} catch (Throwable t2) { logger.debug("Failed to generate a self-signed X.509 certificate using Bouncy Castle:", t2); throw new CertificateException( "No provider succeeded to generate a self-signed certificate. " + "See debug log for the root cause.", t2); FileInputStream certificateInput = null; try { certificateInput = new FileInputStream(certificate); cert = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(certificateInput); } catch (Exception e) { throw new CertificateEncodingException(e); if (certificateInput != null) { try { certificateInput.close(); } catch (IOException e) { if (logger.isWarnEnabled()) {
private KeyStore initKeyStore(String keystoreFile, String keyPass) throws IOException { java.io.InputStream istream = null; KeyStore kstore; try { kstore = KeyStore.getInstance("JKS"); istream = new FileInputStream(keystoreFile); kstore.load(istream, keyPass.toCharArray()); return kstore; } catch (KeyStoreException e) { throw new IOException(e.getMessage()); } catch (NoSuchAlgorithmException e) { throw new IOException(e.getMessage()); } catch (CertificateException e) { throw new IOException(e.getMessage()); } }
/** * 获得双向认证所需的参数 * @param bks bks证书的输入流 * @param keystorePass 秘钥 * @return KeyManager[]对象 */ public static KeyManager[] getKeyManagers(InputStream bks, String keystorePass) { KeyStore clientKeyStore = null; try { clientKeyStore = KeyStore.getInstance("BKS"); clientKeyStore.load(bks, keystorePass.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, keystorePass.toCharArray()); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); return keyManagers; } catch (KeyStoreException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } return null; } }
private void writeCertificateFile() throws CertificateException { java.io.OutputStream keyStoreStream = null; try { keyStoreStream = new java.io.FileOutputStream(keyStoreFile); keyStore.store(keyStoreStream, "".toCharArray()); } catch (FileNotFoundException e) { throw new CertificateException("Unable to write KeyStore: " + e.getMessage()); } catch (CertificateException e) { throw new CertificateException("Unable to write KeyStore: " + e.getMessage()); } catch (IOException e) { throw new CertificateException("Unable to write KeyStore: " + e.getMessage()); } catch (NoSuchAlgorithmException e) { throw new CertificateException("Unable to write KeyStore: " + e.getMessage()); } catch (KeyStoreException e) { throw new CertificateException("Unable to write KeyStore: " + e.getMessage()); } finally { IOUtils.closeQuietly(keyStoreStream); } }
public String[] getAliases() throws IOException, GeneralSecurityException { List<String> returnList = new ArrayList<String>(); try { KeyStore store = getKeyStore(); synchronized (store) { for (Enumeration<String> aliases = store.aliases(); aliases.hasMoreElements();) { String currentAlias = aliases.nextElement(); if (store.isCertificateEntry(currentAlias)) { returnList.add(currentAlias); } } } } catch (KeyStoreException ke) { throw (CertificateException) new CertificateException(ke.getMessage()).initCause(ke); } return returnList.toArray(new String[] {}); }
public static void main(String[] args) { try { final KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream(args[0]), args[1].toCharArray()); final Enumeration<String> aliases = ks.aliases(); while(aliases.hasMoreElements()) { final String alias = aliases.nextElement(); final X509Certificate c = (X509Certificate) ks.getCertificate(alias); System.out.println(" - Version : " + c.getVersion()); System.out.println(" - Serial number : " + c.getSerialNumber().toString(16)); System.out.println(" - Subjetc DN : " + c.getSubjectDN()); System.out.println(" - Issuer DN : " + c.getIssuerDN()); System.out.println(" - Valide from : " + c.getNotBefore()); e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (FileNotFoundException e) { e.printStackTrace();
Constructor<?> c = Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class); String pkcs11Config = "name = SmartCard\nlibrary = " + config.getPKCS11Library(); ByteArrayInputStream config = new ByteArrayInputStream(pkcs11Config.getBytes(StringUtils.UTF8)); Provider p = (Provider) c.newInstance(config); Security.addProvider(p); ks = KeyStore.getInstance("PKCS11",p); pcb = new PasswordCallback("PKCS11 Password: ",false); callbackHandler.handle(new Callback[] {pcb}); ks.load(null,pcb.getPassword()); ks = KeyStore.getInstance("KeychainStore","Apple"); ks.load(null,null); pcb = new PasswordCallback("Keystore Password: ", false); callbackHandler.handle(new Callback[] { pcb }); ks.load(new FileInputStream(keystorePath), pcb.getPassword()); throw new IllegalStateException("No HostnameVerifier set. Use connectionConfiguration.setHostnameVerifier() to configure."); } else if (!verifier.verify(getXMPPServiceDomain().toString(), sslSocket.getSession())) { throw new CertificateException("Hostname verification of certificate failed. Certificate does not authenticate " + getXMPPServiceDomain());
static ByteBuf[] readCertificates(File file) throws CertificateException { try { InputStream in = new FileInputStream(file); try { return readCertificates(in); } finally { safeClose(in); } } catch (FileNotFoundException e) { throw new CertificateException("could not find certificate file: " + file); } }
private Certificate decodeCertificate( DataInputStream dIn) throws IOException { String type = dIn.readUTF(); byte[] cEnc = new byte[dIn.readInt()]; dIn.readFully(cEnc); try { CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME); ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc); return cFact.generateCertificate(bIn); } catch (NoSuchProviderException ex) { throw new IOException(ex.toString()); } catch (CertificateException ex) { throw new IOException(ex.toString()); } }
throw new CertificateException( "signature verification failed of " + peerIdentities); throw new CertificateException( "subject/issuer verification failed of " + peerIdentities); throw new CertificateException( "signature verification failed of " + peerIdentities); throw new CertificateException( "signature verification failed of " + peerIdentities); Log.error(e.getMessage(), e); throw new CertificateException("root certificate not trusted of " + peerIdentities); throw new CertificateException("invalid date of " + peerIdentities); X509Certificate trustedCert = cpvResult.getTrustAnchor().getTrustedCert(); if(trustedCert == null) { throw new CertificateException("certificate path failed: Trusted CA is NULL"); throw new CertificateException("certificate path failed: "+e.getMessage()); } catch(Exception e) { Log.debug("ClientTrustManager:",e); throw new CertificateException("unexpected error: "+e.getMessage());
try first.checkValidity(); Log.warn( "EE Certificate not valid: " + e.getMessage() ); return null; if ( chain.length == 1 && first.getSubjectX500Principal().equals( first.getIssuerX500Principal() ) ) if ( store.getCertificateAlias( first ) != null ) for ( Enumeration<String> aliases = store.aliases(); aliases.hasMoreElements(); ) String alias = aliases.nextElement(); if ( store.isCertificateEntry( alias ) ) X509Certificate cert = (X509Certificate) store.getCertificate( alias );
private static KeyStore initializeKeyStore(String caCertificatePem) throws CertificateException { try { PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(caCertificatePem.getBytes()))); X509Certificate certificate = (X509Certificate) reader.readObject(); if (certificate == null) { throw new CertificateException("No certificate found in parsing!"); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); keyStore.setCertificateEntry("ca", certificate); return keyStore; } catch (IOException | KeyStoreException ex) { throw new CertificateException(ex); } catch (NoSuchAlgorithmException ex) { throw new AssertionError(ex); } }
public static RSAPublicKey parseRSAPublicKey(String pem) throws CertificateException, UnsupportedEncodingException { String PEM_HEADER = "-----BEGIN CERTIFICATE-----\n"; String PEM_FOOTER = "\n-----END CERTIFICATE-----"; String fullPem = (pem.startsWith(PEM_HEADER) && pem.endsWith(PEM_FOOTER)) ? pem : PEM_HEADER + pem + PEM_FOOTER; PublicKey key = null; try { CertificateFactory fact = CertificateFactory.getInstance("X.509"); ByteArrayInputStream is = new ByteArrayInputStream(fullPem.getBytes(StandardCharsets.UTF_8)); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); key = cer.getPublicKey(); } catch (CertificateException ce) { String message = null; if (pem.startsWith(PEM_HEADER)) { message = "CertificateException - be sure not to include PEM header " + "and footer in the PEM configuration element."; } else { message = "CertificateException - PEM may be corrupt"; } throw new CertificateException(message, ce); } return (RSAPublicKey) key; } }
private void checkTrustStoreEntries(KeyStore trustStore) throws Exception { Enumeration<String> aliases = trustStore.aliases(); if (aliases != null) { Date now = new Date(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (trustStore.isCertificateEntry(alias)) { Certificate cert = trustStore.getCertificate(alias); if (cert instanceof X509Certificate) { try { ((X509Certificate) cert).checkValidity(now); } catch (CertificateExpiredException | CertificateNotYetValidException e) { String msg = sm.getString("jsseUtil.trustedCertNotValid", alias, ((X509Certificate) cert).getSubjectDN(), e.getMessage()); if (log.isDebugEnabled()) { log.debug(msg, e); } else { log.warn(msg); } } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("jsseUtil.trustedCertNotChecked", alias)); } } } } } }
try { boolean certTrusted = false; Enumeration<String> aliases = this.localTrustStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); Certificate cert = this.localTrustStore .getCertificate(alias); if (chain[0].equals(cert)) { certTrusted = true; break; this.localTrustStore.setCertificateEntry(UUID.randomUUID() .toString(), chain[0]); } else { throw new CertificateException(kse);
public X509Certificate getAuthCert() { if (authCertData == null) return null; try { CertificateFactory factory = CertificateFactory.getInstance("X.509"); return (X509Certificate) factory.generateCertificate( new ByteArrayInputStream(authCertData)); } catch (CertificateException e) { Log.e("ServerConfigData", "Failed to load cert data"); e.printStackTrace(); } return null; }
/** * validates all aliases inside of a given keystore * * @param keyStore the keystore to validate * @throws CertificateException if keystore error and unable to validate */ public void validate( KeyStore keyStore ) throws CertificateException { try { Enumeration<String> aliases = keyStore.aliases(); for ( ; aliases.hasMoreElements(); ) { String alias = aliases.nextElement(); validate(keyStore,alias); } } catch ( KeyStoreException kse ) { throw new CertificateException("Unable to retrieve aliases from keystore", kse); } }
String white = option.getCheckCNWhiteFile(); white = custom.getFullPath(white); fis = new FileInputStream(white); reader = new InputStreamReader(fis, StandardCharsets.UTF_8); char[] buffer = new char[WHITE_SIZE]; throw new CertificateException( "CN does not match white. no white file."); } catch (IOException e) { throw new CertificateException( "CN does not match white. can not read file."); } finally { fis.close(); throw new CertificateException("CN does not match white.");
static X509Certificate x509Certificate(CertificateFactory factory, byte[] bytes) throws CertificateException { Certificate certificate = factory.generateCertificate(new ByteArrayInputStream(bytes)); if (certificate instanceof X509Certificate) { return (X509Certificate) certificate; } else { throw new CertificateException("Not an X509Certificate: " + certificate); } }
/** * Verifies certs against public key of the local syncthing instance */ @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { InputStream is = null; try { is = new FileInputStream(mHttpsCertPath); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate ca = (X509Certificate) cf.generateCertificate(is); for (X509Certificate cert : certs) { cert.verify(ca.getPublicKey()); } } catch (FileNotFoundException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) { throw new CertificateException("Untrusted Certificate!", e); } finally { try { if (is != null) is.close(); } catch (IOException e) { Log.w(TAG, e); } } } public X509Certificate[] getAcceptedIssuers() {