From 3253d852eb50d30f30a37800f0cf16898a038b6c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 13 Mar 2017 21:42:49 +0100
Subject: Troubleshooting improvement for ClientCertValidateCLI.

The ClientCertValidateCLI has been modified to display the NSS
error code and error message for invalid certificates.
---
 .../src/com/netscape/cmstools/client/ClientCertValidateCLI.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'base/java-tools/src')

diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java
index 22bddcf32..a3f1deb36 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertValidateCLI.java
@@ -18,6 +18,7 @@
 
 package com.netscape.cmstools.client;
 
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -97,11 +98,13 @@ public class ClientCertValidateCLI extends CLI {
 
         CryptoManager cm = CryptoManager.getInstance();
         if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) {
-            if (cm.isCertValid(nickname, true, cu)) {
+            try {
+                cm.verifyCertificate(nickname, true, cu);
                 System.out.println("Valid certificate: " + nickname);
                 return true;
-            } else {
-                System.out.println("Invalid certificate: " + nickname);
+            } catch (CertificateException e) {
+                // Invalid certificate: (<code>) <message>
+                System.out.println(e.getMessage());
                 return false;
             }
 
-- 
cgit