Fairly new to Java security, am trying to write custom X509TrustManager to verify that when I connect to a server, it either has a trusted cert chain (from a truststore I have configured), OR, if not, then that the certificate it presents has one of the SHA256 thumbprints the custom trust manager has (also which I have provided). I thought coding this would be a simple slamdunk (as hinted by JSSE ref) - delegate to the default trust manager, catch the specific exception that indicates something like "certificate chain not trusted", check if instead the thumbprint matches, if it matches, ignore the exception, otherwise propagate it. Apparently, there is no nice "CertificateUntrustedException". What I get is the following exception. Is there no vendor independent clean way of solving this problem (or the higher level problem of checking trusted cert OR externally provided thumbprint).
Thanks!
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at com.company.TestConnection$LocalExtendedX509TrustManager.checkServerTrusted(TestConnection.java:116)
