ssl - Validate X.509 certificate agains concrete CA Java -



ssl - Validate X.509 certificate agains concrete CA Java -

lets have (client side code):

trustmanager[] trustallcerts = new trustmanager[]{ new x509trustmanager() { @override public java.security.cert.x509certificate[] getacceptedissuers() { homecoming null; } @override public void checkclienttrusted( java.security.cert.x509certificate[] certs, string authtype) { } @override public void checkservertrusted( java.security.cert.x509certificate[] certs, string authtype) { } } }; sslcontext sslc = sslcontext.getinstance("tls"); sslc.init(null, trustallcerts, null); socketfactory sf = sslc.getsocketfactory(); sslsocket s = (sslsocket) sf.createsocket("127.0.0.1", 9124);

this code finish functional, can not figure out, how validate server's certificate against 1 concrete ca certificate have available in pem file.

all certificates signed self-signed ca, , ca need validate against (only against one).

every reply appreciated.

edit:

in response jglouie (thank much way - can not vote answer).

i founded solution:

new x509trustmanager() { @override public java.security.cert.x509certificate[] getacceptedissuers() { homecoming null; } @override public void checkclienttrusted( java.security.cert.x509certificate[] certs, string authtype) { } @override public void checkservertrusted( java.security.cert.x509certificate[] certs, string authtype) throws certificateexception { inputstream instream = null; seek { // loading ca cert url u = getclass().getresource("tcp/cacert.pem"); instream = new fileinputstream(u.getfile()); certificatefactory cf = certificatefactory.getinstance("x.509"); x509certificate ca = (x509certificate) cf.generatecertificate(instream); instream.close(); (x509certificate cert : certs) { // verifing public key cert.verify(ca.getpublickey()); } } grab (exception ex) { logger.getlogger(client.class.getname()).log(level.severe, null, ex); } { seek { instream.close(); } grab (ioexception ex) { logger.getlogger(client.class.getname()).log(level.severe, null, ex); } } } } };

i assume self-signed certificate of ca loaded follows:

certificatefactory cf = certificatefactory.getinstance("x.509"); fileinputstream finstream = new fileinputstream("cacertificate.pem"); x509certificate cacertificate = (x509certificate)cf.generatecertificate(finstream);

then in method check certificate:

@override public void checkservertrusted(java.security.cert.x509certificate[] certs, string authtype) throws certificateexception { if (certs == null || certs.length == 0) { throw new illegalargumentexception("null or zero-length certificate chain"); } if (authtype == null || authtype.length() == 0) { throw new illegalargumentexception("null or zero-length authentication type"); } //check if certificate send ca's if(!certs[0].equals(cacertificate)){ seek { //not ca's. check if has been signed ca certs[0].verify(cacertificate.getpublickey()) } catch(exception e){ throw new certificateexception("certificate not trusted",e); } } //if end here certificate trusted. check if has expired. try{ certs[0].checkvalidity(); } catch(exception e){ throw new certificateexception("certificate not trusted. has expired",e); } }

disclaimer: have not atempted compile code

java ssl x509certificate x509

Comments

Post a Comment

Popular posts from this blog

iphone - Dismissing a UIAlertView -

iphone - Dismissing a UIAlertView - i set in app purchase app, , when user taps button, purchase started. basically, tap button, , depending on speed on net connection, waiting 10 seconds until new alert view comes asking if purchase product. user tap button multiple times since nil came up, , multiple purchase alert views come up. additionally, maybe seen user app bug. in end, problem. i want alert view come spinning wheel says "loading..." when users taps purchase button. problem is, how dismiss when new alert view comes asking user if want purchase product? if ([uialertview alloc] says: @"whatever apple's alert view says") { //dismiss "loading..." alert view here } i uncertainty work, input appreciated. thanks! you need have access alertview. can this. create alertview instance var in app delegate , when want show loading initialize instance var assign property , when want dismiss phone call [alertviewinstance d...
Read more

c# - Can ProtoBuf-Net deserialize to a flat class? -

c# - Can ProtoBuf-Net deserialize to a flat class? - protobuf-net uses nested protobuf constructs back upwards inheritance. however, can made force properties flat target class has same properties inherited "serialized" version? see test illustration below. needless result of flat namespace null both properties. possible solution: re-create info flat.b first on property property basis. note: not prefered option. using system; namespace hierarchy { using protobuf; [protocontract] public class { [protomember(1)] public string prop1 { get; set; } } [protocontract] public class b : { public b() { } [protomember(1)] public string prop2 { get; set; } public override string tostring() { homecoming "prop1=" + prop1 + ", prop2=" + prop2; } } } namespace flat { using protobuf; [protocontract] p...
Read more

javascript - Change element in each JQuery tab to dynamically generated colors -

javascript - Change element in each JQuery tab to dynamically generated colors - i'm using jquery ui tabs widget , have button add together additional tabs. i'm tying each tab markers on map coordinating randomly generated color using function gen_color() { homecoming '#'+(math.random()*0xffffff<<0).tostring(16); } so each tab has color corresponds number of markers of same color on map. i'm trying add together 15x15 block of color within tab's tab left of it's label. right i'm using tabtemplate alternative , trying alter when new tab added: $tabs = $("#tabs").tabs({ tabtemplate: "<li><span class='ui-icon-color' style='background-color:#000000;'></span><a href='#{href}'>#{label}</a> <span class='ui-icon ui-icon-close'>remove tab</span></li>", selected: 0, add: funct...
Read more