modules/jretools/src/main/java/org/apache/harmony/jretools/keytool/CertChainVerifier.java [340:408]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private static CertPathBuilderResult buildCertPath(String certProvider, X509Certificate newCert, Set selfSignedTAs, Collection trustedCerts) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CertPathBuilderException, KeytoolException, NoSuchProviderException { X509CertSelector selector = new X509CertSelector(); selector.setCertificate(newCert); String strPKIX = "PKIX"; String strNoSelfSigned = "Possibly, keystore doesn't " + "contain any self-signed (root CA) trusted certificates. "; // this parameter will be used to generate the certificate chain PKIXBuilderParameters builderParam = null; try { // set the search parameters with selector // and TrustAnchors with selfSignedTAs builderParam = new PKIXBuilderParameters(selfSignedTAs, selector); } catch (InvalidAlgorithmParameterException e) { throw new KeytoolException(strFailed + strNoSelfSigned, e); } if (trustedCerts != null) { CollectionCertStoreParameters trustedCertsCCSParams = new CollectionCertStoreParameters(trustedCerts); CertStore trustedCertStore; try { trustedCertStore = CertStore.getInstance("Collection", trustedCertsCCSParams); } catch (Exception e) { throw new KeytoolException(strFailed, e); } // add certificates to use as chain links builderParam.addCertStore(trustedCertStore); } // disable the revocation checking builderParam.setRevocationEnabled(false); CertPathBuilder cpBuilder; try { if (certProvider == null) { cpBuilder = CertPathBuilder.getInstance(strPKIX); } else { cpBuilder = CertPathBuilder.getInstance(strPKIX, certProvider); } } catch (NoSuchAlgorithmException e) { throw new NoSuchAlgorithmException("The algorithm " + strPKIX + " is not available.", e); } catch (NoSuchProviderException e) { throw (NoSuchProviderException) new NoSuchProviderException( "The certProvider " + certProvider + " is not found in the environment.").initCause(e); } CertPathBuilderResult bldResult = null; try { // the actual building of the certificate chain is done here bldResult = cpBuilder.build(builderParam); } catch (CertPathBuilderException e) { throw new CertPathBuilderException(strFailed, e); } catch (InvalidAlgorithmParameterException e) { throw new KeytoolException(strFailed + strNoSelfSigned, e); } return bldResult; } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - modules/jdktools/src/main/java/org/apache/harmony/tools/keytool/CertChainVerifier.java [340:408]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private static CertPathBuilderResult buildCertPath(String certProvider, X509Certificate newCert, Set selfSignedTAs, Collection trustedCerts) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CertPathBuilderException, KeytoolException, NoSuchProviderException { X509CertSelector selector = new X509CertSelector(); selector.setCertificate(newCert); String strPKIX = "PKIX"; String strNoSelfSigned = "Possibly, keystore doesn't " + "contain any self-signed (root CA) trusted certificates. "; // this parameter will be used to generate the certificate chain PKIXBuilderParameters builderParam = null; try { // set the search parameters with selector // and TrustAnchors with selfSignedTAs builderParam = new PKIXBuilderParameters(selfSignedTAs, selector); } catch (InvalidAlgorithmParameterException e) { throw new KeytoolException(strFailed + strNoSelfSigned, e); } if (trustedCerts != null) { CollectionCertStoreParameters trustedCertsCCSParams = new CollectionCertStoreParameters(trustedCerts); CertStore trustedCertStore; try { trustedCertStore = CertStore.getInstance("Collection", trustedCertsCCSParams); } catch (Exception e) { throw new KeytoolException(strFailed, e); } // add certificates to use as chain links builderParam.addCertStore(trustedCertStore); } // disable the revocation checking builderParam.setRevocationEnabled(false); CertPathBuilder cpBuilder; try { if (certProvider == null) { cpBuilder = CertPathBuilder.getInstance(strPKIX); } else { cpBuilder = CertPathBuilder.getInstance(strPKIX, certProvider); } } catch (NoSuchAlgorithmException e) { throw new NoSuchAlgorithmException("The algorithm " + strPKIX + " is not available.", e); } catch (NoSuchProviderException e) { throw (NoSuchProviderException) new NoSuchProviderException( "The certProvider " + certProvider + " is not found in the environment.").initCause(e); } CertPathBuilderResult bldResult = null; try { // the actual building of the certificate chain is done here bldResult = cpBuilder.build(builderParam); } catch (CertPathBuilderException e) { throw new CertPathBuilderException(strFailed, e); } catch (InvalidAlgorithmParameterException e) { throw new KeytoolException(strFailed + strNoSelfSigned, e); } return bldResult; } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -