[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Problem with getCertificateChain(..)



Hi,

I'm having some problems getting the isTrustedPeer method to compile in
a class implementing ClientTrustDecider.  I have the line:

X509Certificate[] certChain=certificate.getCertificateChain();

At compile time, I get an error saying that I need an explicit cast to
convert java.security.cert.X509Certificate[] to
iaik.x509.X509Certificate[].  IAIK is added as a provider, and
iaik.x509.X509 has been imported.  Any suggestions?

Thanks,

Tom Runnacles

PS: Here's the source code for the whole class if that helps:

import iaik.security.provider.*;
import iaik.security.provider.IAIK;
import iaik.x509.*;
import iaik.asn1.structures.*;
import iaik.asn1.*;
import iaik.pkcs.PKCSException;
import iaik.pkcs.pkcs12.KeyBag;
import iaik.pkcs.pkcs12.PKCS12;
import iaik.pkcs.pkcs12.CertificateBag;
import iaik.security.ssl.*;
import iaik.security.ssl.ClientTrustDecider;
import iaik.x509.RevokedCertificate;
import iaik.x509.X509Certificate;

import java.io.*;
import java.security.cert.CertificateException;
import java.math.BigInteger;
import java.util.*;
import java.security.*;



class UserTrustDecider implements ClientTrustDecider
{
    X509Certificate peerCert;
    X509Certificate CACert;
    X509Certificate myCert;
    PrivateKey myPrivateKey;

    private boolean debugging=true;

    public UserTrustDecider(X509Certificate cert, X509Certificate
cacert, PrivateKey key)
    {
        IAIK.addAsProvider(true);
        CACert=cacert;
        myCert=cert;
        myPrivateKey=key;

    }
    public UserTrustDecider(X509Certificate cacert)
    {
        CACert=cacert;
    }
    public SSLCertificate getCertificate(byte[] types, Principal[]
certificateAuthorities, String keyExchangeAlgorithm)
    {
        X509Certificate[] certArray=new X509Certificate[1];
        certArray[0]=myCert;
        SSLCertificate SSLCert=new SSLCertificate(certArray);
        return SSLCert;
    }
    public PrivateKey getPrivateKey()
    {
        return myPrivateKey;
    }
    public boolean isTrustedPeer(SSLCertificate certificate)
    {

        try
        {
            if (certificate==null)
            {
                debug("A Null Certificate");
                return false;
            }
            else
            {
                X509Certificate[]
certChain=certificate.getCertificateChain();
                debug("Got the CertificateChain");
                X509Certificate client=certChain[0];
                debug("Got the X509Certificate");
                client.verify(CACert.getPublicKey());
                debug("Verifies with the CACert");
                peerCert=client;
                return true;

            }
        }
        catch (Exception e)
        {
            debug("Doesn't verify with the CACert");
            return false;
        }

    }
    public X509Certificate getPeerCertificate()
    {
        return peerCert;
    }
    private void debug(String s)
    {
        if (debugging)
        {
            System.out.println("UserTrustDecider :"+s);
            System.out.flush();
        }
    }

}
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl