/*
   * Returns the list of root certificates
   * The list of certificates we received is an array of certificates
   * we have to determine
   * 1) how many chain do we have (a chain stops when verifier of a cert is
   * not the signer of the next cert in the list
   * 2) build a cert with the leaf signer and the root verifier for each chain
   */
  public CertificatePair[] getRootCertificates() {
    if (rootCertificates == null) {
      rootCertificates = new CertificatePair[0];
      List rootCertificatesList = new ArrayList();
      if (certificates != null && certificates.size() > 0) {
        Iterator iter = certificates.iterator();
        while (iter.hasNext()) {

          Certificate[] certs = (Certificate[]) iter.next();
          if (certs != null && certs.length > 0) {

            CertificatePair pair = new CertificatePair();
            pair.setIssuer(certs[0]);

            for (int i = 0; i < certs.length - 1; i++) {
              X509Certificate x509certRoot = (X509Certificate) certs[i];
              X509Certificate x509certIssuer = (X509Certificate) certs[i + 1];
              if (!x509certRoot.getIssuerDN().equals(x509certIssuer.getSubjectDN())) {
                pair.setRoot(x509certRoot);
                if (!rootCertificatesList.contains(pair)) {
                  rootCertificatesList.add(pair);
                }
                pair = new CertificatePair();
                pair.setIssuer(x509certIssuer);
              }
            }

            // add the latest one
            if (pair != null) {
              pair.setRoot(certs[certs.length - 1]);
              if (!rootCertificatesList.contains(pair)) {
                rootCertificatesList.add(pair);
              }
            }
          }
        }
      }

      if (rootCertificatesList.size() > 0) {
        rootCertificates = new CertificatePair[rootCertificatesList.size()];
        rootCertificatesList.toArray(rootCertificates);
      }
    }
    return rootCertificates;
  }
示例#2
0
  /**
   * Checks certification path by IssuerX500Principal keyed in CAroot<br>
   * <br>
   * Risale il certification path attraverso IssuerX500Principal chiave in CAroot
   *
   * @return true: if certification path is valid
   */
  public boolean getPathValid() {
    isPathValid = true;
    X509Certificate certChild = cert;
    X509Certificate certParent = null;
    while (!certChild.getIssuerDN().equals(certChild.getSubjectDN())) {
      // finche' la CA non è autofirmata

      try {
        certParent = CAroot.getCACertificate(certChild.getIssuerX500Principal());
      } catch (GeneralSecurityException ex) {
        // la CA non è presente nella root
        isPathValid = false;
        return isPathValid;
      }
      certChild = certParent;
    }
    ;

    return isPathValid;
  }
  /*
   * Initializes the signerInfo and the VerifierInfo from the Certificate Pair
   */
  private void initializeCertificates() {
    X509Certificate certRoot = null;
    X509Certificate certIssuer = null;
    CertificatePair trustedCertificate;
    if (getFoundCertificate() == null) {
      CertificatePair[] certs = getRootCertificates();
      if (certs.length == 0) return;
      trustedCertificate = certs[0];
    } else {
      trustedCertificate = getFoundCertificate();
    }
    certRoot = (X509Certificate) trustedCertificate.getRoot();
    certIssuer = (X509Certificate) trustedCertificate.getIssuer();

    StringBuffer strb = new StringBuffer();
    strb.append(issuerString(certIssuer.getSubjectDN()));
    strb.append("\r\n"); // $NON-NLS-1$
    strb.append(
        NLS.bind(
            Messages.JarVerificationResult_ValidBetween,
            (new String[] {
              dateString(certIssuer.getNotBefore()), dateString(certIssuer.getNotAfter())
            })));
    strb.append(checkValidity(certIssuer));
    signerInfo = strb.toString();
    if (certIssuer != null && !certIssuer.equals(certRoot)) {
      strb = new StringBuffer();
      strb.append(issuerString(certIssuer.getIssuerDN()));
      strb.append("\r\n"); // $NON-NLS-1$
      strb.append(
          NLS.bind(
              Messages.JarVerificationResult_ValidBetween,
              (new String[] {
                dateString(certRoot.getNotBefore()), dateString(certRoot.getNotAfter())
              })));
      strb.append(checkValidity(certRoot));
      verifierInfo = strb.toString();
    }
  }