Beispiel #1
0
  public void checkServerTrusted(X509Certificate[] certs, String authType)
      throws CertificateException {
    // verify the cert chain
    verify(certs, authType);

    final TrustEngine[] engines = getTrustEngines();
    Certificate foundCert = null;
    for (int i = 0; i < engines.length; i++) {
      try {
        foundCert = engines[i].findTrustAnchor(certs);
        if (null != foundCert) return; // cert chain is trust
      } catch (final IOException e) {
        final CertificateException ce =
            new ECFCertificateException(
                "Error occurs when finding trust anchor in the cert chain",
                certs,
                authType); //$NON-NLS-1$
        ce.initCause(ce);
        throw ce;
      }
    }
    if (null == foundCert)
      throw new ECFCertificateException(
          "Valid cert chain, but no trust certificate found!", certs, authType); // $NON-NLS-1$
  }
Beispiel #2
0
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     tm.checkServerTrusted(chain, authType);
   } catch (CertificateException e) {
     Object[] answer = {"Proceed", "Exit"};
     int ret =
         JOptionPane.showOptionDialog(
             null,
             e.getCause().getLocalizedMessage() + "\n" + "Continue connecting to this host?",
             "Confirm certificate exception?",
             JOptionPane.YES_NO_OPTION,
             JOptionPane.WARNING_MESSAGE,
             null,
             answer,
             answer[0]);
     if (ret == JOptionPane.NO_OPTION) System.exit(1);
   } catch (java.lang.Exception e) {
     throw new Exception(e.toString());
   }
 }
Beispiel #3
0
 private void verify(X509Certificate[] certs, String authType) throws CertificateException {
   final int len = certs.length;
   for (int i = 0; i < len; i++) {
     final X509Certificate currentX509Cert = certs[i];
     try {
       if (i == len - 1) {
         if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN()))
           currentX509Cert.verify(currentX509Cert.getPublicKey());
       } else {
         final X509Certificate nextX509Cert = certs[i + 1];
         currentX509Cert.verify(nextX509Cert.getPublicKey());
       }
     } catch (final Exception e) {
       final CertificateException ce =
           new ECFCertificateException(
               "Certificate chain is not valid", certs, authType); // $NON-NLS-1$
       ce.initCause(e);
       throw ce;
     }
   }
 }