/** * Initializes a new instance that uses the specified JCE providers for CertPathBuilder * and Signature. * @param trustAnchors the keystore with the trust-anchors ({@code TrustedCertificateEntry}) * @param revocationEnabled whether revocation is enabled * @param maxPathLength the maximum length of the certification paths * @param certPathBuilderProvider the CertPathBuilder provider * @param signatureProvider the Signature provider * @param intermCertsAndCrls a set of {@code CertStore}s that contain certificates to be * used in the construction of the certification path. May contain CRLs to be used * if revocation is enabled * @see xades4j.utils.FileSystemDirectoryCertStore * @throws NoSuchAlgorithmException if there is no provider for PKIX CertPathBuilder */ public PKIXCertificateValidationProvider( KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, String certPathBuilderProvider, String signatureProvider, CertStore... intermCertsAndCrls) throws NoSuchAlgorithmException, NoSuchProviderException { if (null == trustAnchors) { throw new NullPointerException("Trust anchors cannot be null"); } this.trustAnchors = trustAnchors; this.revocationEnabled = revocationEnabled; this.maxPathLength = maxPathLength; this.certPathBuilder = certPathBuilderProvider == null ? CertPathBuilder.getInstance("PKIX") : CertPathBuilder.getInstance("PKIX", certPathBuilderProvider); this.signatureProvider = signatureProvider; this.intermCertsAndCrls = intermCertsAndCrls; }
private static CertPathBuilder[] createCPBs() { if (!PKIXSupport) { fail(NotSupportMsg); return null; } try { CertPathBuilder[] certPBs = new CertPathBuilder[3]; certPBs[0] = CertPathBuilder.getInstance(defaultType); certPBs[1] = CertPathBuilder.getInstance(defaultType, defaultProviderName); certPBs[2] = CertPathBuilder.getInstance(defaultType, defaultProvider); return certPBs; } catch (Exception e) { return null; } }
/** * Test for <code>getInstance(String algorithm)</code> method * Assertion: returns CertPathBuilder object */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies positive functionality.", method = "getInstance", args = {java.lang.String.class} ) public void testCertPathBuilder03() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } for (int i = 0; i < validValues.length; i++) { CertPathBuilder cpb = CertPathBuilder.getInstance(validValues[i]); assertEquals("Incorrect algorithm", cpb.getAlgorithm(), validValues[i]); } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NoSuchProviderException when provider has invalid value */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies that getInstance throws NoSuchProviderException when provider has invalid value.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testCertPathBuilder05() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } for (int i = 0; i < validValues.length; i++ ) { for (int j = 1; j < invalidValues.length; j++) { try { CertPathBuilder.getInstance(validValues[i], invalidValues[j]); fail("NoSuchProviderException must be hrown"); } catch (NoSuchProviderException e1) { } } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NullPointerException when algorithm is null * throws NoSuchAlgorithmException when algorithm is not correct */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies NullPointerException when algorithm is null; verifies NoSuchAlgorithmException when algorithm is not correct.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testCertPathBuilder06() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } try { CertPathBuilder.getInstance(null, defaultProviderName); fail("No expected NullPointerException"); } catch (NullPointerException e) { } for (int i = 0; i < invalidValues.length; i++) { try { CertPathBuilder.getInstance(invalidValues[i], defaultProviderName); fail("NoSuchAlgorithmException must be thrown"); } catch (NoSuchAlgorithmException e1) { } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: returns CertPathBuilder object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies positive case.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testCertPathBuilder07() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathBuilder certPB; for (int i = 0; i < validValues.length; i++) { certPB = CertPathBuilder.getInstance(validValues[i], defaultProviderName); assertEquals("Incorrect algorithm", certPB.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider name", certPB.getProvider().getName(), defaultProviderName); } }
/** * Test for <code>getInstance(String algorithm, Provider provider)</code> method * Assertion: throws IllegalArgumentException when provider is null */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies that getInstance method throws IllegalArgumentException when provider is null method.", method = "getInstance", args = {java.lang.String.class, java.security.Provider.class} ) public void testCertPathBuilder08() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } Provider prov = null; for (int t = 0; t < validValues.length; t++ ) { try { CertPathBuilder.getInstance(validValues[t], prov); fail("IllegalArgumentException must be thrown"); } catch (IllegalArgumentException e1) { } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NullPointerException when algorithm is null * throws NoSuchAlgorithmException when algorithm is not correct */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Verifies that getInstance method throws NullPointerException when algorithm is null, throws NoSuchAlgorithmException when algorithm is not correct.", method = "getInstance", args = {java.lang.String.class, java.security.Provider.class} ) public void testCertPathBuilder09() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } try { CertPathBuilder.getInstance(null, defaultProvider); fail("No expected NullPointerException"); } catch (NullPointerException e) { } for (int i = 0; i < invalidValues.length; i++) { try { CertPathBuilder.getInstance(invalidValues[i], defaultProvider); fail("NoSuchAlgorithm must be thrown"); } catch (NoSuchAlgorithmException e1) { } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: returns CertPathBuilder object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies that getInstance returns CertPathBuilder object.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testCertPathBuilder10() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathBuilder certPB; for (int i = 0; i < invalidValues.length; i++) { certPB = CertPathBuilder.getInstance(validValues[i], defaultProvider); assertEquals("Incorrect algorithm", certPB.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider name", certPB.getProvider(), defaultProvider); } }
/** * Test for <code>build(CertPathParameters params)</code> method * Assertion: throws InvalidAlgorithmParameterException params is null */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "Verifies that build method throws InvalidAlgorithmParameterException if a parameter is null.", method = "build", args = {java.security.cert.CertPathParameters.class} ) public void testCertPathBuilder11() throws NoSuchAlgorithmException, NoSuchProviderException, CertPathBuilderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathBuilder [] certPB = createCPBs(); assertNotNull("CertPathBuilder objects were not created", certPB); for (int i = 0; i < certPB.length; i++ ){ try { certPB[i].build(null); fail("InvalidAlgorithmParameterException must be thrown"); } catch(InvalidAlgorithmParameterException e) { } } }
@TestTargetNew( level=TestLevel.PARTIAL_COMPLETE, notes = "Verifies normal case", method="build", args={CertPathParameters.class} ) // Test passed on RI @KnownFailure(value="expired certificate bug 2322662") public void testBuild() throws Exception { TestUtils.initCertPathSSCertChain(); CertPathParameters params = TestUtils.getCertPathParameters(); CertPathBuilder builder = TestUtils.getCertPathBuilder(); try { CertPathBuilderResult result = builder.build(params); assertNotNull("builder result is null", result); CertPath certPath = result.getCertPath(); assertNotNull("certpath of builder result is null", certPath); } catch (InvalidAlgorithmParameterException e) { fail("unexpected Exception: " + e); } }
private void checkResult(CertPathBuilder certBuild) throws InvalidAlgorithmParameterException, CertPathBuilderException { String dt = CertPathBuilder.getDefaultType(); String propName = CertPathBuilder1Test.DEFAULT_TYPE_PROPERTY; String dtN; for (int i = 0; i <invalidValues.length; i++) { Security.setProperty(propName, invalidValues[i]); dtN = CertPathBuilder.getDefaultType(); if (!dtN.equals(invalidValues[i]) && !dtN.equals(dt)) { fail("Incorrect default type: ".concat(dtN)); } } Security.setProperty(propName, dt); assertEquals("Incorrect default type", CertPathBuilder.getDefaultType(), dt); try { certBuild.build(null); fail("CertPathBuilderException must be thrown"); } catch (CertPathBuilderException e) { } CertPathBuilderResult cpbResult = certBuild.build(null); assertNull("Not null CertPathBuilderResult", cpbResult); }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NoSuchProviderException when provider has invalid value */ public void testCertPathBuilder05() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } for (int i = 0; i < validValues.length; i++ ) { for (int j = 1; j < invalidValues.length; j++) { try { CertPathBuilder.getInstance(validValues[i], invalidValues[j]); fail("NoSuchProviderException must be hrown"); } catch (NoSuchProviderException e1) { } } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NullPointerException when algorithm is null * throws NoSuchAlgorithmException when algorithm is not correct */ public void testCertPathBuilder06() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } try { CertPathBuilder.getInstance(null, defaultProviderName); fail("No expected NullPointerException"); } catch (NullPointerException e) { } for (int i = 0; i < invalidValues.length; i++) { try { CertPathBuilder.getInstance(invalidValues[i], defaultProviderName); fail("NoSuchAlgorithmException must be thrown"); } catch (NoSuchAlgorithmException e1) { } } }
/** * Test for <code>getInstance(String algorithm, Provider provider)</code> method * Assertion: throws IllegalArgumentException when provider is null */ public void testCertPathBuilder08() throws NoSuchAlgorithmException { if (!PKIXSupport) { fail(NotSupportMsg); return; } Provider prov = null; for (int t = 0; t < validValues.length; t++ ) { try { CertPathBuilder.getInstance(validValues[t], prov); fail("IllegalArgumentException must be thrown"); } catch (IllegalArgumentException e1) { } } }
/** * Test for <code>getInstance(String algorithm, String provider)</code> method * Assertion: * throws NullPointerException when algorithm is null * throws NoSuchAlgorithmException when algorithm is not correct */ public void testCertPathBuilder09() throws NoSuchAlgorithmException, NoSuchProviderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } try { CertPathBuilder.getInstance(null, defaultProvider); fail("No expected NullPointerException"); } catch (NullPointerException e) { } for (int i = 0; i < invalidValues.length; i++) { try { CertPathBuilder.getInstance(invalidValues[i], defaultProvider); fail("NoSuchAlgorithm must be thrown"); } catch (NoSuchAlgorithmException e1) { } } }
/** * Test for <code>build(CertPathParameters params)</code> method * Assertion: throws InvalidAlgorithmParameterException params is null */ public void testCertPathBuilder11() throws NoSuchAlgorithmException, NoSuchProviderException, CertPathBuilderException { if (!PKIXSupport) { fail(NotSupportMsg); return; } CertPathBuilder [] certPB = createCPBs(); assertNotNull("CertPathBuilder objects were not created", certPB); for (int i = 0; i < certPB.length; i++ ){ try { certPB[i].build(null); fail("InvalidAlgorithmParameterException must be thrown"); } catch(InvalidAlgorithmParameterException e) { } } }
private PKIXCertPathBuilderResult checkCertPath(SignerId signerId, Store certs) throws IOException, GeneralSecurityException { CertStore store = new JcaCertStoreBuilder().setProvider("BC").addCertificates(certs).build(); CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX","BC"); X509CertSelector targetConstraints = new X509CertSelector(); targetConstraints.setIssuer(signerId.getIssuer().getEncoded()); targetConstraints.setSerialNumber(signerId.getSerialNumber()); PKIXBuilderParameters params = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(trustAnchor, null)), targetConstraints); params.addCertStore(store); params.setRevocationEnabled(false); // TODO: CRLs? return (PKIXCertPathBuilderResult)pathBuilder.build(params); }
private void doBuild(X509Certificate userCert) throws Exception { // get the set of trusted CA certificates (only one in this instance) HashSet trustAnchors = new HashSet(); X509Certificate trustedCert = getTrustedCertificate(); trustAnchors.add(new TrustAnchor(trustedCert, null)); // put together a CertStore (repository of the certificates and CRLs) ArrayList certs = new ArrayList(); certs.add(trustedCert); certs.add(userCert); CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs); CertStore certStore = CertStore.getInstance("Collection", certStoreParams); // specify the target certificate via a CertSelector X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate(userCert); certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required // build a valid cerificate path CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN"); PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector); certPathBuilderParams.addCertStore(certStore); certPathBuilderParams.setRevocationEnabled(false); CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams); // get and show cert path CertPath certPath = result.getCertPath(); // System.out.println(certPath.toString()); }
/** * Perform a PKIX build. * * @param params PKIXBuilderParameters to use in building * @throws Exception on error */ public static void build(PKIXBuilderParameters params) throws Exception { CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); CertPathBuilderResult cpbr = builder.build(params); }
/** * Perform a PKIX build. * * @param params PKIXBuilderParameters to use in the build * @throws Exception on error */ public static void build(PKIXBuilderParameters params) throws Exception { CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "SUN"); CertPathBuilderResult cpbr = builder.build(params); }
/** * Perform a PKIX path build. On failure, throw an exception. * * @param params PKIXBuilderParameters to use in validation * @throws Exception on error */ public static PKIXCertPathBuilderResult build(PKIXBuilderParameters params) throws Exception { CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); return (PKIXCertPathBuilderResult) builder.build(params); }
