Hi,
I am looking for an example for OCSP validation of client certificate in java 5. Also how the configuration in java.security file is used for this purpose?
A:
static {
Security.setProperty("ocsp.enable", "true");
}
public boolean validate(X509Certificate certificate, CertPath certPath,
PKIXParameters parameters) throws GeneralSecurityException {
try {
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv
.validate(certPath, parameters);
Signature.LOG.debug("Validation result is: " + result);
return true; // if no exception is thrown
} catch (CertPathValidatorException cpve) {
// if the exception is (or is caused by)
// CertificateRevokedException, return false;
// otherwise re-throw, because this indicates a failure to perform
// the validation
Throwable cause = ExceptionUtils.getRootCause(cpve);
Class<? extends Throwable> exceptionClass = cause != null ? cause.getClass()
: cpve.getClass();
if (exceptionClass.getSimpleName().equals("CertificateRevokedException")) {
return false;
}
throw cpve;
}
}
Bozho
2010-04-26 10:02:23
Should I conclude that OCSP is given preference (when enabled) over CRL in CertPathValidator?
Deep
2010-04-26 10:14:47
yes, correct. (In fact - have you managed to do CRL validation with the Sun provider?)
Bozho
2010-04-26 10:35:25