Examples with ExtCertPathValidatorException org.bouncycastle.jce.exception.ExtCertPathValidatorException used on opensource projects

Search in sources :

Example 1 with ExtCertPathValidatorException

use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method prepareNextCertN.

protected static void prepareNextCertN(CertPath certPath, int index) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (n)
    //
    boolean[] _usage = cert.getKeyUsage();
    if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN]) {
        throw new ExtCertPathValidatorException("Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, index);
    }
}
Also used : ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate)

Example 2 with ExtCertPathValidatorException

use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method wrapupCertG.

protected static PKIXPolicyNode wrapupCertG(CertPath certPath, ExtendedPKIXParameters paramsPKIX, Set userInitialPolicySet, int index, List[] policyNodes, PKIXPolicyNode validPolicyTree, Set acceptablePolicies) throws CertPathValidatorException {
    int n = certPath.getCertificates().size();
    //
    // (g)
    //
    PKIXPolicyNode intersection;
    //
    if (validPolicyTree == null) {
        if (paramsPKIX.isExplicitPolicyRequired()) {
            throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, index);
        }
        intersection = null;
    } else if (// (g)
    CertPathValidatorUtilities.isAnyPolicy(userInitialPolicySet)) // (ii)
    {
        if (paramsPKIX.isExplicitPolicyRequired()) {
            if (acceptablePolicies.isEmpty()) {
                throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, index);
            } else {
                Set _validPolicyNodeSet = new HashSet();
                for (int j = 0; j < policyNodes.length; j++) {
                    List _nodeDepth = policyNodes[j];
                    for (int k = 0; k < _nodeDepth.size(); k++) {
                        PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
                        if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy())) {
                            Iterator _iter = _node.getChildren();
                            while (_iter.hasNext()) {
                                _validPolicyNodeSet.add(_iter.next());
                            }
                        }
                    }
                }
                Iterator _vpnsIter = _validPolicyNodeSet.iterator();
                while (_vpnsIter.hasNext()) {
                    PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
                    String _validPolicy = _node.getValidPolicy();
                    if (!acceptablePolicies.contains(_validPolicy)) {
                    // validPolicyTree =
                    // removePolicyNode(validPolicyTree, policyNodes,
                    // _node);
                    }
                }
                if (validPolicyTree != null) {
                    for (int j = (n - 1); j >= 0; j--) {
                        List nodes = policyNodes[j];
                        for (int k = 0; k < nodes.size(); k++) {
                            PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
                            if (!node.hasChildren()) {
                                validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node);
                            }
                        }
                    }
                }
            }
        }
        intersection = validPolicyTree;
    } else {
        //
        // (g) (iii)
        //
        // This implementation is not exactly same as the one described in
        // RFC3280.
        // However, as far as the validation result is concerned, both
        // produce
        // adequate result. The only difference is whether AnyPolicy is
        // remain
        // in the policy tree or not.
        //
        // (g) (iii) 1
        //
        Set _validPolicyNodeSet = new HashSet();
        for (int j = 0; j < policyNodes.length; j++) {
            List _nodeDepth = policyNodes[j];
            for (int k = 0; k < _nodeDepth.size(); k++) {
                PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
                if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy())) {
                    Iterator _iter = _node.getChildren();
                    while (_iter.hasNext()) {
                        PKIXPolicyNode _c_node = (PKIXPolicyNode) _iter.next();
                        if (!RFC3280CertPathUtilities.ANY_POLICY.equals(_c_node.getValidPolicy())) {
                            _validPolicyNodeSet.add(_c_node);
                        }
                    }
                }
            }
        }
        //
        // (g) (iii) 2
        //
        Iterator _vpnsIter = _validPolicyNodeSet.iterator();
        while (_vpnsIter.hasNext()) {
            PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
            String _validPolicy = _node.getValidPolicy();
            if (!userInitialPolicySet.contains(_validPolicy)) {
                validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, _node);
            }
        }
        //
        if (validPolicyTree != null) {
            for (int j = (n - 1); j >= 0; j--) {
                List nodes = policyNodes[j];
                for (int k = 0; k < nodes.size(); k++) {
                    PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
                    if (!node.hasChildren()) {
                        validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node);
                    }
                }
            }
        }
        intersection = validPolicyTree;
    }
    return intersection;
}
Also used : ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Set(java.util.Set) HashSet(java.util.HashSet) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) HashSet(java.util.HashSet)

Example 3 with ExtCertPathValidatorException

use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method wrapupCertF.

protected static void wrapupCertF(CertPath certPath, int index, List pathCheckers, Set criticalExtensions) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    Iterator tmpIter;
    tmpIter = pathCheckers.iterator();
    while (tmpIter.hasNext()) {
        try {
            ((PKIXCertPathChecker) tmpIter.next()).check(cert, criticalExtensions);
        } catch (CertPathValidatorException e) {
            throw new ExtCertPathValidatorException("Additional certificate path checker failed.", e, certPath, index);
        }
    }
    if (!criticalExtensions.isEmpty()) {
        throw new ExtCertPathValidatorException("Certificate has unsupported critical extension", null, certPath, index);
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PKIXCertPathChecker(java.security.cert.PKIXCertPathChecker) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate)

Example 4 with ExtCertPathValidatorException

use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method wrapupCertB.

protected static int wrapupCertB(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    // (b)
    //
    int tmpInt;
    ASN1Sequence pc = null;
    try {
        pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
    }
    if (pc != null) {
        Enumeration policyConstraints = pc.getObjects();
        while (policyConstraints.hasMoreElements()) {
            ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
            switch(constraint.getTagNo()) {
                case 0:
                    try {
                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                    } catch (Exception e) {
                        throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, index);
                    }
                    if (tmpInt == 0) {
                        return 0;
                    }
                    break;
            }
        }
    }
    return explicitPolicy;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Enumeration(java.util.Enumeration) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) List(java.util.List) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Example 5 with ExtCertPathValidatorException

use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method prepareNextCertA.

protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    //
    // (a) check the policy mappings
    //
    ASN1Sequence pm = null;
    try {
        pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
    } catch (AnnotatedException ex) {
        throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
    }
    if (pm != null) {
        ASN1Sequence mappings = pm;
        for (int j = 0; j < mappings.size(); j++) {
            DERObjectIdentifier issuerDomainPolicy = null;
            DERObjectIdentifier subjectDomainPolicy = null;
            try {
                ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
                issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
                subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
            } catch (Exception e) {
                throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
                throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
            }
            if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
                throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) List(java.util.List) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException)

Aggregations

ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)42 ArrayList (java.util.ArrayList)38 List (java.util.List)36 X509Certificate (java.security.cert.X509Certificate)34 CertPathValidatorException (java.security.cert.CertPathValidatorException)30 IOException (java.io.IOException)24 GeneralSecurityException (java.security.GeneralSecurityException)24 CertificateExpiredException (java.security.cert.CertificateExpiredException)20 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)20 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)19 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)19 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)19 CertPathBuilderException (java.security.cert.CertPathBuilderException)18 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18 Enumeration (java.util.Enumeration)15 Iterator (java.util.Iterator)14 HashSet (java.util.HashSet)12 Set (java.util.Set)12 ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)8 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial