/** * If the request is signed return a possibly empty CertStore containing the certificates in the * request. If the request is not signed the method returns null. * * @param type type of CertStore to return * @param provider provider to use * @return null if not signed, a CertStore otherwise * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws OCSPException */ public CertStore getCertificates( String type, String provider) throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException { if (!this.isSigned()) { return null; } try { CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider)); return OCSPUtil.createCertStoreInstance(type, params, provider); } catch (InvalidAlgorithmParameterException e) { throw new OCSPException("can't setup the CertStore", e); } }
/** * Return the certificates, if any associated with the response. * @param type type of CertStore to create * @param provider provider to use * @return a CertStore, possibly empty * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws OCSPException */ public CertStore getCertificates( String type, String provider) throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException { try { CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider)); return OCSPUtil.createCertStoreInstance(type, params, provider); } catch (InvalidAlgorithmParameterException e) { throw new OCSPException("can't setup the CertStore", e); } }
/** * Return the initialization parameters for the TrustManager. * Currently, only the default <code>PKIX</code> is supported. * * @param algorithm The algorithm to get parameters for. * @param crlf The path to the CRL file. * @param trustStore The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); xparams.setMaxPathLength(listener.getSslTrustMaxCertLength()); params = xparams; } else { throw new CRLException("CRLs not supported for type: "+algorithm); } return params; }
/** * Creates a URICertStore. * * @param parameters specifying the URI */ URICertStore(CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { super(params); if (!(params instanceof URICertStoreParameters)) { throw new InvalidAlgorithmParameterException ("params must be instanceof URICertStoreParameters"); } this.uri = ((URICertStoreParameters) params).uri; // if ldap URI, use an LDAPCertStore to fetch certs and CRLs if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) { ldap = true; ldapHelper = CertStoreHelper.getInstance("LDAP"); ldapCertStore = ldapHelper.getCertStore(uri); ldapPath = uri.getPath(); // strip off leading '/' if (ldapPath.charAt(0) == '/') { ldapPath = ldapPath.substring(1); } } try { factory = CertificateFactory.getInstance("X.509"); } catch (CertificateException e) { throw new RuntimeException(); } }
/** * Creates a URICertStore. * * @param parameters specifying the URI */ URICertStore(CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { super(params); if (!(params instanceof URICertStoreParameters)) { throw new InvalidAlgorithmParameterException ("params must be instanceof URICertStoreParameters"); } this.uri = ((URICertStoreParameters) params).getURI(); // if ldap URI, use an LDAPCertStore to fetch certs and CRLs if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) { ldap = true; ldapCertStore = CertStore.getInstance("LDAP", params); } try { factory = CertificateFactory.getInstance("X.509"); } catch (CertificateException e) { throw new RuntimeException(); } }
@Override public Object newInstance(Object ctrParamObj) throws NoSuchAlgorithmException { String type = getType(); String algo = getAlgorithm(); if (type.equals("CertStore") && algo.equals("LDAP")) { if (ctrParamObj != null && !(ctrParamObj instanceof CertStoreParameters)) { throw new InvalidParameterException ("constructorParameter must be instanceof CertStoreParameters"); } try { return new LDAPCertStore((CertStoreParameters) ctrParamObj); } catch (Exception ex) { throw new NoSuchAlgorithmException("Error constructing " + type + " for " + algo + " using JdkLDAP", ex); } } throw new ProviderException("No impl for " + algo + " " + type); }
/** * Return the initialization parameters for the TrustManager. Currently, * only the default <code>PKIX</code> is supported. * * @param algorithm * The algorithm to get parameters for. * @param crlf * The path to the CRL file. * @param trustStore * The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if ("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection<? extends CRL> crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = endpoint.getTrustMaxCertLength(); if (trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch (Exception ex) { log.warn("Bad maxCertLength: " + trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: " + algorithm); } return params; }
/** * Test for <code>getInstance(String type, CertStoreParameters params)</code> method * Assertion: return CertStore object */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "InvalidAlgorithmParameterException checking missed", method = "getInstance", args = {java.lang.String.class, java.security.cert.CertStoreParameters.class} ) public void testCertStore05() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { if (!initParams()) { return; } CertStore certS; for (int i = 0; i < dValid.length; i++) { certS = CertStore.getInstance(dValid[i], dParams); assertEquals("Incorrect type", certS.getType(), dValid[i]); certS.getCertStoreParameters(); } }
/** * Test for method * <code>getInstance(String type, CertStoreParameters params, String provider)</code> * Assertion: throws NoSuchProviderException when provider has invalid value */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies NoSuchProviderException. InvalidAlgorithmParameterException checking missed.", method = "getInstance", args = {java.lang.String.class, java.security.cert.CertStoreParameters.class, java.lang.String.class} ) public void testCertStore07() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { if (!initParams()) { return; } for (int i = 0; i < dValid.length; i++) { for (int j = 1; j < invalidValues.length; j++ ) { try { CertStore.getInstance(dValid[i], dParams, invalidValues[j]); fail("NoSuchProviderException must be thrown"); } catch (NoSuchProviderException e) { } } } }
/** * Test for method * <code>getInstance(String type, CertStoreParameters params, String provider)</code> * Assertion: return CertStore object */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies positive case. InvalidAlgorithmParameterException checking missed.", method = "getInstance", args = {java.lang.String.class, java.security.cert.CertStoreParameters.class, java.lang.String.class} ) public void testCertStore10() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException { if (!initParams()) { return; } CertStore certS; for (int i = 0; i < dValid.length; i++) { certS = CertStore.getInstance(dValid[i], dParams, dName); assertEquals("Incorrect type", certS.getType(), dValid[i]); certS.getCertStoreParameters(); } }
/** * Test for method * <code>getInstance(String type, CertStoreParameters params, Provider provider)</code> * Assertion: throws IllegalArgumentException when provider is null */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies that getInstance throws IllegalArgumentException when provider is null. InvalidAlgorithmParameterException checking missed.", method = "getInstance", args = {java.lang.String.class, java.security.cert.CertStoreParameters.class, java.security.Provider.class} ) public void testCertStore11() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { if (!initParams()) { return; } Provider provider = null; for (int i = 0; i < dValid.length; i++) { try { CertStore.getInstance(dValid[i], dParams, provider); fail("IllegalArgumentException must be thrown"); } catch (IllegalArgumentException e) { } } }
/** * Test for method * <code>getInstance(String type, CertStoreParameters params, Provider provider)</code> * Assertion: return CertStore object */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies positive case. InvalidAlgorithmParameterException checking missed.", method = "getInstance", args = {java.lang.String.class, java.security.cert.CertStoreParameters.class, java.security.Provider.class} ) public void testCertStore14() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { if (!initParams()) { return; } CertStore certS; for (int i = 0; i < dValid.length; i++) { certS = CertStore.getInstance(dValid[i], dParams, dProv); assertEquals("Incorrect type", certS.getType(), dValid[i]); certS.getCertStoreParameters(); } }
public MultiCertStoreSpi(CertStoreParameters params) throws InvalidAlgorithmParameterException { super(params); if (!(params instanceof MultiCertStoreParameters)) { throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.MultiCertStoreSpi: parameter must be a MultiCertStoreParameters object\n" + params.toString()); } this.params = (MultiCertStoreParameters)params; }
public CertStoreCollectionSpi(CertStoreParameters params) throws InvalidAlgorithmParameterException { super(params); if (!(params instanceof CollectionCertStoreParameters)) { throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.CertStoreCollectionSpi: parameter must be a CollectionCertStoreParameters object\n" + params.toString()); } this.params = (CollectionCertStoreParameters)params; }
public X509LDAPCertStoreSpi(CertStoreParameters params) throws InvalidAlgorithmParameterException { super(params); if (!(params instanceof X509LDAPCertStoreParameters)) { throw new InvalidAlgorithmParameterException( X509LDAPCertStoreSpi.class.getName() + ": parameter must be a " + X509LDAPCertStoreParameters.class.getName() + " object\n" + params.toString()); } this.params = (X509LDAPCertStoreParameters)params; }
static CertStore createCertStoreInstance(String type, CertStoreParameters params, String provider) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException { if (provider == null) { return CertStore.getInstance(type, params); } return CertStore.getInstance(type, params, provider); }
/** * Return the initialization parameters for the TrustManager. * Currently, only the default <code>PKIX</code> is supported. * * @param algorithm The algorithm to get parameters for. * @param crlf The path to the CRL file. * @param trustStore The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection<? extends CRL> crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = endpoint.getTrustMaxCertLength(); if(trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch(Exception ex) { log.warn("Bad maxCertLength: "+trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: "+algorithm); } return params; }
/** * Return the initialization parameters for the TrustManager. * Currently, only the default <code>PKIX</code> is supported. * * @param algorithm The algorithm to get parameters for. * @param crlf The path to the CRL file. * @param trustStore The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = (String)attributes.get("trustMaxCertLength"); if(trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch(Exception ex) { log.warn("Bad maxCertLength: "+trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: "+algorithm); } return params; }
public CollectionCertStoreImpl(CertStoreParameters params) throws InvalidAlgorithmParameterException { super(params); if (! (params instanceof CollectionCertStoreParameters)) throw new InvalidAlgorithmParameterException("not a CollectionCertStoreParameters object"); store = ((CollectionCertStoreParameters) params).getCollection(); }
