| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.server.wifi.hotspot2; |
| |
| import java.io.IOException; |
| import java.security.GeneralSecurityException; |
| import java.security.KeyStore; |
| import java.security.cert.CertPath; |
| import java.security.cert.CertPathValidator; |
| import java.security.cert.CertificateFactory; |
| import java.security.cert.PKIXParameters; |
| import java.security.cert.X509Certificate; |
| import java.util.Arrays; |
| |
| /** |
| * Utility class used for verifying certificates against the pre-loaded public CAs in the |
| * system key store. This class is created to allow the certificate verification to be mocked in |
| * unit tests. |
| */ |
| public class CertificateVerifier { |
| |
| /** |
| * Verify that the given certificate is trusted by one of the pre-loaded public CAs in the |
| * system key store. |
| * |
| * @param caCert The CA Certificate to verify |
| * @throws GeneralSecurityException |
| * @throws IOException |
| */ |
| public void verifyCaCert(X509Certificate caCert) |
| throws GeneralSecurityException, IOException { |
| CertificateFactory factory = CertificateFactory.getInstance("X.509"); |
| CertPathValidator validator = |
| CertPathValidator.getInstance(CertPathValidator.getDefaultType()); |
| CertPath path = factory.generateCertPath( |
| Arrays.asList(caCert)); |
| KeyStore ks = KeyStore.getInstance("AndroidCAStore"); |
| ks.load(null, null); |
| PKIXParameters params = new PKIXParameters(ks); |
| params.setRevocationEnabled(false); |
| validator.validate(path, params); |
| } |
| } |