// Check the cert's principal against the list of given allowedPrincipals.
 // If no allowedPrincipals are given than every principal is allowed.
 // If an empty list as allowedPrincipals is given, no one is allowed to access
 private void checkCertForClientUsage(X509Certificate clientCert) {
   try {
     // We required that the extended key usage must be present if we are using
     // client cert authentication
     if (extendedClientCheck
         && (clientCert.getExtendedKeyUsage() == null
             || !clientCert.getExtendedKeyUsage().contains(CLIENTAUTH_OID))) {
       throw new SecurityException("No extended key usage available");
     }
   } catch (CertificateParsingException e) {
     throw new SecurityException("Can't parse client cert");
   }
 }
 private static boolean checkEKU(X509Certificate paramX509Certificate, String paramString)
     throws CertificateException {
   List localList = paramX509Certificate.getExtendedKeyUsage();
   if (localList == null) return true;
   return (localList.contains(paramString)) || (localList.contains("2.5.29.37.0"));
 }