Java Code Examples for java.security.cert.CertificateException#getMessage()
The following examples show how to use
java.security.cert.CertificateException#getMessage() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: HttpResponseCache.java From bluemix-parking-meter with MIT License | 6 votes |
|
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
int length = reader.readInt();
if (length == -1) {
return null;
}
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate[] result = new Certificate[length];
for (int i = 0; i < result.length; i++) {
String line = reader.readLine();
byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 2
| Source File: HttpResponseCache.java From reader with MIT License | 6 votes |
|
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
int length = reader.readInt();
if (length == -1) {
return null;
}
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate[] result = new Certificate[length];
for (int i = 0; i < result.length; i++) {
String line = reader.readLine();
byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 3
| Source File: ResponseHeaderRecord.java From apollo-android with MIT License | 6 votes |
|
private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
int length = readInt(source);
if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
List<Certificate> result = new ArrayList<>(length);
for (int i = 0; i < length; i++) {
String line = source.readUtf8LineStrict();
Buffer bytes = new Buffer();
bytes.write(ByteString.decodeBase64(line));
result.add(certificateFactory.generateCertificate(bytes.inputStream()));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 4
| Source File: ResponseHeaderRecord.java From mobile-buy-sdk-android with MIT License | 6 votes |
|
private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
int length = readInt(source);
if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
List<Certificate> result = new ArrayList<>(length);
for (int i = 0; i < length; i++) {
String line = source.readUtf8LineStrict();
Buffer bytes = new Buffer();
bytes.write(ByteString.decodeBase64(line));
result.add(certificateFactory.generateCertificate(bytes.inputStream()));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 5
| Source File: HttpResponseCache.java From android-discourse with Apache License 2.0 | 6 votes |
|
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
int length = reader.readInt();
if (length == -1) {
return null;
}
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate[] result = new Certificate[length];
for (int i = 0; i < result.length; i++) {
String line = reader.readLine();
byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 6
| Source File: X509Locator.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
public UnverifiedKeyBindingType locate(LocateRequestType request) {
List<UseKeyWithType> keyIDs = parse(request);
X509Certificate cert;
try {
cert = findCertificate(keyIDs);
if (cert == null) {
return null;
}
UnverifiedKeyBindingType result = new UnverifiedKeyBindingType();
result.setKeyInfo(X509Utils.getKeyInfo(cert));
return result;
} catch (CertificateEncodingException e) {
throw new XKMSCertificateException("Cannot encode certificate: " + e.getMessage(), e);
} catch (CertificateException e1) {
throw new XKMSCertificateException(e1.getMessage(), e1);
}
}
Example 7
| Source File: HttpResponseCache.java From wildfly-samples with MIT License | 6 votes |
|
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
int length = reader.readInt();
if (length == -1) {
return null;
}
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate[] result = new Certificate[length];
for (int i = 0; i < result.length; i++) {
String line = reader.readLine();
byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 8
| Source File: HttpResponseCache.java From phonegap-plugin-loading-spinner with Apache License 2.0 | 6 votes |
|
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
int length = reader.readInt();
if (length == -1) {
return null;
}
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate[] result = new Certificate[length];
for (int i = 0; i < result.length; i++) {
String line = reader.readLine();
byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 9
| Source File: DistributedKeyStoreRegistry.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
try {
KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
Validate.notNull(store);
LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
store.load(param);
if (this.distributedKeyStores.containsKey(key)) {
LOG.info("Key [" + key + "] already in cache.");
}
this.distributedKeyStores.put(key, store);
return store;
} catch (IOException var5) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
} catch (KeyStoreException var6) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
} catch (NoSuchAlgorithmException var7) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
} catch (CertificateException var8) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
}
}
Example 10
| Source File: HttpResponseCache.java From IoTgo_Android_App with MIT License | 6 votes |
|
private Certificate[] readCertArray(StrictLineReader reader) throws IOException {
int length = reader.readInt();
if (length == -1) {
return null;
}
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate[] result = new Certificate[length];
for (int i = 0; i < result.length; i++) {
String line = reader.readLine();
byte[] bytes = Base64.decode(line.getBytes("US-ASCII"));
result[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
Example 11
| Source File: IaikP11Slot.java From xipki with Apache License 2.0 | 5 votes |
|
private static X509Cert parseCert(X509PublicKeyCertificate p11Cert) throws P11TokenException {
try {
byte[] encoded = p11Cert.getValue().getByteArrayValue();
return X509Util.parseCert(encoded);
} catch (CertificateException ex) {
throw new P11TokenException("could not parse certificate: " + ex.getMessage(), ex);
}
}
Example 12
| Source File: ConnectorCertificateChecker.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public boolean isCertificateRevoked(X509Certificate cert, DateTime validOn) throws TechnicalConnectorException {
try {
return RevocationStatusCheckerFactory.getStatusChecker().isRevoked(cert, validOn);
} catch (CertificateException var4) {
throw new CertificateVerificationException(var4.getMessage(), var4);
}
}
Example 13
| Source File: ConnectorCertificateChecker.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public boolean isCertificateRevoked(X509Certificate cert, DateTime validOn) throws TechnicalConnectorException {
try {
return RevocationStatusCheckerFactory.getStatusChecker().isRevoked(cert, validOn);
} catch (CertificateException var4) {
throw new CertificateVerificationException(var4.getMessage(), var4);
}
}
Example 14
| Source File: EnrolmentResponse.java From xipki with Apache License 2.0 | 5 votes |
|
public EnrolmentResponse(PkiMessage pkcsRep) throws ScepClientException {
Args.notNull(pkcsRep, "pkcsRep");
MessageType messageType = pkcsRep.getMessageType();
if (MessageType.CertRep != messageType) {
throw new ScepClientException("messageType must not be other than CertRep: " + messageType);
}
this.pkcsRep = pkcsRep;
if (PkiStatus.SUCCESS != pkcsRep.getPkiStatus()) {
return;
}
ASN1Encodable messageData = pkcsRep.getMessageData();
if (!(messageData instanceof ContentInfo)) {
throw new ScepClientException("pkcsRep is not a ContentInfo");
}
ContentInfo ci = (ContentInfo) messageData;
SignedData sd = SignedData.getInstance(ci.getContent());
ASN1Set asn1Certs = sd.getCertificates();
if (asn1Certs == null || asn1Certs.size() == 0) {
throw new ScepClientException("no certificate is embedded in pkcsRep");
}
try {
this.certificates = Collections.unmodifiableList(ScepUtil.getCertsFromSignedData(sd));
} catch (CertificateException ex) {
throw new ScepClientException(ex.getMessage(), ex);
}
}
Example 15
| Source File: ConnectorCertificateChecker.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public boolean isCertificateRevoked(File certFile, DateTime validOn) throws TechnicalConnectorException {
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(new FileInputStream(certFile));
return this.isCertificateRevoked(cert, validOn);
} catch (FileNotFoundException var5) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
} catch (CertificateException var6) {
throw new CertificateVerificationException(var6.getMessage(), var6);
}
}
Example 16
| Source File: CryptoPrimitives.java From fabric-sdk-java with Apache License 2.0 | 5 votes |
|
/**
* Resets curve name, hash algorithm and cert factory. Call this method when a config value changes
*
* @throws CryptoException
* @throws InvalidArgumentException
*/
private void resetConfiguration() throws CryptoException, InvalidArgumentException {
setSecurityLevel(securityLevel);
setHashAlgorithm(hashAlgorithm);
try {
cf = CertificateFactory.getInstance(CERTIFICATE_FORMAT);
} catch (CertificateException e) {
CryptoException ex = new CryptoException("Cannot initialize " + CERTIFICATE_FORMAT + " certificate factory. Error = " + e.getMessage(), e);
logger.error(ex.getMessage(), ex);
throw ex;
}
}
Example 17
| Source File: DirectDownloadManagerImpl.java From cloudstack with Apache License 2.0 | 5 votes |
|
/**
* Generate and return certificate from the string
* @throws CloudRuntimeException if the certificate is not well formed
*/
private Certificate getCertificateFromString(String certificatePem) {
try {
return CertificateHelper.buildCertificate(certificatePem);
} catch (CertificateException e) {
e.printStackTrace();
throw new CloudRuntimeException("Cannot parse the certificate provided, please provide a PEM certificate. Error: " + e.getMessage());
}
}
Example 18
| Source File: NameConstraintsExtension.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* check whether a certificate conforms to these NameConstraints.
* This involves verifying that the subject name and subjectAltName
* extension (critical or noncritical) is consistent with the permitted
* subtrees state variables. Also verify that the subject name and
* subjectAltName extension (critical or noncritical) is consistent with
* the excluded subtrees state variables.
*
* @param cert X509Certificate to be verified
* @return true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verify(X509Certificate cert) throws IOException {
if (cert == null) {
throw new IOException("Certificate is null");
}
// Calculate hasMin and hasMax booleans (if necessary)
if (!minMaxValid) {
calcMinMax();
}
if (hasMin) {
throw new IOException("Non-zero minimum BaseDistance in"
+ " name constraints not supported");
}
if (hasMax) {
throw new IOException("Maximum BaseDistance in"
+ " name constraints not supported");
}
X500Principal subjectPrincipal = cert.getSubjectX500Principal();
X500Name subject = X500Name.asX500Name(subjectPrincipal);
if (subject.isEmpty() == false) {
if (verify(subject) == false) {
return false;
}
}
GeneralNames altNames = null;
// extract altNames
try {
// extract extensions, if any, from certInfo
// following returns null if certificate contains no extensions
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) {
// extract altNames from extension; this call does not
// return an IOException on null altnames
altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
}
} catch (CertificateException ce) {
throw new IOException("Unable to extract extensions from " +
"certificate: " + ce.getMessage());
}
// If there are no subjectAlternativeNames, perform the special-case
// check where if the subjectName contains any EMAILADDRESS
// attributes, they must be checked against RFC822 constraints.
// If that passes, we're fine.
if (altNames == null) {
return verifyRFC822SpecialCase(subject);
}
// verify each subjectAltName
for (int i = 0; i < altNames.size(); i++) {
GeneralNameInterface altGNI = altNames.get(i).getName();
if (!verify(altGNI)) {
return false;
}
}
// All tests passed.
return true;
}
Example 19
| Source File: NameConstraintsExtension.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
/**
* check whether a certificate conforms to these NameConstraints.
* This involves verifying that the subject name and subjectAltName
* extension (critical or noncritical) is consistent with the permitted
* subtrees state variables. Also verify that the subject name and
* subjectAltName extension (critical or noncritical) is consistent with
* the excluded subtrees state variables.
*
* @param cert X509Certificate to be verified
* @returns true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verify(X509Certificate cert) throws IOException {
if (cert == null) {
throw new IOException("Certificate is null");
}
// Calculate hasMin and hasMax booleans (if necessary)
if (!minMaxValid) {
calcMinMax();
}
if (hasMin) {
throw new IOException("Non-zero minimum BaseDistance in"
+ " name constraints not supported");
}
if (hasMax) {
throw new IOException("Maximum BaseDistance in"
+ " name constraints not supported");
}
X500Principal subjectPrincipal = cert.getSubjectX500Principal();
X500Name subject = X500Name.asX500Name(subjectPrincipal);
if (subject.isEmpty() == false) {
if (verify(subject) == false) {
return false;
}
}
GeneralNames altNames = null;
// extract altNames
try {
// extract extensions, if any, from certInfo
// following returns null if certificate contains no extensions
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) {
// extract altNames from extension; this call does not
// return an IOException on null altnames
altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
}
} catch (CertificateException ce) {
throw new IOException("Unable to extract extensions from " +
"certificate: " + ce.getMessage());
}
// If there are no subjectAlternativeNames, perform the special-case
// check where if the subjectName contains any EMAILADDRESS
// attributes, they must be checked against RFC822 constraints.
// If that passes, we're fine.
if (altNames == null) {
return verifyRFC822SpecialCase(subject);
}
// verify each subjectAltName
for (int i = 0; i < altNames.size(); i++) {
GeneralNameInterface altGNI = altNames.get(i).getName();
if (!verify(altGNI)) {
return false;
}
}
// All tests passed.
return true;
}
Example 20
| Source File: NameConstraintsExtension.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
/**
* check whether a certificate conforms to these NameConstraints.
* This involves verifying that the subject name and subjectAltName
* extension (critical or noncritical) is consistent with the permitted
* subtrees state variables. Also verify that the subject name and
* subjectAltName extension (critical or noncritical) is consistent with
* the excluded subtrees state variables.
*
* @param cert X509Certificate to be verified
* @returns true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verify(X509Certificate cert) throws IOException {
if (cert == null) {
throw new IOException("Certificate is null");
}
// Calculate hasMin and hasMax booleans (if necessary)
if (!minMaxValid) {
calcMinMax();
}
if (hasMin) {
throw new IOException("Non-zero minimum BaseDistance in"
+ " name constraints not supported");
}
if (hasMax) {
throw new IOException("Maximum BaseDistance in"
+ " name constraints not supported");
}
X500Principal subjectPrincipal = cert.getSubjectX500Principal();
X500Name subject = X500Name.asX500Name(subjectPrincipal);
if (subject.isEmpty() == false) {
if (verify(subject) == false) {
return false;
}
}
GeneralNames altNames = null;
// extract altNames
try {
// extract extensions, if any, from certInfo
// following returns null if certificate contains no extensions
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) {
// extract altNames from extension; this call does not
// return an IOException on null altnames
altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
}
} catch (CertificateException ce) {
throw new IOException("Unable to extract extensions from " +
"certificate: " + ce.getMessage());
}
// If there are no subjectAlternativeNames, perform the special-case
// check where if the subjectName contains any EMAILADDRESS
// attributes, they must be checked against RFC822 constraints.
// If that passes, we're fine.
if (altNames == null) {
return verifyRFC822SpecialCase(subject);
}
// verify each subjectAltName
for (int i = 0; i < altNames.size(); i++) {
GeneralNameInterface altGNI = altNames.get(i).getName();
if (!verify(altGNI)) {
return false;
}
}
// All tests passed.
return true;
}
