throws SSLException {
try {
if (CertificateStore.getInstance().contains(x509.getIssuerDN().toString())) {
X509Certificate trusted = (X509Certificate) CertificateStore.getInstance().get(x509.getIssuerDN().toString());
// Verify the signature of the certificate with the trusted
// certificate
PublicKey publickey = trusted.getPublicKey();
if (publickey instanceof RsaPublicKey) {
// Verify the signature
if (x509.getSigAlgName().equals("MD5WithRSAEncryption")) { //$NON-NLS-1$
try {
byte[] blob = x509.getSignature();
// Check for signed bit
if ((blob[0] & 0x80) == 0x80) {
blob = new byte[x509.getSignature().length + 1];
blob[0] = 0;
System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
}
BigInteger input = new BigInteger(blob);
RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();
BigInteger decoded = Rsa.doPublic(input, r.getModulus(), r.getPublicExponent());
BigInteger result = Rsa.removePKCS1(decoded, 0x01);
byte[] sig = result.toByteArray();
MD5Digest digest = new MD5Digest();
digest.update(x509.getTBSCertificate(), 0, x509.getTBSCertificate().length);
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
DERInputStream der = new DERInputStream(new ByteArrayInputStream(sig));
ASN1Sequence o = (ASN1Sequence) der.readObject();
ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);
DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);
byte[] actual = o3.getOctets();
for (int i = 0; i < actual.length; i++) {
if (actual[i] != hash[i]) {
return false;
}
}
} catch (IOException ex1) {
throw new SSLException(SSLException.INTERNAL_ERROR, ex1.getMessage());
}
} else if (x509.getSigAlgName().equals("SHA1WithRSAEncryption")) { //$NON-NLS-1$
try {
byte[] blob = x509.getSignature();
// Check for signed bit
if ((blob[0] & 0x80) == 0x80) {
blob = new byte[x509.getSignature().length + 1];
blob[0] = 0;
System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
}
BigInteger input = new BigInteger(blob);
RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();
BigInteger decoded = Rsa.doPublic(input, r.getModulus(), r.getPublicExponent());
BigInteger result = Rsa.removePKCS1(decoded, 0x01);
byte[] sig = result.toByteArray();
SHA1Digest digest = new SHA1Digest();
digest.update(x509.getTBSCertificate(), 0, x509.getTBSCertificate().length);
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
DERInputStream der = new DERInputStream(new ByteArrayInputStream(sig));
ASN1Sequence o = (ASN1Sequence) der.readObject();
ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);
DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);
byte[] actual = o3.getOctets();
for (int i = 0; i < actual.length; i++) {
if (actual[i] != hash[i]) {
return false;
}
}
} catch (IOException ex1) {
throw new SSLException(SSLException.INTERNAL_ERROR, ex1.getMessage());
}
} else
throw new SSLException(SSLException.UNSUPPORTED_CERTIFICATE,
MessageFormat.format(Messages.getString("TrustedCACertStore.signatureAlgorithmNotSupported"), new Object[] { x509.getSigAlgName() })); //$NON-NLS-1$
// Verify the validity
try {
trusted.checkValidity();
x509.checkValidity();
} catch (CertificateException ex2) {
if (allowInvalidCertificates) {
return true;
} else {