public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { // verify the cert chain verify(certs, authType); final TrustEngine[] engines = getTrustEngines(); Certificate foundCert = null; for (int i = 0; i < engines.length; i++) { try { foundCert = engines[i].findTrustAnchor(certs); if (null != foundCert) return; // cert chain is trust } catch (final IOException e) { final CertificateException ce = new ECFCertificateException( "Error occurs when finding trust anchor in the cert chain", certs, authType); //$NON-NLS-1$ ce.initCause(ce); throw ce; } } if (null == foundCert) throw new ECFCertificateException( "Valid cert chain, but no trust certificate found!", certs, authType); // $NON-NLS-1$ }
private void verify(X509Certificate[] certs, String authType) throws CertificateException { final int len = certs.length; for (int i = 0; i < len; i++) { final X509Certificate currentX509Cert = certs[i]; try { if (i == len - 1) { if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN())) currentX509Cert.verify(currentX509Cert.getPublicKey()); } else { final X509Certificate nextX509Cert = certs[i + 1]; currentX509Cert.verify(nextX509Cert.getPublicKey()); } } catch (final Exception e) { final CertificateException ce = new ECFCertificateException( "Certificate chain is not valid", certs, authType); // $NON-NLS-1$ ce.initCause(e); throw ce; } } }