135
136 /**
137 * Return the PKIX parameters used by this instance. An application may
138 * modify the parameters but must make sure not to perform any concurrent
139 * validations.
140 */
141 public PKIXBuilderParameters getParameters() {
142 return parameterTemplate;
143 }
144
145 X509Certificate[] engineValidate(X509Certificate[] chain,
146 Collection<X509Certificate> otherCerts, Object parameter)
147 throws CertificateException {
148 if ((chain == null) || (chain.length == 0)) {
149 throw new CertificateException
150 ("null or zero-length certificate chain");
151 }
152 if (TRY_VALIDATOR) {
153 // check if chain contains trust anchor
154 for (int i = 0; i < chain.length; i++) {
155 if (trustedCerts.contains(chain[i])) {
156 if (i == 0) {
157 return new X509Certificate[] {chain[0]};
158 }
159 // Remove and call validator
160 X509Certificate[] newChain = new X509Certificate[i];
161 System.arraycopy(chain, 0, newChain, 0, i);
162 return doValidate(newChain);
163 }
164 }
165
166 // not self issued and apparently issued by trust anchor?
167 X509Certificate last = chain[chain.length - 1];
168 X500Principal issuer = last.getIssuerX500Principal();
169 X500Principal subject = last.getSubjectX500Principal();
170 if (trustedSubjects.containsKey(issuer) && !issuer.equals(subject)
171 && isSignatureValid(trustedSubjects.get(issuer), last)) {
172 return doValidate(chain);
173 }
174
175 // don't fallback to builder if called from plugin/webstart
|
135
136 /**
137 * Return the PKIX parameters used by this instance. An application may
138 * modify the parameters but must make sure not to perform any concurrent
139 * validations.
140 */
141 public PKIXBuilderParameters getParameters() {
142 return parameterTemplate;
143 }
144
145 X509Certificate[] engineValidate(X509Certificate[] chain,
146 Collection<X509Certificate> otherCerts, Object parameter)
147 throws CertificateException {
148 if ((chain == null) || (chain.length == 0)) {
149 throw new CertificateException
150 ("null or zero-length certificate chain");
151 }
152 if (TRY_VALIDATOR) {
153 // check if chain contains trust anchor
154 for (int i = 0; i < chain.length; i++) {
155 X500Principal dn = chain[i].getSubjectX500Principal();
156 if (trustedSubjects.containsKey(dn)
157 && trustedSubjects.get(dn).getPublicKey()
158 .equals(chain[i].getPublicKey())) {
159 if (i == 0) {
160 return new X509Certificate[] {chain[0]};
161 }
162 // Remove and call validator
163 X509Certificate[] newChain = new X509Certificate[i];
164 System.arraycopy(chain, 0, newChain, 0, i);
165 return doValidate(newChain);
166 }
167 }
168
169 // not self issued and apparently issued by trust anchor?
170 X509Certificate last = chain[chain.length - 1];
171 X500Principal issuer = last.getIssuerX500Principal();
172 X500Principal subject = last.getSubjectX500Principal();
173 if (trustedSubjects.containsKey(issuer) && !issuer.equals(subject)
174 && isSignatureValid(trustedSubjects.get(issuer), last)) {
175 return doValidate(chain);
176 }
177
178 // don't fallback to builder if called from plugin/webstart
|