0

I'm developing (java) a xml verification application which needs to connect to a windows keystore. At the moment I'm stuck at the following message: CannotBuildCertificationPathExecption: Trust anchors Keystore is not initialized.

Now I was able to get my key from the store using this example:http://stackoverflow.com/questions/5476974/java-access-to-intermediate-cas-from-windows-keystores Which works great. And gave me hope in using XAdES4J.

The code I'm using is the following:

trustAnchors = KeyStore.getInstance("Windows-MY");  
certValidator = new PKIXCertificateValidationProvider(trustAnchors, false); 
p = new XadesVerificationProfile(certValidator); 
v = p.newVerifier();

Element sigElem = (Element) signature.item(0); //Which contains the complete signature segment from the xml

XAdESVerificationResult r;  
SignatureSpecificVerificationOptions options = new SignatureSpecificVerificationOptions().useBaseUri("http://www.ietf.org/rfc/");

r = v.verify(sigElem, options);

The certificate is a x509. The encryption method XAdES-t.

Does anybody know how to get a trusted connection with a windows keystore? Is there any information about SignatureSpecificVerificationOptions. I find it really hard to understand the manual in context with the actual settings I need to use..

David Spence
  • 7,999
  • 3
  • 39
  • 63
user1389486
  • 17
  • 4

1 Answers1

1

Even though it is a Wndows keystore you still need to load it:

trustAnchors.load(null);

The PKIXCertificateValidationProvider can't do it because protection parameters may be required.

In addition, you may want to use "Windows-ROOT" instead of "Windows-MY" in order to access the trusted certification authorities.

lgoncalves
  • 2,040
  • 1
  • 14
  • 12