Examples with CertificateEncodingException java.security.cert.CertificateEncodingException used on opensource projects

Example 36 with CertificateEncodingException

use of java.security.cert.CertificateEncodingException in project coprhd-controller by CoprHD.

the class SSLUtil method getCertificateThumbprint.

/**
 * getCertificateThumbprint
 *
 * @param cert
 */
public String getCertificateThumbprint(Certificate cert) throws InvalidArgument {
    // Compute the SHA-1 hash of the certificate.
    try {
        byte[] encoded;
        try {
            encoded = cert.getEncoded();
        } catch (CertificateEncodingException cee) {
            throw FaultUtil.InvalidArgument("Error reading certificate encoding: " + cee.getMessage(), cee);
        }
        MessageDigest sha1;
        try {
            sha1 = MessageDigest.getInstance("SHA-1");
        } catch (NoSuchAlgorithmException e) {
            throw FaultUtil.InvalidArgument("Could not instantiate SHA-1 hash algorithm", e);
        }
        sha1.update(encoded);
        byte[] hash = sha1.digest();
        if (hash.length != HASH_LENGTH) {
            throw FaultUtil.InvalidArgument("Computed thumbprint is " + hash.length + " bytes long, expected " + HASH_LENGTH);
        }
        StringBuilder thumbprintString = new StringBuilder(hash.length * 3);
        for (int i = 0; i < hash.length; i++) {
            if (i > 0) {
                thumbprintString.append(":");
            }
            String hexByte = Integer.toHexString(0xFF & (int) hash[i]);
            if (hexByte.length() == 1) {
                thumbprintString.append("0");
            }
            thumbprintString.append(hexByte);
        }
        return thumbprintString.toString().toUpperCase();
    } catch (InvalidArgument ia) {
        throw ia;
    } catch (Exception e) {
        throw FaultUtil.InvalidArgument("Exception: " + e);
    }
}

Example 37 with CertificateEncodingException

use of java.security.cert.CertificateEncodingException in project coprhd-controller by CoprHD.

the class TrustStoreResource method getTrustedCertificates.

/**
 * Get Trusted Certificates
 *
 * @brief List certificates
 * @return
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SECURITY_ADMIN, Role.RESTRICTED_SECURITY_ADMIN }, blockProxies = true)
public TrustedCertificates getTrustedCertificates() {
    List<TrustedCertificate> trustedCertsList = new ArrayList<TrustedCertificate>();
    try {
        for (String alias : Collections.list(getKeyStore().aliases())) {
            log.debug("get alias {}", alias);
            if (getKeyStore().isCertificateEntry(alias)) {
                boolean userSupplied = KeystoreEngine.isUserSuppliedCerts(alias);
                Certificate cert = getKeyStore().getCertificate(alias);
                TrustedCertificate tc = new TrustedCertificate(KeyCertificatePairGenerator.getCertificateAsString(cert), userSupplied);
                trustedCertsList.add(tc);
            }
        }
    } catch (KeyStoreException e) {
        log.error(e.getMessage(), e);
        throw new IllegalStateException(e);
    } catch (CertificateEncodingException e) {
        log.error(e.getMessage(), e);
        throw SecurityException.fatals.couldNotParseCertificateToString(e);
    }
    TrustedCertificates certs = new TrustedCertificates();
    certs.setTrustedCertificates(trustedCertsList);
    return certs;
}

Example 38 with CertificateEncodingException

use of java.security.cert.CertificateEncodingException in project android_frameworks_base by crdroidandroid.

the class PackageParser method populateCertificates.

/**
     * Populates the correct packages fields with the given certificates.
     * <p>
     * This is useful when we've already processed the certificates [such as during package
     * installation through an installer session]. We don't re-process the archive and
     * simply populate the correct fields.
     */
public static void populateCertificates(Package pkg, Certificate[][] certificates) throws PackageParserException {
    pkg.mCertificates = null;
    pkg.mSignatures = null;
    pkg.mSigningKeys = null;
    pkg.mCertificates = certificates;
    try {
        pkg.mSignatures = convertToSignatures(certificates);
    } catch (CertificateEncodingException e) {
        // certificates weren't encoded properly; something went wrong
        throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Failed to collect certificates from " + pkg.baseCodePath, e);
    }
    pkg.mSigningKeys = new ArraySet<>(certificates.length);
    for (int i = 0; i < certificates.length; i++) {
        Certificate[] signerCerts = certificates[i];
        Certificate signerCert = signerCerts[0];
        pkg.mSigningKeys.add(signerCert.getPublicKey());
    }
    // add signatures to child packages
    final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0;
    for (int i = 0; i < childCount; i++) {
        Package childPkg = pkg.childPackages.get(i);
        childPkg.mCertificates = pkg.mCertificates;
        childPkg.mSignatures = pkg.mSignatures;
        childPkg.mSigningKeys = pkg.mSigningKeys;
    }
}

Example 39 with CertificateEncodingException

use of java.security.cert.CertificateEncodingException in project jdk8u_jdk by JetBrains.

the class X509CertPath method encodePKCS7.

/**
     * Encode the CertPath using PKCS#7 format.
     *
     * @return a byte array containing the binary encoding of the PKCS#7 object
     * @exception CertificateEncodingException if an exception occurs
     */
private byte[] encodePKCS7() throws CertificateEncodingException {
    PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), certs.toArray(new X509Certificate[certs.size()]), new SignerInfo[0]);
    DerOutputStream derout = new DerOutputStream();
    try {
        p7.encodeSignedData(derout);
    } catch (IOException ioe) {
        throw new CertificateEncodingException(ioe.getMessage());
    }
    return derout.toByteArray();
}

Example 40 with CertificateEncodingException

use of java.security.cert.CertificateEncodingException in project jdk8u_jdk by JetBrains.

the class SecureKey method getPeerCertificateChain.

/**
     * Return the cert chain presented by the peer in the
     * javax.security.cert format.
     * Note: This method can be used only when using certificate-based
     * cipher suites; using it with non-certificate-based cipher suites,
     * such as Kerberos, will throw an SSLPeerUnverifiedException.
     *
     * @return array of peer X.509 certs, with the peer's own cert
     *  first in the chain, and with the "root" CA last.
     */
@Override
public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
    //
    if ((cipherSuite.keyExchange == K_KRB5) || (cipherSuite.keyExchange == K_KRB5_EXPORT)) {
        throw new SSLPeerUnverifiedException("no certificates expected" + " for Kerberos cipher suites");
    }
    if (peerCerts == null) {
        throw new SSLPeerUnverifiedException("peer not authenticated");
    }
    javax.security.cert.X509Certificate[] certs;
    certs = new javax.security.cert.X509Certificate[peerCerts.length];
    for (int i = 0; i < peerCerts.length; i++) {
        byte[] der = null;
        try {
            der = peerCerts[i].getEncoded();
            certs[i] = javax.security.cert.X509Certificate.getInstance(der);
        } catch (CertificateEncodingException e) {
            throw new SSLPeerUnverifiedException(e.getMessage());
        } catch (javax.security.cert.CertificateException e) {
            throw new SSLPeerUnverifiedException(e.getMessage());
        }
    }
    return certs;
}