public final class TrustedCertPathFinder
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
private static org.apache.commons.logging.Log |
logger |
Modifier | Constructor and Description |
---|---|
private |
TrustedCertPathFinder() |
Modifier and Type | Method and Description |
---|---|
private static java.security.cert.X509Certificate |
checkCertificate(java.util.List<java.security.cert.X509Certificate> trustedCertPath,
java.security.cert.X509Certificate x509Certificate,
java.security.cert.Certificate issuerCertificate) |
static java.security.cert.CertPath |
findTrustedCertPath(java.security.KeyStore keyStore,
java.security.cert.CertPath certPath)
Method that validates the provided cert path to find a trusted certificate in the certificate store.
|
private static java.security.cert.CertPath |
isTrustedCert(java.security.KeyStore keyStore,
java.security.cert.X509Certificate x509Certificate,
java.util.List<java.security.cert.X509Certificate> trustedCertPath) |
private static java.security.cert.CertPath isTrustedCert(java.security.KeyStore keyStore, java.security.cert.X509Certificate x509Certificate, java.util.List<java.security.cert.X509Certificate> trustedCertPath) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
public static java.security.cert.CertPath findTrustedCertPath(java.security.KeyStore keyStore, java.security.cert.CertPath certPath) throws java.security.cert.CertPathValidatorException
For each certificate i in certPath, it is expected that the i+1 certificate is the issuer of the certificate path. See CertPath.
For each certificate i in certpath, validate signature of certificate i get issuer of certificate i get certificate i+i ensure that the certificate i+1 is issuer of certificate i If not, throw an exception for illegal argument validate signature of i+1 Throw exception if it does not validate check if i+1 is a trusted certificate in the trust store. If so return certpath until i+1 If not, continue; If all certificates in the certpath have been checked and none exisits in trust store, check if trust store has certificate of issuer of last certificate in CertPath. If so, return certPath + trusted certificate from trust store If not, throw an exception for lack of valid trust root.
keyStore
- The key store containing CA trust root certificatescertPath
- The certpath from which to extract a valid cert path to a trusted certificate.java.security.cert.CertPathValidatorException
- If the CertPath is invalid.private static java.security.cert.X509Certificate checkCertificate(java.util.List<java.security.cert.X509Certificate> trustedCertPath, java.security.cert.X509Certificate x509Certificate, java.security.cert.Certificate issuerCertificate) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException