Example 41 with ExtCertPathValidatorException
use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method processCertA.
protected static void processCertA(CertPath certPath, ExtendedPKIXParameters paramsPKIX, int index, PublicKey workingPublicKey, boolean verificationAlreadyPerformed, X500Principal workingIssuerName, X509Certificate sign) throws ExtCertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
if (!verificationAlreadyPerformed) {
try {
// (a) (1)
//
CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, paramsPKIX.getSigProvider());
} catch (GeneralSecurityException e) {
throw new ExtCertPathValidatorException("Could not validate certificate signature.", e, certPath, index);
}
}
try {
// (a) (2)
//
cert.checkValidity(CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index));
} catch (CertificateExpiredException e) {
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
} catch (CertificateNotYetValidException e) {
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Could not validate time of certificate.", e, certPath, index);
}
//
if (paramsPKIX.isRevocationEnabled()) {
try {
checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index), sign, workingPublicKey, certs);
} catch (AnnotatedException e) {
Throwable cause = e;
if (null != e.getCause()) {
cause = e.getCause();
}
throw new ExtCertPathValidatorException(e.getMessage(), cause, certPath, index);
}
}
//
if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName)) {
throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) + ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null, certPath, index);
}
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
Example 42 with ExtCertPathValidatorException
use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertM.
protected static int prepareNextCertM(CertPath certPath, int index, int maxPathLength) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (m)
//
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath, index);
}
if (bc != null) {
BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
if (_pathLengthConstraint != null) {
int _plc = _pathLengthConstraint.intValue();
if (_plc < maxPathLength) {
return _plc;
}
}
}
return maxPathLength;
}
Also used :
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
BigInteger(java.math.BigInteger)
List(java.util.List)
ArrayList(java.util.ArrayList)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Aggregations
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)42
ArrayList (java.util.ArrayList)38
List (java.util.List)36
X509Certificate (java.security.cert.X509Certificate)34
CertPathValidatorException (java.security.cert.CertPathValidatorException)30
IOException (java.io.IOException)24
GeneralSecurityException (java.security.GeneralSecurityException)24
CertificateExpiredException (java.security.cert.CertificateExpiredException)20
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)20
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)19
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)19
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)19
CertPathBuilderException (java.security.cert.CertPathBuilderException)18
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18
Enumeration (java.util.Enumeration)15
Iterator (java.util.Iterator)14
HashSet (java.util.HashSet)12
Set (java.util.Set)12
ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)8
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)8
