3 files changed, 26 insertions, 50 deletions
diff --git a/src/com/isode/stroke/tls/CertificateVerificationError.java b/src/com/isode/stroke/tls/CertificateVerificationError.java
index 0aca027..d76dc00 100644
--- a/src/com/isode/stroke/tls/CertificateVerificationError.java
+++ b/src/com/isode/stroke/tls/CertificateVerificationError.java
@@ -3,7 +3,7 @@
  * All rights reserved.
  */
 /*
- * Copyright (c) 2011-2012, Isode Limited, London, England.
+ * Copyright (c) 2011-2014, Isode Limited, London, England.
  * All rights reserved.
  */
 package com.isode.stroke.tls;
@@ -25,6 +25,8 @@ public class CertificateVerificationError implements Error {
         InvalidSignature,
         InvalidCA,
         InvalidServerIdentity,
+        Revoked,
+        RevocationCheckFailed
     }
 
     public CertificateVerificationError(Type type) {
diff --git a/src/com/isode/stroke/tls/java/JSSEContext.java b/src/com/isode/stroke/tls/java/JSSEContext.java
index 13904e8..aeb9300 100644
--- a/src/com/isode/stroke/tls/java/JSSEContext.java
+++ b/src/com/isode/stroke/tls/java/JSSEContext.java
@@ -646,12 +646,12 @@ public class JSSEContext extends TLSContext {
                 peerCertificateVerificationError = new CertificateVerificationError(Type.NotYetValid);
                 return;
                 
-            }
-            
+            }            
             if (certificateException instanceof CertificateExpiredException) {
                 peerCertificateVerificationError = new CertificateVerificationError(Type.Expired);
                 return;
             }
+            peerCertificateVerificationError = new CertificateVerificationError(Type.UnknownError);
         }
         
     }
diff --git a/src/com/isode/stroke/tls/java/JavaTrustManager.java b/src/com/isode/stroke/tls/java/JavaTrustManager.java
index c3db11a..e011ce9 100644
--- a/src/com/isode/stroke/tls/java/JavaTrustManager.java
+++ b/src/com/isode/stroke/tls/java/JavaTrustManager.java
@@ -1,4 +1,4 @@
-/*  Copyright (c) 2012, Isode Limited, London, England.
+/*  Copyright (c) 2012-2014, Isode Limited, London, England.
  *  All rights reserved.
  *
  *  Acquisition and use of this software and related materials for any
@@ -42,18 +42,9 @@ public class JavaTrustManager implements X509TrustManager {
         this.jsseContext = jsseContext;
 
         try {
-            // create a "default" JSSE X509TrustManager.
-
-            KeyStore ks = KeyStore.getInstance("PKCS12");
-            /*
-
-        // This is how you could load trust anchors
-        ks.load(new FileInputStream("trustedCerts"),
-            "passphrase".toCharArray());
-             */
             TrustManagerFactory tmf =
                     TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-            tmf.init(ks);
+            tmf.init((KeyStore) null); //Java's default keystore
 
             TrustManager tms [] = tmf.getTrustManagers();
 
@@ -89,46 +80,29 @@ public class JavaTrustManager implements X509TrustManager {
         // position of checking client certificates.  Just delegate to
         // default trust manager
         pkixTrustManager.checkClientTrusted(chain, authType);
-
     }
 
     @Override
     public void checkServerTrusted(X509Certificate[] chain, String authType)
-            throws CertificateException {
-        CertificateException certificateException = null; 
-
-
-        // TODO: 
-        // Note that we don't call the superclass method here yet, because
-        // it will fail with like this until the TrustManagerFactory has
-        // been initialised with a suitable list of trust anchors
-        // java.lang.RuntimeException: Unexpected error: 
-        // java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
-        
-        /*
-        try {
-            pkixTrustManager.checkServerTrusted(chain, authType);
-        } catch (CertificateException e) {
-            certificateException = e;
-        }
-        catch (Exception e) {
-            emitError(e,"checkServerTrusted failed");
-        }
-        */
-        
-        // TODO: The only type of verification done is the certificate validity.
-        // Need to make "checkServerTrusted" do certificate verification properly
-        // and pass in an appropriate CertificateException
-        if (chain != null && chain.length > 0) {
-            try {
-                chain[0].checkValidity();
-            }
-            catch (CertificateException e) {
-                certificateException = e;
-            }
-        }
-
-        jsseContext.setPeerCertificateInfo(chain, certificateException);
+    		throws CertificateException {
+    	CertificateException certificateException = null;         
+
+    	try {
+    		pkixTrustManager.checkServerTrusted(chain, authType);
+    	} catch (CertificateException e) {
+    		certificateException = e;
+    	}
+
+    	if (certificateException == null && chain != null && chain.length > 0) {
+    		try {
+    			chain[0].checkValidity();
+    		}
+    		catch (CertificateException e) {
+    			certificateException = e;
+    		}
+    	}
+
+    	jsseContext.setPeerCertificateInfo(chain, certificateException);
         
     }