CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
paramsPKIX.getSigProvider());
}
catch (GeneralSecurityException e)
{
throw new ExtCertPathValidatorException("Could not validate certificate signature.", e, certPath, index);
}
}
try
{
// (a) (2)
//
cert.checkValidity(CertPathValidatorUtilities
.getValidCertDateFromValidityModel(paramsPKIX, certPath, index));
}
catch (CertificateExpiredException e)
{
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
}
catch (CertificateNotYetValidException e)
{
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
}
catch (AnnotatedException e)
{
throw new ExtCertPathValidatorException("Could not validate time of certificate.", e, certPath, index);
}
//
// (a) (3)
//
if (paramsPKIX.isRevocationEnabled())
{
try
{
checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX,
certPath, index), sign, workingPublicKey, certs);
}
catch (AnnotatedException e)
{
throw new ExtCertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
}
}
//
// (a) (4) name chaining
//
if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName))
{
throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert)
+ ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null,
certPath, index);
}
}