Download - Svetlin Nakov
Download - Svetlin Nakov
Download - Svetlin Nakov
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
private void verifyReceivedCertificate()<br />
throws IOException, GeneralSecurityException {<br />
// Create the list of the trusted certificates for direct validation<br />
X509Certificate[] trustedCertificates =<br />
getCertificateList(mApplicationContext,CERTS_FOR_DIRECT_VALIDATION_DIR);<br />
}<br />
// Verify the certificate and display the verification results<br />
mOut.println("Certificate direct verification status: ");<br />
try {<br />
DigitalSignatureUtils.verifyCertificate(<br />
mCertificate, trustedCertificates);<br />
mOut.println("Certificate is verified to be VALID.");<br />
} catch (CertificateExpiredException cee) {<br />
mOut.println("Certificate is INVALID (validity period expired)!");<br />
} catch (CertificateNotYetValidException cnyve) {<br />
mOut.println("Certificate is INVALID (validity period not started)!");<br />
} catch (DigitalSignatureUtils.CertificateValidationException cve) {<br />
mOut.println("Certificate is INVALID! " + cve.getMessage());<br />
}<br />
mOut.println("");<br />
/**<br />
* Verifies received certification chain and displays the verification results.<br />
* The chain for verification is taken form mCertPath member variable. Trusted<br />
* CA root certificates are taken from the TRUSTED_CA_ROOT_CERTS_DIR directory.<br />
* This directory should be relative to the Web application root directory and<br />
* should contain only .CER files (DER-encoded X.509 certificates).<br />
*/<br />
private void verifyReceivedCertificationChain()<br />
throws IOException, GeneralSecurityException {<br />
// Create the most trusted CA set of trust anchors<br />
X509Certificate[] trustedCACerts =<br />
getCertificateList(mApplicationContext, TRUSTED_CA_ROOT_CERTS_DIR);<br />
}<br />
// Verify the certification chain and display the verification results<br />
mOut.println("Certification chain verification: ");<br />
try {<br />
DigitalSignatureUtils.verifyCertificationChain(<br />
mCertPath, trustedCACerts);<br />
mOut.println("Certification chain verified to be VALID.");<br />
} catch (CertPathValidatorException cpve) {<br />
mOut.println("Certification chain is INVALID! Validation failed on " +<br />
"cert [" + cpve.getIndex() + "] from the chain: "+cpve.toString());<br />
}<br />
mOut.println(" ");<br />
/**<br />
* @return a list of X509 certificates, obtained by reading all files from the<br />
* given directory. The supplied directory should be a given as a relative path<br />
* from the Web appication root (e.g. "/WEB-INF/test") and should contain only<br />
* .CER files (DER-encoded X.509 certificates).<br />
*/<br />
private X509Certificate[] getCertificateList(ServletContext aServletContext,<br />
String aCertificatesDirectory)<br />
throws IOException, GeneralSecurityException {<br />
// Get a list of all files in the given directory<br />
Set trustedCertsResNames =<br />
aServletContext.getResourcePaths(aCertificatesDirectory);<br />
// Allocate an array for storing the certificates<br />
int count = trustedCertsResNames.size();<br />
X509Certificate[] trustedCertificates = new X509Certificate[count];<br />
123