X509Certificate c = null;
try {
// In 1.2 beta 4, the following method no longer exists, and we
// must use a certificate factory instead
// c = X509Certificate.getInstance(data);
CertificateFactory cf = CertificateFactory.getInstance("X509");
ByteArrayInputStream bais = new ByteArrayInputStream(data);
Certificate cert = cf.generateCertificate(bais);
c = (X509Certificate) cert;
Principal p = c.getIssuerDN();
PublicKey pk = getPublicKey(p);
c.verify(pk);
InputStream crlFile = lookupCRLFile(p);
// In 1.2 beta 4, the following method no longer exists, and we
// must use a certificate factory instead
// X509CRL crl = X509CRL.getInstance(crlFile);
cf = CertificateFactory.getInstance("X509CRL");
X509CRL crl = (X509CRL) cf.generateCRL(crlFile);
if (crl.isRevoked(c))
throw new CertificateException("Certificate is revoked");
} catch (NoSuchAlgorithmException nsae) {
throw new CertificateException("Can't verify certificate");
} catch (NoSuchProviderException nspe) {
throw new CertificateException("Can't verify certificate");
} catch (SignatureException se) {
throw new CertificateException("Can't verify certificate");
} catch (InvalidKeyException ike) {
throw new CertificateException("Can't verify certificate");
} catch (CRLException ce) {
// treat as no crl
}
return c;
