/** * Checks that the chain is trusted. * * @param chain the chain to check. * @throws CertificateException if the chain is not trusted. */ private void checkPublicKey(boolean client, X509Certificate[] chain) throws CertificateException { PublicKey chainKey = chain[0].getPublicKey(); byte[] chainKeyEncoded = chainKey.getEncoded(); if (chainKeyEncoded == null) { throw new CertificateException( String.format("Public key of the first certificate in chain (subject: '%s') " + "(algorithm: '%s'; format: '%s') does not support binary encoding", chain[0].getSubjectDN(), chainKey.getAlgorithm(), chainKey.getFormat())); } synchronized (publicKeys) { if (publicKeys.isEmpty() ? (client ? !strictClient : !strictServer) : isTrusted(chainKey)) { return; } } throw new CertificateException( String.format("Public key of the first certificate in chain (subject: %s) " + "is not in the list of trusted keys", chain[0].getSubjectDN())); }