Examples with TrustAnchor java.security.cert.TrustAnchor used on opensource projects

Example 26 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class OldPKIXParametersTest method testClone.

public final void testClone() throws InvalidAlgorithmParameterException {
    Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }
    PKIXParameters cpp = new PKIXParameters(taSet);
    PKIXParameters cppc = (PKIXParameters) cpp.clone();
    assertEquals(cpp.getPolicyQualifiersRejected(), cppc.getPolicyQualifiersRejected());
    assertEquals(cpp.getCertPathCheckers(), cppc.getCertPathCheckers());
    assertEquals(cpp.getCertStores(), cppc.getCertStores());
    assertEquals(cpp.getDate(), cppc.getDate());
    assertEquals(cpp.getInitialPolicies(), cppc.getInitialPolicies());
    assertEquals(cpp.getSigProvider(), cppc.getSigProvider());
    assertEquals(cpp.getTargetCertConstraints(), cppc.getTargetCertConstraints());
    assertEquals(cpp.getTrustAnchors(), cppc.getTrustAnchors());
    assertEquals(cpp.isAnyPolicyInhibited(), cppc.isAnyPolicyInhibited());
    assertEquals(cpp.isExplicitPolicyRequired(), cppc.isExplicitPolicyRequired());
    assertEquals(cpp.isPolicyMappingInhibited(), cppc.isPolicyMappingInhibited());
    assertEquals(cpp.isRevocationEnabled(), cppc.isRevocationEnabled());
    cpp.setDate(Calendar.getInstance().getTime());
    cpp.setPolicyQualifiersRejected(!cppc.getPolicyQualifiersRejected());
    assertFalse(cpp.getDate().equals(cppc.getDate()));
    assertFalse(cpp.getPolicyQualifiersRejected() == cppc.getPolicyQualifiersRejected());
    cppc.setExplicitPolicyRequired(!cpp.isExplicitPolicyRequired());
    cppc.setRevocationEnabled(!cpp.isRevocationEnabled());
    assertFalse(cpp.isExplicitPolicyRequired() == cppc.isExplicitPolicyRequired());
    assertFalse(cpp.isRevocationEnabled() == cppc.isRevocationEnabled());
    PKIXParameters cpp1 = null;
    try {
        cpp1.clone();
    } catch (NullPointerException e) {
    // expected
    }
}

Example 27 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class TrustManagerImpl method checkTrusted.

private List<X509Certificate> checkTrusted(X509Certificate[] chain, String authType, String host, boolean clientAuth) throws CertificateException {
    if (chain == null || chain.length == 0 || authType == null || authType.length() == 0) {
        throw new IllegalArgumentException("null or zero-length parameter");
    }
    if (err != null) {
        throw new CertificateException(err);
    }
    // get the cleaned up chain and trust anchor
    // there can only be one!
    Set<TrustAnchor> trustAnchor = new HashSet<TrustAnchor>();
    X509Certificate[] newChain = cleanupCertChainAndFindTrustAnchors(chain, trustAnchor);
    // add the first trust anchor to the chain, which may be an intermediate
    List<X509Certificate> wholeChain = new ArrayList<X509Certificate>();
    wholeChain.addAll(Arrays.asList(newChain));
    // trustAnchor is actually just a single element
    for (TrustAnchor trust : trustAnchor) {
        wholeChain.add(trust.getTrustedCert());
    }
    // add all the cached certificates from the cert index, avoiding loops
    // this gives us a full chain from leaf to root, which we use for cert pinning and pass
    // back out to callers when we return.
    X509Certificate last = wholeChain.get(wholeChain.size() - 1);
    while (true) {
        TrustAnchor cachedTrust = trustedCertificateIndex.findByIssuerAndSignature(last);
        // trusted a non-self-signed cert.
        if (cachedTrust == null) {
            break;
        }
        // at this point we have a cached trust anchor, but don't know if its one we got from
        // the server. Extract the cert, compare it to the last element in the chain, and add it
        // if we haven't seen it before.
        X509Certificate next = cachedTrust.getTrustedCert();
        if (next != last) {
            wholeChain.add(next);
            last = next;
        } else {
            // if next == last then we found a self-signed cert and the chain is done
            break;
        }
    }
    // build the cert path from the array of certs sans trust anchors
    CertPath certPath = factory.generateCertPath(Arrays.asList(newChain));
    if (host != null) {
        boolean chainIsNotPinned = true;
        try {
            chainIsNotPinned = pinManager.chainIsNotPinned(host, wholeChain);
        } catch (PinManagerException e) {
            throw new CertificateException(e);
        }
        if (chainIsNotPinned) {
            throw new CertificateException(new CertPathValidatorException("Certificate path is not properly pinned.", null, certPath, -1));
        }
    }
    if (newChain.length == 0) {
        // chain was entirely trusted, skip the validator
        return wholeChain;
    }
    if (trustAnchor.isEmpty()) {
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1));
    }
    // There's no point in checking trust anchors here, and it will throw off the MD5 check,
    // so we just hand it the chain without anchors
    ChainStrengthAnalyzer.check(newChain);
    try {
        PKIXParameters params = new PKIXParameters(trustAnchor);
        params.setRevocationEnabled(false);
        params.addCertPathChecker(new ExtendedKeyUsagePKIXCertPathChecker(clientAuth, newChain[0]));
        validator.validate(certPath, params);
        // cleanupCertChainAndFindTrustAnchors.  http://b/3404902
        for (int i = 1; i < newChain.length; i++) {
            trustedCertificateIndex.index(newChain[i]);
        }
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateException(e);
    } catch (CertPathValidatorException e) {
        throw new CertificateException(e);
    }
    return wholeChain;
}

Example 28 with TrustAnchor

use of java.security.cert.TrustAnchor in project robovm by robovm.

the class TrustedCertificateIndex method index.

public TrustAnchor index(X509Certificate cert) {
    TrustAnchor anchor = new TrustAnchor(cert, null);
    index(anchor);
    return anchor;
}

Example 29 with TrustAnchor

use of java.security.cert.TrustAnchor in project XobotOS by xamarin.

the class TrustedCertificateIndex method findByIssuerAndSignature.

public TrustAnchor findByIssuerAndSignature(X509Certificate cert) {
    X500Principal issuer = cert.getIssuerX500Principal();
    synchronized (subjectToTrustAnchors) {
        List<TrustAnchor> anchors = subjectToTrustAnchors.get(issuer);
        if (anchors == null) {
            return null;
        }
        for (TrustAnchor anchor : anchors) {
            PublicKey publicKey;
            try {
                X509Certificate caCert = anchor.getTrustedCert();
                if (caCert != null) {
                    publicKey = caCert.getPublicKey();
                } else {
                    publicKey = anchor.getCAPublicKey();
                }
                cert.verify(publicKey);
                return anchor;
            } catch (Exception ignored) {
            }
        }
    }
    return null;
}

Example 30 with TrustAnchor

use of java.security.cert.TrustAnchor in project XobotOS by xamarin.

the class TrustedCertificateIndex method index.

public TrustAnchor index(X509Certificate cert) {
    TrustAnchor anchor = new TrustAnchor(cert, null);
    index(anchor);
    return anchor;
}