Exemple #1
0
  public void checkServerTrusted(X509Certificate[] certs, String authType)
      throws CertificateException {
    // verify the cert chain
    verify(certs, authType);

    final TrustEngine[] engines = getTrustEngines();
    Certificate foundCert = null;
    for (int i = 0; i < engines.length; i++) {
      try {
        foundCert = engines[i].findTrustAnchor(certs);
        if (null != foundCert) return; // cert chain is trust
      } catch (final IOException e) {
        final CertificateException ce =
            new ECFCertificateException(
                "Error occurs when finding trust anchor in the cert chain",
                certs,
                authType); //$NON-NLS-1$
        ce.initCause(ce);
        throw ce;
      }
    }
    if (null == foundCert)
      throw new ECFCertificateException(
          "Valid cert chain, but no trust certificate found!", certs, authType); // $NON-NLS-1$
  }
Exemple #2
0
 private void verify(X509Certificate[] certs, String authType) throws CertificateException {
   final int len = certs.length;
   for (int i = 0; i < len; i++) {
     final X509Certificate currentX509Cert = certs[i];
     try {
       if (i == len - 1) {
         if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN()))
           currentX509Cert.verify(currentX509Cert.getPublicKey());
       } else {
         final X509Certificate nextX509Cert = certs[i + 1];
         currentX509Cert.verify(nextX509Cert.getPublicKey());
       }
     } catch (final Exception e) {
       final CertificateException ce =
           new ECFCertificateException(
               "Certificate chain is not valid", certs, authType); // $NON-NLS-1$
       ce.initCause(e);
       throw ce;
     }
   }
 }