List of usage examples for java.security NoSuchProviderException getMessage
public String getMessage()
From source file:eu.eidas.auth.engine.SAMLEngineUtils.java
/** * @param cert//from w ww . j ava2 s . c o m * @return true when the certificate is self signed */ public static boolean isCertificateSelfSigned(X509Certificate cert) { try { PublicKey publicKey = cert.getPublicKey(); cert.verify(publicKey); return true; } catch (java.security.SignatureException sigEx) { LOG.info("ERROR : SignatureException {}", sigEx.getMessage()); LOG.debug("ERROR : SignatureException {}", sigEx); return false; } catch (InvalidKeyException keyEx) { // Invalid key --> not self-signed LOG.info("ERROR : InvalidKeyException {}", keyEx.getMessage()); LOG.debug("ERROR : InvalidKeyException {}", keyEx); return false; } catch (CertificateException certExc) { LOG.info("ERROR : CertificateException {}", certExc.getMessage()); LOG.debug("ERROR : CertificateException {}", certExc); return false; } catch (NoSuchAlgorithmException nsaExc) { LOG.info("ERROR : Bad algorithm: " + nsaExc.getMessage()); LOG.debug("ERROR : Bad algorithm: " + nsaExc); return false; } catch (NoSuchProviderException nspExc) { LOG.info("ERROR : Bad provider: " + nspExc.getMessage()); LOG.debug("ERROR : Bad provider: " + nspExc); return false; } }
From source file:com.alfaariss.oa.profile.aselect.ws.security.OACrypto.java
/** * Validate a given certificate chain.// ww w . java2 s .com * @see Crypto#validateCertPath(java.security.cert.X509Certificate[]) */ public boolean validateCertPath(X509Certificate[] certs) throws WSSecurityException { boolean ok = false; try { // Generate cert path List<X509Certificate> certList = Arrays.asList(certs); CertPath path = this.getCertificateFactory().generateCertPath(certList); HashSet<TrustAnchor> set = new HashSet<TrustAnchor>(); if (certs.length == 1) // Use factory certs { String alias = _factory.getAliasForX509Cert(certs[0].getIssuerDN().getName(), certs[0].getSerialNumber()); if (alias == null) { _logger.debug("Certificate not trusted"); return false; } X509Certificate cert = (X509Certificate) _factory.getCertificate(alias); TrustAnchor anchor = new TrustAnchor(cert, cert.getExtensionValue("2.5.29.30")); set.add(anchor); } else { // Add certificates from the keystore Enumeration aliases = _factory.getAliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); X509Certificate cert = (X509Certificate) _factory.getCertificate(alias); TrustAnchor anchor = new TrustAnchor(cert, cert.getExtensionValue("2.5.29.30")); set.add(anchor); } } PKIXParameters param = new PKIXParameters(set); param.setRevocationEnabled(false); Provider provider = _factory.getKeyStore().getProvider(); String sProvider = null; CertPathValidator certPathValidator = null; if (provider != null) { sProvider = provider.getName(); } if (sProvider == null || sProvider.length() == 0) { certPathValidator = CertPathValidator.getInstance("PKIX"); } else { certPathValidator = CertPathValidator.getInstance("PKIX", sProvider); } certPathValidator.validate(path, param); ok = true; } catch (NoSuchProviderException e) { _logger.warn("No such provider", e); throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (NoSuchAlgorithmException e) { _logger.warn("No such algorithm", e); throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (InvalidAlgorithmParameterException e) { _logger.warn("Invalid algorithm param", e); throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (CertificateException e) { _logger.warn("Invalid certificate", e); throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (ClassCastException e) { _logger.warn("Certificate is not an X509Certificate", e); throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (CertPathValidatorException e) { _logger.warn("Could not validate Cert Path", e); throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (CryptoException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } return ok; }
From source file:org.alfresco.extension.countersign.signature.RepositoryManagedSignatureProvider.java
@Override public KeyStore getUserKeyStore(String storePassword) { try {// w ww . j a v a 2 s . c o m NodeRef person = serviceRegistry.getPersonService().getPerson(user); if (person == null) { return null; } KeyStore keystore = KeyStore.getInstance("pkcs12"); // check to see if a keystore exists for this user NodeRef keystoreNode = counterSignService.getSignatureArtifact(person, CounterSignSignatureModel.ASSOC_SIGNERKEYSTORE); // if no keystore, create one, persist it and associate it with the user if (keystoreNode == null) { keystore = createUserKeyStore(person, storePassword); } else { // open the reader to the key and load it ContentReader keyReader = serviceRegistry.getContentService().getReader(keystoreNode, ContentModel.PROP_CONTENT); keystore.load(keyReader.getContentInputStream(), storePassword.toCharArray()); } // return the keystore return keystore; } catch (KeyStoreException kse) { throw new AlfrescoRuntimeException(kse.getMessage()); } catch (java.security.cert.CertificateException ce) { throw new AlfrescoRuntimeException(ce.getMessage()); } catch (NoSuchAlgorithmException nsaex) { throw new AlfrescoRuntimeException(nsaex.getMessage()); } catch (IOException ioex) { throw new AlfrescoRuntimeException(ioex.getMessage()); } catch (NoSuchProviderException nspex) { throw new AlfrescoRuntimeException(nspex.getMessage()); } }
From source file:org.alfresco.extension.countersign.signature.RepositoryManagedSignatureProvider.java
@Override public boolean validateSignature(byte[] sig, byte[] hash) { String alg = config.getProperty(RepositoryManagedSignatureProviderFactory.SIGNATURE_ALGORITHM); String prov = config.getProperty(RepositoryManagedSignatureProviderFactory.JAVA_SIGNATURE_PROVIDER); boolean valid = false; try {/*from w w w . j a v a 2 s . c o m*/ Signature validate = Signature.getInstance(alg, prov); validate.initVerify(getPublicKey()); validate.update(hash); valid = validate.verify(sig); } catch (NoSuchProviderException nspe) { throw new AlfrescoRuntimeException("Provider: " + prov + " was not found: " + nspe.getMessage()); } catch (NoSuchAlgorithmException nsae) { throw new AlfrescoRuntimeException("Algorithm: " + alg + " is not available: " + nsae.getMessage()); } catch (SignatureException se) { valid = false; } catch (InvalidKeyException ike) { valid = false; } return valid; }
From source file:org.apache.ws.security.components.crypto.CryptoBase.java
/** * Overridden because there's a bug in the base class where they don't use * the provider variant for the certificate validator. * * @param certs/*from w w w. j a v a 2s . co m*/ * Certificate chain to validate * @return true if the certificate chain is valid, false otherwise * @throws WSSecurityException */ public boolean validateCertPath(java.security.cert.X509Certificate[] certs) throws org.apache.ws.security.WSSecurityException { try { // Generate cert path java.util.List cert_list = java.util.Arrays.asList(certs); java.security.cert.CertPath path = getCertificateFactory().generateCertPath(cert_list); // Use the certificates in the keystore as TrustAnchors java.security.cert.PKIXParameters param = new java.security.cert.PKIXParameters(this.keystore); // Do not check a revocation list param.setRevocationEnabled(false); // Verify the trust path using the above settings String provider = getCryptoProvider(); java.security.cert.CertPathValidator validator = null; if (provider == null || provider.length() == 0) { validator = java.security.cert.CertPathValidator.getInstance("PKIX"); } else { validator = java.security.cert.CertPathValidator.getInstance("PKIX", provider); } validator.validate(path, param); } catch (java.security.NoSuchProviderException e) { throw new org.apache.ws.security.WSSecurityException(org.apache.ws.security.WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.NoSuchAlgorithmException e) { throw new org.apache.ws.security.WSSecurityException(org.apache.ws.security.WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.cert.CertificateException e) { throw new org.apache.ws.security.WSSecurityException(org.apache.ws.security.WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.InvalidAlgorithmParameterException e) { throw new org.apache.ws.security.WSSecurityException(org.apache.ws.security.WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.cert.CertPathValidatorException e) { throw new org.apache.ws.security.WSSecurityException(org.apache.ws.security.WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.KeyStoreException e) { throw new org.apache.ws.security.WSSecurityException(org.apache.ws.security.WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } return true; }
From source file:org.apache.ws.security.components.crypto.Merlin.java
/** * Evaluate whether a given certificate chain should be trusted. * Uses the CertPath API to validate a given certificate chain. * * @param certs Certificate chain to validate * @param enableRevocation whether to enable CRL verification or not * @return true if the certificate chain is valid, false otherwise * @throws WSSecurityException/*from w w w. java 2 s . c o m*/ */ public boolean verifyTrust(X509Certificate[] certs, boolean enableRevocation) throws WSSecurityException { try { // Generate cert path List<X509Certificate> certList = Arrays.asList(certs); CertPath path = getCertificateFactory().generateCertPath(certList); Set<TrustAnchor> set = new HashSet<TrustAnchor>(); if (truststore != null) { Enumeration<String> truststoreAliases = truststore.aliases(); while (truststoreAliases.hasMoreElements()) { String alias = truststoreAliases.nextElement(); X509Certificate cert = (X509Certificate) truststore.getCertificate(alias); if (cert != null) { TrustAnchor anchor = new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID)); set.add(anchor); } } } // // Add certificates from the keystore - only if there is no TrustStore, apart from // the case that the truststore is the JDK CA certs. This behaviour is preserved // for backwards compatibility reasons // if (keystore != null && (truststore == null || loadCACerts)) { Enumeration<String> aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); X509Certificate cert = (X509Certificate) keystore.getCertificate(alias); if (cert != null) { TrustAnchor anchor = new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID)); set.add(anchor); } } } PKIXParameters param = new PKIXParameters(set); param.setRevocationEnabled(enableRevocation); if (enableRevocation && crlCertStore != null) { param.addCertStore(crlCertStore); } // Verify the trust path using the above settings String provider = getCryptoProvider(); CertPathValidator validator = null; if (provider == null || provider.length() == 0) { validator = CertPathValidator.getInstance("PKIX"); } else { validator = CertPathValidator.getInstance("PKIX", provider); } validator.validate(path, param); return true; } catch (java.security.NoSuchProviderException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.NoSuchAlgorithmException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.cert.CertificateException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.InvalidAlgorithmParameterException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.cert.CertPathValidatorException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (java.security.KeyStoreException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } catch (NullPointerException e) { // NPE thrown by JDK 1.7 for one of the test cases throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e); } }
From source file:org.cesecore.keys.util.KeyTools.java
/** * Testing a key pair to verify that it is possible to first sign and then verify with it. * //from w w w . j a v a2s. c om * @param priv * private key to sign a string with * @param pub * public key to verify the signature with * @param provider * A provider used for signing with the private key, or null if "BC" should be used. * * @throws InvalidKeyException * if the public key can not be used to verify a string signed by the private key, because the key is wrong or the signature operation * fails for other reasons such as a NoSuchAlgorithmException or SignatureException. * @throws NoSuchProviderException * if the provider is not installed. */ public static void testKey(final PrivateKey priv, final PublicKey pub, final String provider) throws InvalidKeyException { // NOPMD:this is not a junit test final byte input[] = "Lillan gick pa vagen ut, motte dar en katt...".getBytes(); final byte signBV[]; final String testSigAlg; { final Iterator<String> i = AlgorithmTools.getSignatureAlgorithms(pub).iterator(); final String tmp = i.hasNext() ? i.next() : null; testSigAlg = tmp != null ? tmp : "SHA1WithRSA"; } if (log.isDebugEnabled()) { log.debug("Testing keys with algorithm: " + pub.getAlgorithm()); log.debug("testSigAlg: " + testSigAlg); log.debug("provider: " + provider); log.trace("privateKey: " + priv); log.trace("privateKey class: " + priv.getClass().getName()); log.trace("publicKey: " + pub); log.trace("publicKey class: " + pub.getClass().getName()); } try { { final Provider prov = Security.getProvider(provider != null ? provider : "BC"); final Signature signature = Signature.getInstance(testSigAlg, prov); signature.initSign(priv); signature.update(input); signBV = signature.sign(); if (signBV == null) { throw new InvalidKeyException("Result from signing is null."); } if (log.isDebugEnabled()) { log.trace("Created signature of size: " + signBV.length); log.trace("Created signature: " + new String(Hex.encode(signBV))); } } { Signature signature; try { signature = Signature.getInstance(testSigAlg, "BC"); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not found as a provider.", e); } signature.initVerify(pub); signature.update(input); if (!signature.verify(signBV)) { throw new InvalidKeyException("Not possible to sign and then verify with key pair."); } } } catch (NoSuchAlgorithmException e) { throw new InvalidKeyException("Exception testing key: " + e.getMessage(), e); } catch (SignatureException e) { throw new InvalidKeyException("Exception testing key: " + e.getMessage(), e); } }
From source file:org.hdiv.cipher.CipherHTTP.java
/** * Generates a Cipher object that implements the specified transformation. */// w w w. j av a 2 s. c o m public void init() { try { if (this.provider == null) { this.cipher = Cipher.getInstance(this.transformation); } else { this.cipher = Cipher.getInstance(this.transformation, this.provider); } if (log.isDebugEnabled()) { log.debug("New CipherHTTP instance [cipher = " + this.cipher + "]"); } } catch (NoSuchProviderException e) { throw new HDIVException(e.getMessage()); } catch (NoSuchAlgorithmException e) { throw new HDIVException(e.getMessage()); } catch (NoSuchPaddingException e) { throw new HDIVException(e.getMessage()); } }
From source file:org.wso2.carbon.webapp.ext.cxf.crypto.CXFServerCrypto.java
private boolean validateCertPath(KeyStore ks, Certificate[] certs) throws WSSecurityException { try {/*from w ww.ja v a 2 s. c o m*/ // Generate cert path List certList = Arrays.asList(certs); CertPath path = this.getCertificateFactory().generateCertPath(certList); // Use the certificates in the keystore as TrustAnchors PKIXParameters param = new PKIXParameters(ks); // Do not check a revocation list param.setRevocationEnabled(false); // Verify the trust path using the above settings String provider = properties.getProperty("org.apache.ws.security.crypto.merlin.cert.provider"); CertPathValidator certPathValidator; if (provider == null || provider.length() == 0) { certPathValidator = CertPathValidator.getInstance("PKIX"); } else { certPathValidator = CertPathValidator.getInstance("PKIX", provider); } certPathValidator.validate(path, param); } catch (NoSuchProviderException ex) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { ex.getMessage() }, ex); } catch (NoSuchAlgorithmException ex) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { ex.getMessage() }, ex); } catch (CertificateException ex) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { ex.getMessage() }, ex); } catch (InvalidAlgorithmParameterException ex) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { ex.getMessage() }, ex); } catch (CertPathValidatorException ex) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { ex.getMessage() }, ex); } catch (KeyStoreException ex) { throw new WSSecurityException(WSSecurityException.FAILURE, "certpath", new Object[] { ex.getMessage() }, ex); } return true; }
From source file:org.xdi.oxauth.model.jws.AbstractJwsSigner.java
private boolean validateHash(String tokenCode, String tokenHash) { boolean result = false; try {/*www. j av a 2s . c o m*/ if (signatureAlgorithm != null && StringUtils.isNotBlank(tokenCode) && StringUtils.isNotBlank(tokenHash)) { byte[] digest = null; if (signatureAlgorithm == SignatureAlgorithm.HS256 || signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.ES256) { digest = JwtUtil.getMessageDigestSHA256(tokenCode); } else if (signatureAlgorithm == SignatureAlgorithm.HS384 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.ES512) { digest = JwtUtil.getMessageDigestSHA384(tokenCode); } else if (signatureAlgorithm == SignatureAlgorithm.HS512 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.ES512) { digest = JwtUtil.getMessageDigestSHA512(tokenCode); } if (digest != null) { byte[] lefMostHalf = new byte[digest.length / 2]; System.arraycopy(digest, 0, lefMostHalf, 0, lefMostHalf.length); String hash = JwtUtil.base64urlencode(lefMostHalf); result = hash.equals(tokenHash); } } } catch (NoSuchProviderException e) { LOG.error(e.getMessage(), e); result = false; } catch (NoSuchAlgorithmException e) { LOG.error(e.getMessage(), e); result = false; } catch (Exception e) { LOG.error(e.getMessage(), e); result = false; } return result; }