CertPath certPath = cf.generateCertPath(Arrays.asList(signingcert));
CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
CertPathValidatorResult result = certPathValidator.validate(certPath, params);
try {
PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
logger.info("revokation status via CRL PASSED for X509 public key " + signingcert.getSubjectDN().toString());
} catch (Exception ex) {
OutErrorMessage.set("Certificate status is via CRL Failed: " + ex.getMessage() + "." + OutErrorMessage.get());
}
}
if (map.containsKey(CHECK_TRUST_CHAIN) && Boolean.parseBoolean(map.getProperty(CHECK_TRUST_CHAIN))) {
logger.info("verifying trust chain X509 public key " + signingcert.getSubjectDN().toString());
try {
PKIXParameters params = new PKIXParameters(GetTrustStore());
params.setRevocationEnabled(false);
CertPath certPath = cf.generateCertPath(Arrays.asList(signingcert));
CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
CertPathValidatorResult result = certPathValidator.validate(certPath, params);
PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
TrustAnchor ta = pkixResult.getTrustAnchor();
X509Certificate cert = ta.getTrustedCert();
logger.info("trust chain validated X509 public key " + signingcert.getSubjectDN().toString());
} catch (Exception ex) {
OutErrorMessage.set("Certificate status Trust validation failed: " + ex.getMessage() + "." + OutErrorMessage.get());