Refine search
throw new CertPathValidatorException( "Must specify at least one trust anchor"); throw new CertPathValidatorException("No trusted certificate for " + currCert.getIssuerDN()); throw new CertPathValidatorException("Cannot find the responder's certificate."); url = new URL(ocspServerUrl); } catch (MalformedURLException e) { throw new CertPathValidatorException(e); throw new CertPathValidatorException("Must set OCSP Server URL"); throw new CertPathValidatorException("OCSP response is not verified"); throw new CertPathValidatorException("OCSP response could not be verified ("+e.getMessage()+")" ,null, cp, certIndex); Log.debug("OCSPChecker: Status of certificate (with serial number " + serialNumber.toString() + ") is: revoked"); throw new CertPathValidatorException("Certificate has been revoked", null, cp, certIndex); } else if (status instanceof org.bouncycastle.cert.ocsp.UnknownStatus) { Log.debug("OCSPChecker: Status of certificate (with serial number " + serialNumber.toString() + ") is: unknown"); throw new CertPathValidatorException("Certificate's revocation status is unknown", null, cp, certIndex); } else { Log.debug("Status of certificate (with serial number " + serialNumber.toString() + ") is: not recognized"); throw new CertPathValidatorException("Unknown OCSP response for certificate", null, cp, certIndex);
if (wrapped instanceof CertPathValidatorException) { CertPathValidatorException ex = (CertPathValidatorException) wrapped; CertPathValidatorException.Reason reason = ex.getReason(); if (reason == CertPathValidatorException.BasicReason.EXPIRED) { return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
String issuerString = certs[0].getIssuerX500Principal().getName(); BigInteger issuerSerial = certs[0].getSerialNumber(); if (foundCerts != null && foundCerts[0] != null && foundCerts[0].equals(certs[0])) { if (LOG.isDebugEnabled()) { LOG.debug( throw new WSSecurityException( WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e ); } catch (java.security.KeyStoreException e) {
pubKey = parentCert.getPublicKey(); if (!(pubKey instanceof DSAPublicKey)) throw new CertPathValidatorException( "DSA parameters cannot be inherited from previous certificate."); throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
protected static void processAttrCert4(X509Certificate acIssuerCert, Set trustedACIssuers) throws CertPathValidatorException { Set set = trustedACIssuers; boolean trusted = false; for (Iterator it = set.iterator(); it.hasNext();) { TrustAnchor anchor = (TrustAnchor) it.next(); if (acIssuerCert.getSubjectX500Principal().getName("RFC2253") .equals(anchor.getCAName()) || acIssuerCert.equals(anchor.getTrustedCert())) { trusted = true; } } if (!trusted) { throw new CertPathValidatorException( "Attribute certificate issuer is not directly trusted."); } }
throw new CertPathValidatorException(); if (proxyCert.getBasicConstraints() >= 0) errors.add(new ValidationError(proxyChain, position, ValidationErrorCode.proxyCASet)); if (proxyCert.getIssuerAlternativeNames() != null) errors.add(new ValidationError(proxyChain, position, ValidationErrorCode.proxyIssuerAltNameSet)); if (proxyCert.getSubjectAlternativeNames() != null) errors.add(new ValidationError(proxyChain, position, ValidationErrorCode.proxySubjectAltNameSet)); throw new CertPathValidatorException(); if (!X500NameUtils.rfc3280Equal(issuerDN, proxyCert.getIssuerX500Principal()))
if (cause instanceof CertPathValidatorException) { CertPathValidatorException certException = (CertPathValidatorException) cause; CertPath certPath = certException.getCertPath(); List<? extends Certificate> certificates = certPath .getCertificates(); int index = certException.getIndex(); if (index >= 0) { Certificate pbCertificate = certificates.get(index); + "Problem caused by cert: " + ((X509Certificate) pbCertificate) .getSubjectX500Principal().getName()); } else { System.out.println(prefix + "Problem caused by cert: "
+ certificateChain.get(0).getSubjectX500Principal()); } catch (CertPathValidatorException ignored) { LOG.debug( "cert path validation error: " + ignored.getMessage(), ignored);
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); throw new CertPathValidatorException("Not a CA certificate"); throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
protected static void processAttrCert3(X509Certificate acIssuerCert, ExtendedPKIXParameters pkixParams) throws CertPathValidatorException { if (acIssuerCert.getKeyUsage() != null && (!acIssuerCert.getKeyUsage()[0] && !acIssuerCert.getKeyUsage()[1])) { throw new CertPathValidatorException( "Attribute certificate issuer public key cannot be used to validate digital signatures."); } if (acIssuerCert.getBasicConstraints() != -1) { throw new CertPathValidatorException( "Attribute certificate issuer is also a public key certificate issuer."); } }
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); JcaCertificateID certificateID = new JcaCertificateID(digCalc, issuerCertificate, cert.getSerialNumber()); return processBasicOCSPResponse(issuerCertificate, responderCert, date, certificateID, nounce, (BasicOCSPResp)resp.getResponseObject()); } else { throw new CertPathValidatorException("OCSP responder returned an invalid or unknown OCSP response."); throw new CertPathValidatorException("Internal error/try later. OCSP response error: " + resp.getStatus(), (Throwable) null, (CertPath) null, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS); throw new CertPathValidatorException("Invalid or missing signature. OCSP response error: " + resp.getStatus(), (Throwable) null, (CertPath) null, -1, CertPathValidatorException.BasicReason.INVALID_SIGNATURE); throw new CertPathValidatorException("Unauthorized request. OCSP response error: " + resp.getStatus(), (Throwable) null, (CertPath) null, -1, CertPathValidatorException.BasicReason.UNSPECIFIED); throw new CertPathValidatorException("OCSP request is malformed. OCSP response error: " + resp.getStatus(), (Throwable) null, (CertPath) null, -1, CertPathValidatorException.BasicReason.UNSPECIFIED); logger.log(Level.FINE, "OCSP Responder \"{0}\" failed to return a valid OCSP response\n{1}", new Object[] {responderURI, e.getMessage()}); throw new CertPathValidatorException("OCSP check failed", e); throw new CertPathValidatorException(e.getMessage(), e);
for (final Certificate c : certChain) { try { ((X509Certificate) c).checkValidity(); final Throwable cause = e.getCause(); final Class<? extends Throwable> exceptionClass = cause != null ? cause.getClass() : e.getClass(); if (exceptionClass.getSimpleName().equals("CertificateRevokedException")) { //$NON-NLS-1$
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); int n = certs.size(); throw new CertPathValidatorException( "Policy information could not be decoded.", ex, certPath, index); if (cert.getCriticalExtensionOIDs() != null) ci = cert.getCriticalExtensionOIDs().contains( RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
for (X509Certificate cert : trustedCerts) { TrustAnchor anchor = new TrustAnchor(cert, cert.getExtensionValue(NAME_CONSTRAINTS_OID)); set.add(anchor); throw new WSSecurityException( WSSecurityException.FAILURE, "certpath", new Object[] { e.getMessage() }, e );
new Object[] {cpve.getMessage(),cpve,cpve.getClass().getName()}); throw new CertPathReviewerException(msg,cpve); Set criticalExtensions = cert.getCriticalExtensionOIDs(); if (criticalExtensions == null || criticalExtensions.isEmpty()) new Object[] {e.getMessage(),e,e.getClass().getName()}); throw new CertPathReviewerException(msg,e.getCause(),certPath,index);
ekuOids = leaf.getExtendedKeyUsage(); } catch (CertificateParsingException e) { throw new CertPathValidatorException(e); throw new CertPathValidatorException("End-entity certificate does not have a valid " + "extendedKeyUsage.");
throws CertPathValidatorException List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); Iterator tmpIter; throw new ExtCertPathValidatorException(e.getMessage(), e, certPath, index); throw new CertPathValidatorException("Additional certificate path checker failed.", e, certPath, index);
private X509Certificate verifyPath(CertPathValidator cpv, CertPath certPath, PKIXParameters params) { try { cpv.validate(certPath, params); return (X509Certificate) certPath.getCertificates().get(0); } catch (CertPathValidatorException ex) { if (ex.getReason() == CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) { log.info("Cert not validated against the root {}", ex.getMessage()); return null; } else { log.warn("Cert not validated against the root {}", ex.getMessage()); throw new Fido2RPRuntimeException("Problem with certificate " + ex.getMessage()); } } catch (InvalidAlgorithmParameterException e) { log.warn("Cert verification problem {}", e.getMessage(), e); throw new Fido2RPRuntimeException("Problem with certificate"); } }
@Override public void init(boolean forward) throws CertPathValidatorException { if (!forward) { certIndex = certs.length - 1; } else { throw new CertPathValidatorException( "Forward checking not supported"); } }