public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { ++sw; if (certPath == null) { if ((sw % 2) == 0) { throw new CertPathValidatorException("certPath null"); } } if (params == null) { if ((sw % 3) == 0) { throw new InvalidAlgorithmParameterException("params null"); } } return null; }
@TestTargets({ @TestTargetNew( level=TestLevel.ADDITIONAL, method="getInstance", args={String.class} ), @TestTargetNew( level=TestLevel.ADDITIONAL, method="validate", args={CertPath.class, CertPathParameters.class} ), @TestTargetNew( level=TestLevel.COMPLETE, method="method", args={} ) }) public void testCertPathValidator() throws Exception { CertPathValidator certPathValidator = CertPathValidator.getInstance( algorithmName); CertPathValidatorResult validatorResult = certPathValidator.validate( getCertPath(), getParams()); validateResult(validatorResult); }
private PKIXCertPathValidatorResult certPathReview(CertPath certPath, PKIXParameters params) throws NoSuchAlgorithmException, CertPathValidatorException, InvalidAlgorithmParameterException { CertPathValidator certPathValidator = CertPathValidator .getInstance(CertPathValidator.getDefaultType()); CertPathValidatorResult result = certPathValidator.validate(certPath, params); PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result; return pkixResult; }
@Override public void validateResult(CertPathValidatorResult validatorResult) { assertNotNull("validator result is null", validatorResult); assertTrue("validator result is not PKIX", validatorResult instanceof PKIXCertPathValidatorResult); }
/** * Validates an attribute certificate with the given certificate path. * * <p> * <code>params</code> must be an instance of * <code>ExtendedPKIXParameters</code>. * <p> * The target constraints in the <code>params</code> must be an * <code>X509AttributeCertStoreSelector</code> with at least the attribute * certificate criterion set. Obey that also target informations may be * necessary to correctly validate this attribute certificate. * <p> * The attribute certificate issuer must be added to the trusted attribute * issuers with {@link ExtendedPKIXParameters#setTrustedACIssuers(Set)}. * * @param certPath The certificate path which belongs to the attribute * certificate issuer public key certificate. * @param params The PKIX parameters. * @return A <code>PKIXCertPathValidatorResult</code> of the result of * validating the <code>certPath</code>. * @throws InvalidAlgorithmParameterException if <code>params</code> is * inappropriate for this validator. * @throws CertPathValidatorException if the verification fails. */ public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { if (!(params instanceof ExtendedPKIXParameters)) { throw new InvalidAlgorithmParameterException( "Parameters must be a " + ExtendedPKIXParameters.class.getName() + " instance."); } ExtendedPKIXParameters pkixParams = (ExtendedPKIXParameters) params; Selector certSelect = pkixParams.getTargetConstraints(); if (!(certSelect instanceof X509AttributeCertStoreSelector)) { throw new InvalidAlgorithmParameterException( "TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + this.getClass().getName() + " class."); } X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect) .getAttributeCert(); CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, pkixParams); CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, pkixParams); X509Certificate issuerCert = (X509Certificate) certPath .getCertificates().get(0); RFC3281CertPathUtilities.processAttrCert3(issuerCert, pkixParams); RFC3281CertPathUtilities.processAttrCert4(issuerCert, pkixParams); RFC3281CertPathUtilities.processAttrCert5(attrCert, pkixParams); // 6 already done in X509AttributeCertStoreSelector RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, pkixParams); RFC3281CertPathUtilities.additionalChecks(attrCert, pkixParams); Date date = null; try { date = CertPathValidatorUtilities .getValidCertDateFromValidityModel(pkixParams, null, -1); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException( "Could not get validity date from attribute certificate.", e); } RFC3281CertPathUtilities.checkCRLs(attrCert, pkixParams, issuerCert, date, certPath.getCertificates()); return result; }
public CertPathValidatorResult getValidatorResult() { return validatorResult; }
public void setValidatorResult(CertPathValidatorResult validatorResult) { this.validatorResult = validatorResult; }
/** * Perform a PKIX validation. On success, print the * CertPathValidatorResult on System.out. On failure, * throw an exception. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); CertPathValidatorResult cpvr = validator.validate(path, params); }
/** * Perform a PKIX validation. * * @param path CertPath to validate * @param params PKIXParameters to use in validation * @throws Exception on error */ public static void validate(CertPath path, PKIXParameters params) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX", "SUN"); CertPathValidatorResult cpvr = validator.validate(path, params); }
