static void verifyChain()

in modules/jdktools/src/main/java/org/apache/harmony/tools/keytool/CertChainVerifier.java [79:155]

• 62 lines of code
• 12 McCabe index (conditional complexity)

    static void verifyChain(KeytoolParameters param)
            throws NoSuchAlgorithmException, NoSuchProviderException,
            FileNotFoundException, CertificateException, IOException,
            KeytoolException, KeyStoreException {

        try {
            if (param.getCrlFile() != null) {
                CRLManager.checkRevoked(param);
            } else {
                System.out
                        .println("Certificates revocation status is not checked, "
                                + "CRL file name is not supplied.");
            }
        } catch (Exception e) {
            System.out.println(e);
            System.out.println("Failed to check revocation status.");
        }

        String provider = param.getProvider();
        String certProvider = (param.getCertProvider() != null) ? param
                .getCertProvider() : provider;
        String sigProvider = (param.getSigProvider() != null) ? param
                .getSigProvider() : provider;
        String mdProvider = (param.getMdProvider() != null) ? param
                .getMdProvider() : provider;

        // Don't catch exceptions here, because if exception is
        // thrown here, there is no need to proceed.
        Collection<X509Certificate> certs = CertReader.readCerts(param
                .getFileName(), false, certProvider);
        X509Certificate[] ordered = orderChain(certs);

        try {
            for (int i = 0; i < ordered.length - 1; i++) {
                checkSignature(ordered[i], ordered[i + 1].getPublicKey(),
                        sigProvider, mdProvider);
            }
            // check the signature of the last element of the ordered chain
            boolean lastSignChecked = findIssuerAndCheckSignature(param
                    .getKeyStore(), ordered[ordered.length - 1], sigProvider,
                    mdProvider);
            // if haven't found issuer's certificate in main keystore
            if (!lastSignChecked) {
                if (param.isTrustCACerts()) {
                    // make the search and check again
                    lastSignChecked = findIssuerAndCheckSignature(param
                            .getCacerts(), ordered[ordered.length - 1],
                            sigProvider, mdProvider);
                }

                if (!lastSignChecked) {
                    System.out
                            .println("Failed to find the issuer's certificate.");
                    System.out
                            .println("Failed to check the signature of certificate:");
                    KeyStoreCertPrinter.printX509CertDetailed(
                            ordered[ordered.length - 1], mdProvider);
                }
            }
        } catch (Exception e) {
            System.out.println(e);
            System.out.println("Signature check failed.");
        }

        try {
            buildCertPath(param, ordered[0]);

            // won't come here if exception is thrown
            System.out.println("Certificate path is built successfully.");
        } catch (Exception e) {
            // Exception's own message contains strFailed string,
            // but its cause can be more informative here.
            System.out.println(e.getCause());
            System.out.println("Failed to build a certificate path.");
        }
        System.out.println("Verification complete.");
    }