6

Is there any java library that enables us to find if the p12 certificate is a proper Apple push certificate?

I use X509Certificate class to check for its validity, but did not find any info about the type of the cert.

Suchi
  • 9,989
  • 23
  • 68
  • 112
  • Could you explain what you mean by "info about the type of the cert"? – JimmyB Dec 17 '12 at 20:02
  • 2
    As I said, I just want to verify if it is an APNS push certificate without attempting to make an actual push. – Suchi Dec 17 '12 at 22:12
  • How about this? http://stackoverflow.com/questions/6143646/validate-x509-certificates-using-java-apis and this: http://stackoverflow.com/questions/9059196/accepting-certificates-in-java – tranceporter Dec 20 '12 at 12:03

1 Answers1

7

I'm not sure if an APNS certificate can actually be distinguished from any other certificate.

However, to check the authenticity of a given certificate, that is, to verify it is trustworthy, its certificate chain needs to be inspected to make sure that it contains a kown, trusted certificate. This usually is one issued by a Certificate Authority.

In the case of the APNS, according to this source and the Apple docs, a certificate from the "Entrust Secure CA" is required to be in the chain. This certificate is supposed to be 'well-known' and can (with a possible minor degradation of long-term security) usually be regarded as a constant during the lifetime of an application; your application can then just compare its known certificate to the one present in the keychain of the certificate in question.

And finally: The crypto library from Bouncy Castle is the de-facto standard implementation of extended crypto functionality for Java and can also be used to inspect and/or validate certificates and their signatures.

JimmyB
  • 12,101
  • 2
  • 28
  • 44
  • I would appreciate some java code to help inspect the certificate chain. – Suchi Dec 18 '12 at 19:54
  • 2
    Did you have a look at the `CertificateVerifier` class in the [link](http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/) I included? - That should be pretty much all that's needed. Or am I missing something? – JimmyB Dec 18 '12 at 21:24