Example 1 with X509PEMFileReader
use of com.unboundid.util.ssl.cert.X509PEMFileReader in project ldapsdk by pingidentity.
the class PEMFileKeyManager method readCertificateChain.
/**
* Reads the certificate chain from the provided PEM files.
*
* @param certificateChainPEMFiles The files containing the PEM-formatted
* X.509 representations of the certificates
* in the certificate chain. This must not
* be {@code null} or empty. Each file must
* exist and must contain at least one
* certificate. The files will be processed
* in the order in which they are provided.
* The first certificate in the first file
* must be the end entity certificate, and
* each subsequent certificate must be the
* issuer for the previous certificate. The
* chain does not need to be complete as
* long as the peer may be expected to have
* prior knowledge of any missing issuer
* certificates.
*
* @return The certificate chain that was read.
*
* @throws KeyStoreException If a problem is encountered while reading the
* certificate chain.
*/
@NotNull()
private static X509Certificate[] readCertificateChain(@NotNull final List<File> certificateChainPEMFiles) throws KeyStoreException {
com.unboundid.util.ssl.cert.X509Certificate lastCert = null;
final List<X509Certificate> certList = new ArrayList<>();
for (final File f : certificateChainPEMFiles) {
if (!f.exists()) {
throw new KeyStoreException(ERR_PEM_FILE_KEY_MANAGER_NO_SUCH_CERT_FILE.get(f.getAbsolutePath()));
}
boolean readCert = false;
try (final X509PEMFileReader r = new X509PEMFileReader(f)) {
while (true) {
final com.unboundid.util.ssl.cert.X509Certificate c = r.readCertificate();
if (c == null) {
if (!readCert) {
throw new KeyStoreException(ERR_PEM_FILE_KEY_MANAGER_EMPTY_CERT_FILE.get(f.getAbsolutePath()));
}
break;
}
readCert = true;
if ((lastCert != null) && (!c.isIssuerFor(lastCert))) {
throw new KeyStoreException(ERR_PEM_FILE_KEY_MANAGER_SUBSEQUENT_CERT_NOT_ISSUER.get(c.getSubjectDN().toString(), f.getAbsolutePath(), lastCert.getSubjectDN().toString()));
}
try {
certList.add((X509Certificate) c.toCertificate());
} catch (final Exception e) {
Debug.debugException(e);
throw new KeyStoreException(ERR_PEM_FILE_KEY_MANAGER_CANNOT_DECODE_CERT.get(c.getSubjectDN().toString(), f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
}
lastCert = c;
}
} catch (final KeyStoreException e) {
Debug.debugException(e);
throw e;
} catch (final IOException e) {
Debug.debugException(e);
throw new KeyStoreException(ERR_PEM_FILE_KEY_MANAGER_ERROR_READING_FROM_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
} catch (final CertException e) {
Debug.debugException(e);
throw new KeyStoreException(ERR_PEM_FILE_KEY_MANAGER_ERROR_READING_CERT.get(f.getAbsolutePath(), e.getMessage()), e);
}
}
final X509Certificate[] chain = new X509Certificate[certList.size()];
return certList.toArray(chain);
}
Also used :
ArrayList(java.util.ArrayList)
CertException(com.unboundid.util.ssl.cert.CertException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
X509PEMFileReader(com.unboundid.util.ssl.cert.X509PEMFileReader)
KeyStoreException(java.security.KeyStoreException)
CertException(com.unboundid.util.ssl.cert.CertException)
IOException(java.io.IOException)
File(java.io.File)
NotNull(com.unboundid.util.NotNull)
Example 2 with X509PEMFileReader
use of com.unboundid.util.ssl.cert.X509PEMFileReader in project ldapsdk by pingidentity.
the class CertificateDataReplaceCertificateKeyStoreContent method readPEMCertificates.
/**
* Reads one or more PEM-formatted X.509 certificates from the given input
* stream.
*
* @param file The file with which the provided input stream is
* associated. It must not be {@code null}.
* @param inputStream The input stream from which the certificates are to
* be read. It must not be {@code null}.
* @param encodedCerts A list that will be updated with the certificates
* that are read. This must not be {@code null} and
* must be updatable.
*
* @throws IOException If a problem occurs while trying to read from the
* file.
*
* @throws LDAPException If the contents of the file cannot be parsed as a
* valid set of PEM-formatted certificates.
*/
private static void readPEMCertificates(@NotNull final File file, @NotNull final InputStream inputStream, @NotNull final List<byte[]> encodedCerts) throws IOException, LDAPException {
try (X509PEMFileReader pemReader = new X509PEMFileReader(inputStream)) {
while (true) {
final X509Certificate cert = pemReader.readCertificate();
if (cert == null) {
return;
}
encodedCerts.add(cert.getX509CertificateBytes());
}
} catch (final CertException e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_CD_KSC_DECODE_PEM_CERT_ERROR.get(file.getAbsolutePath(), e.getMessage()), e);
}
}
Also used :
LDAPException(com.unboundid.ldap.sdk.LDAPException)
CertException(com.unboundid.util.ssl.cert.CertException)
X509PEMFileReader(com.unboundid.util.ssl.cert.X509PEMFileReader)
X509Certificate(com.unboundid.util.ssl.cert.X509Certificate)
Example 3 with X509PEMFileReader
use of com.unboundid.util.ssl.cert.X509PEMFileReader in project ldapsdk by pingidentity.
the class PEMFileTrustManager method readTrustedCertificates.
/**
* Reads trusted certificate information from the specified PEM file.
*
* @param f The PEM file to examine. It must not be {@code null}, and it
* must reference a file that exists. If it is a directory, then
* all files contained in it (including subdirectories) will be
* recursively processed.
* @param m The map to be updated wth the certificates read from the PEM
* files. It must not be {@code null} and must be updatable.
*
* @throws KeyStoreException If a problem is encountered while reading
* trusted certificate information from the
* specified file.
*/
private static void readTrustedCertificates(@NotNull final File f, @NotNull final Map<com.unboundid.util.ssl.cert.X509Certificate, X509Certificate> m) throws KeyStoreException {
if (!f.exists()) {
throw new KeyStoreException(ERR_PEM_FILE_TRUST_MANAGER_NO_SUCH_FILE.get(f.getAbsolutePath()));
}
try {
if (f.isDirectory()) {
for (final File fileInDir : f.listFiles()) {
readTrustedCertificates(fileInDir, m);
}
} else {
try (X509PEMFileReader r = new X509PEMFileReader(f)) {
boolean readCert = false;
while (true) {
final com.unboundid.util.ssl.cert.X509Certificate cert = r.readCertificate();
if (cert == null) {
if (!readCert) {
throw new KeyStoreException(ERR_PEM_FILE_TRUST_MANAGER_EMPTY_FILE.get(f.getAbsolutePath()));
}
break;
}
readCert = true;
final X509Certificate c = (X509Certificate) cert.toCertificate();
m.put(cert, c);
}
}
}
} catch (final KeyStoreException e) {
Debug.debugException(e);
throw e;
} catch (final IOException e) {
Debug.debugException(e);
throw new KeyStoreException(ERR_PEM_FILE_TRUST_MANAGER_ERROR_READING_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
} catch (final CertException e) {
Debug.debugException(e);
throw new KeyStoreException(ERR_PEM_FILE_TRUST_MANAGER_ERROR_PARSING_CERT.get(f.getAbsolutePath(), e.getMessage()), e);
} catch (final Exception e) {
Debug.debugException(e);
throw new KeyStoreException(ERR_PEM_FILE_TRUST_MANAGER_ERROR_PROCESSING_FILE.get(f.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
}
}
Also used :
CertException(com.unboundid.util.ssl.cert.CertException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
File(java.io.File)
X509PEMFileReader(com.unboundid.util.ssl.cert.X509PEMFileReader)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CertificateException(java.security.cert.CertificateException)
CertException(com.unboundid.util.ssl.cert.CertException)
Aggregations
CertException (com.unboundid.util.ssl.cert.CertException)3
X509PEMFileReader (com.unboundid.util.ssl.cert.X509PEMFileReader)3
File (java.io.File)2
IOException (java.io.IOException)2
KeyStoreException (java.security.KeyStoreException)2
X509Certificate (java.security.cert.X509Certificate)2
LDAPException (com.unboundid.ldap.sdk.LDAPException)1
NotNull (com.unboundid.util.NotNull)1
X509Certificate (com.unboundid.util.ssl.cert.X509Certificate)1
CertificateException (java.security.cert.CertificateException)1
ArrayList (java.util.ArrayList)1
