Example 6 with CertStoreException
use of java.security.cert.CertStoreException in project XobotOS by xamarin.
the class CertPathValidatorUtilities method findCertificates.
/**
* Return a Collection of all certificates or attribute certificates found
* in the X509Store's that are matching the certSelect criteriums.
*
* @param certSelect a {@link Selector} object that will be used to select
* the certificates
* @param certStores a List containing only {@link X509Store} objects. These
* are used to search for certificates.
*
* @return a Collection of all found {@link X509Certificate} or
* {@link org.bouncycastle.x509.X509AttributeCertificate} objects.
* May be empty but never <code>null</code>.
*/
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException {
Set certs = new HashSet();
Iterator iter = certStores.iterator();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store certStore = (X509Store) obj;
try {
certs.addAll(certStore.getMatches(certSelect));
} catch (StoreException e) {
throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
}
} else {
CertStore certStore = (CertStore) obj;
try {
certs.addAll(certStore.getCertificates(certSelect));
} catch (CertStoreException e) {
throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
}
}
}
return certs;
}
Also used :
X509Store(org.bouncycastle.x509.X509Store)
Set(java.util.Set)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
Iterator(java.util.Iterator)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
DERObject(org.bouncycastle.asn1.DERObject)
CertStore(java.security.cert.CertStore)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
StoreException(org.bouncycastle.util.StoreException)
Example 7 with CertStoreException
use of java.security.cert.CertStoreException in project jdk8u_jdk by JetBrains.
the class ForwardBuilder method getCerts.
/**
* Download Certificates from the given AIA and add them to the
* specified Collection.
*/
// cs.getCertificates(caSelector) returns a collection of X509Certificate's
// because of the selector, so the cast is safe
@SuppressWarnings("unchecked")
private boolean getCerts(AuthorityInfoAccessExtension aiaExt, Collection<X509Certificate> certs) {
if (Builder.USE_AIA == false) {
return false;
}
List<AccessDescription> adList = aiaExt.getAccessDescriptions();
if (adList == null || adList.isEmpty()) {
return false;
}
boolean add = false;
for (AccessDescription ad : adList) {
CertStore cs = URICertStore.getInstance(ad);
if (cs != null) {
try {
if (certs.addAll((Collection<X509Certificate>) cs.getCertificates(caSelector))) {
add = true;
if (!searchAllCertStores) {
return true;
}
}
} catch (CertStoreException cse) {
if (debug != null) {
debug.println("exception getting certs from CertStore:");
cse.printStackTrace();
}
}
}
}
return add;
}
Also used :
AccessDescription(sun.security.x509.AccessDescription)
CertStoreException(java.security.cert.CertStoreException)
CertStore(java.security.cert.CertStore)
X509Certificate(java.security.cert.X509Certificate)
Example 8 with CertStoreException
use of java.security.cert.CertStoreException in project jdk8u_jdk by JetBrains.
the class URICertStore method engineGetCRLs.
/**
* Returns a <code>Collection</code> of <code>X509CRL</code>s that
* match the specified selector. If no <code>X509CRL</code>s
* match the selector, an empty <code>Collection</code> will be returned.
*
* @param selector A <code>CRLSelector</code> used to select which
* <code>X509CRL</code>s should be returned. Specify <code>null</code>
* to return all <code>X509CRL</code>s.
* @return A <code>Collection</code> of <code>X509CRL</code>s that
* match the specified selector
* @throws CertStoreException if an exception occurs
*/
@Override
@SuppressWarnings("unchecked")
public synchronized Collection<X509CRL> engineGetCRLs(CRLSelector selector) throws CertStoreException {
// avoid LDAP DN matching issues (see LDAPCRLSelector for more info)
if (ldap) {
X509CRLSelector xsel = (X509CRLSelector) selector;
try {
xsel = ldapHelper.wrap(xsel, null, ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
// Safe cast since xsel is an X509 certificate selector.
try {
return (Collection<X509CRL>) ldapCertStore.getCRLs(xsel);
} catch (CertStoreException cse) {
throw new PKIX.CertStoreTypeException("LDAP", cse);
}
}
// Return the CRLs for this entry. It returns the cached value
// if it is still current and fetches the CRLs otherwise.
// For the caching details, see the top of this class.
long time = System.currentTimeMillis();
if (time - lastChecked < CHECK_INTERVAL) {
if (debug != null) {
debug.println("Returning CRL from cache");
}
return getMatchingCRLs(crl, selector);
}
lastChecked = time;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
long oldLastModified = lastModified;
connection.setConnectTimeout(CRL_CONNECT_TIMEOUT);
try (InputStream in = connection.getInputStream()) {
lastModified = connection.getLastModified();
if (oldLastModified != 0) {
if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCRLs(crl, selector);
} else if (connection instanceof HttpURLConnection) {
// some proxy servers omit last modified
HttpURLConnection hconn = (HttpURLConnection) connection;
if (hconn.getResponseCode() == HttpURLConnection.HTTP_NOT_MODIFIED) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCRLs(crl, selector);
}
}
}
if (debug != null) {
debug.println("Downloading new CRL...");
}
crl = (X509CRL) factory.generateCRL(in);
}
return getMatchingCRLs(crl, selector);
} catch (IOException | CRLException e) {
if (debug != null) {
debug.println("Exception fetching CRL:");
e.printStackTrace();
}
// exception, forget previous values
lastModified = 0;
crl = null;
throw new PKIX.CertStoreTypeException("URI", new CertStoreException(e));
}
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
CertStoreException(java.security.cert.CertStoreException)
InputStream(java.io.InputStream)
Collection(java.util.Collection)
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
X509CRLSelector(java.security.cert.X509CRLSelector)
HttpURLConnection(java.net.HttpURLConnection)
URLConnection(java.net.URLConnection)
Example 9 with CertStoreException
use of java.security.cert.CertStoreException in project jdk8u_jdk by JetBrains.
the class URICertStore method engineGetCertificates.
/**
* Returns a <code>Collection</code> of <code>X509Certificate</code>s that
* match the specified selector. If no <code>X509Certificate</code>s
* match the selector, an empty <code>Collection</code> will be returned.
*
* @param selector a <code>CertSelector</code> used to select which
* <code>X509Certificate</code>s should be returned. Specify
* <code>null</code> to return all <code>X509Certificate</code>s.
* @return a <code>Collection</code> of <code>X509Certificate</code>s that
* match the specified selector
* @throws CertStoreException if an exception occurs
*/
@Override
@SuppressWarnings("unchecked")
public synchronized Collection<X509Certificate> engineGetCertificates(CertSelector selector) throws CertStoreException {
// avoid LDAP DN matching issues (see LDAPCertSelector for more info)
if (ldap) {
X509CertSelector xsel = (X509CertSelector) selector;
try {
xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
// Safe cast since xsel is an X509 certificate selector.
return (Collection<X509Certificate>) ldapCertStore.getCertificates(xsel);
}
// Return the Certificates for this entry. It returns the cached value
// if it is still current and fetches the Certificates otherwise.
// For the caching details, see the top of this class.
long time = System.currentTimeMillis();
if (time - lastChecked < CHECK_INTERVAL) {
if (debug != null) {
debug.println("Returning certificates from cache");
}
return getMatchingCerts(certs, selector);
}
lastChecked = time;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
long oldLastModified = lastModified;
try (InputStream in = connection.getInputStream()) {
lastModified = connection.getLastModified();
if (oldLastModified != 0) {
if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCerts(certs, selector);
} else if (connection instanceof HttpURLConnection) {
// some proxy servers omit last modified
HttpURLConnection hconn = (HttpURLConnection) connection;
if (hconn.getResponseCode() == HttpURLConnection.HTTP_NOT_MODIFIED) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCerts(certs, selector);
}
}
}
if (debug != null) {
debug.println("Downloading new certificates...");
}
// Safe cast since factory is an X.509 certificate factory
certs = (Collection<X509Certificate>) factory.generateCertificates(in);
}
return getMatchingCerts(certs, selector);
} catch (IOException | CertificateException e) {
if (debug != null) {
debug.println("Exception fetching certificates:");
e.printStackTrace();
}
}
// exception, forget previous values
lastModified = 0;
certs = Collections.emptySet();
return certs;
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
CertStoreException(java.security.cert.CertStoreException)
InputStream(java.io.InputStream)
Collection(java.util.Collection)
X509CertSelector(java.security.cert.X509CertSelector)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
HttpURLConnection(java.net.HttpURLConnection)
URLConnection(java.net.URLConnection)
X509Certificate(java.security.cert.X509Certificate)
Example 10 with CertStoreException
use of java.security.cert.CertStoreException in project jdk8u_jdk by JetBrains.
the class Pair method doPrintCert.
private void doPrintCert(final PrintStream out) throws Exception {
if (jarfile != null) {
JarFile jf = new JarFile(jarfile, true);
Enumeration<JarEntry> entries = jf.entries();
Set<CodeSigner> ss = new HashSet<>();
byte[] buffer = new byte[8192];
int pos = 0;
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
try (InputStream is = jf.getInputStream(je)) {
while (is.read(buffer) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails. This also
// populate the signers
}
}
CodeSigner[] signers = je.getCodeSigners();
if (signers != null) {
for (CodeSigner signer : signers) {
if (!ss.contains(signer)) {
ss.add(signer);
out.printf(rb.getString("Signer.d."), ++pos);
out.println();
out.println();
out.println(rb.getString("Signature."));
out.println();
for (Certificate cert : signer.getSignerCertPath().getCertificates()) {
X509Certificate x = (X509Certificate) cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
}
Timestamp ts = signer.getTimestamp();
if (ts != null) {
out.println(rb.getString("Timestamp."));
out.println();
for (Certificate cert : ts.getSignerCertPath().getCertificates()) {
X509Certificate x = (X509Certificate) cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
}
}
}
}
}
}
jf.close();
if (ss.isEmpty()) {
out.println(rb.getString("Not.a.signed.jar.file"));
}
} else if (sslserver != null) {
// Lazily load SSLCertStoreHelper if present
CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer");
CertStore cs = helper.getCertStore(new URI("https://" + sslserver));
Collection<? extends Certificate> chain;
try {
chain = cs.getCertificates(null);
if (chain.isEmpty()) {
// even if the URL connection is successful.
throw new Exception(rb.getString("No.certificate.from.the.SSL.server"));
}
} catch (CertStoreException cse) {
if (cse.getCause() instanceof IOException) {
throw new Exception(rb.getString("No.certificate.from.the.SSL.server"), cse.getCause());
} else {
throw cse;
}
}
int i = 0;
for (Certificate cert : chain) {
try {
if (rfc) {
dumpCert(cert, out);
} else {
out.println("Certificate #" + i++);
out.println("====================================");
printX509Cert((X509Certificate) cert, out);
out.println();
}
} catch (Exception e) {
if (debug) {
e.printStackTrace();
}
}
}
} else {
if (filename != null) {
try (FileInputStream inStream = new FileInputStream(filename)) {
printCertFromStream(inStream, out);
}
} else {
printCertFromStream(System.in, out);
}
}
}
Also used :
CertStoreException(java.security.cert.CertStoreException)
JarFile(java.util.jar.JarFile)
JarEntry(java.util.jar.JarEntry)
Timestamp(java.security.Timestamp)
URI(java.net.URI)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
CertStoreException(java.security.cert.CertStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
CertStoreHelper(sun.security.provider.certpath.CertStoreHelper)
CertStore(java.security.cert.CertStore)
CodeSigner(java.security.CodeSigner)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
CertStoreException (java.security.cert.CertStoreException)23
CertStore (java.security.cert.CertStore)10
X509Certificate (java.security.cert.X509Certificate)5
IOException (java.io.IOException)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
HashSet (java.util.HashSet)4
Iterator (java.util.Iterator)4
Set (java.util.Set)4
StoreException (org.bouncycastle.util.StoreException)4
X509Store (org.bouncycastle.x509.X509Store)4
InputStream (java.io.InputStream)3
URLConnection (java.net.URLConnection)3
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
CertificateException (java.security.cert.CertificateException)3
HttpURLConnection (java.net.HttpURLConnection)2
KeyStoreException (java.security.KeyStoreException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
Collection (java.util.Collection)2
URI (java.net.URI)1
CodeSigner (java.security.CodeSigner)1
