/** * Return the initialization parameters for the TrustManager. * Currently, only the default <code>PKIX</code> is supported. * * @param algorithm The algorithm to get parameters for. * @param crlf The path to the CRL file. * @param trustStore The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); xparams.setMaxPathLength(listener.getSslTrustMaxCertLength()); params = xparams; } else { throw new CRLException("CRLs not supported for type: "+algorithm); } return params; }
/** * Return the initialization parameters for the TrustManager. Currently, * only the default <code>PKIX</code> is supported. * * @param algorithm * The algorithm to get parameters for. * @param crlf * The path to the CRL file. * @param trustStore * The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if ("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection<? extends CRL> crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = endpoint.getTrustMaxCertLength(); if (trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch (Exception ex) { log.warn("Bad maxCertLength: " + trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: " + algorithm); } return params; }
public static CertPathParameters getCertPathParameters() throws InvalidAlgorithmParameterException { if ((rootCertificateSS == null) || (theCertSelector == null) || (builder == null)) { throw new RuntimeException( "Call initCertPathSSCertChain prior to buildCertPath"); } PKIXBuilderParameters buildParams = new PKIXBuilderParameters( Collections.singleton(new TrustAnchor(rootCertificateSS, null)), theCertSelector); buildParams.addCertStore(store); buildParams.setRevocationEnabled(false); return buildParams; }
public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { ++sw; if (certPath == null) { if ((sw % 2) == 0) { throw new CertPathValidatorException("certPath null"); } } if (params == null) { if ((sw % 3) == 0) { throw new InvalidAlgorithmParameterException("params null"); } } return null; }
/** * Test for <code>build(CertPathParameters params)</code> method * Assertion: throws InvalidAlgorithmParameterException params is null */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies that build method throws InvalidAlgorithmParameterException if a parameter is null.", method = "build", args = {java.security.cert.CertPathParameters.class} ) public void testCertPathBuilder11() throws NoSuchAlgorithmException, NoSuchProviderException, CertPathBuilderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathBuilder [] certPB = createCPBs(); assertNotNull("CertPathBuilder objects were not created", certPB); for (int i = 0; i < certPB.length; i++ ){ try { certPB[i].build(null); fail("InvalidAlgorithmParameterException must be thrown"); } catch(InvalidAlgorithmParameterException e) { } } }
@TestTargetNew( level=TestLevel.PARTIAL_COMPLETE, notes = "Verifies normal case", method="build", args={CertPathParameters.class} ) // Test passed on RI @KnownFailure(value="expired certificate bug 2322662") public void testBuild() throws Exception { TestUtils.initCertPathSSCertChain(); CertPathParameters params = TestUtils.getCertPathParameters(); CertPathBuilder builder = TestUtils.getCertPathBuilder(); try { CertPathBuilderResult result = builder.build(params); assertNotNull("builder result is null", result); CertPath certPath = result.getCertPath(); assertNotNull("certpath of builder result is null", certPath); } catch (InvalidAlgorithmParameterException e) { fail("unexpected Exception: " + e); } }
@TestTargets({ @TestTargetNew( level=TestLevel.ADDITIONAL, method="getInstance", args={String.class} ), @TestTargetNew( level=TestLevel.ADDITIONAL, method="validate", args={CertPath.class, CertPathParameters.class} ), @TestTargetNew( level=TestLevel.COMPLETE, method="method", args={} ) }) public void testCertPathValidator() throws Exception { CertPathValidator certPathValidator = CertPathValidator.getInstance( algorithmName); CertPathValidatorResult validatorResult = certPathValidator.validate( getCertPath(), getParams()); validateResult(validatorResult); }
/** * @tests javax.net.ssl.CertPathTrustManagerParameters#getParameters() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getParameters", args = {} ) public void test_getParameters() { CertPathParameters parameters = new MyCertPathParameters(); CertPathTrustManagerParameters p = new CertPathTrustManagerParameters( parameters); if (!(p.getParameters() instanceof MyCertPathParameters)) { fail("incorrect parameters"); } assertNotSame("Parameters were cloned incorrectly", parameters, p.getParameters()); }
/** * Return the initialization parameters for the TrustManager. * Currently, only the default <code>PKIX</code> is supported. * * @param algorithm The algorithm to get parameters for. * @param crlf The path to the CRL file. * @param trustStore The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection<? extends CRL> crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = endpoint.getTrustMaxCertLength(); if(trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch(Exception ex) { log.warn("Bad maxCertLength: "+trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: "+algorithm); } return params; }
/** * Return the initialization parameters for the TrustManager. * Currently, only the default <code>PKIX</code> is supported. * * @param algorithm The algorithm to get parameters for. * @param crlf The path to the CRL file. * @param trustStore The configured TrustStore. * @return The parameters including the CRLs and TrustStore. */ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception { CertPathParameters params = null; if("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = (String)attributes.get("trustMaxCertLength"); if(trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch(Exception ex) { log.warn("Bad maxCertLength: "+trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: "+algorithm); } return params; }
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException { swi++; if ((params == null) && ((swi %2 ) != 0)) { throw new CertPathBuilderException("Null parameter"); } return null; }
/** * Test for <code>CertPathBuilderSpi</code> constructor Assertion: * constructs CertPathBuilderSpi */ @TestTargets({ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "CertPathBuilderSpi", args = {} ), @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "engineBuild", args = {java.security.cert.CertPathParameters.class} ) }) public void testCertPathBuilderSpi01() throws CertPathBuilderException, InvalidAlgorithmParameterException { CertPathBuilderSpi certPathBuilder = new MyCertPathBuilderSpi(); CertPathParameters cpp = null; try { certPathBuilder.engineBuild(cpp); fail("CertPathBuilderException must be thrown"); } catch (CertPathBuilderException e) { } CertPathBuilderResult cpbResult = certPathBuilder.engineBuild(cpp); assertNull("Not null CertPathBuilderResult", cpbResult); }
@TestTargets({ @TestTargetNew( level=TestLevel.ADDITIONAL, method="getInstance", args={String.class} ), @TestTargetNew( level=TestLevel.ADDITIONAL, method="build", args={CertPathParameters.class} ), @TestTargetNew( level=TestLevel.ADDITIONAL, clazz=CertPathBuilderResult.class, method="getCertPath", args={} ), @TestTargetNew( level=TestLevel.COMPLETE, method="method", args={} ) }) public void testCertPathBuilder() throws Exception { CertPathBuilder pathBuilder = CertPathBuilder.getInstance( algorithmName); CertPathBuilderResult builderResult = pathBuilder.build(params); CertPath path = builderResult.getCertPath(); assertNotNull("built path is null", path); validateCertPath(path); }
@Override public CertPathParameters getCertPathParameters() throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); CertificateFactory certificateFactory = CertificateFactory.getInstance( "X509"); X509Certificate selfSignedcertificate = (X509Certificate) certificateFactory.generateCertificate( new ByteArrayInputStream(selfSignedCert.getBytes())); keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate); X509CertSelector targetConstraints = new X509CertSelector(); targetConstraints.setCertificate(selfSignedcertificate); List<Certificate> certList = new ArrayList<Certificate>(); certList.add(selfSignedcertificate); CertStoreParameters storeParams = new CollectionCertStoreParameters( certList); CertStore certStore = CertStore.getInstance("Collection", storeParams); PKIXBuilderParameters parameters = new PKIXBuilderParameters( keyStore, targetConstraints); parameters.addCertStore(certStore); parameters.setRevocationEnabled(false); return parameters; }
/** * @tests javax.net.ssl.CertPathTrustManagerParameters# * CertPathTrustManagerParameters(java.security.cert.CertPathParameters) * Case 1: Try to construct object. * Case 2: Check NullPointerException. */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "CertPathTrustManagerParameters", args = {java.security.cert.CertPathParameters.class} ) public void test_ConstructorLjava_security_cert_CertPathParameters() { // case 1: Try to construct object. try { CertPathParameters parameters = new MyCertPathParameters(); CertPathTrustManagerParameters p = new CertPathTrustManagerParameters(parameters); assertNotSame("Parameters were cloned incorrectly", parameters, p.getParameters()); } catch (Exception e) { fail("Unexpected exception " + e.toString()); } // case 2: Check NullPointerException. try { new CertPathTrustManagerParameters(null); fail("Expected CertPathTrustManagerParameters was not thrown"); } catch (NullPointerException npe) { // expected } }
public void testCertPathTrustManagerParameters() { CertPathParameters parameters = new MyCertPathParameters(); CertPathTrustManagerParameters p = new CertPathTrustManagerParameters( parameters); if (!(p.getParameters() instanceof MyCertPathParameters)) { fail("incorrect parameters"); } }
/** * Test #1 for <code>PKIXParameters(Set)</code> constructor<br> * Assertion: Creates an instance of <code>PKIXParameters</code> with the * specified <code>Set</code> of most-trusted CAs. Each element of the set * is a <code>TrustAnchor</code> * @throws InvalidAlgorithmParameterException */ public final void testPKIXParametersSet01() throws InvalidAlgorithmParameterException { Set taSet = TestUtils.getTrustAnchorSet(); if (taSet == null) { fail(getName() + ": not performed (could not create test TrustAnchor set)"); } // use valid parameter CertPathParameters cpp = new PKIXParameters(taSet); assertTrue(cpp instanceof PKIXParameters); }
/** * Test for <code>CertPathBuilderSpi</code> constructor Assertion: * constructs CertPathBuilderSpi */ public void testCertPathBuilderSpi01() throws CertPathBuilderException, InvalidAlgorithmParameterException { CertPathBuilderSpi certPathBuilder = new MyCertPathBuilderSpi(); CertPathParameters cpp = null; try { certPathBuilder.engineBuild(cpp); fail("CertPathBuilderException must be thrown"); } catch (CertPathBuilderException e) { } CertPathBuilderResult cpbResult = certPathBuilder.engineBuild(cpp); assertNull("Not null CertPathBuilderResult", cpbResult); }
/** * Test #1 for <code>PKIXParameters(KeyStore)</code> constructor<br> * Assertion: Creates an instance of <code>PKIXParameters</code> * that populates the set of most-trusted CAs from the trusted * certificate entries contained in the specified <code>KeyStore</code> * @throws InvalidAlgorithmParameterException * @throws KeyStoreException */ public final void testPKIXParametersKeyStore01() throws Exception { KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); if (ks == null) { fail(getName() + ": not performed (could not create test KeyStore)"); } // use valid parameter - KeyStore containing // only trusted X.509 certificates CertPathParameters cpp = new PKIXParameters(ks); assertTrue(cpp instanceof PKIXParameters); }
/** * Validates an attribute certificate with the given certificate path. * * <p> * <code>params</code> must be an instance of * <code>ExtendedPKIXParameters</code>. * <p> * The target constraints in the <code>params</code> must be an * <code>X509AttributeCertStoreSelector</code> with at least the attribute * certificate criterion set. Obey that also target informations may be * necessary to correctly validate this attribute certificate. * <p> * The attribute certificate issuer must be added to the trusted attribute * issuers with {@link ExtendedPKIXParameters#setTrustedACIssuers(Set)}. * * @param certPath The certificate path which belongs to the attribute * certificate issuer public key certificate. * @param params The PKIX parameters. * @return A <code>PKIXCertPathValidatorResult</code> of the result of * validating the <code>certPath</code>. * @throws InvalidAlgorithmParameterException if <code>params</code> is * inappropriate for this validator. * @throws CertPathValidatorException if the verification fails. */ public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { if (!(params instanceof ExtendedPKIXParameters)) { throw new InvalidAlgorithmParameterException( "Parameters must be a " + ExtendedPKIXParameters.class.getName() + " instance."); } ExtendedPKIXParameters pkixParams = (ExtendedPKIXParameters) params; Selector certSelect = pkixParams.getTargetConstraints(); if (!(certSelect instanceof X509AttributeCertStoreSelector)) { throw new InvalidAlgorithmParameterException( "TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class."); } X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect) .getAttributeCert(); CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, pkixParams); CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, pkixParams); X509Certificate issuerCert = (X509Certificate) certPath .getCertificates().get(0); RFC3281CertPathUtilities.processAttrCert3(issuerCert, pkixParams); RFC3281CertPathUtilities.processAttrCert4(issuerCert, pkixParams); RFC3281CertPathUtilities.processAttrCert5(attrCert, pkixParams); // 6 already done in X509AttributeCertStoreSelector RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, pkixParams); RFC3281CertPathUtilities.additionalChecks(attrCert, pkixParams); Date date = null; try { date = CertPathValidatorUtilities .getValidCertDateFromValidityModel(pkixParams, null, -1); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException( "Could not get validity date from attribute certificate.", e); } RFC3281CertPathUtilities.checkCRLs(attrCert, pkixParams, issuerCert, date, certPath.getCertificates()); return result; }
public CertPathBuilderResult engineBuild(CertPathParameters params) { called = true; return null; }
