下面列出了怎么用java.security.cert.CertPathValidatorException.Reason的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* When a failure happens during certificate checking from an
* {@link X509TrustManager}, determine what TLS alert description
* to use.
*
* @param cexc The exception thrown by the {@link X509TrustManager}
*
* @return A byte value corresponding to a TLS alert description number.
*/
private static Alert getCertificateAlert(
ClientHandshakeContext chc, CertificateException cexc) {
// The specific reason for the failure will determine how to
// set the alert description value
Alert alert = Alert.CERTIFICATE_UNKNOWN;
Throwable baseCause = cexc.getCause();
if (baseCause instanceof CertPathValidatorException) {
CertPathValidatorException cpve =
(CertPathValidatorException)baseCause;
Reason reason = cpve.getReason();
if (reason == BasicReason.REVOKED) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_REVOKED;
} else if (
reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_UNKNOWN;
}
}
return alert;
}
/**
* When a failure happens during certificate checking from an
* {@link X509TrustManager}, determine what TLS alert description
* to use.
*
* @param cexc The exception thrown by the {@link X509TrustManager}
*
* @return A byte value corresponding to a TLS alert description number.
*/
private static Alert getCertificateAlert(
ClientHandshakeContext chc, CertificateException cexc) {
// The specific reason for the failure will determine how to
// set the alert description value
Alert alert = Alert.CERTIFICATE_UNKNOWN;
Throwable baseCause = cexc.getCause();
if (baseCause instanceof CertPathValidatorException) {
CertPathValidatorException cpve =
(CertPathValidatorException)baseCause;
Reason reason = cpve.getReason();
if (reason == BasicReason.REVOKED) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_REVOKED;
} else if (
reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_UNKNOWN;
}
}
return alert;
}
/**
* When a failure happens during certificate checking from an
* {@link X509TrustManager}, determine what TLS alert description to use.
*
* @param cexc The exception thrown by the {@link X509TrustManager}
*
* @return A byte value corresponding to a TLS alert description number.
*/
private byte getCertificateAlert(CertificateException cexc) {
// The specific reason for the failure will determine how to
// set the alert description value
byte alertDesc = Alerts.alert_certificate_unknown;
Throwable baseCause = cexc.getCause();
if (baseCause instanceof CertPathValidatorException) {
CertPathValidatorException cpve =
(CertPathValidatorException)baseCause;
Reason reason = cpve.getReason();
if (reason == BasicReason.REVOKED) {
alertDesc = staplingActive ?
Alerts.alert_bad_certificate_status_response :
Alerts.alert_certificate_revoked;
} else if (reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
alertDesc = staplingActive ?
Alerts.alert_bad_certificate_status_response :
Alerts.alert_certificate_unknown;
}
}
return alertDesc;
}
/**
* When a failure happens during certificate checking from an
* {@link X509TrustManager}, determine what TLS alert description
* to use.
*
* @param cexc The exception thrown by the {@link X509TrustManager}
*
* @return A byte value corresponding to a TLS alert description number.
*/
private static Alert getCertificateAlert(
ClientHandshakeContext chc, CertificateException cexc) {
// The specific reason for the failure will determine how to
// set the alert description value
Alert alert = Alert.CERTIFICATE_UNKNOWN;
Throwable baseCause = cexc.getCause();
if (baseCause instanceof CertPathValidatorException) {
CertPathValidatorException cpve =
(CertPathValidatorException)baseCause;
Reason reason = cpve.getReason();
if (reason == BasicReason.REVOKED) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_REVOKED;
} else if (
reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_UNKNOWN;
} else if (reason == BasicReason.ALGORITHM_CONSTRAINED) {
alert = Alert.UNSUPPORTED_CERTIFICATE;
} else if (reason == BasicReason.EXPIRED) {
alert = Alert.CERTIFICATE_EXPIRED;
} else if (reason == BasicReason.INVALID_SIGNATURE ||
reason == BasicReason.NOT_YET_VALID) {
alert = Alert.BAD_CERTIFICATE;
}
}
return alert;
}
public LdapTlsHandshakeFailCause( Throwable cause, Throwable rootCause, Reason reason, String reasonPhrase )
{
this.cause = cause;
this.rootCause = rootCause;
this.reason = reason;
this.reasonPhrase = reasonPhrase;
}
@Test
public void testClassifyNull()
{
LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier.classify( null );
assertThat( classification.getReason(), equalTo( ( Reason ) BasicReason.UNSPECIFIED ) );
assertThat( classification.getReasonPhrase(), equalTo( "Unspecified" ) );
assertThat( classification.getRootCause(), equalTo( null ) );
}
@Test
public void testClassifyOther()
{
LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier
.classify( new IOException( "foo" ) );
assertThat( classification.getReason(), equalTo( ( Reason ) BasicReason.UNSPECIFIED ) );
assertThat( classification.getReasonPhrase(), equalTo( "Unspecified" ) );
assertThat( classification.getRootCause(), instanceOf( IOException.class ) );
}
@Test
public void testClassifyCertificateExpiredException()
{
LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier
.classify( new CertificateExpiredException( "foo" ) );
assertThat( classification.getReason(), equalTo( ( Reason ) BasicReason.EXPIRED ) );
assertThat( classification.getReasonPhrase(), equalTo( "Certificate expired" ) );
assertThat( classification.getRootCause(), instanceOf( CertificateExpiredException.class ) );
}
@Test
public void testClassifyCertificateNotYetValidException()
{
LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier
.classify( new CertificateNotYetValidException( "foo" ) );
assertThat( classification.getReason(), equalTo( ( Reason ) BasicReason.NOT_YET_VALID ) );
assertThat( classification.getReasonPhrase(), equalTo( "Certificate not yet valid" ) );
assertThat( classification.getRootCause(), instanceOf( CertificateNotYetValidException.class ) );
}
@Test
public void testClassifyCertPathBuilderException()
{
LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier
.classify( new Exception( new CertPathBuilderException( "foo" ) ) );
assertThat( classification.getReason(), equalTo( ( Reason ) LdapApiReason.NO_VALID_CERTIFICATION_PATH ) );
assertThat( classification.getReasonPhrase(), equalTo( "Failed to build certification path" ) );
assertThat( classification.getRootCause(), instanceOf( CertPathBuilderException.class ) );
}
@Test
public void testClassifyCertPathValidatorException()
{
LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier.classify(
new Exception( new Exception( new Exception( new Exception(
new CertPathValidatorException( "foo", null, null, -1, BasicReason.ALGORITHM_CONSTRAINED ) ) ) ) ) );
assertThat( classification.getReason(), equalTo( ( Reason ) BasicReason.ALGORITHM_CONSTRAINED ) );
assertThat( classification.getReasonPhrase(), equalTo( "Failed to verify certification path" ) );
assertThat( classification.getRootCause(), instanceOf( CertPathValidatorException.class ) );
}
/**
* When a failure happens during certificate checking from an
* {@link X509TrustManager}, determine what TLS alert description
* to use.
*
* @param cexc The exception thrown by the {@link X509TrustManager}
*
* @return A byte value corresponding to a TLS alert description number.
*/
private static Alert getCertificateAlert(
ClientHandshakeContext chc, CertificateException cexc) {
// The specific reason for the failure will determine how to
// set the alert description value
Alert alert = Alert.CERTIFICATE_UNKNOWN;
Throwable baseCause = cexc.getCause();
if (baseCause instanceof CertPathValidatorException) {
CertPathValidatorException cpve =
(CertPathValidatorException)baseCause;
Reason reason = cpve.getReason();
if (reason == BasicReason.REVOKED) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_REVOKED;
} else if (
reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_UNKNOWN;
} else if (reason == BasicReason.ALGORITHM_CONSTRAINED) {
alert = Alert.UNSUPPORTED_CERTIFICATE;
} else if (reason == BasicReason.EXPIRED) {
alert = Alert.CERTIFICATE_EXPIRED;
} else if (reason == BasicReason.INVALID_SIGNATURE ||
reason == BasicReason.NOT_YET_VALID) {
alert = Alert.BAD_CERTIFICATE;
}
}
return alert;
}
public Reason getReason()
{
return reason;
}
public void setReason( Reason reason )
{
this.reason = reason;
}