/** * Validates a chain of {@link X509Certificate}s. * * @param certificateList The certificate list * @param anchor The anchor * @throws CertificateException e * @throws NoSuchAlgorithmException e * @throws InvalidAlgorithmParameterException e * @throws CertPathValidatorException e * @throws IOException */ public static void validateChain(List<Certificate> certificateList, X509Certificate anchor) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertPathValidatorException, IOException { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); // Convert into a list of X509Certificates List<X509Certificate> certsList = new ArrayList<>(certificateList.size()); for (Certificate cert : certificateList) { X509Certificate parsedCert = (X509Certificate) certificateFactory.generateCertificate( new ByteArrayInputStream(cert.encode())); certsList.add(parsedCert); } CertPath certPath = certificateFactory.generateCertPath(certsList); CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); TrustAnchor trustAnchor = new TrustAnchor(anchor, null); PKIXParameters parameters = new PKIXParameters(Collections.singleton(trustAnchor)); parameters.setRevocationEnabled(false); cpv.validate(certPath, parameters); }
/** * Validates a chain of {@link X509Certificate}s. * * @param certificateList The certificate list * @param anchor The anchor * @throws CertificateException e * @throws NoSuchAlgorithmException e * @throws InvalidAlgorithmParameterException e * @throws CertPathValidatorException e * @throws IOException */ public static void validateChain(List<Certificate> certificateList, X509Certificate anchor) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertPathValidatorException, IOException { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); // Convert into a list of X509Certificates List<X509Certificate> certsList = new ArrayList<>(certificateList.size()); for (Certificate cert : certificateList) { X509Certificate parsedCert = (X509Certificate) certificateFactory.generateCertificate( new ByteArrayInputStream(cert.encode())); certsList.add(parsedCert); } CertPath certPath = certificateFactory.generateCertPath(certsList); CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); TrustAnchor trustAnchor = new TrustAnchor(anchor, null); PKIXParameters parameters = new PKIXParameters(Collections.singleton(trustAnchor)); parameters.setRevocationEnabled(false); cpv.validate(certPath, parameters); }