ENT-1663 - Inclusion of the cert path and root cert in the exception message when cert path validation fails. (#2890)

Also, added check to node startup that --initial-registration cannot occur in devMode
2025-06-13 04:38:19 +00:00 · 2018-03-28 15:18:50 +01:00
parent 6c9a39ae44
commit 768dd32417
5 changed files with 31 additions and 15 deletions
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt
@ -104,7 +104,18 @@ object X509Utilities {
    fun validateCertPath(trustedRoot: X509Certificate, certPath: CertPath) {
        val params = PKIXParameters(setOf(TrustAnchor(trustedRoot, null)))
        params.isRevocationEnabled = false
-        CertPathValidator.getInstance("PKIX").validate(certPath, params)
+        try {
+            CertPathValidator.getInstance("PKIX").validate(certPath, params)
+        } catch (e: CertPathValidatorException) {
+            throw CertPathValidatorException(
+                    """Cert path failed to validate against root certificate.
+Reason: ${e.reason}
+Offending cert index: ${e.index}
+Cert path: $certPath
+
+Root certificate:
+$trustedRoot""", e, certPath, e.index)
+        }
    }

    /**