Example usage for java.security.cert CertPathValidatorException CertPathValidatorException

List of usage examples for java.security.cert CertPathValidatorException CertPathValidatorException

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. CertPathValidatorException
  6. CertPathValidatorException

Introduction

In this page you can find the example usage for java.security.cert CertPathValidatorException CertPathValidatorException.

Prototype

public CertPathValidatorException(String msg, Throwable cause)

Source Link

Document

Creates a CertPathValidatorException with the specified detail message and cause.

Usage

From source file:org.globus.gsi.trustmanager.TrustedCertPathFinder.java

private static CertPath isTrustedCert(KeyStore keyStore, X509Certificate x509Certificate,
        List<X509Certificate> trustedCertPath) throws CertPathValidatorException {
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(x509Certificate);
    Collection<? extends Certificate> caCerts;
    try {// w ww  .  j  a v  a  2s  .  c om
        caCerts = KeyStoreUtil.getTrustedCertificates(keyStore, certSelector);
    } catch (KeyStoreException e) {
        throw new CertPathValidatorException("Error accessing trusted certificate store", e);
    }
    if ((caCerts.size() > 0) && (x509Certificate.getBasicConstraints() != -1)) {

        trustedCertPath.add(x509Certificate);
        // JGLOBUS-92
        try {
            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
            return certFac.generateCertPath(trustedCertPath);
        } catch (CertificateException e) {
            throw new CertPathValidatorException("Error generating trusted certificate path", e);
        }
    }
    return null;
}

From source file:org.globus.gsi.trustmanager.TrustedCertPathFinder.java

private static X509Certificate checkCertificate(List<X509Certificate> trustedCertPath,
        X509Certificate x509Certificate, Certificate issuerCertificate) throws CertPathValidatorException {
    X509Certificate x509IssuerCertificate = (X509Certificate) issuerCertificate;

    // check that the next one is indeed issuer, normalizing to Globus DN format
    String issuerDN = CertificateUtil.toGlobusID(x509Certificate.getIssuerX500Principal());
    String issuerCertDN = CertificateUtil.toGlobusID(x509IssuerCertificate.getSubjectX500Principal());

    if (!(issuerDN.equals(issuerCertDN))) {
        throw new IllegalArgumentException("Incorrect certificate path, certificate in chain can only "
                + "be issuer of previous certificate");
    }/*from  w w w  . ja  v a 2s  . com*/

    // validate integrity of signature
    PublicKey publicKey = x509IssuerCertificate.getPublicKey();
    try {
        x509Certificate.verify(publicKey);
    } catch (CertificateException e) {
        throw new CertPathValidatorException(
                "Signature validation on the certificate " + x509Certificate.getSubjectDN(), e);
    } catch (NoSuchAlgorithmException e) {
        throw new CertPathValidatorException(
                "Signature validation on the certificate " + x509Certificate.getSubjectDN(), e);
    } catch (InvalidKeyException e) {
        throw new CertPathValidatorException(
                "Signature validation on the certificate " + x509Certificate.getSubjectDN(), e);
    } catch (NoSuchProviderException e) {
        throw new CertPathValidatorException(
                "Signature validation on the certificate " + x509Certificate.getSubjectDN(), e);
    } catch (SignatureException e) {
        throw new CertPathValidatorException(
                "Signature validation on the certificate " + x509Certificate.getSubjectDN(), e);
    }

    trustedCertPath.add(x509Certificate);
    return x509IssuerCertificate;
}

From source file:org.viafirma.nucleo.validacion.OcspValidatorHandler.java

/**
 * Comprueba que la respuesta OCSP no ha sido manipulada y es correcta.
 * //from   w w  w .  j a va 2  s  .co m
 * @param certificadoX509Emisor
 * @param brep
 * @throws OCSPException
 * @throws CertPathValidatorException
 */
private void checkOCSP(BasicOCSPResp ocspResponse) throws OCSPException, CertPathValidatorException {
    // Recuperamos la clave pblica esperada con el OCSP firmo la respuesta.
    X509Certificate certificatePath[] = null;
    try {
        certificatePath = ocspResponse.getCerts(BouncyCastleProvider.PROVIDER_NAME);
    } catch (NoSuchProviderException e) {
        throw new CertPathValidatorException("La respuesta OCSP no puede ser validada.", e);
    }

    // Recuperamos el inicio del camino ( suponemos que el resto de
    // certificados estara ya
    if (certificatePath == null || certificatePath.length == 0) {
        throw new CertPathValidatorException(
                "No se ha podido encontrar un certificado en la respuesta OCSP. La respuesta OCSP debe ser firmada por el servidor de OCSP.");
    }
    X509Certificate certificadoResponseOCSP = certificatePath[0];

    // Recuperamos la clave pblica almacenada en nuestros certificados de
    // confianza.
    PublicKey keyCertificadoOCSP = getPublicKeyBySubjectName(certificadoResponseOCSP);
    if (keyCertificadoOCSP == null) {
        throw new CertPathValidatorException(
                "No hay un certificado de confianza asociado a al certificado con el que se firmo esta respuesta OCSP. "
                        + certificadoResponseOCSP.getSubjectDN().getName());
    }

    try {
        if (!ocspResponse.verify(keyCertificadoOCSP, BouncyCastleProvider.PROVIDER_NAME)) {
            throw new CertPathValidatorException(
                    "La respuesta OCSP no es vlida, La firma no corresponde a un certificado de confianza.");
        }
    } catch (NoSuchProviderException e) {
        throw new CertPathValidatorException("La respuesta OCSP no puede ser validada.", e);
    }
}