Java Code Examples for java.security.cert.CertificateException#getCause()

The following examples show how to use java.security.cert.CertificateException#getCause() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CertificateMessage.java    From openjsse with GNU General Public License v2.0 6 votes vote down vote up
/**
 * When a failure happens during certificate checking from an
 * {@link X509TrustManager}, determine what TLS alert description
 * to use.
 *
 * @param cexc The exception thrown by the {@link X509TrustManager}
 *
 * @return A byte value corresponding to a TLS alert description number.
 */
private static Alert getCertificateAlert(
        ClientHandshakeContext chc, CertificateException cexc) {
    // The specific reason for the failure will determine how to
    // set the alert description value
    Alert alert = Alert.CERTIFICATE_UNKNOWN;

    Throwable baseCause = cexc.getCause();
    if (baseCause instanceof CertPathValidatorException) {
        CertPathValidatorException cpve =
                (CertPathValidatorException)baseCause;
        Reason reason = cpve.getReason();
        if (reason == BasicReason.REVOKED) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_REVOKED;
        } else if (
                reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_UNKNOWN;
        }
    }

    return alert;
}
 
Example 2
Source File: CertificateMessage.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
/**
 * When a failure happens during certificate checking from an
 * {@link X509TrustManager}, determine what TLS alert description
 * to use.
 *
 * @param cexc The exception thrown by the {@link X509TrustManager}
 *
 * @return A byte value corresponding to a TLS alert description number.
 */
private static Alert getCertificateAlert(
        ClientHandshakeContext chc, CertificateException cexc) {
    // The specific reason for the failure will determine how to
    // set the alert description value
    Alert alert = Alert.CERTIFICATE_UNKNOWN;

    Throwable baseCause = cexc.getCause();
    if (baseCause instanceof CertPathValidatorException) {
        CertPathValidatorException cpve =
                (CertPathValidatorException)baseCause;
        Reason reason = cpve.getReason();
        if (reason == BasicReason.REVOKED) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_REVOKED;
        } else if (
                reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_UNKNOWN;
        }
    }

    return alert;
}
 
Example 3
Source File: ClientHandshaker.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * When a failure happens during certificate checking from an
 * {@link X509TrustManager}, determine what TLS alert description to use.
 *
 * @param cexc The exception thrown by the {@link X509TrustManager}
 *
 * @return A byte value corresponding to a TLS alert description number.
 */
private byte getCertificateAlert(CertificateException cexc) {
    // The specific reason for the failure will determine how to
    // set the alert description value
    byte alertDesc = Alerts.alert_certificate_unknown;

    Throwable baseCause = cexc.getCause();
    if (baseCause instanceof CertPathValidatorException) {
        CertPathValidatorException cpve =
                (CertPathValidatorException)baseCause;
        Reason reason = cpve.getReason();
        if (reason == BasicReason.REVOKED) {
            alertDesc = staplingActive ?
                    Alerts.alert_bad_certificate_status_response :
                    Alerts.alert_certificate_revoked;
        } else if (reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
            alertDesc = staplingActive ?
                    Alerts.alert_bad_certificate_status_response :
                    Alerts.alert_certificate_unknown;
        }
    }

    return alertDesc;
}
 
Example 4
Source File: CertificateMessage.java    From openjsse with GNU General Public License v2.0 5 votes vote down vote up
/**
 * When a failure happens during certificate checking from an
 * {@link X509TrustManager}, determine what TLS alert description
 * to use.
 *
 * @param cexc The exception thrown by the {@link X509TrustManager}
 *
 * @return A byte value corresponding to a TLS alert description number.
 */
private static Alert getCertificateAlert(
        ClientHandshakeContext chc, CertificateException cexc) {
    // The specific reason for the failure will determine how to
    // set the alert description value
    Alert alert = Alert.CERTIFICATE_UNKNOWN;

    Throwable baseCause = cexc.getCause();
    if (baseCause instanceof CertPathValidatorException) {
        CertPathValidatorException cpve =
                (CertPathValidatorException)baseCause;
        Reason reason = cpve.getReason();
        if (reason == BasicReason.REVOKED) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_REVOKED;
        } else if (
                reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_UNKNOWN;
        } else if (reason == BasicReason.ALGORITHM_CONSTRAINED) {
            alert = Alert.UNSUPPORTED_CERTIFICATE;
        } else if (reason == BasicReason.EXPIRED) {
            alert = Alert.CERTIFICATE_EXPIRED;
        } else if (reason == BasicReason.INVALID_SIGNATURE ||
                reason == BasicReason.NOT_YET_VALID) {
            alert = Alert.BAD_CERTIFICATE;
        }
    }

    return alert;
}
 
Example 5
Source File: PublicKeyLoader.java    From factura-electronica with Apache License 2.0 5 votes vote down vote up
public void setX509Certificate(InputStream crtInputStream) {
    try {
        this.key = (X509Certificate)
                CertificateFactory.getInstance("X.509").generateCertificate(crtInputStream);
    } catch (CertificateException e) {
        throw new KeyException("Error al obtener el certificado x.509. La codificación puede ser incorrecta.", e.getCause());
    }
}
 
Example 6
Source File: CertificateMessage.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * When a failure happens during certificate checking from an
 * {@link X509TrustManager}, determine what TLS alert description
 * to use.
 *
 * @param cexc The exception thrown by the {@link X509TrustManager}
 *
 * @return A byte value corresponding to a TLS alert description number.
 */
private static Alert getCertificateAlert(
        ClientHandshakeContext chc, CertificateException cexc) {
    // The specific reason for the failure will determine how to
    // set the alert description value
    Alert alert = Alert.CERTIFICATE_UNKNOWN;

    Throwable baseCause = cexc.getCause();
    if (baseCause instanceof CertPathValidatorException) {
        CertPathValidatorException cpve =
                (CertPathValidatorException)baseCause;
        Reason reason = cpve.getReason();
        if (reason == BasicReason.REVOKED) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_REVOKED;
        } else if (
                reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
            alert = chc.staplingActive ?
                    Alert.BAD_CERT_STATUS_RESPONSE :
                    Alert.CERTIFICATE_UNKNOWN;
        } else if (reason == BasicReason.ALGORITHM_CONSTRAINED) {
            alert = Alert.UNSUPPORTED_CERTIFICATE;
        } else if (reason == BasicReason.EXPIRED) {
            alert = Alert.CERTIFICATE_EXPIRED;
        } else if (reason == BasicReason.INVALID_SIGNATURE ||
                reason == BasicReason.NOT_YET_VALID) {
            alert = Alert.BAD_CERTIFICATE;
        }
    }

    return alert;
}