List of usage examples for java.security.cert PKIXParameters toString
public String toString()
From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java
/** * Validate the certificate path using a provided OCSP responder configuration. * * @param certPath required/*w w w. j a va 2s.co m*/ * @param crlCollection * @param certStore null possible cert store for PKIX param * @param altOCSP null possible * @throws CertificateRevocationCheckException * @throws IdmCertificateRevokedException */ private void validateCertPath(CertPath certPath, Collection<Object> crlCollection, CertStore certStore, AlternativeOCSP altOCSP) throws CertificateRevocationCheckException, IdmCertificateRevokedException { setupOCSPOptions(certPath, altOCSP); PKIXParameters params = createPKIXParameters(crlCollection); if (null != certStore) { params.addCertStore(certStore); } CertPathValidator certPathValidator; try { certPathValidator = CertPathValidator.getInstance("PKIX"); } catch (NoSuchAlgorithmException e) { throw new CertificateRevocationCheckException("Error getting PKIX validator instance:" + e.getMessage(), e); } try { String pkiParam = params.toString(); logger.trace("**Certificate Path Validation Parameters trust anchors **\n" + params.getTrustAnchors().toString() + "\n"); logger.trace("**Certificate Path Validation Parameters **\n" + pkiParam + "\n"); CertPathValidatorResult result = certPathValidator.validate(certPath, params); logger.trace("**Certificate Path Validation Result **\n" + result.toString() + "\n"); } catch (CertPathValidatorException e) { if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) { throw new IdmCertificateRevokedException("CRL shows certificate status as revoked"); } else if (e.getReason() == CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) { throw new CertRevocationStatusUnknownException( "CRL checking could not determine certificate status."); } throw new CertificateRevocationCheckException("Certificate path validation failed:" + e.getMessage(), e); } catch (InvalidAlgorithmParameterException e) { throw new CertificateRevocationCheckException( "Certificate validation parameters invalid, could not validate certificate path:" + e.getMessage(), e); } }