Skip to Main Content
Forums

Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Validating a certificate

807605Aug 28 2007 — edited Aug 29 2007
I have a certificate that I have signed with my own CA. I have also acquired my CA's certificate, along with its CRL.

I'm struggling to validate the signed certificate. I've created a certificate path with the signed certificate as the first cert, and my CA's certificate as the final cert. When I try to run the code, I get the following error:
java.security.cert.CertPathValidatorException: revocation status check failed: no CRL found
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
        at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
Below is the code I tried to use to validate the certificate path. The array passed to this function has two entries - the first is the signed certificate, the second is the CA's certificate. Both certificates were generated by an external program.
public static boolean validateCertificatePath(X509Certificate[] certs) 
								throws InvalidAlgorithmParameterException,
										NoSuchAlgorithmException {
		
	CertPath path = CertificateValidator.createCertificatePath(certs);
		
	if (path == null) {
		throw new RuntimeException("Could not create certificate path!");
	}
		
	TrustAnchor ta = new TrustAnchor(certs[certs.length - 1], null);
	Set<TrustAnchor> taSet = new HashSet<TrustAnchor>();
	taSet.add(ta);
		
		
	PKIXParameters params = new PKIXParameters(taSet);
	CertPathValidator validator = CertPathValidator.getInstance(
			CertPathValidator.getDefaultType());
		
	try {
		CertPathValidatorResult result = validator.validate(path, params);
	}
	catch (CertPathValidatorException e) {
		e.printStackTrace();
		return false;
	}
		
	return true;
}
The error suggests I need to somehow get my CRL involved in this procedure, but I'm not sure how I can do this. I'm able to load the CRL into a java CRL object, I'm just unsure of how to use it!

Additional side question: it seems rather ugly to have created a trust anchor object, and embed it into a HashSet in the way that I have. If someone knows a neater way I could have done this, please let me know!
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 26 2007
Added on Aug 28 2007
3 comments
535 views