Example usage for java.security.cert PKIXParameters toString

List of usage examples for java.security.cert PKIXParameters toString

Introduction

In this page you can find the example usage for java.security.cert PKIXParameters toString.

Prototype

public String toString() 

Source Link

Document

Returns a formatted string describing the parameters.

Usage

From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java

/**
 * Validate the certificate path using a provided OCSP responder configuration.
 *
 * @param certPath      required/*w w  w. j  a va  2s.co m*/
 * @param crlCollection
 * @param certStore     null possible cert store for PKIX param
 * @param altOCSP       null possible
 * @throws CertificateRevocationCheckException
 * @throws IdmCertificateRevokedException
 */
private void validateCertPath(CertPath certPath, Collection<Object> crlCollection, CertStore certStore,
        AlternativeOCSP altOCSP) throws CertificateRevocationCheckException, IdmCertificateRevokedException {

    setupOCSPOptions(certPath, altOCSP);
    PKIXParameters params = createPKIXParameters(crlCollection);

    if (null != certStore) {
        params.addCertStore(certStore);
    }

    CertPathValidator certPathValidator;
    try {
        certPathValidator = CertPathValidator.getInstance("PKIX");
    } catch (NoSuchAlgorithmException e) {
        throw new CertificateRevocationCheckException("Error getting PKIX validator instance:" + e.getMessage(),
                e);
    }

    try {
        String pkiParam = params.toString();
        logger.trace("**Certificate Path Validation Parameters trust anchors **\n"
                + params.getTrustAnchors().toString() + "\n");

        logger.trace("**Certificate Path Validation Parameters **\n" + pkiParam + "\n");

        CertPathValidatorResult result = certPathValidator.validate(certPath, params);

        logger.trace("**Certificate Path Validation Result **\n" + result.toString() + "\n");
    } catch (CertPathValidatorException e) {
        if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) {
            throw new IdmCertificateRevokedException("CRL shows certificate status as revoked");
        } else if (e.getReason() == CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) {
            throw new CertRevocationStatusUnknownException(
                    "CRL checking could not determine certificate status.");
        }
        throw new CertificateRevocationCheckException("Certificate path validation failed:" + e.getMessage(),
                e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateRevocationCheckException(
                "Certificate validation parameters invalid, could not validate certificate path:"
                        + e.getMessage(),
                e);
    }

}