Java Code Examples for java.security.cert.CertificateException#getMessage()

The following examples show how to use java.security.cert.CertificateException#getMessage() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HttpResponseCache.java    From bluemix-parking-meter with MIT License 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 2
Source File: HttpResponseCache.java    From reader with MIT License 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 3
Source File: ResponseHeaderRecord.java    From apollo-android with MIT License 6 votes vote down vote up
private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
  int length = readInt(source);
  if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.

  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    List<Certificate> result = new ArrayList<>(length);
    for (int i = 0; i < length; i++) {
      String line = source.readUtf8LineStrict();
      Buffer bytes = new Buffer();
      bytes.write(ByteString.decodeBase64(line));
      result.add(certificateFactory.generateCertificate(bytes.inputStream()));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 4
Source File: ResponseHeaderRecord.java    From mobile-buy-sdk-android with MIT License 6 votes vote down vote up
private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
  int length = readInt(source);
  if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.

  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    List<Certificate> result = new ArrayList<>(length);
    for (int i = 0; i < length; i++) {
      String line = source.readUtf8LineStrict();
      Buffer bytes = new Buffer();
      bytes.write(ByteString.decodeBase64(line));
      result.add(certificateFactory.generateCertificate(bytes.inputStream()));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 5
Source File: HttpResponseCache.java    From android-discourse with Apache License 2.0 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
    int length = reader.readInt();
    if (length == -1) {
        return null;
    }
    try {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Certificate[] result = new Certificate[length];
        for (int i = 0; i < result.length; i++) {
            String line = reader.readLine();
            byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
            result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
        }
        return result;
    } catch (CertificateException e) {
        throw new IOException(e.getMessage());
    }
}
 
Example 6
Source File: X509Locator.java    From cxf with Apache License 2.0 6 votes vote down vote up
@Override
public UnverifiedKeyBindingType locate(LocateRequestType request) {
    List<UseKeyWithType> keyIDs = parse(request);
    X509Certificate cert;
    try {
        cert = findCertificate(keyIDs);
        if (cert == null) {
            return null;
        }
        UnverifiedKeyBindingType result = new UnverifiedKeyBindingType();
        result.setKeyInfo(X509Utils.getKeyInfo(cert));
        return result;
    } catch (CertificateEncodingException e) {
        throw new XKMSCertificateException("Cannot encode certificate: " + e.getMessage(), e);
    } catch (CertificateException e1) {
        throw new XKMSCertificateException(e1.getMessage(), e1);
    }
}
 
Example 7
Source File: HttpResponseCache.java    From wildfly-samples with MIT License 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 8
Source File: HttpResponseCache.java    From phonegap-plugin-loading-spinner with Apache License 2.0 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 9
Source File: DistributedKeyStoreRegistry.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
   try {
      KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
      Validate.notNull(store);
      LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
      store.load(param);
      if (this.distributedKeyStores.containsKey(key)) {
         LOG.info("Key [" + key + "] already in cache.");
      }

      this.distributedKeyStores.put(key, store);
      return store;
   } catch (IOException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (KeyStoreException var6) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
   } catch (NoSuchAlgorithmException var7) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
   } catch (CertificateException var8) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
   }
}
 
Example 10
Source File: HttpResponseCache.java    From IoTgo_Android_App with MIT License 6 votes vote down vote up
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
  int length = reader.readInt();
  if (length == -1) {
    return null;
  }
  try {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    Certificate[] result = new Certificate[length];
    for (int i = 0; i < result.length; i++) {
      String line = reader.readLine();
      byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
      result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
    }
    return result;
  } catch (CertificateException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 11
Source File: IaikP11Slot.java    From xipki with Apache License 2.0 5 votes vote down vote up
private static X509Cert parseCert(X509PublicKeyCertificate p11Cert) throws P11TokenException {
  try {
    byte[] encoded = p11Cert.getValue().getByteArrayValue();
    return X509Util.parseCert(encoded);
  } catch (CertificateException ex) {
    throw new P11TokenException("could not parse certificate: " + ex.getMessage(), ex);
  }
}
 
Example 12
Source File: ConnectorCertificateChecker.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
public boolean isCertificateRevoked(X509Certificate cert, DateTime validOn) throws TechnicalConnectorException {
   try {
      return RevocationStatusCheckerFactory.getStatusChecker().isRevoked(cert, validOn);
   } catch (CertificateException var4) {
      throw new CertificateVerificationException(var4.getMessage(), var4);
   }
}
 
Example 13
Source File: ConnectorCertificateChecker.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
public boolean isCertificateRevoked(X509Certificate cert, DateTime validOn) throws TechnicalConnectorException {
   try {
      return RevocationStatusCheckerFactory.getStatusChecker().isRevoked(cert, validOn);
   } catch (CertificateException var4) {
      throw new CertificateVerificationException(var4.getMessage(), var4);
   }
}
 
Example 14
Source File: EnrolmentResponse.java    From xipki with Apache License 2.0 5 votes vote down vote up
public EnrolmentResponse(PkiMessage pkcsRep) throws ScepClientException {
  Args.notNull(pkcsRep, "pkcsRep");
  MessageType messageType = pkcsRep.getMessageType();
  if (MessageType.CertRep != messageType) {
    throw new ScepClientException("messageType must not be other than CertRep: " + messageType);
  }
  this.pkcsRep = pkcsRep;

  if (PkiStatus.SUCCESS != pkcsRep.getPkiStatus()) {
    return;
  }

  ASN1Encodable messageData = pkcsRep.getMessageData();
  if (!(messageData instanceof ContentInfo)) {
    throw new ScepClientException("pkcsRep is not a ContentInfo");
  }

  ContentInfo ci = (ContentInfo) messageData;
  SignedData sd = SignedData.getInstance(ci.getContent());
  ASN1Set asn1Certs = sd.getCertificates();
  if (asn1Certs == null || asn1Certs.size() == 0) {
    throw new ScepClientException("no certificate is embedded in pkcsRep");
  }

  try {
    this.certificates = Collections.unmodifiableList(ScepUtil.getCertsFromSignedData(sd));
  } catch (CertificateException ex) {
    throw new ScepClientException(ex.getMessage(), ex);
  }
}
 
Example 15
Source File: ConnectorCertificateChecker.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
public boolean isCertificateRevoked(File certFile, DateTime validOn) throws TechnicalConnectorException {
   try {
      CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
      X509Certificate cert = (X509Certificate)certFactory.generateCertificate(new FileInputStream(certFile));
      return this.isCertificateRevoked(cert, validOn);
   } catch (FileNotFoundException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (CertificateException var6) {
      throw new CertificateVerificationException(var6.getMessage(), var6);
   }
}
 
Example 16
Source File: CryptoPrimitives.java    From fabric-sdk-java with Apache License 2.0 5 votes vote down vote up
/**
 * Resets curve name, hash algorithm and cert factory. Call this method when a config value changes
 *
 * @throws CryptoException
 * @throws InvalidArgumentException
 */
private void resetConfiguration() throws CryptoException, InvalidArgumentException {

    setSecurityLevel(securityLevel);

    setHashAlgorithm(hashAlgorithm);

    try {
        cf = CertificateFactory.getInstance(CERTIFICATE_FORMAT);
    } catch (CertificateException e) {
        CryptoException ex = new CryptoException("Cannot initialize " + CERTIFICATE_FORMAT + " certificate factory. Error = " + e.getMessage(), e);
        logger.error(ex.getMessage(), ex);
        throw ex;
    }
}
 
Example 17
Source File: DirectDownloadManagerImpl.java    From cloudstack with Apache License 2.0 5 votes vote down vote up
/**
 * Generate and return certificate from the string
 * @throws CloudRuntimeException if the certificate is not well formed
 */
private Certificate getCertificateFromString(String certificatePem) {
    try {
        return CertificateHelper.buildCertificate(certificatePem);
    } catch (CertificateException e) {
        e.printStackTrace();
        throw new CloudRuntimeException("Cannot parse the certificate provided, please provide a PEM certificate. Error: " + e.getMessage());
    }
}
 
Example 18
Source File: NameConstraintsExtension.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * check whether a certificate conforms to these NameConstraints.
 * This involves verifying that the subject name and subjectAltName
 * extension (critical or noncritical) is consistent with the permitted
 * subtrees state variables.  Also verify that the subject name and
 * subjectAltName extension (critical or noncritical) is consistent with
 * the excluded subtrees state variables.
 *
 * @param cert X509Certificate to be verified
 * @return true if certificate verifies successfully
 * @throws IOException on error
 */
public boolean verify(X509Certificate cert) throws IOException {

    if (cert == null) {
        throw new IOException("Certificate is null");
    }

    // Calculate hasMin and hasMax booleans (if necessary)
    if (!minMaxValid) {
        calcMinMax();
    }

    if (hasMin) {
        throw new IOException("Non-zero minimum BaseDistance in"
                            + " name constraints not supported");
    }

    if (hasMax) {
        throw new IOException("Maximum BaseDistance in"
                            + " name constraints not supported");
    }

    X500Principal subjectPrincipal = cert.getSubjectX500Principal();
    X500Name subject = X500Name.asX500Name(subjectPrincipal);

    if (subject.isEmpty() == false) {
        if (verify(subject) == false) {
            return false;
        }
    }

    GeneralNames altNames = null;
    // extract altNames
    try {
        // extract extensions, if any, from certInfo
        // following returns null if certificate contains no extensions
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        SubjectAlternativeNameExtension altNameExt =
            certImpl.getSubjectAlternativeNameExtension();
        if (altNameExt != null) {
            // extract altNames from extension; this call does not
            // return an IOException on null altnames
            altNames = altNameExt.get(
                    SubjectAlternativeNameExtension.SUBJECT_NAME);
        }
    } catch (CertificateException ce) {
        throw new IOException("Unable to extract extensions from " +
                    "certificate: " + ce.getMessage());
    }

    // If there are no subjectAlternativeNames, perform the special-case
    // check where if the subjectName contains any EMAILADDRESS
    // attributes, they must be checked against RFC822 constraints.
    // If that passes, we're fine.
    if (altNames == null) {
        return verifyRFC822SpecialCase(subject);
    }

    // verify each subjectAltName
    for (int i = 0; i < altNames.size(); i++) {
        GeneralNameInterface altGNI = altNames.get(i).getName();
        if (!verify(altGNI)) {
            return false;
        }
    }

    // All tests passed.
    return true;
}
 
Example 19
Source File: NameConstraintsExtension.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * check whether a certificate conforms to these NameConstraints.
 * This involves verifying that the subject name and subjectAltName
 * extension (critical or noncritical) is consistent with the permitted
 * subtrees state variables.  Also verify that the subject name and
 * subjectAltName extension (critical or noncritical) is consistent with
 * the excluded subtrees state variables.
 *
 * @param cert X509Certificate to be verified
 * @returns true if certificate verifies successfully
 * @throws IOException on error
 */
public boolean verify(X509Certificate cert) throws IOException {

    if (cert == null) {
        throw new IOException("Certificate is null");
    }

    // Calculate hasMin and hasMax booleans (if necessary)
    if (!minMaxValid) {
        calcMinMax();
    }

    if (hasMin) {
        throw new IOException("Non-zero minimum BaseDistance in"
                            + " name constraints not supported");
    }

    if (hasMax) {
        throw new IOException("Maximum BaseDistance in"
                            + " name constraints not supported");
    }

    X500Principal subjectPrincipal = cert.getSubjectX500Principal();
    X500Name subject = X500Name.asX500Name(subjectPrincipal);

    if (subject.isEmpty() == false) {
        if (verify(subject) == false) {
            return false;
        }
    }

    GeneralNames altNames = null;
    // extract altNames
    try {
        // extract extensions, if any, from certInfo
        // following returns null if certificate contains no extensions
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        SubjectAlternativeNameExtension altNameExt =
            certImpl.getSubjectAlternativeNameExtension();
        if (altNameExt != null) {
            // extract altNames from extension; this call does not
            // return an IOException on null altnames
            altNames = altNameExt.get(
                    SubjectAlternativeNameExtension.SUBJECT_NAME);
        }
    } catch (CertificateException ce) {
        throw new IOException("Unable to extract extensions from " +
                    "certificate: " + ce.getMessage());
    }

    // If there are no subjectAlternativeNames, perform the special-case
    // check where if the subjectName contains any EMAILADDRESS
    // attributes, they must be checked against RFC822 constraints.
    // If that passes, we're fine.
    if (altNames == null) {
        return verifyRFC822SpecialCase(subject);
    }

    // verify each subjectAltName
    for (int i = 0; i < altNames.size(); i++) {
        GeneralNameInterface altGNI = altNames.get(i).getName();
        if (!verify(altGNI)) {
            return false;
        }
    }

    // All tests passed.
    return true;
}
 
Example 20
Source File: NameConstraintsExtension.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * check whether a certificate conforms to these NameConstraints.
 * This involves verifying that the subject name and subjectAltName
 * extension (critical or noncritical) is consistent with the permitted
 * subtrees state variables.  Also verify that the subject name and
 * subjectAltName extension (critical or noncritical) is consistent with
 * the excluded subtrees state variables.
 *
 * @param cert X509Certificate to be verified
 * @returns true if certificate verifies successfully
 * @throws IOException on error
 */
public boolean verify(X509Certificate cert) throws IOException {

    if (cert == null) {
        throw new IOException("Certificate is null");
    }

    // Calculate hasMin and hasMax booleans (if necessary)
    if (!minMaxValid) {
        calcMinMax();
    }

    if (hasMin) {
        throw new IOException("Non-zero minimum BaseDistance in"
                            + " name constraints not supported");
    }

    if (hasMax) {
        throw new IOException("Maximum BaseDistance in"
                            + " name constraints not supported");
    }

    X500Principal subjectPrincipal = cert.getSubjectX500Principal();
    X500Name subject = X500Name.asX500Name(subjectPrincipal);

    if (subject.isEmpty() == false) {
        if (verify(subject) == false) {
            return false;
        }
    }

    GeneralNames altNames = null;
    // extract altNames
    try {
        // extract extensions, if any, from certInfo
        // following returns null if certificate contains no extensions
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        SubjectAlternativeNameExtension altNameExt =
            certImpl.getSubjectAlternativeNameExtension();
        if (altNameExt != null) {
            // extract altNames from extension; this call does not
            // return an IOException on null altnames
            altNames = altNameExt.get(
                    SubjectAlternativeNameExtension.SUBJECT_NAME);
        }
    } catch (CertificateException ce) {
        throw new IOException("Unable to extract extensions from " +
                    "certificate: " + ce.getMessage());
    }

    // If there are no subjectAlternativeNames, perform the special-case
    // check where if the subjectName contains any EMAILADDRESS
    // attributes, they must be checked against RFC822 constraints.
    // If that passes, we're fine.
    if (altNames == null) {
        return verifyRFC822SpecialCase(subject);
    }

    // verify each subjectAltName
    for (int i = 0; i < altNames.size(); i++) {
        GeneralNameInterface altGNI = altNames.get(i).getName();
        if (!verify(altGNI)) {
            return false;
        }
    }

    // All tests passed.
    return true;
}