![]() |
The Java Developers Almanac 1.4Order this book from Amazon. |
e231. Validating a Certification PathThis example validates a chain of certificates using the most-trusted CAs in the JDK'scacerts file.
try { // Load the JDK's cacerts keystore file String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "changeit"; keystore.load(is, password.toCharArray()); // Create the parameters for the validator PKIXParameters params = new PKIXParameters(keystore); // Disable CRL checking since we are not supplying any CRLs params.setRevocationEnabled(false); // Create the validator and validate the path // To create a path, see e229 Creating a Certification Path CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); CertPathValidatorResult result = certPathValidator.validate(certPath, params); // Get the CA used to validate this path PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult)result; TrustAnchor ta = pkixResult.getTrustAnchor(); X509Certificate cert = ta.getTrustedCert(); } catch (CertificateException e) { } catch (KeyStoreException e) { } catch (NoSuchAlgorithmException e) { } catch (InvalidAlgorithmParameterException e) { } catch (CertPathValidatorException e) { // Validation failed }
e229. Creating a Certification Path e230. Listing the Most-Trusted Certificate Authorities (CA) in a Key Store
© 2002 Addison-Wesley. |