Example 36 with CRLException
use of java.security.cert.CRLException in project jdk8u_jdk by JetBrains.
the class X509CRLImpl method verify.
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key,
* and that the signature verification was computed by
* the given provider. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
public synchronized void verify(PublicKey key, Provider sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
if (signedCRL == null) {
throw new CRLException("Uninitialized CRL");
}
Signature sigVerf = null;
if (sigProvider == null) {
sigVerf = Signature.getInstance(sigAlgId.getName());
} else {
sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
}
sigVerf.initVerify(key);
if (tbsCertList == null) {
throw new CRLException("Uninitialized CRL");
}
sigVerf.update(tbsCertList, 0, tbsCertList.length);
if (!sigVerf.verify(signature)) {
throw new SignatureException("Signature does not match.");
}
verifiedPublicKey = key;
}
Also used :
Signature(java.security.Signature)
SignatureException(java.security.SignatureException)
CRLException(java.security.cert.CRLException)
Example 37 with CRLException
use of java.security.cert.CRLException in project tomcat by apache.
the class JSSEUtil method getTrustManagers.
@Override
public TrustManager[] getTrustManagers() throws Exception {
String className = sslHostConfig.getTrustManagerClassName();
if (className != null && className.length() > 0) {
ClassLoader classLoader = getClass().getClassLoader();
Class<?> clazz = classLoader.loadClass(className);
if (!(TrustManager.class.isAssignableFrom(clazz))) {
throw new InstantiationException(sm.getString("jsse.invalidTrustManagerClassName", className));
}
Object trustManagerObject = clazz.newInstance();
TrustManager trustManager = (TrustManager) trustManagerObject;
return new TrustManager[] { trustManager };
}
TrustManager[] tms = null;
KeyStore trustStore = sslHostConfig.getTruststore();
if (trustStore != null) {
checkTrustStoreEntries(trustStore);
String algorithm = sslHostConfig.getTruststoreAlgorithm();
String crlf = sslHostConfig.getCertificateRevocationListFile();
boolean revocationEnabled = sslHostConfig.getRevocationEnabled();
if ("PKIX".equalsIgnoreCase(algorithm)) {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
CertPathParameters params = getParameters(crlf, trustStore, revocationEnabled);
ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
tmf.init(mfp);
tms = tmf.getTrustManagers();
} else {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(trustStore);
tms = tmf.getTrustManagers();
if (crlf != null && crlf.length() > 0) {
throw new CRLException(sm.getString("jsseUtil.noCrlSupport", algorithm));
}
log.warn(sm.getString("jsseUtil.noVerificationDepth", algorithm));
}
}
return tms;
}
Also used :
CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters)
CertPathParameters(java.security.cert.CertPathParameters)
KeyStore(java.security.KeyStore)
TrustManager(javax.net.ssl.TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
CRLException(java.security.cert.CRLException)
ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)
Example 38 with CRLException
use of java.security.cert.CRLException in project j2objc by google.
the class CRLExtensions method init.
// helper routine
private void init(DerInputStream derStrm) throws CRLException {
try {
DerInputStream str = derStrm;
byte nextByte = (byte) derStrm.peekByte();
// check for context specific byte 0; skip it
if (((nextByte & 0x0c0) == 0x080) && ((nextByte & 0x01f) == 0x000)) {
DerValue val = str.getDerValue();
str = val.data;
}
DerValue[] exts = str.getSequence(5);
for (int i = 0; i < exts.length; i++) {
Extension ext = new Extension(exts[i]);
parseExtension(ext);
}
} catch (IOException e) {
throw new CRLException("Parsing error: " + e.toString());
}
}
Also used :
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
Example 39 with CRLException
use of java.security.cert.CRLException in project j2objc by google.
the class X509CRLImpl method sign.
/**
* Encodes an X.509 CRL, and signs it using the given key.
*
* @param key the private key used for signing.
* @param algorithm the name of the signature algorithm used.
* @param provider the name of the provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception NoSuchProviderException on incorrect provider.
* @exception SignatureException on signature errors.
* @exception CRLException if any mandatory data was omitted.
*/
public void sign(PrivateKey key, String algorithm, String provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
try {
if (readOnly)
throw new CRLException("cannot over-write existing CRL");
Signature sigEngine = null;
if ((provider == null) || (provider.length() == 0))
sigEngine = Signature.getInstance(algorithm);
else
sigEngine = Signature.getInstance(algorithm, provider);
sigEngine.initSign(key);
// in case the name is reset
sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
infoSigAlgId = sigAlgId;
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
// encode crl info
encodeInfo(tmp);
// encode algorithm identifier
sigAlgId.encode(tmp);
// Create and encode the signature itself.
sigEngine.update(tbsCertList, 0, tbsCertList.length);
signature = sigEngine.sign();
tmp.putBitString(signature);
// Wrap the signed data in a SEQUENCE { data, algorithm, sig }
out.write(DerValue.tag_Sequence, tmp);
signedCRL = out.toByteArray();
readOnly = true;
} catch (IOException e) {
throw new CRLException("Error while encoding data: " + e.getMessage());
}
}
Also used :
Signature(java.security.Signature)
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
Example 40 with CRLException
use of java.security.cert.CRLException in project j2objc by google.
the class X509CRLImpl method getTBSCertList.
/**
* Gets the DER encoded CRL information, the
* <code>tbsCertList</code> from this CRL.
* This can be used to verify the signature independently.
*
* @return the DER encoded CRL information.
* @exception CRLException on encoding errors.
*/
public byte[] getTBSCertList() throws CRLException {
if (tbsCertList == null)
throw new CRLException("Uninitialized CRL");
byte[] dup = new byte[tbsCertList.length];
System.arraycopy(tbsCertList, 0, dup, 0, dup.length);
return dup;
}
Also used :
CRLException(java.security.cert.CRLException)
Aggregations
CRLException (java.security.cert.CRLException)63
IOException (java.io.IOException)26
CertificateException (java.security.cert.CertificateException)21
X509CRL (java.security.cert.X509CRL)14
CRL (java.security.cert.CRL)11
ByteArrayInputStream (java.io.ByteArrayInputStream)8
Signature (java.security.Signature)8
CertificateFactory (java.security.cert.CertificateFactory)8
SignatureException (java.security.SignatureException)6
InputStream (java.io.InputStream)5
Certificate (java.security.cert.Certificate)5
X509CRLImpl (sun.security.x509.X509CRLImpl)5
CertificateParsingException (java.security.cert.CertificateParsingException)4
ArrayList (java.util.ArrayList)4
DataInputStream (java.io.DataInputStream)3
CertificateFactorySpi (java.security.cert.CertificateFactorySpi)3
X509CRLEntry (java.security.cert.X509CRLEntry)3
X509Certificate (java.security.cert.X509Certificate)3
X500Principal (javax.security.auth.x500.X500Principal)3
MyCertificateFactorySpi (org.apache.harmony.security.tests.support.cert.MyCertificateFactorySpi)3
