Example usage for java.security.cert CertPathBuilderException CertPathBuilderException

Introduction

In this page you can find the example usage for java.security.cert CertPathBuilderException CertPathBuilderException.

Prototype

public CertPathBuilderException(Throwable cause) 

Source Link

Document

Creates a CertPathBuilderException that wraps the specified throwable.

Usage

From source file:mitm.common.security.crl.CRLStoreUpdaterImpl.java

private boolean isTrusted(X509Certificate certificate) throws NoSuchProviderException {
    boolean trusted = false;

    try {/* w  w w . java2 s .c  o m*/
        CertificatePathBuilder pathBuilder = updaterParameters.getCertificatePathBuilderFactory()
                .createCertificatePathBuilder();

        /*
         * add the certificate to the PathBuilder so it is found using X509CertSelector 
         */
        try {
            pathBuilder.addCertStore(CertStoreUtils.createCertStore(certificate));
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertPathBuilderException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new CertPathBuilderException(e);
        } catch (SecurityFactoryFactoryException e) {
            throw new CertPathBuilderException(e);
        }

        CertPathBuilderResult result = pathBuilder.buildPath(certificate);

        if (result == null) {
            throw new CertPathBuilderException("No valid CertPath found.");
        }

        trusted = true;
    } catch (CertPathBuilderException e) {
        /*
         * CertPathBuilderException is thrown for a lot of reasons so we will try to extract the reason. 
         * Because this exception can happen frequently under 'normal' circumstances 
         * (for example when a root is not installed) we will log the messages with the WARN level.
         */
        Throwable rootCause = ExceptionUtils.getRootCause(e);

        Throwable cause = (rootCause != null ? rootCause : e);

        if (cause instanceof CertificateExpiredException) {
            logger.warn("Certificate is expired. Certificate: " + X509CertificateInspector.toString(certificate)
                    + ". Message: " + cause.getMessage());
        } else {
            String errorMessage = "Error while building path for certificate. Certificate: "
                    + X509CertificateInspector.toString(certificate);

            if (logger.isDebugEnabled()) {
                logger.warn(errorMessage, cause);
            } else {
                logger.warn(errorMessage + ". Message: " + cause.getMessage());
            }
        }
    }

    return trusted;
}

---

From source file:mitm.common.security.certificate.validator.PKITrustCheckCertificateValidatorImpl.java

@Override
public boolean isValid(Certificate certificate) {
    valid = false;/* w  ww .j  a v  a  2 s.c  o m*/
    trusted = false;
    revoked = false;
    blackListed = false;
    whiteListed = false;

    if (!(certificate instanceof X509Certificate)) {
        failureMessage = "Certificate is not a X509Certificate";

        return false;
    }

    failureMessage = "";

    X509Certificate x509Certificate = (X509Certificate) certificate;

    try {
        CertPathAndAnchor certPathAndAnchor = getCertPathAndAnchor(x509Certificate);

        CertPath certPath = certPathAndAnchor.getCertPath();
        TrustAnchor trustAnchor = certPathAndAnchor.getTrustAnchor();

        if (certPath != null && trustAnchor != null) {
            trusted = true;

            revoked = isRevoked(certPath, trustAnchor);

            if (!revoked) {
                /*
                 * Chain is valid, not expired, not revoked. We now need to check
                 * whether a certificate in the chain is not BlackListed.
                 */
                blackListed = isBlackListed(certPath);

                valid = !blackListed;
            } else {
                valid = false;
            }
        } else {
            throw new CertPathBuilderException("A valid CertPath could not be built.");
        }
    } catch (CertPathBuilderException e) {
        /*
         * A valid certificate chain could not be built. This can happen because of a lot of reasons:
         * an intermediate or root certificate is not trusted, a certificate in the chain has expired,
         * a certificate in the chain is invalid etc. We now check whether the certificate is white listed.
         *   
         * Note: Because the chain is not valid we cannot check the revocation status so white listing
         * a certificate should be done with care.
         */
        logger.debug("CertPathBuilderException", e);

        try {
            whiteListed = isWhiteListed(x509Certificate);

            valid = whiteListed;
        } catch (CTLException ctle) {
            logger.error("Error checking the CTL.", ctle);
        }

        if (!valid) {
            /*
             * We do not want a complete stack trace on a CertPathBuilderException because this exception can be thrown
             * quite often. CertPathBuilderException is also thrown when a path validator exception occurs. We will
             * therefore try to extract the root cause.
             */
            Throwable cause = ExceptionUtils.getRootCause(e);

            if (cause == null) {
                cause = e;
            }

            reportFailure("Error building certPath. " + cause.getMessage());
        }
    } catch (InvalidAlgorithmParameterException e) {
        reportFailure("Error building certPath.", e);
    } catch (NoSuchAlgorithmException e) {
        reportFailure("Error building certPath.", e);
    } catch (NoSuchProviderException e) {
        reportFailure("Error building certPath.", e);
    } catch (SecurityFactoryFactoryException e) {
        reportFailure("Error building certPath.", e);
    } catch (CTLException e) {
        reportFailure("Error checking CTL status.", e);
    }

    if (!valid) {
        logger.debug("Failure message: " + failureMessage);
    }

    return valid;
}

---