Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

OCSP Validation , x.509 Certificate Validation

 
lakmal indika
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All, I'm trying to validate a X.509 certificate using java. But it always gives a error "Validation failure, cert :java.security.cert.CertPathValidatorException: Responder's certificate is not authorized to sign OCSP responses", I also added certificate to windows certificate store. any clue to resolve this ?

=========================Code ===========================================================
import java.security.cert.*;
import java.security.*;
import java.util.*;
import java.io.*;

public class OCSPCheck {
// OCSP URL http://ocsp.lankaclear.lk:11080/ocsp/ee/ocsp
private static final String TEST_RESPONDER_URL = "http://172.18.60.100:11080/ocsp/ee/ocsp";
// private static final String TEST_RESPONDER_URL = "http://ocsp-commercial.lankaclear.lk:11080/ocsp/ee/ocsp";
public static void main(String [] args){
try {

// X509Certificate caCert = readCert("TDCOCESSTEST2.cer");
// X509Certificate clientCert = readCert("PIDTestBruger2.cer");
// CA Certificate
X509Certificate caCert = readCert("F:
4 Development\\X509Validation\\src
LCPL-ROOT-PUB.cer");
// Client Cerificate
X509Certificate clientCert = readCert("F:
4 Development\\X509Validation\\src
LCPL-Intermediate-Pub.cer");
List certList = new Vector();
certList.add(clientCert);
certList.add(caCert);
validateCertPath(certList, caCert, TEST_RESPONDER_URL);
} catch (Exception e){
e.printStackTrace();
}
}
private static void validateCertPath(List certList, X509Certificate trustedCert, String responderUrl) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath cp = cf.generateCertPath(certList);
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

// Set the Trust anchor
TrustAnchor anchor = new TrustAnchor(trustedCert, null);
try{
//System.out.println(anchor.toString() + "CA NAME");
}catch(Exception e)
{
}
PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
params.setRevocationEnabled(true);
Security.setProperty("ocsp.enable", "true");
Security.setProperty("ocsp.responderURL", responderUrl);
//Security.setProperty("ocsp.responderURL", responderUrl);

// Validate and obtain results
try {
PKIXCertPathValidatorResult result =
(PKIXCertPathValidatorResult) cpv.validate(cp, params);
PolicyNode policyTree = result.getPolicyTree();
PublicKey subjectPublicKey = result.getPublicKey();

System.out.println("Query Result ");
System.out.println("Policy Tree:\n" + policyTree);
System.out.println("Subject Public key:\n" + subjectPublicKey);
} catch (Exception cpve) {
System.out.println("Validation failure, cert :"
+ cpve.toString());
}
// } catch (CertPathValidatorException cpve) {
// System.out.println("Validation failure, cert["
// + cpve.getIndex() + "] :" + cpve.getMessage() + " " + cpve.toString());
// }

} catch (Exception e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
}
private static X509Certificate readCert(String fileName) throws FileNotFoundException, CertificateException {
InputStream is = new FileInputStream(fileName);
BufferedInputStream bis = new BufferedInputStream(is);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(bis);
return cert;
}
}

===========================================================================================================
 
Richard Tookey
Bartender
Pie
Posts: 1166
17
Java Linux Netbeans IDE
 
Henry Wong
author
Marshal
Pie
Posts: 20836
75
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Please note that JavaRanch actually allows crossposting to other sites...

https://www.coderanch.com/how-to/java/BeForthrightWhenCrossPostingToOtherSites

However, we do require that you be forthright about it. Crossposting tends to waste ranchers time and effort, so please be honest about it.

Henry
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic