)
InvalidKeyException(java.security.InvalidKeyException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CertificateExpiredException (java.security.cert.CertificateExpiredException)46
X509Certificate (java.security.cert.X509Certificate)32
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)28
CertificateException (java.security.cert.CertificateException)15
ArrayList (java.util.ArrayList)7
GeneralSecurityException (java.security.GeneralSecurityException)6
InvalidKeyException (java.security.InvalidKeyException)6
KeyStore (java.security.KeyStore)6
Certificate (java.security.cert.Certificate)6
IOException (java.io.IOException)5
KeyStoreException (java.security.KeyStoreException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
Date (java.util.Date)5
SuppressLint (android.annotation.SuppressLint)4
Principal (java.security.Principal)4
Calendar (java.util.Calendar)4
Test (org.junit.Test)4
FileNotFoundException (java.io.FileNotFoundException)3
CertificateFactory (java.security.cert.CertificateFactory)3
X509TrustManager (javax.net.ssl.X509TrustManager)3
