001: /*
002: *
003: *
004: * Copyright 1990-2007 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: */
026:
027: package javax.microedition.pki;
028:
029: import javax.microedition.pki.Certificate;
030:
031: import java.lang.String;
032:
033: /**
034: * The <CODE>CertificateException</CODE> encapsulates an error that
035: * occurred while a <CODE>Certificate</CODE> is being used. If multiple errors
036: * are found within a <CODE>Certificate</CODE> the more significant error
037: * should be reported in the exception.
038: */
039: public class CertificateException extends java.io.IOException {
040:
041: /** The reason code for this exception */
042: private byte reason;
043:
044: /**
045: * The certificate that caused the exception
046: */
047: private Certificate cert;
048:
049: /**
050: * Indicates a certificate has unrecognized critical extensions.
051: * The value is 1.
052: */
053: public static final byte BAD_EXTENSIONS = 1;
054:
055: /**
056: * Indicates the server certificate chain exceeds the length allowed
057: * by an issuer's policy.
058: * The value is 2.
059: */
060: public static final byte CERTIFICATE_CHAIN_TOO_LONG = 2;
061:
062: /**
063: * Indicates a certificate is expired.
064: * The value is 3.
065: */
066: public static final byte EXPIRED = 3;
067:
068: /**
069: * Indicates an intermediate certificate in the chain does not have the
070: * authority to be a intermediate CA. The value is 4.
071: */
072: public static final byte UNAUTHORIZED_INTERMEDIATE_CA = 4;
073:
074: /**
075: * Indicates a certificate object does not contain a signature.
076: * The value is 5.
077: */
078: public static final byte MISSING_SIGNATURE = 5;
079:
080: /**
081: * Indicates a certificate is not yet valid.
082: * The value is 6.
083: */
084: public static final byte NOT_YET_VALID = 6;
085:
086: /**
087: * Indicates a certificate does not contain the correct site name.
088: * The value is 7.
089: */
090: public static final byte SITENAME_MISMATCH = 7;
091:
092: /**
093: * Indicates a certificate was issued by an unrecognized entity.
094: * The value is 8.
095: */
096: public static final byte UNRECOGNIZED_ISSUER = 8;
097:
098: /**
099: * Indicates a certificate was signed using an unsupported algorithm.
100: * The value is 9.
101: */
102: public static final byte UNSUPPORTED_SIGALG = 9;
103:
104: /**
105: * Indicates a certificate public key has been used in way deemed
106: * inappropriate by the issuer. The value is 10.
107: */
108: public static final byte INAPPROPRIATE_KEY_USAGE = 10;
109:
110: /**
111: * Indicates a certificate in a chain was not issued by the next
112: * authority in the chain. The value is 11.
113: */
114: public static final byte BROKEN_CHAIN = 11;
115:
116: /**
117: * Indicates the root CA's public key is expired. The value is 12.
118: */
119: public static final byte ROOT_CA_EXPIRED = 12;
120:
121: /**
122: * Indicates that type of the public key in a certificate is not
123: * supported by the device. The value is 13.
124: */
125: public static final byte UNSUPPORTED_PUBLIC_KEY_TYPE = 13;
126:
127: /**
128: * Indicates a certificate failed verification.
129: * The value is 14.
130: */
131: public static final byte VERIFICATION_FAILED = 14;
132:
133: /**
134: * Create a new exception with a <CODE>Certificate</CODE>
135: * and specific error reason. The descriptive message for the new exception
136: * will be automatically provided, based on the reason.
137: * @param certificate the certificate that caused the exception
138: * @param status the reason for the exception;
139: * the status MUST be between BAD_EXTENSIONS and VERIFICATION_FAILED
140: * inclusive.
141: */
142: public CertificateException(Certificate certificate, byte status) {
143: super (getMessageForReason(status));
144: cert = certificate;
145: reason = status;
146: }
147:
148: /**
149: * Create a new exception with a message, <CODE>Certificate</CODE>,
150: * and specific error reason.
151: * @param message a descriptive message
152: * @param certificate the certificate that caused the exception
153: * @param status the reason for the exception;
154: * the status MUST be between BAD_EXTENSIONS and VERIFICATION_FAILED
155: * inclusive.
156: */
157: public CertificateException(String message,
158: Certificate certificate, byte status) {
159: super (message);
160: cert = certificate;
161: reason = status;
162: }
163:
164: /**
165: * Get the <CODE>Certificate</CODE> that caused the exception.
166: * @return the <CODE>Certificate</CODE> that included the failure.
167: */
168: public Certificate getCertificate() {
169: return cert;
170: }
171:
172: /**
173: * Get the reason code.
174: * @return the reason code
175: */
176: public byte getReason() {
177: return reason;
178: }
179:
180: // package private methods //
181:
182: /**
183: * Gets the exception message for a reason.
184: *
185: * @param reason reason code
186: *
187: * @return exception message
188: */
189: static String getMessageForReason(int reason) {
190: switch (reason) {
191: case BAD_EXTENSIONS:
192: return "Certificate has unrecognized critical extensions";
193:
194: case CERTIFICATE_CHAIN_TOO_LONG:
195: return "Server certificate chain exceeds the length allowed "
196: + "by an issuer's policy";
197:
198: case EXPIRED:
199: return "Certificate is expired";
200:
201: case UNAUTHORIZED_INTERMEDIATE_CA:
202: return "Intermediate certificate in the chain does not have the "
203: + "authority to be an intermediate CA";
204:
205: case MISSING_SIGNATURE:
206: return "Certificate object does not contain a signature";
207:
208: case NOT_YET_VALID:
209: return "Certificate is not yet valid";
210:
211: case SITENAME_MISMATCH:
212: return "Certificate does not contain the correct site name";
213:
214: case UNRECOGNIZED_ISSUER:
215: return "Certificate was issued by an unrecognized entity";
216:
217: case UNSUPPORTED_SIGALG:
218: return "Certificate was signed using an unsupported algorithm";
219:
220: case INAPPROPRIATE_KEY_USAGE:
221: return "Certificate's public key has been used in a way deemed "
222: + "inappropriate by the issuer";
223:
224: case BROKEN_CHAIN:
225: return "Certificate in a chain was not issued by the next "
226: + "authority in the chain";
227:
228: case ROOT_CA_EXPIRED:
229: return "Root CA's public key is expired";
230:
231: case UNSUPPORTED_PUBLIC_KEY_TYPE:
232: return "Certificate has a public key that is not a "
233: + "supported type";
234:
235: case VERIFICATION_FAILED:
236: return "Certificate failed verification";
237: }
238:
239: return "Unknown reason (" + reason + ")";
240: }
241: }
|