use of com.github.zhenwei.pkix.cert.CertException in project LinLong-Java by zhenwei1108.
the class ParentCertIssuedValidation method validate.
public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException {
if (workingIssuerName != null) {
if (!workingIssuerName.equals(certificate.getIssuer())) {
throw new CertPathValidationException("Certificate issue does not match parent");
}
}
if (workingPublicKey != null) {
try {
SubjectPublicKeyInfo validatingKeyInfo;
if (workingPublicKey.getAlgorithm().equals(workingAlgId)) {
validatingKeyInfo = workingPublicKey;
} else {
validatingKeyInfo = new SubjectPublicKeyInfo(workingAlgId, workingPublicKey.parsePublicKey());
}
if (!certificate.isSignatureValid(contentVerifierProvider.build(validatingKeyInfo))) {
throw new CertPathValidationException("Certificate signature not for public key in parent");
}
} catch (OperatorCreationException e) {
throw new CertPathValidationException("Unable to create verifier: " + e.getMessage(), e);
} catch (CertException e) {
throw new CertPathValidationException("Unable to validate signature: " + e.getMessage(), e);
} catch (IOException e) {
throw new CertPathValidationException("Unable to build public key: " + e.getMessage(), e);
}
}
workingIssuerName = certificate.getSubject();
workingPublicKey = certificate.getSubjectPublicKeyInfo();
if (workingAlgId != null) {
// check for inherited parameters
if (workingPublicKey.getAlgorithm().getAlgorithm().equals(workingAlgId.getAlgorithm())) {
if (!isNull(workingPublicKey.getAlgorithm().getParameters())) {
workingAlgId = workingPublicKey.getAlgorithm();
}
} else {
workingAlgId = workingPublicKey.getAlgorithm();
}
} else {
workingAlgId = workingPublicKey.getAlgorithm();
}
}
Aggregations