public Collection engineGetCertificates(CertSelector certSelector) throws CertStoreException { boolean searchAllStores = params.getSearchAllStores(); Iterator iter = params.getCertStores().iterator(); List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST; while (iter.hasNext()) { CertStore store = (CertStore)iter.next(); Collection certs = store.getCertificates(certSelector); if (searchAllStores) { allCerts.addAll(certs); } else if (!certs.isEmpty()) { return certs; } } return allCerts; }
public Collection engineGetCRLs(CRLSelector crlSelector) throws CertStoreException { boolean searchAllStores = params.getSearchAllStores(); Iterator iter = params.getCertStores().iterator(); List allCRLs = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST; while (iter.hasNext()) { CertStore store = (CertStore)iter.next(); Collection crls = store.getCRLs(crlSelector); if (searchAllStores) { allCRLs.addAll(crls); } else if (!crls.isEmpty()) { return crls; } } return allCRLs; }
private Set getCACertificates(X509CertSelector xselector) throws CertStoreException { String[] attrs = {params.getCACertificateAttribute()}; String attrName = params.getLdapCACertificateAttributeName(); String subjectAttributeName = params .getCACertificateSubjectAttributeName(); Set set = certSubjectSerialSearch(xselector, attrs, attrName, subjectAttributeName); if (set.isEmpty()) { set.addAll(search(null, "*", attrs)); } return set; }
private Set getCrossCertificates(X509CertSelector xselector) throws CertStoreException { String[] attrs = {params.getCrossCertificateAttribute()}; String attrName = params.getLdapCrossCertificateAttributeName(); String subjectAttributeName = params .getCrossCertificateSubjectAttributeName(); Set set = certSubjectSerialSearch(xselector, attrs, attrName, subjectAttributeName); if (set.isEmpty()) { set.addAll(search(null, "*", attrs)); } return set; }
/** * Determine whether there are any CRL's in the {@link CertStore} that is to be used. * * @param certStore the cert store that will be used for validation * @return true if the store contains at least 1 CRL instance, false otherwise */ protected boolean storeContainsCRLs(CertStore certStore) { Collection<? extends CRL> crls = null; try { //Save some cycles and memory: Collection cert store allows null as specifier to return all. //crls = certStore.getCRLs( new X509CRLSelector() ); crls = certStore.getCRLs(null); } catch (CertStoreException e) { log.error("Error examining cert store for CRL's, treating as if no CRL's present", e); return false; } if (crls != null && !crls.isEmpty()) { return true; } return false; }
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) { switch (type) { case "LDAP": case "SSLServer": try { CertStoreHelper csh = CertStoreHelper.getInstance(type); return csh.isCausedByNetworkIssue(cse); } catch (NoSuchAlgorithmException nsae) { return false; } case "URI": Throwable t = cse.getCause(); return (t != null && t instanceof IOException); default: // we don't know about any other remote CertStore types return false; } }
/** * Retrieves all certs from the specified CertStores that satisfy the * requirements specified in the parameters and the current * PKIX state (name constraints, policy constraints, etc). * * @param currentState the current state. * Must be an instance of <code>ReverseState</code> * @param certStores list of CertStores */ @Override Collection<X509Certificate> getMatchingCerts (State currState, List<CertStore> certStores) throws CertStoreException, CertificateException, IOException { ReverseState currentState = (ReverseState) currState; if (debug != null) debug.println("In ReverseBuilder.getMatchingCerts."); /* * The last certificate could be an EE or a CA certificate * (we may be building a partial certification path or * establishing trust in a CA). * * Try the EE certs before the CA certs. It will be more * common to build a path to an end entity. */ Collection<X509Certificate> certs = getMatchingEECerts(currentState, certStores); certs.addAll(getMatchingCACerts(currentState, certStores)); return certs; }
/** * Test for <code>CertStoreException(Throwable)</code> constructor * Assertion: constructs CertStoreException when <code>cause</code> is not * null */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "", method = "CertStoreException", args = {java.lang.Throwable.class} ) public void testCertStoreException05() { CertStoreException tE = new CertStoreException(tCause); if (tE.getMessage() != null) { String toS = tCause.toString(); String getM = tE.getMessage(); assertTrue("getMessage() should contain ".concat(toS), (getM .indexOf(toS) != -1)); } assertNotNull("getCause() must not return null", tE.getCause()); assertEquals("getCause() must return ".concat(tCause.toString()), tE .getCause(), tCause); }
/** * Test for <code>CertStoreException(String, Throwable)</code> constructor * Assertion: constructs CertStoreException when <code>cause</code> is not * null <code>msg</code> is null */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies null as the first parameter.", method = "CertStoreException", args = {java.lang.String.class, java.lang.Throwable.class} ) public void testCertStoreException08() { CertStoreException tE = new CertStoreException(null, tCause); if (tE.getMessage() != null) { String toS = tCause.toString(); String getM = tE.getMessage(); assertTrue("getMessage() must should ".concat(toS), (getM .indexOf(toS) != -1)); } assertNotNull("getCause() must not return null", tE.getCause()); assertEquals("getCause() must return ".concat(tCause.toString()), tE .getCause(), tCause); }
/** * Retrieves all certs from the specified CertStores that satisfy the * requirements specified in the parameters and the current * PKIX state (name constraints, policy constraints, etc). * * @param currentState the current state. * Must be an instance of <code>ReverseState</code> * @param certStores list of CertStores */ Collection<X509Certificate> getMatchingCerts (State currState, List<CertStore> certStores) throws CertStoreException, CertificateException, IOException { ReverseState currentState = (ReverseState) currState; if (debug != null) debug.println("In ReverseBuilder.getMatchingCerts."); /* * The last certificate could be an EE or a CA certificate * (we may be building a partial certification path or * establishing trust in a CA). * * Try the EE certs before the CA certs. It will be more * common to build a path to an end entity. */ Collection<X509Certificate> certs = getMatchingEECerts(currentState, certStores); certs.addAll(getMatchingCACerts(currentState, certStores)); return certs; }
public static Collection<? extends CRL> getCRLs(final PKIXCRLStoreSelector selector, CertStore certStore) throws CertStoreException { return certStore.getCRLs(new CRLSelector() { public boolean match(CRL crl) { return selector.match(crl); } public Object clone() { return this; } }); }
public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore) throws CertStoreException { return certStore.getCertificates(new CertSelector() { public boolean match(Certificate certificate) { return (selector == null) ? true : selector.match(certificate); } public Object clone() { return this; } }); }
/** * Test for methods * <code>getCertificates(CertSelector selector)</code> * <code>getCRLs(CRLSelector selector)</code> * Assertion: returns empty Collection when selector is null */ public void testCertStore15() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertStoreException { if (!initParams()) { return; } CertStore [] certS = createCS(); assertNotNull("CertStore object were not created", certS); Collection coll; for (int i = 0; i < certS.length; i++) { coll = certS[i].getCertificates(null); assertTrue("Result collection not empty",coll.isEmpty()); coll = certS[i].getCRLs(null); assertTrue("Result collection not empty",coll.isEmpty()); } }
