public void checkServerTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
// verify the cert chain
verify(certs, authType);
final TrustEngine[] engines = getTrustEngines();
Certificate foundCert = null;
for (int i = 0; i < engines.length; i++) {
try {
foundCert = engines[i].findTrustAnchor(certs);
if (null != foundCert) return; // cert chain is trust
} catch (final IOException e) {
final CertificateException ce =
new ECFCertificateException(
"Error occurs when finding trust anchor in the cert chain",
certs,
authType); //$NON-NLS-1$
ce.initCause(ce);
throw ce;
}
}
if (null == foundCert)
throw new ECFCertificateException(
"Valid cert chain, but no trust certificate found!", certs, authType); // $NON-NLS-1$
}
private void verify(X509Certificate[] certs, String authType) throws CertificateException {
final int len = certs.length;
for (int i = 0; i < len; i++) {
final X509Certificate currentX509Cert = certs[i];
try {
if (i == len - 1) {
if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN()))
currentX509Cert.verify(currentX509Cert.getPublicKey());
} else {
final X509Certificate nextX509Cert = certs[i + 1];
currentX509Cert.verify(nextX509Cert.getPublicKey());
}
} catch (final Exception e) {
final CertificateException ce =
new ECFCertificateException(
"Certificate chain is not valid", certs, authType); // $NON-NLS-1$
ce.initCause(e);
throw ce;
}
}
}
