+ X509Certificate first = peerCertificateChain[0];
+ if (first.getIssuerDN().equals(first.getSubjectDN())) {
+ first.verify(first.getPublicKey());
+ X500Name p = (X500Name) first.getSubjectDN();
+ X500Name n = new X500Name(p.getEncoded());
+ for (AVA i : n.allAvas()) {
+ if (i.getObjectIdentifier().equals((Object) X500Name.orgUnitName_oid)) {
+ String toke = i.getDerValue().getAsString();
+ if (tok.equals(toke)) {
+ return PING_SUCCEDED;
+ } else {
+ return "Self-signed certificate is wrong";
+ }
+ }
+ }
+ }
+
+ BigInteger serial = first.getSerialNumber();
+ Certificate c = Certificate.getBySerial(serial.toString(16));
+ if (c == null) {
+ return "Certificate not found: Serial " + serial.toString(16) + " missing.";
+ }
+ CACertificate p = c.getParent();
+ if ( !first.getIssuerDN().equals(p.getCertificate().getSubjectDN())) {
+ return "Broken certificate supplied";
+ }
+ first.verify(p.getCertificate().getPublicKey());
+ if (c.getOwner().getId() != subject.getId()) {
+ return "Owner mismatch";