The Java Developers Almanac 1.4


Order this book from Amazon.

   
Home > List of Packages > java.security.cert  [9 examples] > Certification Paths  [4 examples]

e231. Validating a Certification Path

This example validates a chain of certificates using the most-trusted CAs in the JDK's cacerts file.
    try {
        // Load the JDK's cacerts keystore file
        String filename = System.getProperty("java.home")
            + "/lib/security/cacerts".replace('/', File.separatorChar);
        FileInputStream is = new FileInputStream(filename);
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        String password = "changeit";
        keystore.load(is, password.toCharArray());
    
        // Create the parameters for the validator
        PKIXParameters params = new PKIXParameters(keystore);
    
        // Disable CRL checking since we are not supplying any CRLs
        params.setRevocationEnabled(false);
    
        // Create the validator and validate the path
        // To create a path, see e229 Creating a Certification Path
        CertPathValidator certPathValidator
            = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
        CertPathValidatorResult result = certPathValidator.validate(certPath, params);
    
        // Get the CA used to validate this path
        PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult)result;
        TrustAnchor ta = pkixResult.getTrustAnchor();
        X509Certificate cert = ta.getTrustedCert();
    } catch (CertificateException e) {
    } catch (KeyStoreException e) {
    } catch (NoSuchAlgorithmException e) {
    } catch (InvalidAlgorithmParameterException e) {
    } catch (CertPathValidatorException e) {
        // Validation failed
    }

 Related Examples
e228. Listing All Available Certification Path Validation Algorithms
e229. Creating a Certification Path
e230. Listing the Most-Trusted Certificate Authorities (CA) in a Key Store

See also: Certificates   


© 2002 Addison-Wesley.