The ClientCertValidateCLI has been modified to display the NSS error code and error message for invalid certificates.
Pushed to master under trivial rule. -- Endi S. Dewata
>From 3253d852eb50d30f30a37800f0cf16898a038b6c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Mon, 13 Mar 2017 21:42:49 +0100 Subject: [PATCH] Troubleshooting improvement for ClientCertValidateCLI. The ClientCertValidateCLI has been modified to display the NSS error code and error message for invalid certificates. --- .../src/com/netscape/cmstools/client/ClientCertValidateCLI.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java index 22bddcf32f6be8995c9a6609500d117ba25afaba..a3f1deb365b20424e01ae1bc93bd23b9b850b75e 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java @@ -18,6 +18,7 @@ package com.netscape.cmstools.client; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -97,11 +98,13 @@ public class ClientCertValidateCLI extends CLI { CryptoManager cm = CryptoManager.getInstance(); if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) { - if (cm.isCertValid(nickname, true, cu)) { + try { + cm.verifyCertificate(nickname, true, cu); System.out.println("Valid certificate: " + nickname); return true; - } else { - System.out.println("Invalid certificate: " + nickname); + } catch (CertificateException e) { + // Invalid certificate: (<code>) <message> + System.out.println(e.getMessage()); return false; } -- 2.9.3
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
