// Check the cert's principal against the list of given allowedPrincipals.
// If no allowedPrincipals are given than every principal is allowed.
// If an empty list as allowedPrincipals is given, no one is allowed to access
private void checkCertForClientUsage(X509Certificate clientCert) {
try {
// We required that the extended key usage must be present if we are using
// client cert authentication
if (extendedClientCheck
&& (clientCert.getExtendedKeyUsage() == null
|| !clientCert.getExtendedKeyUsage().contains(CLIENTAUTH_OID))) {
throw new SecurityException("No extended key usage available");
}
} catch (CertificateParsingException e) {
throw new SecurityException("Can't parse client cert");
}
}
private static boolean checkEKU(X509Certificate paramX509Certificate, String paramString)
throws CertificateException {
List localList = paramX509Certificate.getExtendedKeyUsage();
if (localList == null) return true;
return (localList.contains(paramString)) || (localList.contains("2.5.29.37.0"));
}