Example 71 with X509CertSelector
use of java.security.cert.X509CertSelector in project robovm by robovm.
the class TestUtils method initCertPathSSCertChain.
public static void initCertPathSSCertChain() throws CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
// create certificates and CRLs
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bi = new ByteArrayInputStream(rootCert.getBytes());
rootCertificateSS = (X509Certificate) cf.generateCertificate(bi);
bi = new ByteArrayInputStream(endCert.getBytes());
endCertificate = (X509Certificate) cf.generateCertificate(bi);
BigInteger revokedSerialNumber = BigInteger.valueOf(1);
crl = new MyCRL("X.509");
// X509CRL rootCRL = X509CRL;
// X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
// .getPrivate(), revokedSerialNumber);
// create CertStore to support path building
List<Object> list = new ArrayList<Object>();
list.add(rootCertificateSS);
list.add(endCertificate);
CollectionCertStoreParameters params = new CollectionCertStoreParameters(list);
store = CertStore.getInstance("Collection", params);
theCertSelector = new X509CertSelector();
theCertSelector.setCertificate(endCertificate);
theCertSelector.setIssuer(endCertificate.getIssuerX500Principal().getEncoded());
// build the path
builder = CertPathBuilder.getInstance("PKIX");
}
Also used :
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ArrayList(java.util.ArrayList)
BigInteger(java.math.BigInteger)
X509CertSelector(java.security.cert.X509CertSelector)
CertificateFactory(java.security.cert.CertificateFactory)
Example 72 with X509CertSelector
use of java.security.cert.X509CertSelector in project XobotOS by xamarin.
the class CertPathValidatorUtilities method findTrustAnchor.
/**
* Search the given Set of TrustAnchor's for one that is the
* issuer of the given X509 certificate. Uses the specified
* provider for signature verification, or the default provider
* if null.
*
* @param cert the X509 certificate
* @param trustAnchors a Set of TrustAnchor's
* @param sigProvider the provider to use for signature verification
*
* @return the <code>TrustAnchor</code> object if found or
* <code>null</code> if not.
*
* @exception AnnotatedException
* if a TrustAnchor was found but the signature verification
* on the given certificate has thrown an exception.
*/
protected static TrustAnchor findTrustAnchor(X509Certificate cert, Set trustAnchors, String sigProvider) throws AnnotatedException {
TrustAnchor trust = null;
PublicKey trustPublicKey = null;
Exception invalidKeyEx = null;
X509CertSelector certSelectX509 = new X509CertSelector();
X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
try {
certSelectX509.setSubject(certIssuer.getEncoded());
} catch (IOException ex) {
throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
}
Iterator iter = trustAnchors.iterator();
while (iter.hasNext() && trust == null) {
trust = (TrustAnchor) iter.next();
if (trust.getTrustedCert() != null) {
if (certSelectX509.match(trust.getTrustedCert())) {
trustPublicKey = trust.getTrustedCert().getPublicKey();
} else {
trust = null;
}
} else if (trust.getCAName() != null && trust.getCAPublicKey() != null) {
try {
X500Principal caName = new X500Principal(trust.getCAName());
if (certIssuer.equals(caName)) {
trustPublicKey = trust.getCAPublicKey();
} else {
trust = null;
}
} catch (IllegalArgumentException ex) {
trust = null;
}
} else {
trust = null;
}
if (trustPublicKey != null) {
try {
verifyX509Certificate(cert, trustPublicKey, sigProvider);
} catch (Exception ex) {
invalidKeyEx = ex;
trust = null;
}
}
}
if (trust == null && invalidKeyEx != null) {
throw new AnnotatedException("TrustAnchor found but certificate validation failed.", invalidKeyEx);
}
return trust;
}
Also used :
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
Iterator(java.util.Iterator)
X500Principal(javax.security.auth.x500.X500Principal)
TrustAnchor(java.security.cert.TrustAnchor)
X509CertSelector(java.security.cert.X509CertSelector)
IOException(java.io.IOException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CertificateParsingException(java.security.cert.CertificateParsingException)
StoreException(org.bouncycastle.util.StoreException)
IOException(java.io.IOException)
Example 73 with X509CertSelector
use of java.security.cert.X509CertSelector in project robovm by robovm.
the class myTrustManagerFactory method test_initLjavax_net_ssl_ManagerFactoryParameters.
/**
* Test for <code>init(ManagerFactoryParameters params)</code>
* Assertion:
* throws InvalidAlgorithmParameterException when params is null
*/
@KnownFailure("ManagerFactoryParameters object is not supported " + "and InvalidAlgorithmParameterException was thrown.")
public void test_initLjavax_net_ssl_ManagerFactoryParameters() throws Exception {
ManagerFactoryParameters par = null;
TrustManagerFactory[] trustMF = createTMFac();
assertNotNull("TrustManagerFactory objects were not created", trustMF);
for (int i = 0; i < trustMF.length; i++) {
try {
trustMF[i].init(par);
fail("InvalidAlgorithmParameterException must be thrown");
} catch (InvalidAlgorithmParameterException e) {
}
}
String keyAlg = "DSA";
String validCaNameRfc2253 = ("CN=Test CA," + "OU=Testing Division," + "O=Test It All," + "L=Test Town," + "ST=Testifornia," + "C=Testland");
try {
KeyStore kStore = KeyStore.getInstance(KeyStore.getDefaultType());
kStore.load(null, null);
PublicKey pk = new TestKeyPair(keyAlg).getPublic();
TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, getFullEncoding());
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
trustAnchors.add(ta);
X509CertSelector xcs = new X509CertSelector();
PKIXBuilderParameters pkixBP = new PKIXBuilderParameters(trustAnchors, xcs);
CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pkixBP);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(getDefaultAlgorithm());
try {
tmf.init(cptmp);
} catch (Exception ex) {
fail(ex + " was thrown for init(ManagerFactoryParameters spec)");
}
} catch (Exception e) {
fail("Unexpected exception for configuration: " + e);
}
}
Also used :
TestKeyPair(org.apache.harmony.security.tests.support.TestKeyPair)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PublicKey(java.security.PublicKey)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters)
TrustAnchor(java.security.cert.TrustAnchor)
X509CertSelector(java.security.cert.X509CertSelector)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)
HashSet(java.util.HashSet)
KnownFailure(dalvik.annotation.KnownFailure)
Example 74 with X509CertSelector
use of java.security.cert.X509CertSelector in project robovm by robovm.
the class X509CertSelectorTest method test_setMatchAllSubjectAltNamesZ.
/**
* java.security.cert.X509CertSelector#setMatchAllSubjectAltNames(boolean)
*/
public void test_setMatchAllSubjectAltNamesZ() {
TestCert cert = new TestCert();
X509CertSelector selector = new X509CertSelector();
assertTrue(selector.match(cert));
assertFalse(selector.match(null));
}
Also used :
X509CertSelector(java.security.cert.X509CertSelector)
Example 75 with X509CertSelector
use of java.security.cert.X509CertSelector in project robovm by robovm.
the class X509CertSelectorTest method test_setSubjectAlternativeNamesLjava_util_Collection.
/**
* java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>)
*/
public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setSubjectAlternativeNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setSubjectAlternativeNames(sans);
selector.getSubjectAlternativeNames();
}
Also used :
GeneralNames(org.apache.harmony.security.x509.GeneralNames)
OtherName(org.apache.harmony.security.x509.OtherName)
X509CertSelector(java.security.cert.X509CertSelector)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(org.apache.harmony.security.x509.GeneralName)
ORAddress(org.apache.harmony.security.x509.ORAddress)
GeneralName(org.apache.harmony.security.x509.GeneralName)
OtherName(org.apache.harmony.security.x509.OtherName)
Name(org.apache.harmony.security.x501.Name)
Aggregations
X509CertSelector (java.security.cert.X509CertSelector)116
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)29
X509Certificate (java.security.cert.X509Certificate)23
IOException (java.io.IOException)18
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)17
X500Principal (javax.security.auth.x500.X500Principal)16
ArrayList (java.util.ArrayList)14
TrustAnchor (java.security.cert.TrustAnchor)13
CertificateFactory (java.security.cert.CertificateFactory)11
HashSet (java.util.HashSet)11
ByteArrayInputStream (java.io.ByteArrayInputStream)10
KeyStore (java.security.KeyStore)10
CertPathBuilder (java.security.cert.CertPathBuilder)10
CertStore (java.security.cert.CertStore)10
PublicKey (java.security.PublicKey)9
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)8
CertificateException (java.security.cert.CertificateException)8
ASN1OctetString (org.apache.harmony.security.asn1.ASN1OctetString)8
BigInteger (java.math.BigInteger)7
Date (java.util.Date)7
