e231. validating a certification path.txt

这里面包含了一百多个JAVA源文件

This example validates a chain of certificates using the most-trusted CAs in the JDK's cacerts file. 
    try {
        // Load the JDK's cacerts keystore file
        String filename = System.getProperty("java.home")
            + "/lib/security/cacerts".replace('/', File.separatorChar);
        FileInputStream is = new FileInputStream(filename);
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        String password = "changeit";
        keystore.load(is, password.toCharArray());
    
        // Create the parameters for the validator
        PKIXParameters params = new PKIXParameters(keystore);
    
        // Disable CRL checking since we are not supplying any CRLs
        params.setRevocationEnabled(false);
    
        // Create the validator and validate the path
        // To create a path, see e229 Creating a Certification Path
        CertPathValidator certPathValidator
            = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
        CertPathValidatorResult result = certPathValidator.validate(certPath, params);
    
        // Get the CA used to validate this path
        PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult)result;
        TrustAnchor ta = pkixResult.getTrustAnchor();
        X509Certificate cert = ta.getTrustedCert();
    } catch (CertificateException e) {
    } catch (KeyStoreException e) {
    } catch (NoSuchAlgorithmException e) {
    } catch (InvalidAlgorithmParameterException e) {
    } catch (CertPathValidatorException e) {
        // Validation failed
    }