java.security.cert.CertPathValidatorException#getCause()源码实例Demo

下面列出了java.security.cert.CertPathValidatorException#getCause() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。

源代码1 项目: RipplePower   文件: RFC3280CertPathUtilities.java
protected static void prepareNextCertO(
    CertPath certPath,
    int index,
    Set criticalExtensions,
    List pathCheckers)
    throws CertPathValidatorException
{
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate)certs.get(index);
    //
    // (o)
    //

    Iterator tmpIter;
    tmpIter = pathCheckers.iterator();
    while (tmpIter.hasNext())
    {
        try
        {
            ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions);
        }
        catch (CertPathValidatorException e)
        {
            throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
        }
    }
    if (!criticalExtensions.isEmpty())
    {
        throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + criticalExtensions, null, certPath,
            index);
    }
}
 
protected static void prepareNextCertO(
    CertPath certPath,
    int index,
    Set criticalExtensions,
    List pathCheckers)
    throws CertPathValidatorException
{
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate)certs.get(index);
    //
    // (o)
    //

    Iterator tmpIter;
    tmpIter = pathCheckers.iterator();
    while (tmpIter.hasNext())
    {
        try
        {
            ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions);
        }
        catch (CertPathValidatorException e)
        {
            throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
        }
    }
    if (!criticalExtensions.isEmpty())
    {
        throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + criticalExtensions, null, certPath,
            index);
    }
}
 
/**
 * Validates a certification path consisting exclusively of
 * <code>X509Certificate</code>s using the specified
 * <code>PKIXCertPathChecker</code>s. It is assumed that the
 * <code>PKIXCertPathChecker</code>s
 * have been initialized with any input parameters they may need.
 *
 * @param cpOriginal the original X509 CertPath passed in by the user
 * @param reversedCertList the reversed X509 CertPath (as a List)
 * @param certPathCheckers the PKIXCertPathCheckers
 * @throws CertPathValidatorException if cert path does not validate
 */
static void validate(CertPath cpOriginal,
                     List<X509Certificate> reversedCertList,
                     List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    // we actually process reversedCertList, but we keep cpOriginal because
    // we need to return the original certPath when we throw an exception.
    // we will also need to modify the index appropriately when we
    // throw an exception.

    int cpSize = reversedCertList.size();

    if (debug != null) {
        debug.println("--------------------------------------------------"
              + "------------");
        debug.println("Executing PKIX certification path validation "
              + "algorithm.");
    }

    for (int i = 0; i < cpSize; i++) {

        /* The basic loop algorithm is that we get the
         * current certificate, we verify the current certificate using
         * information from the previous certificate and from the state,
         * and we modify the state for the next loop by setting the
         * current certificate of this loop to be the previous certificate
         * of the next loop. The state is initialized during first loop.
         */
        if (debug != null)
            debug.println("Checking cert" + (i+1) + " ...");

        X509Certificate currCert = reversedCertList.get(i);
        Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
        if (unresCritExts == null) {
            unresCritExts = Collections.<String>emptySet();
        }

        if (debug != null && !unresCritExts.isEmpty()) {
            debug.println("Set of critical extensions:");
            for (String oid : unresCritExts) {
                debug.println(oid);
            }
        }

        for (int j = 0; j < certPathCheckers.size(); j++) {

            PKIXCertPathChecker currChecker = certPathCheckers.get(j);
            if (debug != null) {
                debug.println("-Using checker" + (j + 1) + " ... [" +
                    currChecker.getClass().getName() + "]");
            }

            if (i == 0)
                currChecker.init(false);

            try {
                currChecker.check(currCert, unresCritExts);

                if (debug != null) {
                    debug.println("-checker" + (j + 1) +
                        " validation succeeded");
                }

            } catch (CertPathValidatorException cpve) {
                throw new CertPathValidatorException(cpve.getMessage(),
                    cpve.getCause(), cpOriginal, cpSize - (i + 1),
                    cpve.getReason());
            }
        }

        if (!unresCritExts.isEmpty()) {
            throw new CertPathValidatorException("unrecognized " +
                "critical extension(s)", null, cpOriginal, cpSize-(i+1),
                PKIXReason.UNRECOGNIZED_CRIT_EXT);
        }

        if (debug != null)
            debug.println("\ncert" + (i+1) + " validation succeeded.\n");
    }

    if (debug != null) {
        debug.println("Cert path validation succeeded. (PKIX validation "
                      + "algorithm)");
        debug.println("-------------------------------------------------"
                      + "-------------");
    }
}
 
源代码4 项目: openjdk-8   文件: PKIXMasterCertPathValidator.java
/**
 * Validates a certification path consisting exclusively of
 * <code>X509Certificate</code>s using the specified
 * <code>PKIXCertPathChecker</code>s. It is assumed that the
 * <code>PKIXCertPathChecker</code>s
 * have been initialized with any input parameters they may need.
 *
 * @param cpOriginal the original X509 CertPath passed in by the user
 * @param reversedCertList the reversed X509 CertPath (as a List)
 * @param certPathCheckers the PKIXCertPathCheckers
 * @throws CertPathValidatorException if cert path does not validate
 */
static void validate(CertPath cpOriginal,
                     List<X509Certificate> reversedCertList,
                     List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    // we actually process reversedCertList, but we keep cpOriginal because
    // we need to return the original certPath when we throw an exception.
    // we will also need to modify the index appropriately when we
    // throw an exception.

    int cpSize = reversedCertList.size();

    if (debug != null) {
        debug.println("--------------------------------------------------"
              + "------------");
        debug.println("Executing PKIX certification path validation "
              + "algorithm.");
    }

    for (int i = 0; i < cpSize; i++) {

        /* The basic loop algorithm is that we get the
         * current certificate, we verify the current certificate using
         * information from the previous certificate and from the state,
         * and we modify the state for the next loop by setting the
         * current certificate of this loop to be the previous certificate
         * of the next loop. The state is initialized during first loop.
         */
        if (debug != null)
            debug.println("Checking cert" + (i+1) + " ...");

        X509Certificate currCert = reversedCertList.get(i);
        Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
        if (unresCritExts == null) {
            unresCritExts = Collections.<String>emptySet();
        }

        if (debug != null && !unresCritExts.isEmpty()) {
            debug.println("Set of critical extensions:");
            for (String oid : unresCritExts) {
                debug.println(oid);
            }
        }

        for (int j = 0; j < certPathCheckers.size(); j++) {

            PKIXCertPathChecker currChecker = certPathCheckers.get(j);
            if (debug != null) {
                debug.println("-Using checker" + (j + 1) + " ... [" +
                    currChecker.getClass().getName() + "]");
            }

            if (i == 0)
                currChecker.init(false);

            try {
                currChecker.check(currCert, unresCritExts);

                if (debug != null) {
                    debug.println("-checker" + (j + 1) +
                        " validation succeeded");
                }

            } catch (CertPathValidatorException cpve) {
                throw new CertPathValidatorException(cpve.getMessage(),
                    cpve.getCause(), cpOriginal, cpSize - (i + 1),
                    cpve.getReason());
            }
        }

        if (!unresCritExts.isEmpty()) {
            throw new CertPathValidatorException("unrecognized " +
                "critical extension(s)", null, cpOriginal, cpSize-(i+1),
                PKIXReason.UNRECOGNIZED_CRIT_EXT);
        }

        if (debug != null)
            debug.println("\ncert" + (i+1) + " validation succeeded.\n");
    }

    if (debug != null) {
        debug.println("Cert path validation succeeded. (PKIX validation "
                      + "algorithm)");
        debug.println("-------------------------------------------------"
                      + "-------------");
    }
}