Java tutorial
//package com.java2s; // Use of this source code is governed by a BSD-style license that can be import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; public class Main { private static final String OID_TLS_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"; private static final String OID_ANY_EKU = "2.5.29.37.0"; private static final String OID_SERVER_GATED_NETSCAPE = "2.16.840.1.113730.4.1"; private static final String OID_SERVER_GATED_MICROSOFT = "1.3.6.1.4.1.311.10.3.3"; /** * If an EKU extension is present in the end-entity certificate, it MUST contain either the * anyEKU or serverAuth or netscapeSGC or Microsoft SGC EKUs. * * @return true if there is no EKU extension or if any of the EKU extensions is one of the valid * OIDs for web server certificates. * * TODO(palmer): This can be removed after the equivalent change is made to the Android default * TrustManager and that change is shipped to a large majority of Android users. */ static boolean verifyKeyUsage(X509Certificate certificate) throws CertificateException { List<String> ekuOids; try { ekuOids = certificate.getExtendedKeyUsage(); } catch (NullPointerException e) { // getExtendedKeyUsage() can crash due to an Android platform bug. This probably // happens when the EKU extension data is malformed so return false here. // See http://crbug.com/233610 return false; } if (ekuOids == null) return true; for (String ekuOid : ekuOids) { if (ekuOid.equals(OID_TLS_SERVER_AUTH) || ekuOid.equals(OID_ANY_EKU) || ekuOid.equals(OID_SERVER_GATED_NETSCAPE) || ekuOid.equals(OID_SERVER_GATED_MICROSOFT)) { return true; } } return false; } }