) throws WSSecurityException {
if (certs != null) {
LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN()));
}
XKMSCacheToken cachedToken = null;
// Try local cache first
if (certs != null && certs.length > 0 && xkmsClientCache != null) {
String key = certs[0].getSubjectX500Principal().getName();
// Try by Subject DN and IssuerSerial
cachedToken = xkmsClientCache.get(key);
if (cachedToken == null) {
key = getKeyForIssuerSerial(certs[0].getIssuerX500Principal().getName(),
certs[0].getSerialNumber());
cachedToken = xkmsClientCache.get(key);
}
if (cachedToken != null && cachedToken.isXkmsValidated()) {
LOG.fine("Certificate has already been validated by the XKMS service");
return;
}
}
if (certs == null || certs[0] == null || !xkmsInvoker.validateCertificate(certs[0])) {
throw new CryptoProviderException("The given certificate is not valid");
}
// Validate Cached token
if (cachedToken != null) {
cachedToken.setXkmsValidated(true);
}
// Otherwise, Store in the cache as a validated certificate
storeCertificateInCache(certs[0], null, true);
}