Download - Svetlin Nakov
Download - Svetlin Nakov
Download - Svetlin Nakov
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Create a set of trust anchors from given trusted root CA certificates<br />
HashSet trustAnchors = new HashSet();<br />
for (int i = 0; i < aTrustedCACertificates.length; i++) {<br />
TrustAnchor trustAnchor =<br />
new TrustAnchor(aTrustedCACertificates[i], null);<br />
trustAnchors.add(trustAnchor);<br />
}<br />
// Create a certification chain validator and a set of parameters for it<br />
PKIXParameters certPathValidatorParams = new PKIXParameters(trustAnchors);<br />
certPathValidatorParams.setRevocationEnabled(false);<br />
CertPathValidator chainValidator =<br />
CertPathValidator.getInstance(CERT_CHAIN_VALIDATION_ALGORITHM);<br />
// Remove the root CA certificate from the end of the chain. It is required<br />
// by the validation algorithm because by convention the trust anchor<br />
// certificates should not be a part of the chain that is validated<br />
CertPath certChainForValidation = removeLastCertFromCertChain(aCertChain);<br />
}<br />
// Execute the certification chain validation<br />
chainValidator.validate(certChainForValidation, certPathValidatorParams);<br />
/**<br />
* Removes the last certificate from given certification chain.<br />
* @return given cert chain without the last certificate in it.<br />
*/<br />
private static CertPath removeLastCertFromCertChain(CertPath aCertChain)<br />
throws CertificateException {<br />
List certs = aCertChain.getCertificates();<br />
int certsCount = certs.size();<br />
List certsWithoutLast = certs.subList(0, certsCount-1);<br />
CertificateFactory cf=CertificateFactory.getInstance(X509_CERTIFICATE_TYPE);<br />
CertPath certChainWithoutLastCert = cf.generateCertPath(certsWithoutLast);<br />
return certChainWithoutLastCert;<br />
}<br />
/**<br />
* Exception class for certificate validation errors.<br />
*/<br />
public static class CertificateValidationException<br />
extends GeneralSecurityException {<br />
public CertificateValidationException(String aMessage) {<br />
super(aMessage);<br />
}<br />
}<br />
}<br />
Как работи основната криптографска функционалност<br />
Класът започва с методи за зареждане на сертификат от поток и от файл, с<br />
които се прочитат файловете с доверените сертификати, използвани при<br />
проверката на сертификати и сертификационни вериги. Очаква се тези<br />
файлове да бъдат в стандартния .CER формат (ASN.1 DER-кодирани).<br />
Следва метод за зареждане на сертификационна верига, представена във<br />
формат PkiPath и кодирана в текстов вид с кодиране Base64.<br />
130