Java Code Examples for javax.net.ssl.X509TrustManager#checkClientTrusted()
The following examples show how to use
javax.net.ssl.X509TrustManager#checkClientTrusted() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TesterSupport.java From Tomcat8-Source-Read with MIT License | 6 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] certs,
String authType) throws CertificateException {
boolean trust = false;
for (X509TrustManager tm : tms) {
try {
tm.checkClientTrusted(certs, authType);
trust = true;
} catch (CertificateException ex) {
// Ignore
}
}
if (!trust) {
throw new CertificateException();
}
}
Example 2
| Source File: SSLContextInitializer.java From trufflesqueak with MIT License | 6 votes |
|
@Override
public void checkClientTrusted(final X509Certificate[] chain, final String authType)
throws CertificateException {
CertificateException lastError = null;
for (final X509TrustManager manager : managers) {
try {
manager.checkClientTrusted(chain, authType);
return;
} catch (final CertificateException e) {
lastError = e;
}
}
if (lastError != null) {
throw lastError;
}
}
Example 3
| Source File: MultiTrustManager.java From substitution-schedule-parser with Mozilla Public License 2.0 | 6 votes |
|
@Override
public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException
{
if (trustManagers.isEmpty()) {
throw new CertificateException("No trust managers installed!");
}
CertificateException ce = null;
for (X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkClientTrusted(chain, authType);
return;
}
catch (CertificateException trustCe) {
ce = trustCe;
}
}
throw ce;
}
Example 4
| Source File: QpidMultipleTrustManager.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException
{
for (X509TrustManager trustManager : _trustManagers)
{
try
{
trustManager.checkClientTrusted(chain, authType);
// this trustManager check succeeded, no need to check another one
return;
}
catch (CertificateException ex)
{
// do nothing, try another one in a loop
}
}
// no trustManager call succeeded, throw an exception
throw new CertificateException();
}
Example 5
| Source File: CompositeX509TrustManager.java From CompositeJKS with MIT License | 6 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
CertificateException lastError = null;
for (X509TrustManager trustManager : children) {
try {
trustManager.checkClientTrusted(chain, authType);
return;
} catch (CertificateException ex) {
lastError = ex;
}
}
if (lastError != null) {
throw lastError;
}
}
Example 6
| Source File: TrustManagers.java From scipio-erp with Apache License 2.0 | 6 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for(X509TrustManager tm : startClientTms) {
try {
tm.checkClientTrusted(chain, authType);
return; // first found
} catch(CertificateException e) {
; // proceed
}
}
// last try
if (finalClientTm == null) {
throw new CertificateException("Cannot validate client certificate (no delegated trust managers for client check)");
}
finalClientTm.checkClientTrusted(chain, authType);
}
Example 7
| Source File: CompositeX509TrustManager.java From JPPF with Apache License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
for (X509TrustManager mgr: trustManagers) {
try {
mgr.checkClientTrusted(chain, authType);
return;
} catch (@SuppressWarnings("unused") final Exception e) {
}
}
throw new CertificateException(String.format("client not trusted for chain = %s, authType = %s, accepted issuers = %s", Arrays.asList(chain), authType, Arrays.asList(getAcceptedIssuers())));
}
Example 8
| Source File: LdapClientTrustStoreManager.java From directory-fortress-core with Apache License 2.0 | 5 votes |
|
/**
* Determine if client certificate is to be trusted.
*
* @param x509Chain
* @param authNType
* @throws CertificateException
*/
public synchronized void checkClientTrusted( final X509Certificate[] x509Chain,
final String authNType ) throws CertificateException
{
// For each certificate in the chain, check validity:
for ( final X509TrustManager trustMgr : getTrustManagers( x509Chain ) )
{
trustMgr.checkClientTrusted( x509Chain, authNType );
}
}
Example 9
| Source File: CompositeX509TrustManager.java From zap-extensions with Apache License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for (X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkClientTrusted(chain, authType);
return; // someone trusts them. success!
} catch (CertificateException e) {
// maybe someone else will trust them
}
}
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
Example 10
| Source File: KeyStoreManagerImplTest.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
/**
* Verify that the Server and Client TrustManagers will trust each other.
*/
@Test
public void testServerAndClientTrustManagers() throws Exception {
// first setup the keystores
KeyStoreManager serverKeyStoreManager = createKeyStoreManager(new MemKeyStoreStorageManager());
serverKeyStoreManager.generateAndStoreKeyPair("Server Side", "dev", "codeSoft", "AnyTown", "state", "US");
KeyStoreManager clientKeyStoreManager = createKeyStoreManager(new MemKeyStoreStorageManager());
clientKeyStoreManager.generateAndStoreKeyPair("Client Side", "dev", "codeSoft", "AnyTown", "state", "US");
// now grab the cert from the client and stick it in the server
Certificate clientCertificate = serverKeyStoreManager.getCertificate();
serverKeyStoreManager.importTrustCertificate(clientCertificate, "client-side");
//TODO: the server cert needs to be imported on the client side, we need to figure out how to deal with this.
Certificate serverCertificate = serverKeyStoreManager.getCertificate();
clientKeyStoreManager.importTrustCertificate(serverCertificate, "server-side");
X509TrustManager serverTrustManager = (X509TrustManager) serverKeyStoreManager.getTrustManagers()[0];
X509TrustManager clientTrustManager = (X509TrustManager) clientKeyStoreManager.getTrustManagers()[0];
// verify the server trusts the client
serverTrustManager.checkClientTrusted(new X509Certificate[]{(X509Certificate) clientCertificate}, "TLS");
// verify the client trusts the server
clientTrustManager.checkServerTrusted(new X509Certificate[]{(X509Certificate) serverCertificate}, "TLS");
}
Example 11
| Source File: ReloadingX509TrustManager.java From big-c with Apache License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
X509TrustManager tm = trustManagerRef.get();
if (tm != null) {
tm.checkClientTrusted(chain, authType);
} else {
throw new CertificateException("Unknown client chain certificate: " +
chain[0].toString());
}
}
Example 12
| Source File: CompositeTrustManager.java From cwac-netsecurity with Apache License 2.0 | 5 votes |
|
/**
* {@inheritDoc}
*/
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
passChainToListeners(chain);
CertificateException first=null;
for (X509TrustManager mgr : managers) {
try {
mgr.checkClientTrusted(chain, authType);
if (!matchAll) {
return;
}
}
catch (CertificateException e) {
if (matchAll) {
throw e;
}
else {
first=e;
}
}
}
if (first != null) {
throw first;
}
}
Example 13
| Source File: NonJavaTrustStoreTest.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
@Test
public void testUseOfExpiredTrustAnchorDenied() throws Exception
{
final KeyCertificatePair keyCertPair = createExpiredCertificate();
final Path certificatePath = TLS_RESOURCE.saveCertificateAsPem(keyCertPair.getCertificate());
Map<String, Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, NAME);
attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
attributes.put(NonJavaTrustStore.CERTIFICATES_URL, certificatePath.toFile().getAbsolutePath());
attributes.put(NonJavaTrustStore.TYPE, NON_JAVA_TRUST_STORE);
TrustStore<?> trustStore = createTestTrustStore(attributes);
TrustManager[] trustManagers = trustStore.getTrustManagers();
assertNotNull(trustManagers);
assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
final boolean condition = trustManagers[0] instanceof X509TrustManager;
assertTrue("Unexpected trust manager type", condition);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
try
{
trustManager.checkClientTrusted(new X509Certificate[]{keyCertPair.getCertificate()}, "NULL");
fail("Exception not thrown");
}
catch (CertificateException e)
{
if (e instanceof CertificateExpiredException || "Certificate expired".equals(e.getMessage()))
{
// IBMJSSE2 does not throw CertificateExpiredException, it throws a CertificateException
// PASS
}
else
{
throw e;
}
}
}
Example 14
| Source File: FileTrustStoreTest.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
@Test
public void testUseOfExpiredTrustAnchorAllowed() throws Exception
{
// https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-
assumeThat("IBMJSSE2 trust factory (IbmX509) validates the entire chain, including trusted certificates.",
getJvmVendor(),
is(not(equalTo(IBM))));
final Path keyStoreFile = createTrustStoreWithExpiredCertificate();
Map<String, Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, NAME);
attributes.put(FileTrustStore.STORE_URL, keyStoreFile.toFile().getAbsolutePath());
attributes.put(FileTrustStore.PASSWORD, TLS_RESOURCE.getSecret());
attributes.put(FileTrustStore.TRUST_STORE_TYPE, TLS_RESOURCE.getKeyStoreType());
FileTrustStore<?> trustStore = createFileTrustStore(attributes);
TrustManager[] trustManagers = trustStore.getTrustManagers();
assertNotNull(trustManagers);
assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
final boolean condition = trustManagers[0] instanceof X509TrustManager;
assertTrue("Unexpected trust manager type", condition);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
KeyStore clientStore = getInitializedKeyStore(keyStoreFile.toFile().getAbsolutePath(),
TLS_RESOURCE.getSecret(),
TLS_RESOURCE.getKeyStoreType());
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
trustManager.checkClientTrusted(new X509Certificate[]{certificate}, "NULL");
}
Example 15
| Source File: KeyStoresTrustManager.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
CertificateException catchException = null;
for (X509TrustManager tm : trustManagers) {
try {
tm.checkClientTrusted(certificates, authType);
return;
} catch (CertificateException e) {
catchException = e;
}
}
throw catchException;
}
Example 16
| Source File: ReloadingX509TrustManager.java From hadoop with Apache License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
X509TrustManager tm = trustManagerRef.get();
if (tm != null) {
tm.checkClientTrusted(chain, authType);
} else {
throw new CertificateException("Unknown client chain certificate: " +
chain[0].toString());
}
}
Example 17
| Source File: LdapClientTrustStoreManager.java From directory-ldap-api with Apache License 2.0 | 5 votes |
|
/**
* Determine if client certificate is to be trusted.
*
* @param x509Chain The certificate chain
* @param authNType The key exchange algorithm being used
* @throws CertificateException If the trustManager cannot be found
*/
public synchronized void checkClientTrusted( X509Certificate[] x509Chain, String authNType ) throws CertificateException
{
// For each certificate in the chain, check validity:
for ( X509TrustManager trustMgr : getTrustManagers( x509Chain ) )
{
trustMgr.checkClientTrusted( x509Chain, authNType );
}
}
Example 18
| Source File: FileTrustStoreSslSocketFactory.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
for (final X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkClientTrusted(chain, authType);
return;
} catch (final CertificateException e) {
LOGGER.debug(e.getMessage(), e);
}
}
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
Example 19
| Source File: CompositeTrustManager.java From tessera with Apache License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] clientCertificates, String authType) throws CertificateException {
for (TrustManager trustManager : trustManagers) {
try {
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
x509TrustManager.checkClientTrusted(clientCertificates, authType);
return;
}
catch(CertificateException ex) {
//Ignore and move on to the next trust manager
}
}
throw new CertificateException("Certificate is not trusted by any of the trust managers");
}
Example 20
| Source File: FileTrustStoreTest.java From qpid-broker-j with Apache License 2.0 | 4 votes |
|
@Test
public void testUseOfExpiredTrustAnchorDenied() throws Exception
{
final Path keyStoreFile = createTrustStoreWithExpiredCertificate();
Map<String, Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, NAME);
attributes.put(FileTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
attributes.put(FileTrustStore.STORE_URL, keyStoreFile.toFile().getAbsolutePath());
attributes.put(FileTrustStore.PASSWORD, TLS_RESOURCE.getSecret());
attributes.put(FileTrustStore.TRUST_STORE_TYPE, TLS_RESOURCE.getKeyStoreType());
final TrustStore<?> trustStore = createFileTrustStore(attributes);
TrustManager[] trustManagers = trustStore.getTrustManagers();
assertNotNull(trustManagers);
assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
final boolean condition = trustManagers[0] instanceof X509TrustManager;
assertTrue("Unexpected trust manager type", condition);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
KeyStore clientStore = getInitializedKeyStore(keyStoreFile.toFile().getAbsolutePath(),
TLS_RESOURCE.getSecret(),
TLS_RESOURCE.getKeyStoreType());
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
try
{
trustManager.checkClientTrusted(new X509Certificate[]{certificate}, "NULL");
fail("Exception not thrown");
}
catch (CertificateException e)
{
if (e instanceof CertificateExpiredException || "Certificate expired".equals(e.getMessage()))
{
// IBMJSSE2 does not throw CertificateExpiredException, it throws a CertificateException
// ignore
}
else
{
throw e;
}
}
}
