validation certificate agains cacert

Discussion in 'Java' started by Stone, Sep 16, 2011.

  1. Stone

    Stone Guest

    Dear programmers,

    I would like to ask you if there is any way how to compare certificate
    against cacerts file.
    I have already loaded certificate in keystore like:

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    String filename = System.getProperty("java.home")+"/lib/security/
    cacerts".replace('/', File.separatorChar);
    System.out.println(filename);
    FileInputStream in = new FileInputStream(filename);
    BufferedInputStream bis = new BufferedInputStream(in);
    KeyStore keystore =
    KeyStore.getInstance(KeyStore.getDefaultType());
    String pwd = "changeit";
    keystore.load(in, pwd.toCharArray());

    Is there any way how to validate certificate in TrustManager.
    My TrustManager is:
    System.out.println("Initialization of Trust Manager");
    trustManager = new TrustManager[] {
    new X509TrustManager()
    {
    //X509TrustManager sunJSSEX509TrustManager;
    public java.security.cert.X509Certificate[]
    getAcceptedIssuers() {
    System.out.println("InitializeTrustManager:
    getAcceptedIssuers:");
    //return
    sunJSSEX509TrustManager.getAcceptedIssuers();
    return null;
    }

    public void
    checkClientTrusted( java.security.cert.X509Certificate[] certs, String
    authType)
    {
    for(int j=0;j<certs.length;j++)
    {
    System.out.println("initializeTrustmanager:
    checkClientTrusted:" + certs[j] + " authTyp:" + authType);
    System.out.println(" Subject DN:
    "+certs[j].getSubjectDN());
    System.out.println(" Issuer DN:
    "+certs[j].getIssuerDN());
    System.out.println(" Serial number:
    "+certs[j].getSerialNumber());

    }
    }

    public void checkServerTrusted
    ( java.security.cert.X509Certificate[] certs, String authType) throws
    java.security.cert.CertificateException {
    for(int i=0;i<certs.length;i++)
    {
    X509Certificate x509Certificate = certs;
    System.out.println("InitializeTrustManager:
    checkServerTrusted:" +
    x509Certificate.getIssuerX500Principal().getName()+"AuthTyp:" +
    authType);
    System.out.println("InitializeTrustManager:
    checkServerTrusted:" + x509Certificate.getIssuerDN());

    }

    }
    public boolean isClientTrusted(X509Certificate[] arg0)
    throws CertificateException
    {
    System.out.println("InitializeTrustManager:
    isClientTrusted: ");
    return true;
    }
    public boolean isServerTrusted(X509Certificate[] arg0)
    throws CertificateException
    {
    for(int i=0;i<arg0.length;i++)
    {
    System.out.println("InitializeTrustManager:
    isServerTrusted: "+ arg0.getIssuerDN());
    }
    //TODO
    return true;
    }
    }
    };


    Thank you in advance
    Petr
     
    Stone, Sep 16, 2011
    #1
    1. Advertising

  2. On 16/09/2011 08:50, Stone allegedly wrote:
    > Dear programmers,
    >
    > I would like to ask you if there is any way how to compare certificate
    > against cacerts file.
    > I have already loaded certificate in keystore like:
    >
    > <snip />


    Funny you should want to validate against the cacerts file in an
    X509TrustManager, for, if I'm not mistaken, that is precisely what the
    default TrustManager does. You might want to look for its source code
    online (for instance here:
    <http://www.docjar.com/docs/api/sun/security/ssl/package-index.html>).

    Anyway, the task isn't complicated, although the code is somewhat
    convoluted. You'll have to establish a chain (of certificates) from the
    certificate you're trying to validate to one of the root certificates in
    the trust store.

    A quick search turned up this guide:
    <http://download.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html>

    --
    DF.
    Determinism trumps correctness.
     
    Daniele Futtorovic, Sep 16, 2011
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RWQ=?=

    Can .NET run agains an Access database?

    =?Utf-8?B?RWQ=?=, Apr 27, 2005, in forum: ASP .Net
    Replies:
    5
    Views:
    498
    Robbe Morris [C# MVP]
    Apr 29, 2005
  2. Diego Rivero
    Replies:
    0
    Views:
    370
    Diego Rivero
    Jul 4, 2003
  3. Matt Frame

    Client Certificate Validation

    Matt Frame, Oct 15, 2003, in forum: ASP .Net
    Replies:
    4
    Views:
    6,350
    catalinr
    Oct 19, 2005
  4. Helena Cai
    Replies:
    0
    Views:
    443
    Helena Cai
    Aug 29, 2004
  5. Replies:
    0
    Views:
    447
Loading...

Share This Page