Home > Archive > Java Security > April 2004 > Certificate Verification - guidelines requested
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Certificate Verification - guidelines requested
|
|
| Stephen Chell 2004-04-21, 1:33 am |
| My java app gets an X509 certificate out of an XML signature, and I
want to verify that the certificate is signed by any one of several
trusted CAs.
If we assume that all relevant CA certificates are stored in the
"cacerts" file in the local JDK, what is a simple way of verifying
that the original certificate is signed by one of these trusted CAs?
Please outline the steps my code should perform. (I couldn't find any
simple examples in the JDK documentation or on the web.)
Thanks very much!
Steve
| |
| Michel Gallant 2004-04-21, 12:58 pm |
| One procedure to achieve that is:
- oX509Certificate.getIssuerDN().getName() (get the issuer Principal DN)
- check if this DN exists in your cacerts keystore (enumerate the cacerts keystore and get the
potential signer cert)
and get the associated PublicKey issuerPBK
- verify that DN's signature on your cert via oX509Certificate.verify(issuerPBK ...)
- Mitch
"Stephen Chell" <stevecnz2@yahoo.com> wrote in message
news:e06fe09.0404202023.572b3b1c@posting.google.com...
> My java app gets an X509 certificate out of an XML signature, and I
> want to verify that the certificate is signed by any one of several
> trusted CAs.
>
> If we assume that all relevant CA certificates are stored in the
> "cacerts" file in the local JDK, what is a simple way of verifying
> that the original certificate is signed by one of these trusted CAs?
>
> Please outline the steps my code should perform. (I couldn't find any
> simple examples in the JDK documentation or on the web.)
>
> Thanks very much!
>
> Steve
| |
| sickofspam@spam.com 2004-04-24, 2:35 am |
| Stephen Chell wrote:
> My java app gets an X509 certificate out of an XML signature, and I
> want to verify that the certificate is signed by any one of several
> trusted CAs.
>
> If we assume that all relevant CA certificates are stored in the
> "cacerts" file in the local JDK, what is a simple way of verifying
> that the original certificate is signed by one of these trusted CAs?
>
> Please outline the steps my code should perform. (I couldn't find any
> simple examples in the JDK documentation or on the web.)
>
> Thanks very much!
>
> Steve
Hi,
Have you looked at certpath API in JDK 1.4?
|
|
|
|
|