Example usage for java.security.cert CertPathBuilderException getMessage

List of usage examples for java.security.cert CertPathBuilderException getMessage

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. CertPathBuilderException
  6. getMessage

Introduction

In this page you can find the example usage for java.security.cert CertPathBuilderException getMessage.

Prototype

public String getMessage()

Source Link

Document

Returns the detail message string of this throwable.

Usage

From source file:com.vmware.identity.idm.IDPConfig.java

/**
 * Validate the chain is in the required order user's certificate first,
 * root CA certificate last including the case of only root CA is present.
 * Also validate that there is only one chain, which consists of all the
 * certificates listed./*from   w ww  .j  ava2  s .  c  om*/
 */
private static boolean validateSingleX509CertChain(List<X509Certificate> chain)
        throws ExternalIDPExtraneousCertsInCertChainException, ExternalIDPCertChainInvalidTrustedPathException {
    final String ALGO_PKIX = "PKIX"; //for X.509

    final String CERTSTORE_PROVIDER_COLLECTION = "Collection";

    try {
        Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
        anchors.add(new TrustAnchor(chain.get(chain.size() - 1), null));

        X509CertSelector targetCertSelector = new X509CertSelector();
        targetCertSelector.setCertificate(chain.get(0));

        CertStore builderStore = CertStore.getInstance(CERTSTORE_PROVIDER_COLLECTION,
                new CollectionCertStoreParameters(chain));

        PKIXBuilderParameters buildParams = new PKIXBuilderParameters(anchors, targetCertSelector);
        buildParams.addCertStore(builderStore);
        buildParams.setRevocationEnabled(false);

        CertPathBuilder pathBuilder = CertPathBuilder.getInstance(ALGO_PKIX);
        CertPathBuilderResult builderResult = pathBuilder.build(buildParams);

        if (chain.size() - 1 != builderResult.getCertPath().getCertificates().size()) {
            throw new ExternalIDPExtraneousCertsInCertChainException(chain);
        }
        return true;

    } catch (CertPathBuilderException cpbe) {
        throw new ExternalIDPCertChainInvalidTrustedPathException(cpbe.getMessage(), chain); // no need to chain the exception.
    } catch (GeneralSecurityException gse) {
        throw new ExternalIDPCertChainInvalidTrustedPathException(gse.getMessage(), chain);
    }
}

From source file:mitm.common.security.certpath.CertPathBuilderTest.java

@Test
public void testNoTrustAnchors() throws Exception {
    addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore());
    addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore());
    addCertificates("testCertificates.p7b", certStoreParams.getCertStore());

    CertificatePathBuilder builder = new PKIXCertificatePathBuilder();
    builder.addCertStore(certStore);//from   w  w  w .  java  2 s .c  om

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962"));
    selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL");

    try {
        builder.buildPath(selector);

        fail("Should have failed");
    } catch (CertPathBuilderException e) {
        assertEquals(PKIXCertificatePathBuilder.NO_ROOTS_ERROR_MESSAGE, e.getMessage());
    }
}

From source file:mitm.common.security.certpath.CertPathBuilderTest.java

@Test
public void testBuildPathTargetNotFound() throws Exception {
    // add roots//  w  ww  .j  a  v  a 2s .c  om
    addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore());

    addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore());
    addCertificates("testCertificates.p7b", certStoreParams.getCertStore());

    addCRL("test-ca.crl", certStoreParams.getCRLStore());
    addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore());

    trustAnchors = getTrustAnchors();

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("123"));
    selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL");

    CertificatePathBuilder builder = new PKIXCertificatePathBuilder();

    builder.setTrustAnchors(trustAnchors);
    builder.addCertStore(certStore);

    try {
        builder.buildPath(selector);

        fail();
    } catch (CertPathBuilderException e) {
        assertEquals("No certificate found matching targetContraints.", e.getMessage());
    }
}

From source file:mitm.common.security.certpath.CertPathBuilderTest.java

@Test
public void testBuildPathRootNotFound() throws Exception {
    // root store cannot be empty so we just load something
    addCertificates("dod-mega-crl.cer", rootStoreParams.getCertStore());

    addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore());
    addCertificates("testCertificates.p7b", certStoreParams.getCertStore());

    addCRL("test-ca.crl", certStoreParams.getCRLStore());
    addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore());

    trustAnchors = getTrustAnchors();//from  ww  w  .j a  va  2  s.  co  m

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("115FCD741088707366E9727452C9770"));
    selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL");

    CertificatePathBuilder builder = new PKIXCertificatePathBuilder();

    builder.setTrustAnchors(trustAnchors);
    builder.addCertStore(certStore);

    try {
        builder.buildPath(selector);

        fail();
    } catch (CertPathBuilderException e) {
        assertEquals("No issuer certificate for certificate in certification path found.", e.getMessage());
    }
}