/** * Verifies that the given certificate was issued to the given authority. * @param authority the authority to which the certificate was issued, * e.g., a domain name. * @param certificate the {@link X509Certificate} * @throws SignatureException if the authority doesn't match the certificate. */ private void verifyMatchingAuthority(String authority, X509Certificate certificate) throws SignatureException { String cn = getCommonNameFromDistinguishedName( certificate.getSubjectX500Principal().getName()); if (cn == null) { throw new SignatureException("no common name found in signer " + "certificate " + certificate.getSubjectDN().toString()); } if (cn.equals(authority)) { return; } if (authorityMatchesSubjectAlternativeNames(authority, certificate)) { return; } if (authorityMatchesWildcardCN(authority, cn)) { return; } throw new SignatureException("expected " + authority + " as CN or alternative name in cert, but didn't find it"); }