2

I am newbie to Java security. I am required to verify entire certificate chain w using X509Certificate class. I am referring to Validate X509 certificates using Java APis and How to get server certificate chain then verify it's valid and trusted in Java. But now getting java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors exception. Here is my code. Your help is greatly appreciated. Thanks.

         for(java.security.cert.Certificate cert : certs){
             EventLog.append("Certificate is "+cert);
            if(cert instanceof X509Certificate){
            try{
               ((X509Certificate)cert).checkValidity();
                EventLog.append("Certifficate is valid for current date");
                mylist.add((X509Certificate) cert);
              }catch(CertificateExpiredException e){
              EventLog.append("Certificate is expired");
             }
            }// if cert is instance of x509Certificate ends
          }
         //check the chain

        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load( new     
        FileInputStream(keyStoreName),keyStorePassword.toCharArray());
       try{ 
           CertPath cp = cf.generateCert## Heading ##Path(mylist);
          PKIXParameters params = new PKIXParameters(keyStore);
          params.setRevocationEnabled(false);
          CertPathValidator cpv = 
          CertPathValidator.getInstance(CertPathValidator.getDefaultType());
          PKIXCertPathValidatorResult pkixCertPathValidatorResult =
          (PKIXCertPathValidatorResult) cpv.validate(cp, params);
           EventLog.append("Certificate is trusted");

          }catch(Exception e){
         EventLog.append(e);
         }
Community
  • 1
  • 1
Java Kingdom
  • 31
  • 4
  • You are required why? JSSE already does all this, possibly excepting the expiry check. – user207421 Mar 22 '16 at 22:39
  • As per documentation, I should be trusting entire chain. Please correct me if i am wrong, with JSSE , all i have to do is to initiate SSL connection ,where Server authentication will take place in background. If there is no exception, then it confirms that server is successfully verified. As you said correctly, i have to run checkValidity() on each returned certificate to ensure certificate is not revoked. – Java Kingdom Mar 23 '16 at 04:51

0 Answers0