Example 6 with CertificateException
use of java.security.cert.CertificateException in project jetty.project by eclipse.
the class CertificateValidator method validate.
/**
* validates a specific certificate inside of the keystore being passed in
*
* @param keyStore the keystore to validate against
* @param cert the certificate to validate
* @throws CertificateException if keystore error and unable to validate
*/
public void validate(KeyStore keyStore, Certificate cert) throws CertificateException {
Certificate[] certChain = null;
if (cert != null && cert instanceof X509Certificate) {
((X509Certificate) cert).checkValidity();
String certAlias = null;
try {
if (keyStore == null) {
throw new InvalidParameterException("Keystore cannot be null");
}
certAlias = keyStore.getCertificateAlias((X509Certificate) cert);
if (certAlias == null) {
certAlias = "JETTY" + String.format("%016X", __aliasCount.incrementAndGet());
keyStore.setCertificateEntry(certAlias, cert);
}
certChain = keyStore.getCertificateChain(certAlias);
if (certChain == null || certChain.length == 0) {
throw new IllegalStateException("Unable to retrieve certificate chain");
}
} catch (KeyStoreException kse) {
LOG.debug(kse);
throw new CertificateException("Unable to validate certificate" + (certAlias == null ? "" : " for alias [" + certAlias + "]") + ": " + kse.getMessage(), kse);
}
validate(certChain);
}
}
Also used :
InvalidParameterException(java.security.InvalidParameterException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 7 with CertificateException
use of java.security.cert.CertificateException in project jetty.project by eclipse.
the class CertificateValidator method validate.
/**
* validates all aliases inside of a given keystore
*
* @param keyStore the keystore to validate
* @throws CertificateException if keystore error and unable to validate
*/
public void validate(KeyStore keyStore) throws CertificateException {
try {
Enumeration<String> aliases = keyStore.aliases();
for (; aliases.hasMoreElements(); ) {
String alias = aliases.nextElement();
validate(keyStore, alias);
}
} catch (KeyStoreException kse) {
throw new CertificateException("Unable to retrieve aliases from keystore", kse);
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
Example 8 with CertificateException
use of java.security.cert.CertificateException in project vert.x by eclipse.
the class SSLHelper method createUntrustRevokedCertTrustManager.
/*
Proxy the specified trust managers with an implementation checking first the provided certificates
against the the Certificate Revocation List (crl) before delegating to the original trust managers.
*/
private static TrustManager[] createUntrustRevokedCertTrustManager(TrustManager[] trustMgrs, ArrayList<CRL> crls) {
trustMgrs = trustMgrs.clone();
for (int i = 0; i < trustMgrs.length; i++) {
TrustManager trustMgr = trustMgrs[i];
if (trustMgr instanceof X509TrustManager) {
X509TrustManager x509TrustManager = (X509TrustManager) trustMgr;
trustMgrs[i] = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
checkRevoked(x509Certificates);
x509TrustManager.checkClientTrusted(x509Certificates, s);
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
checkRevoked(x509Certificates);
x509TrustManager.checkServerTrusted(x509Certificates, s);
}
private void checkRevoked(X509Certificate[] x509Certificates) throws CertificateException {
for (X509Certificate cert : x509Certificates) {
for (CRL crl : crls) {
if (crl.isRevoked(cert)) {
throw new CertificateException("Certificate revoked");
}
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return x509TrustManager.getAcceptedIssuers();
}
};
}
}
return trustMgrs;
}
Also used :
CertificateException(java.security.cert.CertificateException)
CRL(java.security.cert.CRL)
X509Certificate(java.security.cert.X509Certificate)
Example 9 with CertificateException
use of java.security.cert.CertificateException in project buck by facebook.
the class ApkBuilderStep method createKeystoreProperties.
private PrivateKeyAndCertificate createKeystoreProperties() throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyStore keystore = KeyStore.getInstance(JARSIGNER_KEY_STORE_TYPE);
KeystoreProperties keystoreProperties = keystorePropertiesSupplier.get();
InputStream inputStream = filesystem.getInputStreamForRelativePath(pathToKeystore);
char[] keystorePassword = keystoreProperties.getStorepass().toCharArray();
try {
keystore.load(inputStream, keystorePassword);
} catch (IOException | NoSuchAlgorithmException | CertificateException e) {
throw new HumanReadableException(e, "%s is an invalid keystore.", pathToKeystore);
}
String alias = keystoreProperties.getAlias();
char[] keyPassword = keystoreProperties.getKeypass().toCharArray();
Key key = keystore.getKey(alias, keyPassword);
// key can be null if alias/password is incorrect.
if (key == null) {
throw new HumanReadableException("The keystore [%s] key.alias [%s] does not exist or does not identify a key-related " + "entry", pathToKeystore, alias);
}
Certificate certificate = keystore.getCertificate(alias);
return new PrivateKeyAndCertificate((PrivateKey) key, (X509Certificate) certificate);
}
Also used :
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStore(java.security.KeyStore)
HumanReadableException(com.facebook.buck.util.HumanReadableException)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 10 with CertificateException
use of java.security.cert.CertificateException in project Libraries-for-Android-Developers by eoecn.
the class MySSLSocketFactory method getKeystoreOfCA.
/**
* Gets a KeyStore containing the Certificate
*
* @param cert InputStream of the Certificate
* @return KeyStore
*/
public static KeyStore getKeystoreOfCA(InputStream cert) {
// Load CAs from an InputStream
InputStream caInput = null;
Certificate ca = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
caInput = new BufferedInputStream(cert);
ca = (Certificate) cf.generateCertificate(caInput);
} catch (CertificateException e1) {
e1.printStackTrace();
} finally {
try {
caInput.close();
} catch (IOException e) {
e.printStackTrace();
}
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", (java.security.cert.Certificate) ca);
} catch (Exception e) {
e.printStackTrace();
}
return keyStore;
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
BufferedInputStream(java.io.BufferedInputStream)
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
CertificateException (java.security.cert.CertificateException)456
IOException (java.io.IOException)221
X509Certificate (java.security.cert.X509Certificate)215
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)141
KeyStoreException (java.security.KeyStoreException)123
CertificateFactory (java.security.cert.CertificateFactory)103
ByteArrayInputStream (java.io.ByteArrayInputStream)97
Certificate (java.security.cert.Certificate)75
KeyStore (java.security.KeyStore)58
InputStream (java.io.InputStream)55
UnrecoverableKeyException (java.security.UnrecoverableKeyException)53
ArrayList (java.util.ArrayList)49
InvalidKeyException (java.security.InvalidKeyException)44
X509TrustManager (javax.net.ssl.X509TrustManager)41
SSLContext (javax.net.ssl.SSLContext)36
FileInputStream (java.io.FileInputStream)34
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)34
RemoteException (android.os.RemoteException)33
FileNotFoundException (java.io.FileNotFoundException)30
KeyManagementException (java.security.KeyManagementException)30
