views:

64

answers:

1

Hi,

I am looking for an example for OCSP validation of client certificate in java 5. Also how the configuration in java.security file is used for this purpose?

A: 
static {
    Security.setProperty("ocsp.enable", "true");
}

public boolean validate(X509Certificate certificate, CertPath certPath,
        PKIXParameters parameters) throws GeneralSecurityException {
    try {
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
        PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv
                .validate(certPath, parameters);
        Signature.LOG.debug("Validation result is: " + result);
        return true; // if no exception is thrown
    } catch (CertPathValidatorException cpve) {

        // if the exception is (or is caused by)
        // CertificateRevokedException, return false;
        // otherwise re-throw, because this indicates a failure to perform
        // the validation
        Throwable cause = ExceptionUtils.getRootCause(cpve);
        Class<? extends Throwable> exceptionClass = cause != null ? cause.getClass()
                : cpve.getClass();
        if (exceptionClass.getSimpleName().equals("CertificateRevokedException")) {
            return false;
        }
        throw cpve;
    }
}
Bozho
Should I conclude that OCSP is given preference (when enabled) over CRL in CertPathValidator?
Deep
yes, correct. (In fact - have you managed to do CRL validation with the Sun provider?)
Bozho