List of usage examples for org.bouncycastle.jce.provider AnnotatedException getCause
public Throwable getCause()
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.CertPathValidatorUtilities.java
License:Open Source License
protected static Set<?> getCompleteCRLs2(DistributionPoint dp, X509Certificate cert, Date currentDate, ExtendedPKIXParameters paramsPKIX) throws SimpleValidationErrorException { try {// www . j a v a 2 s .c om return org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(dp, cert, currentDate, paramsPKIX); } catch (AnnotatedException e) { if (e.getMessage().startsWith("No CRLs found for issuer")) { //workaround - in case when cert notOnOrAfter < nextUpdate of CRL BC //returns no CRL even if one is found. We try to detect this by changing error //for expired certificates (for which this situation is more then likely) and //provide a better error. if (cert.getNotAfter().after(currentDate)) throw new SimpleValidationErrorException(ValidationErrorCode.noValidCrlFound, e); else throw new SimpleValidationErrorException(ValidationErrorCode.noCrlForExpiredCert, e); } else throw new SimpleValidationErrorException(ValidationErrorCode.crlExtractionError, e.getCause().getMessage(), e.getCause(), e.getCause().getClass().getName()); } }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.CertPathValidatorUtilities.java
License:Open Source License
/** * Fetches delta CRLs according to RFC 3280 section 5.2.4. * //w ww . ja v a 2s . c o m * @param currentDate The date for which the delta CRLs must be valid. * @param paramsPKIX The extended PKIX parameters. * @param completeCRL The complete CRL the delta CRL is for. * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs. * @throws AnnotatedException if an exception occurs while picking the * delta CRLs. */ protected static Set<X509CRL> getDeltaCRLs2(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL) throws SimpleValidationErrorException { try { return getDeltaCRLs(currentDate, paramsPKIX, completeCRL); } catch (AnnotatedException e) { throw new SimpleValidationErrorException(ValidationErrorCode.crlDeltaProblem, e.getMessage(), e.getCause(), e.getCause().getClass().getName()); } }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static void processCRLB1_2(DistributionPoint dp, Object cert, X509CRL crl) throws SimpleValidationErrorException { try {/*w w w . j a va2s. com*/ RFC3280CertPathUtilities.processCRLB1(dp, cert, crl); } catch (AnnotatedException e) { if (e.getMessage().startsWith("CRL issuer information from distribution point cannot be decoded")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlIssuerException, e.getCause()); } else if (e.getMessage() .startsWith("Distribution point contains cRLIssuer field but CRL is not indirect")) { throw new SimpleValidationErrorException(ValidationErrorCode.distrPtExtError, e.getMessage()); } else if (e.getMessage() .startsWith("CRL issuer of CRL does not match CRL issuer of distribution point")) { throw new SimpleValidationErrorException(ValidationErrorCode.distrPtExtError, e.getMessage()); } else if (e.getMessage().startsWith("Cannot find matching CRL issuer for certificate")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlNoIssuerForDP); } else if (e.getMessage().startsWith("exception processing extension")) { throw new SimpleValidationErrorException(ValidationErrorCode.distrPtExtError, e.getCause()); } else { throw new SimpleValidationErrorException(ValidationErrorCode.unknownMsg, e); } } }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static void processCRLB2_2(DistributionPoint dp, Object cert, X509CRL crl) throws SimpleValidationErrorException { try {/*from w w w. jav a 2 s . c o m*/ RFC3280CertPathUtilities.processCRLB2(dp, cert, crl); } catch (AnnotatedException e) { if (e.getMessage().startsWith("Issuing distribution point extension could not be decoded")) { throw new SimpleValidationErrorException(ValidationErrorCode.distrPtExtError, e.getCause()); } else if (e.getMessage().startsWith("Could not read CRL issuer")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlIssuerException, e); } else if (e.getMessage().startsWith( "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlIDPAndDPMismatch); } else if (e.getMessage().startsWith("Either the cRLIssuer or the distributionPoint field must")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlNoIssuerAndDP); } else if (e.getMessage().startsWith("Basic constraints extension could not be decoded")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlBCExtError, e.getCause()); } else if (e.getMessage().startsWith("CA Cert CRL only contains user certificates")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlOnlyUserCert); } else if (e.getMessage().startsWith("End CRL only contains CA certificates")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlOnlyCaCert); } else if (e.getMessage().startsWith("onlyContainsAttributeCerts boolean is asserted")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlOnlyAttrCert); } else { throw new SimpleValidationErrorException(ValidationErrorCode.unknownMsg, e); } } }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static void processCRLC2(X509CRL deltaCRL, X509CRL completeCRL, ExtendedPKIXParameters pkixParams) throws SimpleValidationErrorException { try {// ww w . j a va 2s.co m RFC3280CertPathUtilities.processCRLC(deltaCRL, completeCRL, pkixParams); } catch (AnnotatedException e) { if (e.getMessage().startsWith("Issuing distribution point extension")) { throw new SimpleValidationErrorException(ValidationErrorCode.distrPtExtError, e.getCause()); } else if (e.getMessage().startsWith("Complete CRL issuer does not match delta CRL issuer")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlDeltaProblem, e.getMessage()); } else if (e.getMessage().startsWith( "Issuing distribution point extension from delta CRL and complete CRL does not match")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlDeltaProblem, e.getMessage()); } else if (e.getMessage() .startsWith("Authority key identifier extension could not be extracted from")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlAKIExtError, e.getCause()); } else if (e.getMessage().startsWith("CRL authority key identifier is null")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlAKIExtError, e.getMessage()); } else if (e.getMessage().startsWith("Delta CRL authority key identifier is null")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlAKIExtError, e.getMessage()); } else if (e.getMessage().startsWith( "Delta CRL authority key identifier does not match complete CRL authority key identifier")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlDeltaProblem, e.getMessage()); } else { throw new SimpleValidationErrorException(ValidationErrorCode.unknownMsg, e); } } }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static Set<?> processCRLF2(X509CRL crl, Object cert, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, ExtendedPKIXParameters paramsPKIX, List<?> certPathCerts) throws SimpleValidationErrorException { try {/*from w w w . j av a 2 s . co m*/ return RFC3280CertPathUtilities.processCRLF(crl, cert, defaultCRLSignCert, defaultCRLSignKey, paramsPKIX, certPathCerts); } catch (AnnotatedException e) { if (e.getMessage().startsWith( "Subject criteria for certificate selector to find issuer certificate for CRL could not be set")) { new RuntimeException(e.getMessage(), e); } else if (e.getMessage().startsWith("Issuer certificate for CRL cannot be searched")) { new RuntimeException(e.getMessage(), e); } else if (e.getMessage().startsWith("Internal error")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlNoIssuerPublicKey, e.getCause()); } else if (e.getMessage() .startsWith("Public key of issuer certificate of CRL could not be retrieved")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlNoIssuerPublicKey, e.getCause()); } else if (e.getMessage() .startsWith("Issuer certificate key usage extension does not permit CRL signing")) { throw new SimpleValidationErrorException(ValidationErrorCode.noCrlSigningPermited); } else if (e.getMessage().startsWith("Cannot find a valid issuer certificate")) { throw new SimpleValidationErrorException(ValidationErrorCode.crlNoIssuerPublicKey, e.getMessage()); } throw new SimpleValidationErrorException(ValidationErrorCode.unknownMsg, e); } }