which Java API should be used to validate server certificate
posted 3 years ago
I am a newbie to Java Security API's.
I want to validate server certificate using Java API's at client side.
after some goggling, i came across following API's that can help me to do this task
1) JSSE API - Java Secure Socket Extension
2) PKI API - Public key infrastructure API
3) java.security.cert package.
Can someone help me out regarding which package to use from the above ones ???
The kind of validations i would like to do are -
1) Hostname verification
2) Checking whether the certificate is signed by CA which client trusts
3) send a message using server's public key found from certificate to check whether server is able to decrypt as only valid server will have the private key to decrypt and encrypt that message.
4) Check whether certificate is expired or not
5) verify the signature on the certificate
Also please guide me what other validations should be done to ensure that i am talking to a valid server and not fake one. and how many validations from the above must be done?