List of usage examples for java.security KeyStoreException getMessage
public String getMessage()
From source file:be.fedict.commons.eid.jca.BeIDX509KeyManager.java
@Override public X509Certificate[] getCertificateChain(final String alias) { LOG.debug("getCertificateChain: " + alias); if ("beid".equals(alias)) { Certificate[] certificateChain; try {/*w w w. j a v a2s . c om*/ certificateChain = this.keyStore.getCertificateChain("Authentication"); } catch (final KeyStoreException e) { LOG.error("BeID keystore error: " + e.getMessage(), e); return null; } final X509Certificate[] x509CertificateChain = new X509Certificate[certificateChain.length]; for (int idx = 0; idx < certificateChain.length; idx++) { x509CertificateChain[idx] = (X509Certificate) certificateChain[idx]; } return x509CertificateChain; } return null; }
From source file:be.fedict.eid.tsl.Pkcs11Token.java
public List<String> getAliases() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException { List<String> aliases = new LinkedList<String>(); try {//from w w w.j ava2 s. c o m this.keyStore = KeyStore.getInstance("PKCS11", this.pkcs11Provider); } catch (KeyStoreException e) { JOptionPane.showMessageDialog(null, "No keystore present: " + e.getMessage(), "PKCS#11 error", JOptionPane.ERROR_MESSAGE); throw e; } LoadStoreParameter loadStoreParameter = new Pkcs11LoadStoreParameter(); try { this.keyStore.load(loadStoreParameter); } catch (IOException e) { LOG.debug("I/O error: " + e.getMessage(), e); Throwable cause = e.getCause(); if (null != cause) { if (cause instanceof FailedLoginException) { JOptionPane.showMessageDialog(null, "PIN incorrect", "Login failed", JOptionPane.ERROR_MESSAGE); } } return aliases; } Enumeration<String> aliasesEnum = this.keyStore.aliases(); while (aliasesEnum.hasMoreElements()) { String alias = aliasesEnum.nextElement(); LOG.debug("keystore alias: " + alias); if (false == this.keyStore.isKeyEntry(alias)) { continue; } aliases.add(alias); } return aliases; }
From source file:org.openremote.controller.rest.FindCertificateByID.java
protected String getChain(String username) throws Exception { username = URLDecoder.decode(username, "UTF-8"); String rootCAPath = configurationService.getItem("ca_path"); String keystore = rootCAPath + "/server.jks"; StringBuffer sb = new StringBuffer(); sb.append(Constants.STATUS_XML_HEADER); sb.append("\n<chain>\n<server>\n"); try {// ww w . j av a2s. com KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(keystore), "password".toCharArray()); Certificate certificate = ks.getCertificate(CA_ALIAS); sb.append(new String(Base64.encodeBase64(certificate.getEncoded()))); } catch (KeyStoreException e) { logger.error(e.getMessage()); } catch (NoSuchAlgorithmException e) { logger.error(e.getMessage()); } catch (CertificateException e) { logger.error(e.getMessage()); } sb.append("</server>\n<client>\n"); try { Certificate certificate = clientService.getClientCertificate(username); if (certificate != null) { // Check client certificate //if(clientService.(dn, datum) X509Certificate x509cert = (X509Certificate) certificate; Principal dname = x509cert.getSubjectDN(); Date notAfterDate = x509cert.getNotAfter(); if (clientService.isClientValid(dname.toString())) { if (clientService.isClientDateValid(notAfterDate)) { sb.append(new String(Base64.encodeBase64(certificate.getEncoded()))); } else { throw new Exception(ERROR_DATE_EXPIRED); } } else { throw new Exception(ERROR_INVALID_DN); } } else { logger.error("Client certificate is not found/null."); } } catch (CertificateEncodingException e) { logger.error(e.getMessage()); } sb.append("</client>\n</chain>"); sb.append(Constants.STATUS_XML_TAIL); return sb.toString(); }
From source file:com.qpark.eip.core.spring.security.https.EipX509TrustManager.java
/** * <pre>/*from w w w. jav a 2s. c om*/ * http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#HostnameVerifier * </pre> * * If the SSL/TLS implementation's standard hostname verification logic * fails, the implementation will call the verify method of the class which * implements this interface and is assigned to this HttpsURLConnection * instance. If the callback class can determine that the hostname is * acceptable given the parameters, it should report that the connection * should be allowed. An unacceptable response will cause the connection to * be terminated. * * @see javax.net.ssl.HostnameVerifier#verify(java.lang.String, * javax.net.ssl.SSLSession) */ @Override public boolean verify(final String hostname, final SSLSession session) { try { this.logger.debug("verify hostname={}", hostname); if (hostname != null && session != null && session.getPeerCertificateChain() != null && session.getPeerCertificateChain().length > 0 && session.getPeerCertificateChain()[0] != null && session.getPeerCertificateChain()[0].getPublicKey() != null) { Certificate cert = this.ks.getCertificate(hostname); if (cert != null && cert.getPublicKey() != null) { String ksPublicKey = cert.getPublicKey().toString(); String serverPublicKey = session.getPeerCertificateChain()[0].getPublicKey().toString(); if (ksPublicKey.equals(serverPublicKey)) { return true; } else { this.logger.debug("verify not matching public keys!"); this.logger.debug("verify public key from keystore={}", ksPublicKey); this.logger.debug("verify public key from server ={}", serverPublicKey); } } else { this.logger.debug("verify no cert({}) with PublicKey found.", cert); } } else { this.logger.debug("verify no hostname({}) or session with PeerCertificateChain and PublicKey.", hostname); } } catch (KeyStoreException e) { this.logger.debug("verify {}", e.getMessage()); } catch (SSLPeerUnverifiedException e) { this.logger.debug("verify {}", e.getMessage()); } return false; }
From source file:eu.eidas.auth.engine.SAMLEngineUtils.java
public static List<Credential> getListOfCredential(KeyStore keyStore) throws SAMLEngineException { final List<Credential> trustCred = new ArrayList<Credential>(); try {//w w w . j a va 2 s . c om String aliasCert = null; X509Certificate certificate; for (final Enumeration<String> e = keyStore.aliases(); e.hasMoreElements();) { aliasCert = e.nextElement(); final BasicX509Credential credential = new BasicX509Credential(); certificate = (X509Certificate) keyStore.getCertificate(aliasCert); credential.setEntityCertificate(certificate); trustCred.add(credential); } } catch (KeyStoreException e) { LOG.warn("ERROR : KeyStoreException.", e.getMessage()); LOG.debug("ERROR : KeyStoreException.", e); throw new SAMLEngineException(e); } return trustCred; }
From source file:org.openiot.gsn.http.ac.GSNClient.java
public GSNClient(String host, int gsnhttpport, int gsnhttpsport) { this.host = host; this.gsnhttpport = gsnhttpport; this.gsnhttpsport = gsnhttpsport; httpclient = new DefaultHttpClient(); FileInputStream instream = null; try {// ww w .j av a 2s . com this.trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); instream = new FileInputStream(new File("conf/clienttestkeystore")); this.trustStore.load(instream, "changeit".toCharArray()); SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme sch = new Scheme("https", socketFactory, gsnhttpsport); Scheme plainsch = new Scheme("http", PlainSocketFactory.getSocketFactory(), gsnhttpport); httpclient.getConnectionManager().getSchemeRegistry().register(sch); httpclient.getConnectionManager().getSchemeRegistry().register(plainsch); } catch (KeyStoreException e) { logger.error("ERROR IN GSNCLIENT : Exception while creating trustStore :"); logger.error(e.getMessage(), e); } catch (FileNotFoundException e) { logger.error("ERROR IN GSNCLIENT : FileInputStream exception :"); logger.error(e.getMessage(), e); } catch (Exception e) { logger.error("ERROR IN GSNCLIENT : Exception while loading truststore :"); logger.error(e.getMessage(), e); } finally { try { if (instream != null) { instream.close(); } } catch (Exception e) { } } }
From source file:org.josso.auth.scheme.validation.AbstractX509CertificateValidator.java
/** * Gets certificate from keystore./*from w w w . j a v a 2 s .c o m*/ * * @param alias alias * @return certificate or null * @throws CertificateException */ protected X509Certificate getCertificate(String alias) throws CertificateException { if (alias == null) { return null; } if (!_initialized) { initialize(); } try { return (X509Certificate) _keystore.getCertificate(alias); } catch (KeyStoreException e) { log.error(e, e); throw new RuntimeException("Error getting certificate from keystore : " + e.getMessage(), e); } }
From source file:edu.vt.middleware.crypt.CryptProvider.java
/** * <p>This creates a <code>KeyStore</code> using the supplied type name.</p> * * @param type <code>String</code> * * @return <code>KeyStore</code> * * @throws CryptException if the type is not available from any provider or * the provider is not available in the environment *//*from w w w. ja va 2s .c om*/ public static KeyStore getKeyStore(final String type) throws CryptException { final Log logger = LogFactory.getLog(CryptProvider.class); KeyStore store = null; String keyStoreType = type; if (keyStoreType == null) { keyStoreType = KeyStore.getDefaultType(); } for (int i = 0; i < providers.length; i++) { try { store = KeyStore.getInstance(keyStoreType, providers[i]); } catch (KeyStoreException e) { if (logger.isDebugEnabled()) { logger.debug("Could not get instance of keystore type " + type + " from " + providers[i]); } } catch (NoSuchProviderException e) { if (logger.isDebugEnabled()) { logger.debug("Could not find provider " + providers[i]); } } finally { if (store != null) { break; } } } if (store == null) { try { store = KeyStore.getInstance(keyStoreType); } catch (KeyStoreException e) { if (logger.isDebugEnabled()) { logger.debug("Could not get instance of keystore type " + type); } throw new CryptException(e.getMessage()); } } return store; }
From source file:org.kuali.coeus.propdev.impl.s2s.connect.S2SCertificateReaderBase.java
@Override public KeyStore getKeyStore() throws S2sCommunicationException { if (keyStore != null) return keyStore; try {/* ww w. j a v a2s. c om*/ keyStore = KeyStore.getInstance(jksType); keyStore.load(new FileInputStream(getS2SConfigurationService().getValueAsString(keyStoreLocation)), getS2SConfigurationService().getValueAsString(keyStorePassword).toCharArray()); } catch (KeyStoreException e) { keyStore = null; LOG.error("Error while creating Keystore with cert " + keyStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_KEYSTORE_CREATION, e.getMessage()); } catch (NoSuchAlgorithmException e) { keyStore = null; LOG.error("JCE provider doesnt support certificate algorithm " + keyStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_KEYSTORE_NO_ALGORITHM, e.getMessage()); } catch (CertificateException e) { keyStore = null; LOG.error("Error while creating keystore " + keyStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_KEYSTORE_BAD_CERTIFICATE, e.getMessage()); } catch (FileNotFoundException e) { keyStore = null; LOG.error("File not found " + keyStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_KEYSTORE_NOT_FOUND, e.getMessage()); } catch (IOException e) { keyStore = null; LOG.error("IO Exception while reading keystore file " + keyStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_KEYSTORE_CANNOT_READ, e.getMessage()); } return keyStore; }
From source file:org.kuali.coeus.propdev.impl.s2s.connect.S2SCertificateReaderBase.java
@Override public KeyStore getTrustStore() throws S2sCommunicationException { if (trustStore != null) return trustStore; try {//from w ww . j a v a2 s. co m trustStore = KeyStore.getInstance(jksType); trustStore.load(new FileInputStream(getS2SConfigurationService().getValueAsString(trustStoreLocation)), getS2SConfigurationService().getValueAsString(trustStorePassword).toCharArray()); } catch (KeyStoreException e) { trustStore = null; LOG.error("Error while creating Keystore with cert " + trustStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_TRUSTSTORE_CREATION, e.getMessage()); } catch (NoSuchAlgorithmException e) { trustStore = null; LOG.error("JCE provider doesnt support certificate algorithm " + trustStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_TRUSTSTORE_NO_ALGORITHM, e.getMessage()); } catch (CertificateException e) { trustStore = null; LOG.error("Error while creating keystore " + trustStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_TRUSTSTORE_BAD_CERTIFICATE, e.getMessage()); } catch (FileNotFoundException e) { trustStore = null; LOG.error("File not found " + trustStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_TRUSTSTORE_NOT_FOUND, e.getMessage()); } catch (IOException e) { trustStore = null; LOG.error("IO Exception while reading keystore file " + trustStoreLocation, e); throw new S2sCommunicationException(KeyConstants.ERROR_S2S_TRUSTSTORE_CANNOT_READ, e.getMessage()); } return trustStore; }