Verify certificate
843810Feb 5 2004 — edited Feb 5 2004Hi I created an certificate and I want to verify his validity. I suppose he is signed by the issuer with his private key and I want to check if the signature matches with his public key. But is does not verifies.
package file.security;
import java.security.*;
import java.io.*;
import java.security.cert.*;
import java.util.*;
public class VerifyCert {
private KeyStore keystore;
private X509Certificate certToVerify, certCA;
private CertificateFactory certFact;
private byte[] signature;
private Signature sig;
public VerifyCert(String certificate, String keystoreFile, String keystorePass, String alias) {
try {
keystore = KeyStore.getInstance("jks");
keystore.load(new FileInputStream(keystoreFile), keystorePass.toCharArray());
certCA = (X509Certificate)keystore.getCertificate(alias);
certCA.checkValidity();
certFact = CertificateFactory.getInstance("X.509");
certToVerify = (X509Certificate)certFact.generateCertificate(new FileInputStream(certificate));
certToVerify.checkValidity();
informatii(certToVerify, "The certificate has the following properties");
informatii(certCA, "His issuer has the following properties");
sig = Signature.getInstance(certToVerify.getSigAlgName());
sig.initVerify(certCA);
sig.update(certToVerify.getEncoded());
if (sig.verify(certToVerify.getSignature())) {
System.out.println("Verified");
} else {
System.out.println("NOT Verified");
}
} catch (Exception e) {
e.printStackTrace();
}
}
private void informatii(X509Certificate cert, String mesaj) {
Principal principal;
System.out.println(mesaj);
principal = cert.getSubjectDN();
System.out.println("Owner:" + principal.getName());
principal = cert.getIssuerDN();
System.out.println("Issuer:" + principal.getName());
System.out.println("creation date:" + cert.getNotBefore());
System.out.println("expiration date:" + cert.getNotAfter());
System.out.println("algoritm:" + cert.getSigAlgName());
System.out.println("type:" + cert.getType());
}
public static void main(String[] args) {
if (args.length != 4) {
System.out.println("certificateToVerify keystore password aliasCA");
return;
}
VerifyCert verifyCert1 = new VerifyCert(args[0], args[1], args[2], args[3]);
}
}