ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-16 06:08:13 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-1319 Adding CRL checking for nodes (#2987)

Browse Source 
* Adding CRL support for nodes

* Addressing review comments
This commit is contained in:
Michal Kit
2018-04-30 09:26:26 +01:00
committed by GitHub
parent c3e6b39e59
commit ab80df342a
28 changed files with 609 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/src/main/kotlin/net/corda/core/internal/InternalUtils.kt
View File

@ -350,13 +350,14 @@ fun ExecutorService.join() {
}
}
fun CertPath.validate(trustAnchor: TrustAnchor): PKIXCertPathValidatorResult {
val parameters = PKIXParameters(setOf(trustAnchor)).apply { isRevocationEnabled = false }
// TODO: Currently the certificate revocation status is not handled here. Nowhere in the code the second parameter is used. Consider adding the support in the future.
fun CertPath.validate(trustAnchor: TrustAnchor, checkRevocation: Boolean = false): PKIXCertPathValidatorResult {
val parameters = PKIXParameters(setOf(trustAnchor)).apply { isRevocationEnabled = checkRevocation }
try {
return CertPathValidator.getInstance("PKIX").validate(this, parameters) as PKIXCertPathValidatorResult
} catch (e: CertPathValidatorException) {
throw CertPathValidatorException(
"""Cert path failed to validate against trust anchor.
"""Cert path failed to validate.
Reason: ${e.reason}
Offending cert index: ${e.index}
Cert path: $this