1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.wifi.hotspot2; 18 19import java.io.IOException; 20import java.security.GeneralSecurityException; 21import java.security.KeyStore; 22import java.security.cert.CertPath; 23import java.security.cert.CertPathValidator; 24import java.security.cert.CertificateFactory; 25import java.security.cert.PKIXParameters; 26import java.security.cert.X509Certificate; 27import java.util.Arrays; 28 29/** 30 * Utility class used for verifying certificates against the pre-loaded public CAs in the 31 * system key store. This class is created to allow the certificate verification to be mocked in 32 * unit tests. 33 */ 34public class CertificateVerifier { 35 36 /** 37 * Verify that the given certificate is trusted by one of the pre-loaded public CAs in the 38 * system key store. 39 * 40 * @param caCert The CA Certificate to verify 41 * @throws GeneralSecurityException 42 * @throws IOException 43 */ 44 public void verifyCaCert(X509Certificate caCert) 45 throws GeneralSecurityException, IOException { 46 CertificateFactory factory = CertificateFactory.getInstance("X.509"); 47 CertPathValidator validator = 48 CertPathValidator.getInstance(CertPathValidator.getDefaultType()); 49 CertPath path = factory.generateCertPath( 50 Arrays.asList(caCert)); 51 KeyStore ks = KeyStore.getInstance("AndroidCAStore"); 52 ks.load(null, null); 53 PKIXParameters params = new PKIXParameters(ks); 54 params.setRevocationEnabled(false); 55 validator.validate(path, params); 56 } 57} 58