Examples with CertificateRevokedException java.security.cert.CertificateRevokedException used on opensource projects

Search in sources :

Example 6 with CertificateRevokedException

use of java.security.cert.CertificateRevokedException in project netty by netty.

the class SslErrorTest method testCorrectAlert.

@Test(timeout = 30000)
public void testCorrectAlert() throws Exception {
    // As this only works correctly at the moment when OpenSslEngine is used on the server-side there is
    // no need to run it if there is no openssl is available at all.
    Assume.assumeTrue(OpenSsl.isAvailable());
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(serverProvider).trustManager(new SimpleTrustManagerFactory() {

        @Override
        protected void engineInit(KeyStore keyStore) {
        }

        @Override
        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
        }

        @Override
        protected TrustManager[] engineGetTrustManagers() {
            return new TrustManager[] { new X509TrustManager() {

                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                    throw exception;
                }

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                // NOOP
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return EmptyArrays.EMPTY_X509_CERTIFICATES;
                }
            } };
        }
    }).clientAuth(ClientAuth.REQUIRE).build();
    final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).keyManager(new File(getClass().getResource("test.crt").getFile()), new File(getClass().getResource("test_unencrypted.pem").getFile())).sslProvider(clientProvider).build();
    Channel serverChannel = null;
    Channel clientChannel = null;
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        serverChannel = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)).childHandler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        ctx.close();
                    }
                });
            }
        }).bind(0).sync().channel();
        final Promise<Void> promise = group.next().newPromise();
        clientChannel = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        // Unwrap as its wrapped by a DecoderException
                        Throwable unwrappedCause = cause.getCause();
                        if (unwrappedCause instanceof SSLException) {
                            if (exception instanceof TestCertificateException) {
                                CertPathValidatorException.Reason reason = ((CertPathValidatorException) exception.getCause()).getReason();
                                if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                                    verifyException(unwrappedCause, "expired", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                                    verifyException(unwrappedCause, "bad", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                                    verifyException(unwrappedCause, "revoked", promise);
                                }
                            } else if (exception instanceof CertificateExpiredException) {
                                verifyException(unwrappedCause, "expired", promise);
                            } else if (exception instanceof CertificateNotYetValidException) {
                                verifyException(unwrappedCause, "bad", promise);
                            } else if (exception instanceof CertificateRevokedException) {
                                verifyException(unwrappedCause, "revoked", promise);
                            }
                        }
                    }
                });
            }
        }).connect(serverChannel.localAddress()).syncUninterruptibly().channel();
        // Block until we received the correct exception
        promise.syncUninterruptibly();
    } finally {
        if (clientChannel != null) {
            clientChannel.close().syncUninterruptibly();
        }
        if (serverChannel != null) {
            serverChannel.close().syncUninterruptibly();
        }
        group.shutdownGracefully();
        ReferenceCountUtil.release(sslServerCtx);
        ReferenceCountUtil.release(sslClientCtx);
    }
}
Also used : LoggingHandler(io.netty.handler.logging.LoggingHandler) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertificateException(java.security.cert.CertificateException) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) SSLException(javax.net.ssl.SSLException) Bootstrap(io.netty.bootstrap.Bootstrap) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) CertificateRevokedException(java.security.cert.CertificateRevokedException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) Channel(io.netty.channel.Channel) SimpleTrustManagerFactory(io.netty.handler.ssl.util.SimpleTrustManagerFactory) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertificateRevokedException(java.security.cert.CertificateRevokedException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) CertPathValidatorException(java.security.cert.CertPathValidatorException) EventLoopGroup(io.netty.channel.EventLoopGroup) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) X509TrustManager(javax.net.ssl.X509TrustManager) File(java.io.File) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter) Test(org.junit.Test)

Example 7 with CertificateRevokedException

use of java.security.cert.CertificateRevokedException in project j2objc by google.

the class CertificateRevocationExceptionTest method testGetRevocationDate.

public void testGetRevocationDate() throws Exception {
    CertificateRevokedException exception = getTestException();
    Date firstDate = exception.getRevocationDate();
    assertNotSame(firstDate, exception.getRevocationDate());
    firstDate.setYear(firstDate.getYear() + 1);
    assertTrue(firstDate.compareTo(exception.getRevocationDate()) > 0);
}
Also used : CertificateRevokedException(java.security.cert.CertificateRevokedException) Date(java.util.Date)

Example 8 with CertificateRevokedException

use of java.security.cert.CertificateRevokedException in project j2objc by google.

the class CertificateRevocationExceptionTest method assertDeserialized.

@Override
public void assertDeserialized(Serializable initial, Serializable deserialized) {
    assertTrue(initial instanceof CertificateRevokedException);
    assertTrue(deserialized instanceof CertificateRevokedException);
    CertificateRevokedException expected = (CertificateRevokedException) initial;
    CertificateRevokedException actual = (CertificateRevokedException) deserialized;
    assertEquals(expected.getInvalidityDate(), actual.getInvalidityDate());
    assertNotSame(expected.getInvalidityDate(), actual.getInvalidityDate());
    assertEquals(expected.getRevocationDate(), actual.getRevocationDate());
    assertNotSame(expected.getRevocationDate(), actual.getRevocationDate());
    assertEquals(expected.getRevocationReason(), expected.getRevocationReason());
    assertEquals(expected.getAuthorityName(), actual.getAuthorityName());
    assertNotSame(expected.getAuthorityName(), actual.getAuthorityName());
    assertEquals(expected.getExtensions().size(), actual.getExtensions().size());
    assertEquals(expected.getExtensions().keySet(), actual.getExtensions().keySet());
}
Also used : CertificateRevokedException(java.security.cert.CertificateRevokedException)

Example 9 with CertificateRevokedException

use of java.security.cert.CertificateRevokedException in project netty by netty.

the class SslErrorTest method data.

static Collection<Object[]> data() {
    List<SslProvider> serverProviders = new ArrayList<SslProvider>(2);
    List<SslProvider> clientProviders = new ArrayList<SslProvider>(3);
    if (OpenSsl.isAvailable()) {
        serverProviders.add(SslProvider.OPENSSL);
        serverProviders.add(SslProvider.OPENSSL_REFCNT);
        clientProviders.add(SslProvider.OPENSSL);
        clientProviders.add(SslProvider.OPENSSL_REFCNT);
    }
    // We not test with SslProvider.JDK on the server side as the JDK implementation currently just send the same
    // alert all the time, sigh.....
    clientProviders.add(SslProvider.JDK);
    List<CertificateException> exceptions = new ArrayList<CertificateException>(6);
    exceptions.add(new CertificateExpiredException());
    exceptions.add(new CertificateNotYetValidException());
    exceptions.add(new CertificateRevokedException(new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""), Collections.<String, Extension>emptyMap()));
    // Also use wrapped exceptions as this is what the JDK implementation of X509TrustManagerFactory is doing.
    exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
    exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
    exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));
    List<Object[]> params = new ArrayList<Object[]>();
    for (SslProvider serverProvider : serverProviders) {
        for (SslProvider clientProvider : clientProviders) {
            for (CertificateException exception : exceptions) {
                params.add(new Object[] { serverProvider, clientProvider, exception, true });
                params.add(new Object[] { serverProvider, clientProvider, exception, false });
            }
        }
    }
    return params;
}
Also used : CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertificateRevokedException(java.security.cert.CertificateRevokedException) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) Date(java.util.Date) Extension(java.security.cert.Extension) X500Principal(javax.security.auth.x500.X500Principal)

Aggregations

CertificateRevokedException (java.security.cert.CertificateRevokedException)9 Date (java.util.Date)4 CertificateException (java.security.cert.CertificateException)3 Extension (java.security.cert.Extension)3 X500Principal (javax.security.auth.x500.X500Principal)3 CertificateExpiredException (java.security.cert.CertificateExpiredException)2 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)2 X509Certificate (java.security.cert.X509Certificate)2 Bootstrap (io.netty.bootstrap.Bootstrap)1 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)1 Channel (io.netty.channel.Channel)1 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)1 ChannelInboundHandlerAdapter (io.netty.channel.ChannelInboundHandlerAdapter)1 EventLoopGroup (io.netty.channel.EventLoopGroup)1 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)1 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)1 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)1 LoggingHandler (io.netty.handler.logging.LoggingHandler)1 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)1 SimpleTrustManagerFactory (io.netty.handler.ssl.util.SimpleTrustManagerFactory)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial