Java Code Examples for java.security.cert.CertificateException#getMessage()

The following examples show how to use java.security.cert.CertificateException#getMessage() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: apollo-android   File: ResponseHeaderRecord.java    License: MIT License 6 votes vote down vote up
private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
  int length = readInt(source);
  if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.

  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    List<Certificate> result = new ArrayList<>(length);
    for (int i = 0; i < length; i++) {
      String line = source.readUtf8LineStrict();
      Buffer bytes = new Buffer();
      bytes.write(ByteString.decodeBase64(line));
      result.add(certificateFactory.generateCertificate(bytes.inputStream()));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 2
private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
  int length = readInt(source);
  if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.

  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    List<Certificate> result = new ArrayList<>(length);
    for (int i = 0; i < length; i++) {
      String line = source.readUtf8LineStrict();
      Buffer bytes = new Buffer();
      bytes.write(ByteString.decodeBase64(line));
      result.add(certificateFactory.generateCertificate(bytes.inputStream()));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 3
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
    int length = reader.readInt();
    if (length == -1) {
        return null;
    }
    try {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Certificate[] result = new Certificate[length];
        for (int i = 0; i < result.length; i++) {
            String line = reader.readLine();
            byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
            result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
        }
        return result;
    } catch (CertificateException e) {
        throw new IOException(e.getMessage());
    }
}
 
Example 4
Source Project: cxf   File: X509Locator.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public UnverifiedKeyBindingType locate(LocateRequestType request) {
    List<UseKeyWithType> keyIDs = parse(request);
    X509Certificate cert;
    try {
        cert = findCertificate(keyIDs);
        if (cert == null) {
            return null;
        }
        UnverifiedKeyBindingType result = new UnverifiedKeyBindingType();
        result.setKeyInfo(X509Utils.getKeyInfo(cert));
        return result;
    } catch (CertificateEncodingException e) {
        throw new XKMSCertificateException("Cannot encode certificate: " + e.getMessage(), e);
    } catch (CertificateException e1) {
        throw new XKMSCertificateException(e1.getMessage(), e1);
    }
}
 
Example 5
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 6
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
   try {
      KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
      Validate.notNull(store);
      LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
      store.load(param);
      if (this.distributedKeyStores.containsKey(key)) {
         LOG.info("Key [" + key + "] already in cache.");
      }

      this.distributedKeyStores.put(key, store);
      return store;
   } catch (IOException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (KeyStoreException var6) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
   } catch (NoSuchAlgorithmException var7) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
   } catch (CertificateException var8) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
   }
}
 
Example 7
Source Project: IoTgo_Android_App   File: HttpResponseCache.java    License: MIT License 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 8
Source Project: reader   File: HttpResponseCache.java    License: MIT License 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 9
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 10
Source Project: wildfly-samples   File: HttpResponseCache.java    License: MIT License 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 11
/**
 * Generate and return certificate from the string
 * @throws CloudRuntimeException if the certificate is not well formed
 */
private Certificate getCertificateFromString(String certificatePem) {
    try {
        return CertificateHelper.buildCertificate(certificatePem);
    } catch (CertificateException e) {
        e.printStackTrace();
        throw new CloudRuntimeException("Cannot parse the certificate provided, please provide a PEM certificate. Error: " + e.getMessage());
    }
}
 
Example 12
/**
 * Resets curve name, hash algorithm and cert factory. Call this method when a config value changes
 *
 * @throws CryptoException
 * @throws InvalidArgumentException
 */
private void resetConfiguration() throws CryptoException, InvalidArgumentException {

    setSecurityLevel(securityLevel);

    setHashAlgorithm(hashAlgorithm);

    try {
        cf = CertificateFactory.getInstance(CERTIFICATE_FORMAT);
    } catch (CertificateException e) {
        CryptoException ex = new CryptoException("Cannot initialize " + CERTIFICATE_FORMAT + " certificate factory. Error = " + e.getMessage(), e);
        logger.error(ex.getMessage(), ex);
        throw ex;
    }
}
 
Example 13
public boolean isCertificateRevoked(File certFile, DateTime validOn) throws TechnicalConnectorException {
   try {
      CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
      X509Certificate cert = (X509Certificate)certFactory.generateCertificate(new FileInputStream(certFile));
      return this.isCertificateRevoked(cert, validOn);
   } catch (FileNotFoundException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (CertificateException var6) {
      throw new CertificateVerificationException(var6.getMessage(), var6);
   }
}
 
Example 14
Source Project: xipki   File: EnrolmentResponse.java    License: Apache License 2.0 5 votes vote down vote up
public EnrolmentResponse(PkiMessage pkcsRep) throws ScepClientException {
  Args.notNull(pkcsRep, "pkcsRep");
  MessageType messageType = pkcsRep.getMessageType();
  if (MessageType.CertRep != messageType) {
    throw new ScepClientException("messageType must not be other than CertRep: " + messageType);
  }
  this.pkcsRep = pkcsRep;

  if (PkiStatus.SUCCESS != pkcsRep.getPkiStatus()) {
    return;
  }

  ASN1Encodable messageData = pkcsRep.getMessageData();
  if (!(messageData instanceof ContentInfo)) {
    throw new ScepClientException("pkcsRep is not a ContentInfo");
  }

  ContentInfo ci = (ContentInfo) messageData;
  SignedData sd = SignedData.getInstance(ci.getContent());
  ASN1Set asn1Certs = sd.getCertificates();
  if (asn1Certs == null || asn1Certs.size() == 0) {
    throw new ScepClientException("no certificate is embedded in pkcsRep");
  }

  try {
    this.certificates = Collections.unmodifiableList(ScepUtil.getCertsFromSignedData(sd));
  } catch (CertificateException ex) {
    throw new ScepClientException(ex.getMessage(), ex);
  }
}
 
Example 15
public boolean isCertificateRevoked(X509Certificate cert, DateTime validOn) throws TechnicalConnectorException {
   try {
      return RevocationStatusCheckerFactory.getStatusChecker().isRevoked(cert, validOn);
   } catch (CertificateException var4) {
      throw new CertificateVerificationException(var4.getMessage(), var4);
   }
}
 
Example 16
public boolean isCertificateRevoked(X509Certificate cert, DateTime validOn) throws TechnicalConnectorException {
   try {
      return RevocationStatusCheckerFactory.getStatusChecker().isRevoked(cert, validOn);
   } catch (CertificateException var4) {
      throw new CertificateVerificationException(var4.getMessage(), var4);
   }
}
 
Example 17
Source Project: xipki   File: IaikP11Slot.java    License: Apache License 2.0 5 votes vote down vote up
private static X509Cert parseCert(X509PublicKeyCertificate p11Cert) throws P11TokenException {
  try {
    byte[] encoded = p11Cert.getValue().getByteArrayValue();
    return X509Util.parseCert(encoded);
  } catch (CertificateException ex) {
    throw new P11TokenException("could not parse certificate: " + ex.getMessage(), ex);
  }
}
 
Example 18
/**
 * check whether a certificate conforms to these NameConstraints.
 * This involves verifying that the subject name and subjectAltName
 * extension (critical or noncritical) is consistent with the permitted
 * subtrees state variables.  Also verify that the subject name and
 * subjectAltName extension (critical or noncritical) is consistent with
 * the excluded subtrees state variables.
 *
 * @param cert X509Certificate to be verified
 * @returns true if certificate verifies successfully
 * @throws IOException on error
 */
public boolean verify(X509Certificate cert) throws IOException {

    if (cert == null) {
        throw new IOException("Certificate is null");
    }

    // Calculate hasMin and hasMax booleans (if necessary)
    if (!minMaxValid) {
        calcMinMax();
    }

    if (hasMin) {
        throw new IOException("Non-zero minimum BaseDistance in"
                            + " name constraints not supported");
    }

    if (hasMax) {
        throw new IOException("Maximum BaseDistance in"
                            + " name constraints not supported");
    }

    X500Principal subjectPrincipal = cert.getSubjectX500Principal();
    X500Name subject = X500Name.asX500Name(subjectPrincipal);

    if (subject.isEmpty() == false) {
        if (verify(subject) == false) {
            return false;
        }
    }

    GeneralNames altNames = null;
    // extract altNames
    try {
        // extract extensions, if any, from certInfo
        // following returns null if certificate contains no extensions
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        SubjectAlternativeNameExtension altNameExt =
            certImpl.getSubjectAlternativeNameExtension();
        if (altNameExt != null) {
            // extract altNames from extension; this call does not
            // return an IOException on null altnames
            altNames = altNameExt.get(
                    SubjectAlternativeNameExtension.SUBJECT_NAME);
        }
    } catch (CertificateException ce) {
        throw new IOException("Unable to extract extensions from " +
                    "certificate: " + ce.getMessage());
    }

    // If there are no subjectAlternativeNames, perform the special-case
    // check where if the subjectName contains any EMAILADDRESS
    // attributes, they must be checked against RFC822 constraints.
    // If that passes, we're fine.
    if (altNames == null) {
        return verifyRFC822SpecialCase(subject);
    }

    // verify each subjectAltName
    for (int i = 0; i < altNames.size(); i++) {
        GeneralNameInterface altGNI = altNames.get(i).getName();
        if (!verify(altGNI)) {
            return false;
        }
    }

    // All tests passed.
    return true;
}
 
Example 19
/**
 * check whether a certificate conforms to these NameConstraints.
 * This involves verifying that the subject name and subjectAltName
 * extension (critical or noncritical) is consistent with the permitted
 * subtrees state variables.  Also verify that the subject name and
 * subjectAltName extension (critical or noncritical) is consistent with
 * the excluded subtrees state variables.
 *
 * @param cert X509Certificate to be verified
 * @returns true if certificate verifies successfully
 * @throws IOException on error
 */
public boolean verify(X509Certificate cert) throws IOException {

    if (cert == null) {
        throw new IOException("Certificate is null");
    }

    // Calculate hasMin and hasMax booleans (if necessary)
    if (!minMaxValid) {
        calcMinMax();
    }

    if (hasMin) {
        throw new IOException("Non-zero minimum BaseDistance in"
                            + " name constraints not supported");
    }

    if (hasMax) {
        throw new IOException("Maximum BaseDistance in"
                            + " name constraints not supported");
    }

    X500Principal subjectPrincipal = cert.getSubjectX500Principal();
    X500Name subject = X500Name.asX500Name(subjectPrincipal);

    if (subject.isEmpty() == false) {
        if (verify(subject) == false) {
            return false;
        }
    }

    GeneralNames altNames = null;
    // extract altNames
    try {
        // extract extensions, if any, from certInfo
        // following returns null if certificate contains no extensions
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        SubjectAlternativeNameExtension altNameExt =
            certImpl.getSubjectAlternativeNameExtension();
        if (altNameExt != null) {
            // extract altNames from extension; this call does not
            // return an IOException on null altnames
            altNames = altNameExt.get(
                    SubjectAlternativeNameExtension.SUBJECT_NAME);
        }
    } catch (CertificateException ce) {
        throw new IOException("Unable to extract extensions from " +
                    "certificate: " + ce.getMessage());
    }

    // If there are no subjectAlternativeNames, perform the special-case
    // check where if the subjectName contains any EMAILADDRESS
    // attributes, they must be checked against RFC822 constraints.
    // If that passes, we're fine.
    if (altNames == null) {
        return verifyRFC822SpecialCase(subject);
    }

    // verify each subjectAltName
    for (int i = 0; i < altNames.size(); i++) {
        GeneralNameInterface altGNI = altNames.get(i).getName();
        if (!verify(altGNI)) {
            return false;
        }
    }

    // All tests passed.
    return true;
}
 
Example 20
/**
 * check whether a certificate conforms to these NameConstraints.
 * This involves verifying that the subject name and subjectAltName
 * extension (critical or noncritical) is consistent with the permitted
 * subtrees state variables.  Also verify that the subject name and
 * subjectAltName extension (critical or noncritical) is consistent with
 * the excluded subtrees state variables.
 *
 * @param cert X509Certificate to be verified
 * @return true if certificate verifies successfully
 * @throws IOException on error
 */
public boolean verify(X509Certificate cert) throws IOException {

    if (cert == null) {
        throw new IOException("Certificate is null");
    }

    // Calculate hasMin and hasMax booleans (if necessary)
    if (!minMaxValid) {
        calcMinMax();
    }

    if (hasMin) {
        throw new IOException("Non-zero minimum BaseDistance in"
                            + " name constraints not supported");
    }

    if (hasMax) {
        throw new IOException("Maximum BaseDistance in"
                            + " name constraints not supported");
    }

    X500Principal subjectPrincipal = cert.getSubjectX500Principal();
    X500Name subject = X500Name.asX500Name(subjectPrincipal);

    if (subject.isEmpty() == false) {
        if (verify(subject) == false) {
            return false;
        }
    }

    GeneralNames altNames = null;
    // extract altNames
    try {
        // extract extensions, if any, from certInfo
        // following returns null if certificate contains no extensions
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        SubjectAlternativeNameExtension altNameExt =
            certImpl.getSubjectAlternativeNameExtension();
        if (altNameExt != null) {
            // extract altNames from extension; this call does not
            // return an IOException on null altnames
            altNames = altNameExt.get(
                    SubjectAlternativeNameExtension.SUBJECT_NAME);
        }
    } catch (CertificateException ce) {
        throw new IOException("Unable to extract extensions from " +
                    "certificate: " + ce.getMessage());
    }

    // If there are no subjectAlternativeNames, perform the special-case
    // check where if the subjectName contains any EMAILADDRESS
    // attributes, they must be checked against RFC822 constraints.
    // If that passes, we're fine.
    if (altNames == null) {
        return verifyRFC822SpecialCase(subject);
    }

    // verify each subjectAltName
    for (int i = 0; i < altNames.size(); i++) {
        GeneralNameInterface altGNI = altNames.get(i).getName();
        if (!verify(altGNI)) {
            return false;
        }
    }

    // All tests passed.
    return true;
}