public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException { this.origTm = tm; this.verifyServerCert = verifyServerCertificate; if (verifyServerCertificate) { try { Set<TrustAnchor> anch = new HashSet<TrustAnchor>(); for (X509Certificate cert : tm.getAcceptedIssuers()) { anch.add(new TrustAnchor(cert, null)); } this.validatorParams = new PKIXParameters(anch); this.validatorParams.setRevocationEnabled(false); this.validator = CertPathValidator.getInstance("PKIX"); this.certFactory = CertificateFactory.getInstance("X.509"); } catch (Exception e) { throw new CertificateException(e); } } }
private void validateNoCache(List<? extends X509Certificate> certs) throws SignatureException { try { CertPathValidator validator = CertPathValidator.getInstance( VALIDATOR_TYPE); PKIXParameters params = new PKIXParameters(trustRoots); params.addCertPathChecker(WAVE_OID_CHECKER); params.setDate(timeSource.now()); // turn off default revocation-checking mechanism params.setRevocationEnabled(false); // TODO: add a way for clients to add certificate revocation checks, // perhaps by letting them pass in PKIXCertPathCheckers. This can also be // useful to check for Wave-specific certificate extensions. CertificateFactory certFactory = CertificateFactory.getInstance( CERTIFICATE_TYPE); CertPath certPath = certFactory.generateCertPath(certs); validator.validate(certPath, params); } catch (GeneralSecurityException e) { throw new SignatureException("Certificate validation failure", e); } }
private static void runTest(CertificateFactory cf, List<X509Certificate> certList, TrustAnchor anchor) throws Exception { CertPath path = cf.generateCertPath(certList); CertPathValidator validator = CertPathValidator.getInstance("PKIX"); System.out.println(anchor); // Attach the OCSP responses to a PKIXParameters object PKIXRevocationChecker pkrev = (PKIXRevocationChecker)validator.getRevocationChecker(); Map<X509Certificate, byte[]> responseMap = new HashMap<>(); responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP)); responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP)); pkrev.setOcspResponses(responseMap); PKIXParameters params = new PKIXParameters(Collections.singleton(anchor)); params.addCertPathChecker(pkrev); params.setDate(EVAL_DATE); validator.validate(path, params); }
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { this.mOriginalX509TrustManager.checkServerTrusted(chain, authType); } catch (CertificateException e1) { try { X509Certificate[] ex = this.reorderCertificateChain(chain); CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertificateFactory factory = CertificateFactory.getInstance("X509"); CertPath certPath = factory.generateCertPath(Arrays.asList(ex)); PKIXParameters params = new PKIXParameters(this.mTrustStore); params.setRevocationEnabled(false); validator.validate(certPath, params); } catch (Exception e) { throw e1; } } }
/** * Creates trust manager implementation * * @param ks */ public TrustManagerImpl(KeyStore ks) { try { validator = CertPathValidator.getInstance("PKIX"); factory = CertificateFactory.getInstance("X509"); byte[] nameConstrains = null; Set<TrustAnchor> trusted = new HashSet<TrustAnchor>(); for (Enumeration<String> en = ks.aliases(); en.hasMoreElements();) { final String alias = en.nextElement(); final X509Certificate cert = (X509Certificate) ks.getCertificate(alias); if (cert != null) { trusted.add(new TrustAnchor(cert, nameConstrains)); } } params = new PKIXParameters(trusted); params.setRevocationEnabled(false); } catch (Exception e) { err = e; } }
private static CertPathValidator[] createCPVs() { if (!PKIXSupport) { fail(NotSupportMsg); return null; } try { CertPathValidator[] certPVs = new CertPathValidator[3]; certPVs[0] = CertPathValidator.getInstance(defaultType); certPVs[1] = CertPathValidator.getInstance(defaultType, defaultProviderName); certPVs[2] = CertPathValidator.getInstance(defaultType, defaultProvider); return certPVs; } catch (Exception e) { return null; } }
/** * Test for <code>getInstance(String algorithm)</code> method * Assertion: returns CertPathValidator object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies positive case.", method = "getInstance", args = {java.lang.String.class} ) public void testCertPathValidator03() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathValidator certPV; for (int i = 0; i < validValues.length; i++) { certPV = CertPathValidator.getInstance(validValues[i]); assertEquals("Incorrect algorithm", certPV.getAlgorithm(), validValues[i]); } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NoSuchProviderException when provider has invalid value */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies that getInstance method throws NoSuchProviderException when provider parameter has invalid value.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testCertPathValidator05() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } for (int t = 0; t < validValues.length; t++) { for (int i = 1; i < invalidValues.length; i++) { try { CertPathValidator.getInstance(validValues[t], invalidValues[i]); fail("NoSuchProviderException must be thrown"); } catch (NoSuchProviderException e1) { } } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: returns CertPathValidator object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies that getInstance mwthod returns CertPathValidator object.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testCertPathValidator07() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathValidator certPV; for (int i = 0; i < validValues.length; i++) { certPV = CertPathValidator.getInstance(validValues[i], defaultProviderName); assertEquals("Incorrect algorithm", certPV.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider name", certPV.getProvider() .getName(), defaultProviderName); } }
/** * Test for <code>getInstance(String algorithm, Provider provider)</code> method * Assertion: throws IllegalArgumentException when provider is null */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies that getInstance method throws IllegalArgumentException when provider parameter is null.", method = "getInstance", args = {java.lang.String.class, java.security.Provider.class} ) public void testCertPathValidator08() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } Provider prov = null; for (int t = 0; t < validValues.length; t++ ) { try { CertPathValidator.getInstance(validValues[t], prov); fail("IllegalArgumentException must be thrown"); } catch (IllegalArgumentException e1) { } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: returns CertPathValidator object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies that getInstance method returns CertPathValidator object.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testCertPathValidator10() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathValidator certPV; for (int i = 0; i < invalidValues.length; i++) { certPV = CertPathValidator.getInstance(validValues[i], defaultProvider); assertEquals("Incorrect algorithm", certPV.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider name", certPV.getProvider(), defaultProvider); } }
@TestTargets({ @TestTargetNew( level=TestLevel.ADDITIONAL, method="getInstance", args={String.class} ), @TestTargetNew( level=TestLevel.ADDITIONAL, method="validate", args={CertPath.class, CertPathParameters.class} ), @TestTargetNew( level=TestLevel.COMPLETE, method="method", args={} ) }) public void testCertPathValidator() throws Exception { CertPathValidator certPathValidator = CertPathValidator.getInstance( algorithmName); CertPathValidatorResult validatorResult = certPathValidator.validate( getCertPath(), getParams()); validateResult(validatorResult); }
/** * Test for <code>getDefaultType()</code> method * Assertion: returns security property "certpathvalidator.type" or "PKIX" */ public void testCertPathValidator01() { if (!PKIXSupport) { fail(NotSupportMsg); return; } String propName = "certpathvalidator.type"; String defCPV = Security.getProperty(propName); String dt = CertPathValidator.getDefaultType(); String resType = defCPV; if (resType == null) { resType = defaultType; } assertNotNull("Default type have not be null", dt); assertEquals("Incorrect default type", dt, resType); if (defCPV == null) { Security.setProperty(propName, defaultType); dt = CertPathValidator.getDefaultType(); resType = Security.getProperty(propName); assertNotNull("Incorrect default type", resType); assertNotNull("Default type have not be null", dt); assertEquals("Incorrect default type", dt, resType); } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NoSuchProviderException when provider has invalid value */ public void testCertPathValidator05() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } for (int t = 0; t < validValues.length; t++) { for (int i = 1; i < invalidValues.length; i++) { try { CertPathValidator.getInstance(validValues[t], invalidValues[i]); fail("NoSuchProviderException must be thrown"); } catch (NoSuchProviderException e1) { } } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: returns CertPathValidator object */ public void testCertPathValidator07() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathValidator certPV; for (int i = 0; i < validValues.length; i++) { certPV = CertPathValidator.getInstance(validValues[i], defaultProviderName); assertEquals("Incorrect algorithm", certPV.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider name", certPV.getProvider() .getName(), defaultProviderName); } }
/** * Test for <code>getInstance(String algorithm, Provider provider)</code> method * Assertion: throws IllegalArgumentException when provider is null */ public void testCertPathValidator08() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } Provider prov = null; for (int t = 0; t < validValues.length; t++ ) { try { CertPathValidator.getInstance(validValues[t], prov); fail("IllegalArgumentException must be thrown"); } catch (IllegalArgumentException e1) { } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: returns CertPathValidator object */ public void testCertPathValidator10() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathValidator certPV; for (int i = 0; i < invalidValues.length; i++) { certPV = CertPathValidator.getInstance(validValues[i], defaultProvider); assertEquals("Incorrect algorithm", certPV.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider name", certPV.getProvider(), defaultProvider); } }
public static CertFilesTrustManager getInstance(String pathToCertsFiles) throws Exception { certificateFactory = CertificateFactory.getInstance("X.509"); Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>(); File[] files = new File(pathToCertsFiles).listFiles(); for (File file : files) { if (!file.isFile()) { continue; } try { X509Certificate cert = loadCertificate(file); TrustAnchor ta = new TrustAnchor(cert, null); trustAnchors.add(ta); } catch (CertificateParsingException e) {} } CertPathValidator val = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); PKIXParameters cpp = new PKIXParameters(trustAnchors); cpp.setRevocationEnabled(false); CertFilesTrustManager tm = new CertFilesTrustManager(val, cpp); return tm; }
/** * Creates trust manager implementation * * @param ks */ public TrustManagerImpl(KeyStore ks) { try { validator = CertPathValidator.getInstance("PKIX"); factory = CertificateFactory.getInstance("X509"); String alias; X509Certificate cert; byte[] nameConstrains = null; Set trusted = new HashSet(); for (Enumeration en = ks.aliases(); en.hasMoreElements();) { alias = (String) en.nextElement(); cert = (X509Certificate) ks.getCertificate(alias); if (cert != null) { trusted.add(new TrustAnchor(cert, nameConstrains)); } } params = new PKIXParameters(trusted); params.setRevocationEnabled(false); } catch (Exception e) { err = e; } }
