List of usage examples for java.security.cert CertificateException getCause
public synchronized Throwable getCause()
From source file:facturatron.facturacion.PAC.finkok.ClassicKeyLoader.java
/** * @param crtInputStream Flujo de entrada del archivo que representa la llave pblica codificada * en x509/*from w w w . j a va2 s. com*/ * * @return Informacin de la llave pblica encapsulada en el objeto {@link X509Certificate} * * @throws KeyException Lanzada si la codificacin del certificado no es correcta. */ public static X509Certificate loadX509Certificate(InputStream crtInputStream) throws KeyException { CertificateFactory factory = null; X509Certificate x509Crt = null; try { factory = CertificateFactory.getInstance("X.509"); x509Crt = (X509Certificate) factory.generateCertificate(crtInputStream); } catch (CertificateException e) { throw new KeyException("Error al obtener el certificado x.509. La codificacin puede ser incorrecta.", e.getCause()); } return x509Crt; }
From source file:com.dtolabs.rundeck.jetty.jaas.HostnameVerifyingTrustManagerTest.java
@Test public void testCheckServerTrustedFailsVerification() throws Exception { X509Certificate certificate = Mockito.mock(X509Certificate.class); X509Certificate[] chain = { certificate }; String authType = "type"; String host = "host"; SSLException root = new SSLException("Invalid"); Mockito.doThrow(root).when(verifier).check(Mockito.eq(host), Mockito.same(certificate)); HostnameVerifyingSSLSocketFactory.setTargetHost(host); try {//from w w w . ja v a 2s .c o m trustManager.checkServerTrusted(chain, authType); Assert.fail("Expected hostname verification to fail."); } catch (CertificateException e) { Assert.assertSame("Expected validation exception to be thrown as root cause.", root, e.getCause()); } Mockito.verifyZeroInteractions(realTrustManager); }
From source file:org.codice.ddf.security.certificate.generator.CertificateAuthority.java
public KeyStore.PrivateKeyEntry sign(CertificateSigningRequest csr) { //Converters, holders, and builders! Oh my! JcaX509v3CertificateBuilder builder = csr.newCertificateBuilder(getCertificate()); X509CertificateHolder holder = builder.build(getContentSigner()); JcaX509CertificateConverter converter = newCertConverter(); X509Certificate signedCert;/*from w w w. ja v a 2s. c o m*/ try { signedCert = converter.getCertificate(holder); } catch (CertificateException e) { throw new CertificateGeneratorException("Could not create signed certificate.", e.getCause()); } X509Certificate[] chain = new X509Certificate[2]; chain[0] = signedCert; chain[1] = getCertificate(); return new KeyStore.PrivateKeyEntry(csr.getSubjectPrivateKey(), chain); }
From source file:org.hyperic.util.security.DatabaseSSLProviderImpl.java
private X509TrustManager getCustomTrustManager(final X509TrustManager defaultTrustManager, final KeystoreConfig keystoreConfig, final boolean acceptUnverifiedCertificates, final KeyStore trustStore) { return new X509TrustManager() { private final Log log = LogFactory.getLog(X509TrustManager.class); public X509Certificate[] getAcceptedIssuers() { return defaultTrustManager.getAcceptedIssuers(); }//from w ww . jav a 2 s .c o m public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { defaultTrustManager.checkServerTrusted(chain, authType); } catch (CertificateException e) { CertificateExpiredException expiredCertException = getCertExpiredException(e); if (expiredCertException != null) { log.error("Fail the connection because received certificate is expired. " + "Please update the certificate.", expiredCertException); throw new CertificateException(e); } if (acceptUnverifiedCertificates) { log.info("Import the certification. (Received certificate is not trusted by keystore)"); importCertificate(chain); } else { log.warn( "Fail the connection because received certificate is not trusted by keystore: alias=" + keystoreConfig.getAlias() + ", path=" + keystoreConfig.getFilePath()); log.debug( "Fail the connection because received certificate is not trusted by keystore: alias=" + keystoreConfig.getAlias() + ", path=" + keystoreConfig.getFilePath() + ", acceptUnverifiedCertificates=" + acceptUnverifiedCertificates, e); throw new CertificateException(e); } } } private CertificateExpiredException getCertExpiredException(Exception e) { while (e != null) { if (e instanceof CertificateExpiredException) { return (CertificateExpiredException) e; } e = (Exception) e.getCause(); } return null; } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { defaultTrustManager.checkClientTrusted(chain, authType); } private void importCertificate(X509Certificate[] chain) throws CertificateException { FileOutputStream keyStoreFileOutputStream = null; boolean hasLock = false; final boolean debug = log.isDebugEnabled(); final StopWatch watch = new StopWatch(); try { for (X509Certificate cert : chain) { String[] cnValues = AbstractVerifier.getCNs(cert); String alias; if (cnValues != null && cnValues.length > 0) { alias = cnValues[0]; } else { alias = "UnknownCN"; } alias += "-ts=" + System.currentTimeMillis(); trustStore.setCertificateEntry(alias, cert); } KEYSTORE_WRITER_LOCK.lockInterruptibly(); hasLock = true; keyStoreFileOutputStream = new FileOutputStream(keystoreConfig.getFilePath()); trustStore.store(keyStoreFileOutputStream, keystoreConfig.getFilePassword().toCharArray()); } catch (FileNotFoundException e) { // Can't find the keystore in the path log.error("Can't find the keystore in " + keystoreConfig.getFilePath() + ". Error message:" + e.getMessage(), e); } catch (NoSuchAlgorithmException e) { log.error("The algorithm is not supported. Error message:" + e.getMessage(), e); } catch (Exception e) { // expect KeyStoreException, IOException log.error("Exception when trying to import certificate: " + e.getMessage(), e); } finally { close(keyStoreFileOutputStream); keyStoreFileOutputStream = null; if (hasLock) { KEYSTORE_WRITER_LOCK.unlock(); } if (debug) log.debug("importCert: " + watch); } } private void close(FileOutputStream keyStoreFileOutputStream) { if (keyStoreFileOutputStream != null) { try { keyStoreFileOutputStream.close(); } catch (IOException e) { log.error(e, e); } } } }; }
From source file:org.wso2.carbon.identity.core.util.DynamicX509TrustManager.java
/** * Checks the validity of passed x509Certificate certificate chain * * @param x509Certificates/*from w w w . ja v a 2s . c o m*/ * @param s * @throws CertificateException */ @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { try { //if changes were made to the trust store, reload the trust store and initialize the trustManager instance. if (Boolean.parseBoolean(System.getProperty(PROP_TRUST_STORE_UPDATE_REQUIRED))) { setupTrustManager(); } trustManager.checkServerTrusted(x509Certificates, s); } catch (CertificateException e) { // Reload the truststore once if SSL validation fails. try { setupTrustManager(); trustManager.checkServerTrusted(x509Certificates, s); } catch (Exception e1) { throw new CertificateException("Certificate validation failed due to " + e1.getCause(), e1); } } catch (Exception e) { throw new CertificateException("Certificate validation failed due to " + e.getCause(), e); } }