0

I have a Java truststore foo.p12 which contains multiple public certificates such as RootCA certificates, Intermediate RootCA certificates signed by its RootCA, end entity server certificates issued by Intermediate RootCA (For example foo.p12 contains RootCA_1, IntermediateCA_1, EndEntity_1, RootCA_2, IntermediateCA_2, EndEntity_2).

I have a requirement, given the rootca_1 or EndEntity_1 as input, I need to read foo.p12 and retrieve all the certificate chain corresponding to rootca_1 or EndEntity_1.

I checked this link which has similar question, but the answers are not updated and also it does not give the solution to my problem. There is another link, but this again returns all the certificates under foo.p12 but not the certificate chains as I require.

Is there any Java solutions (JCE API's or Bouncy Castle API's etc) which could return the certificate chain given the rootCA or end entity certificate?

Arun kumar R
  • 235
  • 3
  • 12
  • Why? Truststores don't contain chains, they just contain individual certificates, and your requirement to start from a given root could yield a tree, not a single chain. It is up to the person who provides you with an end certificate to provide enough of the chain to reach a root that is in your truststore. Not the other way round. Something seriously wrong here. – user207421 Apr 27 '20 at 10:54
  • Yes, my truststore contains only individual public certificates. Now for given rootCA_1, I need to find that tree structure and retrieve that specific tree. I can build my own logic to loop through each certificate entry in the trust store to identify and construct that tree structure. But before doing that, I want to check and utilize any Java API/utility that provides such implementation already. Given an input RootCA, I want to identify and retrieve only its related children certificates using existing Java API's (if any) – Arun kumar R Apr 27 '20 at 11:05
  • This an unusual requirement, so naturally there is nothing in the Java SE to perform this. You'll have to write your own code. Typically a truststore contains only root certificates, not intermediate or end-entity certificates. The whole point of this model is that you need only trust one or a few root certificates. If you directly trust an intermediate cert then there's no point in trusting its ancestor certs. Thus, if you trust an end-entity cert then there's no point in trusting any other cert. – President James K. Polk Apr 27 '20 at 14:50

0 Answers0