1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.wifi.hotspot2;
18
19import java.io.IOException;
20import java.security.GeneralSecurityException;
21import java.security.KeyStore;
22import java.security.cert.CertPath;
23import java.security.cert.CertPathValidator;
24import java.security.cert.CertificateFactory;
25import java.security.cert.PKIXParameters;
26import java.security.cert.X509Certificate;
27import java.util.Arrays;
28
29/**
30 * Utility class used for verifying certificates against the pre-loaded public CAs in the
31 * system key store.  This class is created to allow the certificate verification to be mocked in
32 * unit tests.
33 */
34public class CertificateVerifier {
35
36    /**
37     * Verify that the given certificate is trusted by one of the pre-loaded public CAs in the
38     * system key store.
39     *
40     * @param caCert The CA Certificate to verify
41     * @throws GeneralSecurityException
42     * @throws IOException
43     */
44    public void verifyCaCert(X509Certificate caCert)
45            throws GeneralSecurityException, IOException {
46        CertificateFactory factory = CertificateFactory.getInstance("X.509");
47        CertPathValidator validator =
48                CertPathValidator.getInstance(CertPathValidator.getDefaultType());
49        CertPath path = factory.generateCertPath(
50                Arrays.asList(caCert));
51        KeyStore ks = KeyStore.getInstance("AndroidCAStore");
52        ks.load(null, null);
53        PKIXParameters params = new PKIXParameters(ks);
54        params.setRevocationEnabled(false);
55        validator.validate(path, params);
56    }
57}
58