Java Code Examples for sun.security.validator.Validator#VAR_TLS_CLIENT

The following examples show how to use sun.security.validator.Validator#VAR_TLS_CLIENT . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLContextImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
private void checkAlgorithmConstraints(X509Certificate[] chain,
        AlgorithmConstraints constraints, boolean isClient) throws CertificateException {

    try {
        // Does the certificate chain end with a trusted certificate?
        int checkedLength = chain.length - 1;

        Collection<X509Certificate> trustedCerts = new HashSet<>();
        X509Certificate[] certs = tm.getAcceptedIssuers();
        if ((certs != null) && (certs.length > 0)){
            Collections.addAll(trustedCerts, certs);
        }

        if (trustedCerts.contains(chain[checkedLength])) {
                checkedLength--;
        }

        // A forward checker, need to check from trust to target
        if (checkedLength >= 0) {
            AlgorithmChecker checker =
                    new AlgorithmChecker(constraints, null,
                            (isClient ? Validator.VAR_TLS_CLIENT : Validator.VAR_TLS_SERVER));
            checker.init(false);
            for (int i = checkedLength; i >= 0; i--) {
                Certificate cert = chain[i];
                // We don't care about the unresolved critical extensions.
                checker.check(cert, Collections.<String>emptySet());
            }
        }
    } catch (CertPathValidatorException cpve) {
        throw new CertificateException(
            "Certificates do not conform to algorithm constraints", cpve);
    }
}
 
Example 2
Source File: SSLContextImpl.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
private void checkAlgorithmConstraints(X509Certificate[] chain,
        AlgorithmConstraints constraints,
        boolean checkClientTrusted) throws CertificateException {

    try {
        // Does the certificate chain end with a trusted certificate?
        int checkedLength = chain.length - 1;

        Collection<X509Certificate> trustedCerts = new HashSet<>();
        X509Certificate[] certs = tm.getAcceptedIssuers();
        if ((certs != null) && (certs.length > 0)){
            Collections.addAll(trustedCerts, certs);
        }

        if (trustedCerts.contains(chain[checkedLength])) {
                checkedLength--;
        }

        // A forward checker, need to check from trust to target
        if (checkedLength >= 0) {
            AlgorithmChecker checker =
                    new AlgorithmChecker(constraints, null,
                            (checkClientTrusted ? Validator.VAR_TLS_CLIENT :
                                        Validator.VAR_TLS_SERVER));
            checker.init(false);
            for (int i = checkedLength; i >= 0; i--) {
                Certificate cert = chain[i];
                // We don't care about the unresolved critical extensions.
                checker.check(cert, Collections.<String>emptySet());
            }
        }
    } catch (CertPathValidatorException cpve) {
        throw new CertificateException(
            "Certificates do not conform to algorithm constraints", cpve);
    }
}
 
Example 3
Source File: X509KeyManagerImpl.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public String getValidator() {
    if (this == CLIENT) {
        return Validator.VAR_TLS_CLIENT;
    } else if (this == SERVER) {
        return Validator.VAR_TLS_SERVER;
    }
    return Validator.VAR_GENERIC;
}
 
Example 4
Source File: DisabledAlgorithmConstraints.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public void permits(ConstraintsParameters cp)
        throws CertPathValidatorException {
    for (String usage : usages) {

        String v = null;
        if (usage.compareToIgnoreCase("TLSServer") == 0) {
            v = Validator.VAR_TLS_SERVER;
        } else if (usage.compareToIgnoreCase("TLSClient") == 0) {
            v = Validator.VAR_TLS_CLIENT;
        } else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
            v = Validator.VAR_PLUGIN_CODE_SIGNING;
        }

        if (debug != null) {
            debug.println("Checking if usage constraint \"" + v +
                    "\" matches \"" + cp.getVariant() + "\"");
            // Because usage checking can come from many places
            // a stack trace is very helpful.
            ByteArrayOutputStream ba = new ByteArrayOutputStream();
            PrintStream ps = new PrintStream(ba);
            (new Exception()).printStackTrace(ps);
            debug.println(ba.toString());
        }
        if (cp.getVariant().compareTo(v) == 0) {
            if (next(cp)) {
                return;
            }
            throw new CertPathValidatorException("Usage constraint " +
                    usage + " check failed: " + algorithm +
                    extendedMsg(cp),
                    null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
}
 
Example 5
Source File: SSLContextImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
private void checkAlgorithmConstraints(X509Certificate[] chain,
        AlgorithmConstraints constraints, boolean isClient) throws CertificateException {

    try {
        // Does the certificate chain end with a trusted certificate?
        int checkedLength = chain.length - 1;

        Collection<X509Certificate> trustedCerts = new HashSet<>();
        X509Certificate[] certs = tm.getAcceptedIssuers();
        if ((certs != null) && (certs.length > 0)){
            Collections.addAll(trustedCerts, certs);
        }

        if (trustedCerts.contains(chain[checkedLength])) {
                checkedLength--;
        }

        // A forward checker, need to check from trust to target
        if (checkedLength >= 0) {
            AlgorithmChecker checker =
                    new AlgorithmChecker(constraints, null,
                            (isClient ? Validator.VAR_TLS_CLIENT : Validator.VAR_TLS_SERVER));
            checker.init(false);
            for (int i = checkedLength; i >= 0; i--) {
                Certificate cert = chain[i];
                // We don't care about the unresolved critical extensions.
                checker.check(cert, Collections.<String>emptySet());
            }
        }
    } catch (CertPathValidatorException cpve) {
        throw new CertificateException(
            "Certificates do not conform to algorithm constraints", cpve);
    }
}
 
Example 6
Source File: X509KeyManagerImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public String getValidator() {
    if (this == CLIENT) {
        return Validator.VAR_TLS_CLIENT;
    } else if (this == SERVER) {
        return Validator.VAR_TLS_SERVER;
    }
    return Validator.VAR_GENERIC;
}
 
Example 7
Source File: DisabledAlgorithmConstraints.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
@Override
public void permits(ConstraintsParameters cp)
        throws CertPathValidatorException {
    for (String usage : usages) {

        String v = null;
        if (usage.compareToIgnoreCase("TLSServer") == 0) {
            v = Validator.VAR_TLS_SERVER;
        } else if (usage.compareToIgnoreCase("TLSClient") == 0) {
            v = Validator.VAR_TLS_CLIENT;
        } else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
            v = Validator.VAR_PLUGIN_CODE_SIGNING;
        }

        if (debug != null) {
            debug.println("Checking if usage constraint \"" + v +
                    "\" matches \"" + cp.getVariant() + "\"");
            if (Debug.isVerbose()) {
                // Because usage checking can come from many places
                // a stack trace is very helpful.
                (new Exception()).printStackTrace(debug.getPrintStream());
            }
        }
        if (cp.getVariant().compareTo(v) == 0) {
            if (next(cp)) {
                return;
            }
            throw new CertPathValidatorException("Usage constraint " +
                    usage + " check failed: " + algorithm +
                    extendedMsg(cp),
                    null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
}
 
Example 8
Source File: SSLContextImpl.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
private void checkAlgorithmConstraints(X509Certificate[] chain,
        AlgorithmConstraints constraints,
        boolean checkClientTrusted) throws CertificateException {
    try {
        // Does the certificate chain end with a trusted certificate?
        int checkedLength = chain.length - 1;

        Collection<X509Certificate> trustedCerts = new HashSet<>();
        X509Certificate[] certs = tm.getAcceptedIssuers();
        if ((certs != null) && (certs.length > 0)){
            Collections.addAll(trustedCerts, certs);
        }

        if (trustedCerts.contains(chain[checkedLength])) {
                checkedLength--;
        }

        // A forward checker, need to check from trust to target
        if (checkedLength >= 0) {
            AlgorithmChecker checker =
                new AlgorithmChecker(constraints, null,
                        (checkClientTrusted ? Validator.VAR_TLS_CLIENT :
                                    Validator.VAR_TLS_SERVER));
            checker.init(false);
            for (int i = checkedLength; i >= 0; i--) {
                X509Certificate cert = chain[i];
                // We don't care about the unresolved critical extensions.
                checker.check(cert, Collections.<String>emptySet());
            }
        }
    } catch (CertPathValidatorException cpve) {
        throw new CertificateException(
            "Certificates do not conform to algorithm constraints", cpve);
    }
}
 
Example 9
Source File: X509KeyManagerImpl.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
public String getValidator() {
    if (this == CLIENT) {
        return Validator.VAR_TLS_CLIENT;
    } else if (this == SERVER) {
        return Validator.VAR_TLS_SERVER;
    }
    return Validator.VAR_GENERIC;
}
 
Example 10
Source File: DisabledAlgorithmConstraints.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void permits(ConstraintsParameters cp)
        throws CertPathValidatorException {
    for (String usage : usages) {

        String v = null;
        if (usage.compareToIgnoreCase("TLSServer") == 0) {
            v = Validator.VAR_TLS_SERVER;
        } else if (usage.compareToIgnoreCase("TLSClient") == 0) {
            v = Validator.VAR_TLS_CLIENT;
        } else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
            v = Validator.VAR_PLUGIN_CODE_SIGNING;
        }

        if (debug != null) {
            debug.println("Checking if usage constraint \"" + v +
                    "\" matches \"" + cp.getVariant() + "\"");
            // Because usage checking can come from many places
            // a stack trace is very helpful.
            ByteArrayOutputStream ba = new ByteArrayOutputStream();
            PrintStream ps = new PrintStream(ba);
            (new Exception()).printStackTrace(ps);
            debug.println(ba.toString());
        }
        if (cp.getVariant().compareTo(v) == 0) {
            if (next(cp)) {
                return;
            }
            throw new CertPathValidatorException("Usage constraint " +
                    usage + " check failed: " + algorithm +
                    extendedMsg(cp),
                    null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
}
 
Example 11
Source File: X509KeyManagerImpl.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public String getValidator() {
    if (this == CLIENT) {
        return Validator.VAR_TLS_CLIENT;
    } else if (this == SERVER) {
        return Validator.VAR_TLS_SERVER;
    }
    return Validator.VAR_GENERIC;
}
 
Example 12
Source File: X509KeyManagerImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public String getValidator() {
    if (this == CLIENT) {
        return Validator.VAR_TLS_CLIENT;
    } else if (this == SERVER) {
        return Validator.VAR_TLS_SERVER;
    }
    return Validator.VAR_GENERIC;
}
 
Example 13
Source File: DisabledAlgorithmConstraints.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void permits(ConstraintsParameters cp)
        throws CertPathValidatorException {
    for (String usage : usages) {

        String v = null;
        if (usage.compareToIgnoreCase("TLSServer") == 0) {
            v = Validator.VAR_TLS_SERVER;
        } else if (usage.compareToIgnoreCase("TLSClient") == 0) {
            v = Validator.VAR_TLS_CLIENT;
        } else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
            v = Validator.VAR_PLUGIN_CODE_SIGNING;
        }

        if (debug != null) {
            debug.println("Checking if usage constraint \"" + v +
                    "\" matches \"" + cp.getVariant() + "\"");
            // Because usage checking can come from many places
            // a stack trace is very helpful.
            ByteArrayOutputStream ba = new ByteArrayOutputStream();
            PrintStream ps = new PrintStream(ba);
            (new Exception()).printStackTrace(ps);
            debug.println(ba.toString());
        }
        if (cp.getVariant().compareTo(v) == 0) {
            if (next(cp)) {
                return;
            }
            throw new CertPathValidatorException("Usage constraint " +
                    usage + " check failed: " + algorithm +
                    extendedMsg(cp),
                    null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
}
 
Example 14
Source File: SSLContextImpl.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
private void checkAlgorithmConstraints(X509Certificate[] chain,
        AlgorithmConstraints constraints,
        boolean checkClientTrusted) throws CertificateException {

    try {
        // Does the certificate chain end with a trusted certificate?
        int checkedLength = chain.length - 1;

        Collection<X509Certificate> trustedCerts = new HashSet<>();
        X509Certificate[] certs = tm.getAcceptedIssuers();
        if ((certs != null) && (certs.length > 0)){
            Collections.addAll(trustedCerts, certs);
        }

        if (trustedCerts.contains(chain[checkedLength])) {
                checkedLength--;
        }

        // A forward checker, need to check from trust to target
        if (checkedLength >= 0) {
            AlgorithmChecker checker =
                    new AlgorithmChecker(constraints, null,
                            (checkClientTrusted ? Validator.VAR_TLS_CLIENT :
                                        Validator.VAR_TLS_SERVER));
            checker.init(false);
            for (int i = checkedLength; i >= 0; i--) {
                Certificate cert = chain[i];
                // We don't care about the unresolved critical extensions.
                checker.check(cert, Collections.<String>emptySet());
            }
        }
    } catch (CertPathValidatorException cpve) {
        throw new CertificateException(
            "Certificates do not conform to algorithm constraints", cpve);
    }
}
 
Example 15
Source File: X509KeyManagerImpl.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public String getValidator() {
    if (this == CLIENT) {
        return Validator.VAR_TLS_CLIENT;
    } else if (this == SERVER) {
        return Validator.VAR_TLS_SERVER;
    }
    return Validator.VAR_GENERIC;
}
 
Example 16
Source File: DisabledAlgorithmConstraints.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void permits(ConstraintsParameters cp)
        throws CertPathValidatorException {
    for (String usage : usages) {

        String v = null;
        if (usage.compareToIgnoreCase("TLSServer") == 0) {
            v = Validator.VAR_TLS_SERVER;
        } else if (usage.compareToIgnoreCase("TLSClient") == 0) {
            v = Validator.VAR_TLS_CLIENT;
        } else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
            v = Validator.VAR_PLUGIN_CODE_SIGNING;
        }

        if (debug != null) {
            debug.println("Checking if usage constraint \"" + v +
                    "\" matches \"" + cp.getVariant() + "\"");
            // Because usage checking can come from many places
            // a stack trace is very helpful.
            ByteArrayOutputStream ba = new ByteArrayOutputStream();
            PrintStream ps = new PrintStream(ba);
            (new Exception()).printStackTrace(ps);
            debug.println(ba.toString());
        }
        if (cp.getVariant().compareTo(v) == 0) {
            if (next(cp)) {
                return;
            }
            throw new CertPathValidatorException("Usage constraint " +
                    usage + " check failed: " + algorithm +
                    extendedMsg(cp),
                    null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
}
 
Example 17
Source File: SSLContextImpl.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
private void checkAlgorithmConstraints(X509Certificate[] chain,
        AlgorithmConstraints constraints,
        boolean checkClientTrusted) throws CertificateException {

    try {
        // Does the certificate chain end with a trusted certificate?
        int checkedLength = chain.length - 1;

        Collection<X509Certificate> trustedCerts = new HashSet<>();
        X509Certificate[] certs = tm.getAcceptedIssuers();
        if ((certs != null) && (certs.length > 0)){
            Collections.addAll(trustedCerts, certs);
        }

        if (trustedCerts.contains(chain[checkedLength])) {
                checkedLength--;
        }

        // A forward checker, need to check from trust to target
        if (checkedLength >= 0) {
            AlgorithmChecker checker =
                    new AlgorithmChecker(constraints, null,
                            (checkClientTrusted ? Validator.VAR_TLS_CLIENT :
                                        Validator.VAR_TLS_SERVER));
            checker.init(false);
            for (int i = checkedLength; i >= 0; i--) {
                Certificate cert = chain[i];
                // We don't care about the unresolved critical extensions.
                checker.check(cert, Collections.<String>emptySet());
            }
        }
    } catch (CertPathValidatorException cpve) {
        throw new CertificateException(
            "Certificates do not conform to algorithm constraints", cpve);
    }
}
 
Example 18
Source File: X509KeyManagerImpl.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public String getValidator() {
    if (this == CLIENT) {
        return Validator.VAR_TLS_CLIENT;
    } else if (this == SERVER) {
        return Validator.VAR_TLS_SERVER;
    }
    return Validator.VAR_GENERIC;
}
 
Example 19
Source File: DisabledAlgorithmConstraints.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void permits(ConstraintsParameters cp)
        throws CertPathValidatorException {
    for (String usage : usages) {

        String v = null;
        if (usage.compareToIgnoreCase("TLSServer") == 0) {
            v = Validator.VAR_TLS_SERVER;
        } else if (usage.compareToIgnoreCase("TLSClient") == 0) {
            v = Validator.VAR_TLS_CLIENT;
        } else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
            v = Validator.VAR_PLUGIN_CODE_SIGNING;
        }

        if (debug != null) {
            debug.println("Checking if usage constraint \"" + v +
                    "\" matches \"" + cp.getVariant() + "\"");
            // Because usage checking can come from many places
            // a stack trace is very helpful.
            ByteArrayOutputStream ba = new ByteArrayOutputStream();
            PrintStream ps = new PrintStream(ba);
            (new Exception()).printStackTrace(ps);
            debug.println(ba.toString());
        }
        if (cp.getVariant().compareTo(v) == 0) {
            if (next(cp)) {
                return;
            }
            throw new CertPathValidatorException("Usage constraint " +
                    usage + " check failed: " + algorithm +
                    extendedMsg(cp),
                    null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
}
 
Example 20
Source File: DisabledAlgorithmConstraints.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void permits(ConstraintsParameters cp)
        throws CertPathValidatorException {
    for (String usage : usages) {

        String v = null;
        if (usage.compareToIgnoreCase("TLSServer") == 0) {
            v = Validator.VAR_TLS_SERVER;
        } else if (usage.compareToIgnoreCase("TLSClient") == 0) {
            v = Validator.VAR_TLS_CLIENT;
        } else if (usage.compareToIgnoreCase("SignedJAR") == 0) {
            v = Validator.VAR_PLUGIN_CODE_SIGNING;
        }

        if (debug != null) {
            debug.println("Checking if usage constraint \"" + v +
                    "\" matches \"" + cp.getVariant() + "\"");
            // Because usage checking can come from many places
            // a stack trace is very helpful.
            ByteArrayOutputStream ba = new ByteArrayOutputStream();
            PrintStream ps = new PrintStream(ba);
            (new Exception()).printStackTrace(ps);
            debug.println(ba.toString());
        }
        if (cp.getVariant().compareTo(v) == 0) {
            if (next(cp)) {
                return;
            }
            throw new CertPathValidatorException("Usage constraint " +
                    usage + " check failed: " + algorithm +
                    extendedMsg(cp),
                    null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
}